exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	5c20fdffaa	DB: 2017-01-24 2 new exploits MediaMonkey 3.2.4.1304 - (mp3) Buffer Overflow (PoC) MediaMonkey 3.2.4.1304 - 'mp3' Buffer Overflow (PoC) Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service DiskSavvy Enterprise - GET Buffer Overflow (Metasploit) OwnRS Blog 1.2 - (autor.php) SQL Injection OwnRS Blog 1.2 - 'autor.php' SQL Injection Mambo Component 'com_sim' 0.8 - Blind SQL Injection Mambo Component com_sim 0.8 - Blind SQL Injection Flax Article Manager 1.1 - 'cat_id' SQL Injection OpenGoo 1.1 - (script_class) Local File Inclusion EPOLL SYSTEM 3.1 - (Password.dat) Disclosure Flax Article Manager 1.1 - 'cat_id' Parameter SQL Injection OpenGoo 1.1 - Local File Inclusion EPOLL SYSTEM 3.1 - 'Password.dat' Disclosure ITLPoll 2.7 Stable2 - (index.php id) Blind SQL Injection ITLPoll 2.7 Stable2 - Blind SQL Injection Script Toko Online 5.01 - (shop_display_products.php) SQL Injection Script Toko Online 5.01 - SQL Injection Wazzum Dating Software - (userid) SQL Injection Wazzum Dating Software - 'userid' Parameter SQL Injection SiteXS 0.1.1 - (type) Local File Inclusion SiteXS CMS 0.1.1 - Local File Inclusion Joomla! Component com_flashmagazinedeluxe - (mag_id) SQL Injection OpenX 2.6.3 - (MAX_type) Local File Inclusion Joomla! Component ElearningForce Flash Magazine Deluxe - SQL Injection OpenX 2.6.3 - 'MAX_type' Parameter Local File Inclusion Community CMS 0.4 - (/index.php id) Blind SQL Injection Community CMS 0.4 - 'id' Parameter Blind SQL Injection	2017-01-24 05:01:17 +00:00
Offensive Security	e96ad87c43	DB: 2017-01-23 4 new exploits SunOS 5.11 ICMP - Denial of Service Microsoft Power Point 2016 - Java Code Execution NTOPNG 2.4 Web Interface - Cross-Site Request Forgery PageKit 1.0.10 - Password Reset	2017-01-23 05:01:18 +00:00
Offensive Security	b1b494f790	DB: 2017-01-21 10 new exploits Complain Management System - SQL injection ICGames-Games Site Script 1.2 - Authentication Bypass Domains Marketplace Script 1.1 - Authentication Bypass ICTutors Tutoring Site Script 1.1 - Authentication Bypass Mini Blog 1.1 - Authentication Bypass Job Site PHP Script 1.1 - Authentication Bypass Music Site Script 1.2 - Authentication Bypass Affiliate Tracking Script 1.1 - Authentication Bypass Mini CMS 1.1 - Authentication Bypass B2B Alibaba Clone Script - SQL Injection	2017-01-21 05:01:18 +00:00
Offensive Security	1441edc4aa	DB: 2017-01-20 13 new exploits Google Android TSP sysfs - 'cmd_store' Multiple Overflows Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes) Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change Viral Image & Video Sharing GagZone Script - SQL Injection Image and Video Script - SQL Injection Social News and Bookmarking Script - SQL Injection Viral Image Sharing Script - SQL Injection Vine VideoSite Creator Script - SQL Injection Job Vacancy Script - SQL Injection Home of Viral Images_ Videos and Articles Script - SQL Injection Video Site Creator Script - SQL Injection Classifieds Script - SQL Injection	2017-01-20 05:01:18 +00:00
Offensive Security	ef112ace5d	DB: 2017-01-19 27 new exploits SentryHD 02.01.12e - Privilege Escalation Linux/x86-64 - mkdir Shellcode (25 bytes) ownrs blog beta3 - SQL Injection / Cross-Site Scripting OwnRS blog beta3 - SQL Injection / Cross-Site Scripting Dodo's Quiz Script 1.1 - (dodosquiz.php) Local File Inclusion Dodo's Quiz Script 1.1 - Local File Inclusion Mambo Component SOBI2 RC 2.8.2 - (bid) SQL Injection Mambo Component SOBI2 RC 2.8.2 - SQL Injection Joomla! Component com_pcchess - (game_id) Blind SQL Injection Joomla! Component com_pcchess - Blind SQL Injection Medical Clinic Website Script - SQL Injection Fileserve Clone Script - Authentication Bypass Auction Website Script - SQL Injection Wetransfer Clone Script - Authentication Bypass Finance Website Script - SQL Injection Justdial Clone Script - Authentication Bypass Business Directory Script - SQL Injection Buy and Sell Market Place Software - SQL Injection Dentist Website Script - SQL Injection Manufacturer Website Design Script - SQL Injection Micro Blog Script - SQL Injection My Private Tutor Website Builder Script - SQL Injection NGO Directory Script - SQL Injection Yoga and Fitness Website Script - SQL Injection NGO Website Script - SQL Injection Questions and Answers Script 1.1.3 - SQL Injection Online Mobile Recharge Script - SQL Injection Clone of Oddee Script 1.1.3 - SQL Injection Online Printing Business Clone Script - SQL Injection Online Tshirt Design Script - SQL Injection Shiksha Educational Website Script - SQL Injection Study Abroad Educational Website Script - SQL Injection Courier Management System - SQL Injection Flippa Website Script - SQL Injection B2B Script 4.27 - SQL Injection	2017-01-19 05:01:18 +00:00
Offensive Security	19000e5589	DB: 2017-01-18 4 new exploits MkPortal 1.1.1 reviews / Gallery modules - SQL Injection MKPortal 1.1.1 reviews / Gallery modules - SQL Injection Joomla! Component GigCalendar 1.0 - SQL Injection Joomla! Component gigCalendar 1.0 - SQL Injection Joomla! Component RD-Autos 1.5.5 - 'id' SQL Injection mkportal 1.2.1 - Multiple Vulnerabilities Blue Eye CMS 1.0.0 - (clanek) Blind SQL Injection Free Bible Search PHP Script - 'readbible.php' SQL Injection Joomla! Component RD-Autos 1.5.5 - SQL Injection MKPortal 1.2.1 - Multiple Vulnerabilities Blue Eye CMS 1.0.0 - 'clanek' Parameter Blind SQL Injection Free Bible Search PHP Script - SQL Injection Simple PHP NewsLetter 1.5 - (olang) Local File Inclusion Simple PHP NewsLetter 1.5 - Local File Inclusion Joomla! Component Gigcal 1.x - 'id' SQL Injection Joomla! Component Gigcal 1.x - 'id' Parameter SQL Injection SCMS 1 - 'index.php p' Local File Inclusion SCMS 1 - Local File Inclusion Max.Blog 1.0.6 - (show_post.php) SQL Injection Max.Blog 1.0.6 - 'show_post.php' SQL Injection Max.Blog 1.0.6 - (submit_post.php) SQL Injection Max.Blog 1.0.6 - (offline_auth.php) Offline Authentication Bypass Max.Blog 1.0.6 - 'submit_post.php' SQL Injection Max.Blog 1.0.6 - 'offline_auth.php' Offline Authentication Bypass Joomla! Component com_simplefaq - 'catid' Blind SQL Injection Joomla! Component com_simplefaq - 'catid' Parameter Blind SQL Injection dirLIST - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities dirLIST 0.3.0 - Local File Inclusion dirLIST 0.3.0 - Arbitrary File Upload BoZoN 2.4 - Remote Code Execution Check Box 2016 Q2 Survey - Multiple Vulnerabilities Openexpert 0.5.17 - SQL Injection	2017-01-18 05:01:17 +00:00
Offensive Security	7c1c496c25	DB: 2017-01-17 11 new exploits Nofeel FTP Server 3.6 - (CWD) Remote Memory Consumption Exploit Nofeel FTP Server 3.6 - 'CWD' Command Remote Memory Consumption Mozilla Firefox < 50.1.0 - Use After Free Mozilla Firefox < 50.1.0 - Use-After-Free HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4) Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4) iSelect v1.4 - Local Buffer Overflow Word Viewer OCX 3.2 - ActiveX (Save) Remote File Overwrite Word Viewer OCX 3.2 ActiveX - (Save) Remote File Overwrite WinaXe Plus 8.7 - Buffer Overflow DiskBoss Enterprise - GET Buffer Overflow (Metasploit) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Photobase 1.2 - 'Language' Local File Inclusion Joomla! Component Portfol - (vcatid) SQL Injection Photobase 1.2 - 'Language' Parameter Local File Inclusion Joomla! Component Portfol 1.2 - 'vcatid' Parameter SQL Injection dMx READY (25 - Products) Remote Database Disclosure dMx READY (25 - Products) - Remote Database Disclosure Joomla! Component com_gigcal (gigcal_gigs_id) 1.0 - SQL Injection Joomla! Component GigCalendar 1.0 - SQL Injection HSPell 1.1 - (cilla.cgi) Remote Command Execution HSPell 1.1 - 'cilla.cgi' Remote Command Execution PHP Photo Album 0.8b - (index.php preview) Local File Inclusion PHP Photo Album 0.8b - 'preview' Parameter Local File Inclusion Huawei Flybox B660 - Cross-Site Request Forgery Business Networking Script 8.11 - SQL Injection / Cross-Site Scripting Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change Image Sharing Script 4.13 - Multiple Vulnerabilities Million Pixels 3 - Authentication Bypass ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities	2017-01-17 05:01:17 +00:00
Offensive Security	b086c09178	DB: 2017-01-16 11 new exploits 9 Network Linkedin Clone Script - Improper Access Restrictions Article Directory Script Seo 3.2 - Improper Access Restrictions e-Soft24 Jokes Portal Script Seo 1.3 - Authentication Bypass MC Smart Shop Script - SQL Injection MC Buy and Sell Cars Script 1.1 - SQL Injection MC Yellow Pages Script - SQL Injection MC Real Estate Pro Script - Improper Access Restrictions MC Hosting Coupons Script - Cross-Site Request Forgery MC Inventory Manager Script - Multiple Vulnerabilities MC Coming Soon Script - Arbitrary File Upload / Improper Access Restrictions MC Documentation Creator Script - SQL Injection	2017-01-16 05:01:17 +00:00
Offensive Security	a577caaebb	DB: 2017-01-15 16 new exploits My Private Tutor Website Script - Authentication Bypass Hindu Matrimonial Script - Authentication Bypass Just Dial Marketplace Script - Authentication Bypass Entrepreneur Matrimonial Script - Authentication Bypass Open Source Real-Estate Script - SQL Injection Inout StickBoard 1.0 Script - Improper Access Restrictions Inout Search Engine Ultimate Edition 7.0/8.0 Script - Improper Access Restrictions Inout Webmail Ultimate Edition 4.0 Script - Improper Access Restrictions Inout SmartDeal 1.0 Script - Improper Access Restrictions Inout QuerySpace 1.0 Script - Improper Access Restrictions Inout CareerLamp 1.0 Script - Improper Access Restrictions Inout SocialTiles 2.0 Script - Improper Access Restrictions Inout Celebrities 1.0 Script - Improper Access Restrictions Education Website Script - Authentication Bypass Professional Service Booking Script - SQL Injection Courier Business Website Script - Authentication Bypass	2017-01-15 05:01:17 +00:00
Offensive Security	08be47d8e2	DB: 2017-01-14 3 new exploits Mozilla Firefox < 50.1.0 - Use After Free Cisco Firepower Management Console 6.0 - Post Authentication UserAdd QuoteBook - 'poll.inc' Remote Config File Disclosure QuoteBook - Remote Config File Disclosure PHP-Fusion Mod vArcade 1.8 - (comment_id) SQL Injection Pizzis CMS 1.5.1 - (visualizza.php idvar) Blind SQL Injection PHP-Fusion Mod vArcade 1.8 - 'comment_id' Parameter SQL Injection Pizzis CMS 1.5.1 - Blind SQL Injection Joomla! Component com_xevidmegahd - 'catid' SQL Injection Joomla! Component com_xevidmegahd - SQL Injection DZcms 3.1 - (products.php pcat) SQL Injection DZcms 3.1 - SQL Injection phpMDJ 1.0.3 - (id_animateur) Blind SQL Injection XOOPS Module tadbook2 - 'open_book.php book_sn' SQL Injection phpMDJ 1.0.3 - 'id_animateur' Parameter Blind SQL Injection XOOPS Module tadbook2 - SQL Injection PHP-Fusion Mod the_kroax - 'comment_id' Parameter SQL Injection Social Engine - 'browse_classifieds.php s' SQL Injection PHP-Fusion Mod the_kroax - SQL Injection Social Engine - SQL Injection Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution	2017-01-14 05:01:17 +00:00
Offensive Security	a0c8330781	DB: 2017-01-13 13 new exploits SeaMonkey 1.1.14 - (marquee) Denial of Service SeaMonkey 1.1.14 - Denial of Service Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (1) SapLPD 7.40 - Denial of Service CoolPlayer 2.19 - (PlaylistSkin) Buffer Overflow CoolPlayer 2.19 - 'PlaylistSkin' Buffer Overflow Rosoft media player 4.4.4 - Buffer Overflow (SEH) (2) Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (2) aSc Timetables 2017 - Buffer Overflow Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout) Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) PlaySMS 0.7 - SQL Injection PlaySms 0.7 - SQL Injection SAP SAPLPD 6.28 - Buffer Overflow (Metasploit) SapLPD 6.28 - Buffer Overflow (Metasploit) Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script (MS00-090) phpMyFamily 1.4.0 - Authentication Bypass (SQL Injection) phpMyFamily 1.4.0 - Authentication Bypass ACNews 1.0 - Admin Authentication Bypass (SQL Injection) ACNews 1.0 - Authentication Bypass ASPThai.Net Guestbook 5.5 - (Authentication Bypass) SQL Injection ASPThai.Net Guestbook 5.5 - Authentication Bypass PNphpBB2 <= 1.2g - 'phpbb_root_path' Remote File Inclusion PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion CuteNews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion WSN Guest 1.21 - (comments.php id) SQL Injection WSN Guest 1.21 - 'id' Parameter SQL Injection PNPHPBB2 <= 1.2 - (index.php c) SQL Injection PNPHPBB2 <= 1.2 - 'index.php' SQL Injection PNPHPBB2 <= 1.2i - viewforum.php SQL Injection PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection PNPHPBB2 <= 1.2i - (printview.php PHPEx) Local File Inclusion PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion webClassifieds 2005 - (Authentication Bypass) SQL Injection webClassifieds 2005 - Authentication Bypass webSPELL 4.01.02 - 'id' Remote Edit Topics PNphpBB2 <= 12i - (ModName) Multiple Local File Inclusion WSN Guest 1.23 - 'Search' SQL Injection webSPELL 4.01.02 - 'id' Parameter Remote Edit Topics PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion WSN Guest 1.23 - 'Search' Parameter SQL Injection Ayemsis Emlak Pro - (Authentication Bypass) SQL Injection Ayemsis Emlak Pro - Authentication Bypass Joomla! Component com_phocadocumentation - 'id' SQL Injection phpauctionsystem - Cross-Site Scripting / SQL Injection Joomla! Component com_phocadocumentation - 'id' Parameter SQL Injection PHPAuctionSystem - Cross-Site Scripting / SQL Injection RiotPix 0.61 - (forumid) Blind SQL Injection RiotPix 0.61 - 'forumid' Parameter Blind SQL Injection RiotPix 0.61 - (Authentication Bypass) SQL Injection RiotPix 0.61 - Authentication Bypass playSms 0.9.3 - Multiple Remote / Local File Inclusion BlogHelper - 'common_db.inc' Remote Config File Disclosure PollHelper - 'poll.inc' Remote Config File Disclosure PlaySms 0.9.3 - Multiple Remote / Local File Inclusion BlogHelper - Remote Config File Disclosure PollHelper - Remote Config File Disclosure Fast FAQs System - (Authentication Bypass) SQL Injection Fast FAQs System - Authentication Bypass Fast Guest Book - (Authentication Bypass) SQL Injection Fast Guest Book - Authentication Bypass BKWorks ProPHP 0.50b1 - (Authentication Bypass) SQL Injection Weight Loss Recipe Book 3.1 - (Authentication Bypass) SQL Injection BKWorks ProPHP 0.50b1 - Authentication Bypass Weight Loss Recipe Book 3.1 - Authentication Bypass Dark Age CMS 0.2c Beta - (Authentication Bypass) SQL Injection Syzygy CMS 0.3 - (Authentication Bypass) SQL Injection Dark Age CMS 0.2c Beta - Authentication Bypass Syzygy CMS 0.3 - Authentication Bypass eFAQ - (Authentication Bypass) SQL Injection eReservations - (Authentication Bypass) SQL Injection The Walking Club - (Authentication Bypass) SQL Injection Ping IP - (Authentication Bypass) SQL Injection eFAQ - Authentication Bypass eReservations - Authentication Bypass The Walking Club - Authentication Bypass Ping IP - Authentication Bypass ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection ASP ActionCalendar 1.3 - Authentication Bypass Click&Email - (Authentication Bypass) SQL Injection Click&Email - Authentication Bypass Web-Calendar Lite 1.0 - (Authentication Bypass) SQL Injection Web-Calendar Lite 1.0 - Authentication Bypass ClickAuction - (Authentication Bypass) SQL Injection ClickAuction - Authentication Bypass Netartmedia Car Portal 1.0 - (Authentication Bypass) SQL Injection Netartmedia Car Portal 1.0 - Authentication Bypass SalesCart - (Authentication Bypass) SQL Injection SalesCart - Authentication Bypass WholeHogSoftware Ware Support - (Authentication Bypass) SQL Injection WholeHogSoftware Password Protect - (Authentication Bypass) SQL Injection WholeHogSoftware Ware Support - Authentication Bypass WholeHogSoftware Password Protect - Authentication Bypass ClickCart 6.0 - (Authentication Bypass) SQL Injection ClickCart 6.0 - Authentication Bypass Online Grades 3.2.4 - (Authentication Bypass) SQL Injection Online Grades 3.2.4 - Authentication Bypass MyDesing Sayac 2.0 - (Authentication Bypass) SQL Injection MyDesing Sayac 2.0 - Authentication Bypass AuthPhp 1.0 - (Authentication Bypass) SQL Injection Mynews 0_10 - (Authentication Bypass) SQL Injection BlueBird Pre-Release - (Authentication Bypass) SQL Injection AuthPhp 1.0 - Authentication Bypass Mynews 0_10 - Authentication Bypass BlueBird Pre-Release - Authentication Bypass Grestul 1.x - Authentication Bypass (via Cookie SQL Injection) Grestul 1.x - Authentication Bypass (Cookie SQL Injection) XGuestBook 2.0 - (Authentication Bypass) SQL Injection XGuestBook 2.0 - Authentication Bypass PenPal 2.0 - (Authentication Bypass) SQL Injection PenPal 2.0 - Authentication Bypass BannerManager 0.81 - (Authentication Bypass) SQL Injection BannerManager 0.81 - Authentication Bypass Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection Free PHP Petition Signing Script - Authentication Bypass Simbas CMS 2.0 - (Authentication Bypass) SQL Injection WebFileExplorer 3.1 - (Authentication Bypass) SQL Injection Simbas CMS 2.0 - Authentication Bypass WebFileExplorer 3.1 - Authentication Bypass My Dealer CMS 2.0 - (Authentication Bypass) SQL Injection My Dealer CMS 2.0 - Authentication Bypass XEngineSoft PMS/MGS/NM/Ams 1.0 - (Authentication Bypass) SQL Injection XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass NetHoteles 2.0/3.0 - (Authentication Bypass) SQL Injection NetHoteles 2.0/3.0 - Authentication Bypass Tiny Blogr 1.0.0 rc4 - (Authentication Bypass) SQL Injection Tiny Blogr 1.0.0 rc4 - Authentication Bypass ClanTiger 1.1.1 - (Authentication Bypass) SQL Injection ClanTiger 1.1.1 - Authentication Bypass Hot Project 7.0 - (Authentication Bypass) SQL Injection Hot Project 7.0 - Authentication Bypass EZ Webitor - (Authentication Bypass) SQL Injection EZ Webitor - Authentication Bypass Creasito E-Commerce 1.3.16 - (Authentication Bypass) SQL Injection Creasito E-Commerce 1.3.16 - Authentication Bypass I-Rater Pro/Plantinum 4.0 - (Authentication Bypass) SQL Injection I-Rater Pro/Plantinum 4.0 - Authentication Bypass 5 star Rating 1.2 - (Authentication Bypass) SQL Injection 5 star Rating 1.2 - Authentication Bypass Tiger Dms - (Authentication Bypass) SQL Injection Tiger Dms - Authentication Bypass The Recipe Script 5 - (Authentication Bypass) SQL Injection / DB Backup Realty Web-Base 1.0 - (Authentication Bypass) SQL Injection Luxbum 0.5.5/stable - (Authentication Bypass) SQL Injection The Recipe Script 5 - (Authentication Bypass) SQL Injection / Database Backup Realty Web-Base 1.0 - Authentication Bypass Luxbum 0.5.5/stable - Authentication Bypass My Game Script 2.0 - (Authentication Bypass) SQL Injection My Game Script 2.0 - Authentication Bypass Submitter Script - (Authentication Bypass) SQL Injection Submitter Script - Authentication Bypass PHP Dir Submit - (Authentication Bypass) SQL Injection PHP Dir Submit - Authentication Bypass DM FileManager 3.9.2 - (Authentication Bypass) SQL Injection DM FileManager 3.9.2 - Authentication Bypass VICIDIAL 2.0.5-173 - (Authentication Bypass) SQL Injection VICIDIAL 2.0.5-173 - Authentication Bypass Article Directory - (Authentication Bypass) SQL Injection Article Directory - Authentication Bypass phpBugTracker 1.0.3 - (Authentication Bypass) SQL Injection phpBugTracker 1.0.3 - Authentication Bypass Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection Zen Help Desk 2.1 - Authentication Bypass EgyPlus 7ml 1.0.1 - (Authentication Bypass) SQL Injection EgyPlus 7ml 1.0.1 - Authentication Bypass Pixelactivo 3.0 - (Authentication Bypass) SQL Injection Pixelactivo 3.0 - Authentication Bypass MyCars Automotive - (Authentication Bypass) SQL Injection MyCars Automotive - Authentication Bypass Zip Store Chat 4.0/5.0 - (Authentication Bypass) SQL Injection Zip Store Chat 4.0/5.0 - Authentication Bypass AlumniServer 1.0.1 - (Authentication Bypass) SQL Injection AlumniServer 1.0.1 - Authentication Bypass ForumPal FE 1.1 - (Authentication Bypass) SQL Injection ForumPal FE 1.1 - Authentication Bypass Opial 1.0 - (Authentication Bypass) SQL Injection Opial 1.0 - Authentication Bypass webLeague 2.2.0 - (Authentication Bypass) SQL Injection webLeague 2.2.0 - Authentication Bypass AnotherPHPBook (APB) 1.3.0 - (Authentication Bypass) SQL Injection AnotherPHPBook (APB) 1.3.0 - Authentication Bypass SaphpLesson 4.0 - (Authentication Bypass) SQL Injection SaphpLesson 4.0 - Authentication Bypass Limny 1.01 - (Authentication Bypass) SQL Injection Limny 1.01 - Authentication Bypass Magician Blog 1.0 - (Authentication Bypass) SQL Injection Magician Blog 1.0 - Authentication Bypass AW BannerAd - (Authentication Bypass) SQL Injection AW BannerAd - Authentication Bypass Ajax Short URL Script - (Authentication Bypass) SQL Injection Ajax Short URL Script - Authentication Bypass TT Web Site Manager 0.5 - (Authentication Bypass) SQL Injection SimpleLoginSys 0.5 - (Authentication Bypass) SQL Injection TT Web Site Manager 0.5 - Authentication Bypass SimpleLoginSys 0.5 - Authentication Bypass Questions Answered 1.3 - (Authentication Bypass) SQL Injection Questions Answered 1.3 - Authentication Bypass Blink Blog System - (Authentication Bypass) SQL Injection Blink Blog System - Authentication Bypass MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection MOC Designs PHP News 1.1 - Authentication Bypass PHotoLa Gallery 1.0 - (Authentication Bypass) SQL Injection PHotoLa Gallery 1.0 - Authentication Bypass PHPCityPortal - (Authentication Bypass) SQL Injection PHPCityPortal - Authentication Bypass Logoshows BBS 2.0 - (Authentication Bypass) SQL Injection Logoshows BBS 2.0 - Authentication Bypass SmilieScript 1.0 - (Authentication Bypass) SQL Injection SmilieScript 1.0 - Authentication Bypass humanCMS - (Authentication Bypass) SQL Injection humanCMS - Authentication Bypass Three Pillars Help Desk 3.0 - (Authentication Bypass) SQL Injection Three Pillars Help Desk 3.0 - Authentication Bypass AdsDX 3.05 - (Authentication Bypass) SQL Injection AdsDX 3.05 - Authentication Bypass Nephp Publisher Enterprise 4.5 - (Authentication Bypass) SQL Injection Nephp Publisher Enterprise 4.5 - Authentication Bypass W3infotech - (Authentication Bypass) SQL Injection W3infotech - Authentication Bypass Real Estate Portal X.0 - (Authentication Bypass) SQL Injection Real Estate Portal X.0 - Authentication Bypass PHP Inventory 1.2 - Remote Authentication Bypass (SQL Injection) PHP Inventory 1.2 - Authentication Bypass SitePal 1.1 - (Authentication Bypass) SQL Injection SitePal 1.1 - Authentication Bypass JM CMS 1.0 <= 1.0 - (Authentication Bypass) SQL Injection JM CMS 1.0 - Authentication Bypass Pre Hospital Management System - (Authentication Bypass) SQL Injection Pre Hospital Management System - Authentication Bypass Digiappz Freekot - (Authentication Bypass) SQL Injection Digiappz Freekot - Authentication Bypass Omnistar Affiliate - (Authentication Bypass) SQL Injection Omnistar Affiliate - Authentication Bypass PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass Advance Biz Limited 1.0 - (Authentication Bypass) SQL Injection Advance Biz Limited 1.0 - Authentication Bypass e-topbiz banner exchange PHP - (Authentication Bypass) SQL Injection e-topbiz Slide Popups 1 PHP - (Authentication Bypass) SQL Injection e-topbiz banner exchange PHP - Authentication Bypass e-topbiz Slide Popups 1 PHP - Authentication Bypass Freewebscript'z Games - (Authentication Bypass) SQL Injection Freewebscript'z Games - Authentication Bypass DZOIC Handshakes - Authentication Bypass (SQL Injection) DZOIC Handshakes - Authentication Bypass DZOIC ClipHouse - Authentication Bypass (SQL Injection) DZOIC ClipHouse - Authentication Bypass PHP Car Rental-Script - (Authentication Bypass) SQL Injection PHP Car Rental-Script - Authentication Bypass Zen Tracking 2.2 - (Authentication Bypass) SQL Injection Baal Systems 3.8 - (Authentication Bypass) SQL Injection Zen Tracking 2.2 - Authentication Bypass Baal Systems 3.8 - Authentication Bypass Killmonster 2.1 - (Authentication Bypass) SQL Injection Killmonster 2.1 - Authentication Bypass Rostermain 1.1 - (Authentication Bypass) SQL Injection Rostermain 1.1 - Authentication Bypass NewsLetter Tailor - (Authentication Bypass) SQL Injection NewsLetter Tailor - Authentication Bypass WSN Guest 1.02 - (orderlinks) SQL Injection WSN Guest 1.02 - 'orderlinks' Parameter SQL Injection Project Man 1.0 - (Authentication Bypass) SQL Injection Project Man 1.0 - Authentication Bypass Uiga Fan Club 1.0 - (Authentication Bypass) SQL Injection Uiga Fan Club 1.0 - Authentication Bypass HazelPress Lite 0.0.4 - (Authentication Bypass) SQL Injection HazelPress Lite 0.0.4 - Authentication Bypass Majoda CMS - (Authentication Bypass) SQL Injection Majoda CMS - Authentication Bypass 4x CMS r26 - (Authentication Bypass) SQL Injection 4x CMS r26 - Authentication Bypass Satellite-X 4.0 - (Authentication Bypass) SQL Injection Huron CMS 8 11 2007 - (Authentication Bypass) SQL Injection Satellite-X 4.0 - Authentication Bypass Huron CMS 8 11 2007 - Authentication Bypass Zyke CMS 1.1 - (Authentication Bypass) SQL Injection Zyke CMS 1.1 - Authentication Bypass Online University - (Authentication Bypass) SQL Injection Online University - Authentication Bypass Online Job Board - (Authentication Bypass) SQL Injection Online Job Board - Authentication Bypass JE CMS 1.0.0 - Authentication Bypass (via SQL Injection) JE CMS 1.0.0 - Authentication Bypass ExtCalendar2 - (Authentication Bypass/Cookie) SQL Injection ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection SN News 1.2 - '/admin/loger.php' Authentication Bypass (SQL Injection) SN News 1.2 - '/admin/loger.php' Authentication Bypass RTTucson Quotations Database Script - (Authentication Bypass) SQL Injection RTTucson Quotations Database Script - Authentication Bypass PlaySms - 'index.php' Cross-Site Scripting PlaySms 0.8 - 'index.php' Cross-Site Scripting Practico CMS 13.7 - Authentication Bypass (SQL Injection) Practico CMS 13.7 - Authentication Bypass Airbnb Clone Script - Arbitrary File Upload Milw0rm Clone Script 1.0 - (Authentication Bypass) SQL Injection Milw0rm Clone Script 1.0 - Authentication Bypass PHPCollab CMS 2.5 - (emailusers.php) SQL Injection PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection My link trader 1.1 - 'id' Parameter SQL Injection My Link Trader 1.1 - 'id' Parameter SQL Injection b2evolution 6.8.2 - Arbitrary File Upload Job Portal Script 9.11 - Authentication Bypass Online Food Delivery 2.04 - Authentication Bypass iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection D-Link DIR-615 - Multiple Vulnerabilities School Management Software 2.75 - SQL Injection Penny Auction Script - Arbitrary File Upload ECommerce-TIBSECART - Arbitrary File Upload ECommerce-Multi-Vendor Software - Arbitrary File Upload	2017-01-13 05:01:18 +00:00
Offensive Security	3617e005f6	DB: 2017-01-12 16 new exploits VMware 2.5.1 - (VMware-authd) Remote Denial of Service VMware 2.5.1 - 'VMware-authd' Remote Denial of Service Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2) Boxoft Wav 1.0 - Buffer Overflow VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow EleCard MPEG PLAYER - '.m3u' Local Stack Overflow Elecard MPEG Player - '.m3u' Local Stack Overflow Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1) Boxoft WAV to MP3 Converter - convert Feature Buffer Overflow Boxoft WAV to MP3 Converter - 'convert' Buffer Overflow Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout) Firejail - Privilege Escalation McAfee Virus Scan Enterprise for Linux - Remote Code Execution McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution Ansible 2.1.4 / 2.2.1 - Command Execution Eggblog < 3.07 - Remote SQL Injection / Privilege Escalation EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation PowerClan 1.14a - (footer.inc.php) Remote File Inclusion PowerClan 1.14a - 'footer.inc.php' Remote File Inclusion Eggblog 3.1.0 - Cookies SQL Injection EggBlog 3.1.0 - Cookies SQL Injection eggBlog 4.0 - SQL Injection EggBlog 4.0 - SQL Injection 2Capsule - 'sticker.php id' SQL Injection 2Capsule - SQL Injection ASPThai.Net WebBoard 6.0 - (bview.asp) SQL Injection ASPThai.Net WebBoard 6.0 - SQL Injection Memberkit 1.0 - Remote Arbitrary .PHP File Upload phpScribe 0.9 - (user.cfg) Remote Config Disclosure Memberkit 1.0 - Arbitrary File Upload phpScribe 0.9 - 'user.cfg' Remote Config Disclosure PowerClan 1.14a - (Authentication Bypass) SQL Injection PowerClan 1.14a - Authentication Bypass Webspell 4 - (Authentication Bypass) SQL Injection webSPELL 4 - Authentication Bypass eggBlog 4.1.1 - Local Directory Traversal EggBlog 4.1.1 - Local Directory Traversal Travel Portal Script Admin Password Change - Cross-Site Request Forgery Travel Portal Script - Cross-Site Request Forgery (Admin Password Change) eggBlog 4.1.2 - Arbitrary File Upload EggBlog 4.1.2 - Arbitrary File Upload Eggblog 2.0 - blog.php id Parameter SQL Injection Eggblog 2.0 - topic.php message Parameter Cross-Site Scripting EggBlog 2.0 - 'id' Parameter SQL Injection EggBlog 2.0 - 'message' Parameter Cross-Site Scripting PowerClan 1.14 - member.php SQL Injection PowerClan 1.14 - 'member.php' SQL Injection SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection Dating Script 3.25 - SQL Injection Starting Page 1.3 - SQL Injection Starting Page 1.3 - 'linkid' Parameter SQL Injection Starting Page 1.3 - 'category' Parameter SQL Injection My link trader 1.1 - 'id' Parameter SQL Injection Blackboard LMS 9.1 SP14 - Cross-Site Scripting Huawei Flybox B660 - Cross-Site Request Forgery Travel Portal Script 9.33 - SQL Injection Movie Portal Script 7.35 - SQL Injection	2017-01-12 05:01:16 +00:00
Offensive Security	1b13c8a790	DB: 2017-01-11 6 new exploits DiskBoss Enterprise 7.5.12 - 'POST' Buffer Overflow (SEH) ClaSS 0.8.60 - (export.php ftype) Local File Inclusion ClaSS 0.8.60 - 'export.php' Local File Inclusion Miniweb 2.0 - SQL Injection (Authentication Bypass) Miniweb 2.0 - Authentication Bypass eDNews 2.0 - (lg) Local File Inclusion eDContainer 2.22 - (lg) Local File Inclusion eDNews 2.0 - Local File Inclusion eDContainer 2.22 - Local File Inclusion Ultimate PHP Board 2.2.1 - (log inj) Privilege Escalation Sepcity Shopping Mall - 'shpdetails.asp ID' SQL Injection Sepcity Lawyer Portal - 'deptdisplay.asp ID' SQL Injection Ultimate PHP Board 2.2.1 - Privilege Escalation Sepcity Shopping Mall - SQL Injection Sepcity Lawyer Portal - SQL Injection Sepcity Classified - 'classdis.asp ID' SQL Injection FlexPHPDirectory 0.0.1 - (Authentication Bypass) SQL Injection Flexphpsite 0.0.1 - (Authentication Bypass) SQL Injection Flexphplink 0.0.x - (Authentication Bypass) SQL Injection eDNews 2.0 - (eDNews_view.php newsid) SQL Injection Sepcity Classified - 'ID' Parameter SQL Injection FlexPHPDirectory 0.0.1 - Authentication Bypass Flexphpsite 0.0.1 - Authentication Bypass Flexphplink 0.0.x - Authentication Bypass eDNews 2.0 - SQL Injection PHPAlumni - 'Acomment.php id' SQL Injection PHPAlumni - SQL Injection Flexphpic 0.0.x - (Authentication Bypass) SQL Injection Flexphpic 0.0.x - Authentication Bypass Mole Group Vacation Estate Listing Script - (editid1) Blind SQL Injection Mole Group Vacation Estate Listing Script - Blind SQL Injection Friends in War Make or Break 1.3 - SQL Injection (Authentication Bypass) Friends in War Make or Break 1.3 - Authentication Bypass My Php Dating 2.0 - 'path' Parameter SQL Injection My Php Dating 2.0 - 'id' Parameter SQL Injection My PHP Dating 2.0 - 'path' Parameter SQL Injection My PHP Dating 2.0 - 'id' Parameter SQL Injection Friends in War Make or Break 1.7 - 'imgid' Parameter SQL Injection Starting Page 1.3 - SQL Injection Freepbx < 2.11.1.5 - Remote Code Execution WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)	2017-01-11 05:01:17 +00:00
Offensive Security	574c0f2df8	DB: 2017-01-10 5 new exploits DirectAdmin 1.50.1 - Denial of Service Joomla! Component 'com_menu' - SQL Injection Joomla! Component com_menu - SQL Injection Joomla! Component 'com_pcchess' - Local File Inclusion Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component com_pcchess - Local File Inclusion Joomla! Component huruhelpdesk - SQL Injection Joomla! Component 'com_ca' - SQL Injection Joomla! Component com_ca - SQL Injection Joomla! Component 'com_education_classess' - SQL Injection Joomla! Component education - SQL Injection Joomla! Component 'com_Flashgames' - Local File Inclusion Joomla! Component FlashGames 1.5.0 - Local File Inclusion Joomla! Component 'com_cvmaker' - Local File Inclusion Joomla! Component 'com_myfiles' - Local File Inclusion Joomla! Component CV Maker 1.0 - Local File Inclusion Joomla! Component My Files 1.0 - Local File Inclusion Joomla! Component 'com_joommail' - Local File Inclusion Joomla! Component 'com_memory' - Local File Inclusion Joomla! Component JoomMail 1.0 - Local File Inclusion Joomla! Component Memory Book 1.2 - Local File Inclusion Joomla! Component 'com_diary' - Local File Inclusion Joomla! Component Digital Diary 1.5.0 - Local File Inclusion Joomla! Component 'com_jdrugstopics' - SQL Injection Joomla! Component com_jdrugstopics - SQL Injection Joomla! Component 'com_flexicontent' - Local File Joomla! Component FLEXIcontent 1.5 - Local File Inclusion Joomla! Component 'com_delicious' - Local File Inclusion Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection Joomla! Component 'com_pandafminigames' - SQL Injection Joomla! Component com_pandafminigames - SQL Injection Joomla! Component 'com_caddy' - Exploit Joomla! Component com_caddy - Exploit Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload Joomla! Component com_jesectionfinder - Arbitrary File Upload Joomla! Component 'com_camp' - SQL Injection Joomla! Component com_camp - SQL Injection Joomla! Component 'com_crowdsource' - SQL Injection Joomla! Component 'com_event' - Multiple Vulnerabilities Joomla! Component com_crowdsource - SQL Injection Joomla! Component com_event - Multiple Vulnerabilities Joomla! Component 'com_event' - SQL Injection Joomla! Component com_event - SQL Injection Joomla! Component 'com_packages' - SQL Injection Joomla! Component com_packages - SQL Injection Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection Joomla! Component JE Poll - 'pollid' Parameter SQL Injection Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection Joomla! Component 'com_chronocontact' - Blind SQL Injection Joomla! Component ChronoConnectivity - Blind SQL Injection Joomla! Component ChronoForms - Blind SQL Injection Joomla! Component 'com_lead' - SQL Injection Joomla! Component com_lead - SQL Injection Joomla! Component 'com_cinema' - SQL Injection Joomla! Component cinema - SQL Injection Joomla! Component 'com_jstore' - SQL Injection Joomla! Component 'com_jtickets' - SQL Injection Joomla! Component 'com_jcommunity' - SQL Injection Joomla! Component 'com_jmarket' - SQL Injection Joomla! Component 'com_jsubscription' - SQL Injection Joomla! Component com_jstore - SQL Injection Joomla! Component com_jtickets - SQL Injection Joomla! Component com_jcommunity - SQL Injection Joomla! Component com_jmarket - SQL Injection Joomla! Component com_jsubscription - SQL Injection Joomla! Component 'com_jnewsletter' - SQL Injection Joomla! Component com_jnewsletter - SQL Injection Joomla! Component 'com_joomdocs' - Cross-Site Scripting Joomla! Component com_joomdocs - Cross-Site Scripting Joomla! Component 'com_community' - Persistent Cross-Site Scripting Joomla! Component 'com_jomestate' - Remote File Inclusion Joomla! Component com_community - Persistent Cross-Site Scripting Joomla! Component com_jomestate - Remote File Inclusion Joomla! Component 'com_jejob' - Local File Inclusion Joomla! Component com_jejob - Local File Inclusion Joomla! Component 'com_dateconverter' 0.1 - SQL Injection Joomla! Component com_dateconverter 0.1 - SQL Injection Joomla! Component 'com_phocagallery' - SQL Injection Joomla! Component Phoca Gallery 2.7.3 - SQL Injection Joomla! Component 'com_jpodium' - SQL Injection Joomla! Component JPodium 2.7.3 - SQL Injection Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection Joomla! Component 'com_myhome' - Blind SQL Injection Joomla! Component 'com_mysms' - Arbitrary File Upload Joomla! Component MyHome - Blind SQL Injection Joomla! Component MySMS - Arbitrary File Upload Joomla! Component 'com_iproperty' - SQL Injection Joomla! Component com_iproperty - SQL Injection Joomla! Component 'com_itarmory' - SQL Injection Joomla! Component com_itarmory - SQL Injection Joomla! Component 'com_neorecruit' 1.4 - SQL Injection Joomla! Component NeoRecruit 1.4 - SQL Injection Joomla! Component 'com_equipment' - SQL Injection Joomla! Component com_equipment - SQL Injection Joomla! Component 'com_Fabrik' - SQL Injection Joomla! Component 'com_extcalendar' - Blind SQL Injection Joomla! Component Fabrik - SQL Injection Joomla! Component com_extcalendar - Blind SQL Injection Joomla! Component 'com_jejob' - SQL Injection Joomla! Component JE Job - SQL Injection Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload Joomla! Component 'com_connect' - Local File Inclusion Joomla! Component 'com_dcnews' - Local File Inclusion Joomla! Component com_connect - Local File Inclusion Joomla! Component com_dcnews - Local File Inclusion Joomla! Component 'com_clan' - SQL Injection Joomla! Component com_clan - SQL Injection Joomla! Component 'com_clanlist' - SQL Injection Joomla! Component com_clanlist - SQL Injection Joomla! Component 'com_markt' - SQL Injection Joomla! Component 'com_img' - Local File Inclusion Joomla! Component com_markt - SQL Injection Joomla! Component com_img - Local File Inclusion Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities Joomla! Component 'com_maianmedia' - SQL Injection Joomla! Component com_maianmedia - SQL Injection Joomla! Component 'com_idoblog' - SQL Injection Joomla! Component com_idoblog - SQL Injection Joomla! Component 'com_people' 1.0.0 - SQL Injection Joomla! Component People 1.0.0 - SQL Injection Joomla! Component 'com_people' 1.0.0 - Local File Inclusion Joomla! Component com_people 1.0.0 - Local File Inclusion Joomla! Component 'com_jce' - Blind SQL Injection Joomla! Component joomlacontenteditor - Blind SQL Injection Joomla! Component 'com_hello' - SQL Injection Joomla! Component com_hello - SQL Injection Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload Joomla! Component jDownloads 1.0 - Arbitrary File Upload Joomla! Component 'com_jesubmit' - Local File Inclusion Joomla! Component JE Story Submit - Local File Inclusion Joomla! Component 'com_obSuggest' - Local File Inclusion Joomla! Component obSuggest - Local File Inclusion Joomla! Component 'com_jdirectory' - SQL Injection Joomla! Component com_jdirectory - SQL Injection Joomla! Component 'com_esearch' - SQL Injection Joomla! Component Search 3.0.0 - SQL Injection Joomla! Component 'com_joomtouch' - Local File Inclusion Joomla! Component JoomTouch 1.0.2 - Local File Inclusion Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities Joomla! Component 'com_horses' - 'id' Parameter SQL Injection Joomla! Component com_horses - 'id' Parameter SQL Injection Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection Joomla! Component 'com_dirfrm' - Multiple SQL Injections Joomla! Component com_dirfrm - Multiple SQL Injections Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion Joomla! Component Catalogue - SQL Injection / Local File Inclusion Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection Joomla! Component Jeformcr - 'id' Parameter SQL Injection Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_classified' - SQL Injection Joomla! Component Classified - SQL Injection Joomla! Component 'com_frontenduseraccess' - Local File Inclusion Joomla! Component com_frontenduseraccess - Local File Inclusion Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection Joomla! Component com_clan_members - 'id' Parameter SQL Injection Joomla! Component 'com_phocadownload' - Local File Inclusion Joomla! Component com_phocadownload - Local File Inclusion Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection Joomla! Component Map Locator - 'cid' Parameter SQL Injection Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection Joomla! Component 'com_hospital' - SQL Injection Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection Joomla! Component Foto - 'id_categoria' Parameter SQL Injection Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection Joomla! Component com_hospital - SQL Injection Joomla! Component Controller - 'Itemid' Parameter SQL Injection Joomla! Component 'com_newssearch' - SQL Injection Joomla! Component com_newssearch - SQL Injection Joomla! Component 'com_community' - 'userid' Parameter SQL Injection Joomla! Component com_community - 'userid' Parameter SQL Injection Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection Joomla! Component com_expedition - 'id' Parameter SQL Injection Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection Joomla! Component com_br - 'state_id' Parameter SQL Injection Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection Joomla! Component com_caproductprices - 'id' Parameter SQL Injection Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion Joomla! Component com_br - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_full' - 'id' Parameter SQL Injection Joomla! Component Full - 'id' Parameter SQL Injection Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_car' - Multiple SQL Injections Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion Joomla! Component com_car - Multiple SQL Injections Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection Joomla! Component com_motor - 'cid' Parameter SQL Injection Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection Joomla! Component com_firmy - 'Id' Parameter SQL Injection Joomla! Component com_crhotels - 'catid' Parameter SQL Injection Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection Joomla! Component com_cmotour - 'id' Parameter SQL Injection Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection Joomla! Component 'com_machine' - Multiple SQL Injections Joomla! Component Machine - Multiple SQL Injections Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload Joomla! Component 'com_jcalpro' - SQL Injection Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload Joomla! Component JCal Pro Calendar - SQL Injection Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection Joomla! Component Inneradmission - 'index.php' SQL Injection Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection Joomla! Component 'com_payplans' 3.3.6 - SQL Injection Joomla! Component com_payplans 3.3.6 - SQL Injection Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection Joomla! Component 'com_bt_media' - SQL Injection Joomla! Component com_bt_media 1.0 - SQL Injection Joomla! Component 'com_guru' - SQL Injection Joomla! Component Guru Pro - SQL Injection DirectAdmin 1.50.1 - Denial of Service Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting My Link Trader 1.1 - Authentication Bypass My Php Dating 2.0 - 'path' Parameter SQL Injection My Php Dating 2.0 - 'id' Parameter SQL Injection	2017-01-10 05:01:19 +00:00
Offensive Security	a1c336773a	DB: 2017-01-09 3 new exploits Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing Advanced Desktop Locker 6.0.0 - Lock Screen Bypass DirectAdmin 1.28/1.29 - CMD_SHOW_RESELLER user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_SHOW_USER user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_TICKET_CREATE TYPE Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_FORWARDER_MODIFY user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_TICKET type Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_VACATION_MODIFY user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_LIST name Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_FTP_SHOW DOMAIN Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting DirectAdmin 1.50.1 - Denial of Service	2017-01-09 05:01:15 +00:00
Offensive Security	7ef2cb97bd	DB: 2017-01-07 1 new exploits Google Android max86902 Driver - 'sysfs' Interfaces Race Condition Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution doop CMS 1.3.7 - (page) Local File Inclusion doop CMS 1.3.7 - Local File Inclusion Basic-CMS - 'acm2000.mdb' Remote Database Disclosure Basic-CMS - Remote Database Disclosure CMS NetCat 3.12 - (password_recovery.php) Blind SQL Injection CMS NetCat 3.12 - 'password_recovery.php' Blind SQL Injection StormBoard 1.0.1 - (thread.php id) SQL Injection Joomla! Component com_lowcosthotels - 'id' Blind SQL Injection Joomla! Component com_allhotels - 'id' Blind SQL Injection StormBoard 1.0.1 - SQL Injection Joomla! Component com_lowcosthotels - Blind SQL Injection Joomla! Component com_allhotels - Blind SQL Injection ILIAS 3.7.4 - (ref_id) Blind SQL Injection ILIAS 3.7.4 - 'ref_id' Parameter Blind SQL Injection Joomla! Component Live Ticker 1.0 - (tid) Blind SQL Injection Joomla! Component mdigg 2.2.8 - (category) SQL Injection Joomla! Component 5starhotels - 'id' SQL Injection Joomla! Component Live Ticker 1.0 - Blind SQL Injection Joomla! Component mDigg 2.2.8 - 'category' Parameter SQL Injection Joomla! Component 5starhotels - SQL Injection W2B phpEmployment - 'conf.inc' File Disclosure phpEmployment - 'conf.inc' File Disclosure phpGreetCards - 'conf.inc' Config File Disclosure phpGreetCards - Config File Disclosure Joomla! Component 'com_bca-rss-syndicator' - Local File Inclusion Joomla! Component com_bca-rss-syndicator - Local File Inclusion Joomla! Component 'com_appointment' 1.5 - Local File Inclusion Joomla! Component Appointment 1.5 - Local File Inclusion Joomla! Component 'com_awiki' - Local File Inclusion Joomla! Component aWiki - Local File Inclusion Joomla! Component 'com_articles' - SQL Injection Joomla! Component com_articles - SQL Injection Joomla! Component 'com_allvideos' - Blind SQL Injection Joomla! Component allvideos - Blind SQL Injection Joomla! Component 'Card View JX' - Cross-Site Scripting Joomla! Component Card View JX - Cross-Site Scripting Joomla! Component 'com_articleman' - Arbitrary File Upload Joomla! Component Article Factory Manager - Arbitrary File Upload Joomla! Component 'com_aardvertiser' 2.0 - Local File Inclusion Joomla! Component aardvertiser 2.0 - Local File Inclusion Joomla! Component 'com_annonces' - Arbitrary File Upload Joomla! Component com_annonces - Arbitrary File Upload Joomla! Component 'com_answers' 2.3beta - Multiple Vulnerabilities Joomla! Component Answers 2.3beta - Multiple Vulnerabilities Joomla! Component 'com_beamospetition' - SQL Injection Joomla! Component com_beamospetition - SQL Injection Joomla! Component 'com_biblioteca' 1.0 Beta - Multiple SQL Injections Joomla! Component Biblioteca 1.0 Beta - Multiple SQL Injections Joomla! Component 'btg_oglas' - HTML / Cross-Site Scripting Injection Joomla! Component btg_oglas - HTML / Cross-Site Scripting Injection Joomla! Component 'com_alfurqan15x' - SQL Injection Joomla! Component com_alfurqan15x - SQL Injection Joomla! Component 'com_adsmanager' - Remote File Inclusion Joomla! Component com_adsmanager - Remote File Inclusion Joomla! Component 'com_acooldebate' 1.0.3 - Local File Inclusion Joomla! Component A Cool Debate 1.0.3 - Local File Inclusion Joomla! Component 'com_a3000' - 'id' Parameter SQL Injection Joomla! Component AutoArticles 3000 - SQL Injection Joomla! Component 'com_annuaire' - 'id' Parameter SQL Injection Joomla! Component Annuaire - Parameter SQL Injection Joomla! Component 'com_alfcontact' 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component com_alfcontact 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_bbs' - Multiple SQL Injections Joomla! Component com_bbs - Multiple SQL Injections Joomla! Component 'com_aclassfb' - Arbitrary File Upload Joomla! Component Almond Classifieds - Arbitrary File Upload Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting Atlassian Confluence < 5.10.6 - Persistent Cross-Site Scripting	2017-01-07 05:01:17 +00:00
Offensive Security	127a1da37b	DB: 2017-01-06 1 new exploits EvansFTP - (EvansFTP.ocx) Remote Buffer Overflow (PoC) EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC) Kaspersky 17.0.0 - Local CA root is Incorrectly Protected Kaspersky 17.0.0 - Local CA root Incorrectly Protected CoolPlayer 2.19 - (.Skin) Local Buffer Overflow (Python) CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python) CUPS < 1.3.8-4 - Privilege Escalation Evans FTP - 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Phpclanwebsite 1.23.1 - (par) SQL Injection Phpclanwebsite 1.23.1 - SQL Injection Nukedit CMS 4.9.6 - Unauthorized Admin Add Nukedit 4.9.6 - Unauthorized Admin Add iyzi Forum 1.0 Beta 3 - (uye_ayrinti.asp) SQL Injection iyzi Forum 1.0 Beta 3 - SQL Injection Liberum Help Desk 0.97.3 - (details.asp) SQL Injection Liberum Help Desk 0.97.3 - SQL Injection Pligg 9.9.0 - Remote Code Execution Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection Pligg CMS 9.9.0 - Remote Code Execution Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection CF_Auction - (forummessage) Blind SQL Injection CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection CF_Auction - Blind SQL Injection CFMBLOG - 'categorynbr' Parameter Blind SQL Injection phpAddEdit 1.3 - (editform) Local File Inclusion phpAddEdit 1.3 - 'editform' Parameter Local File Inclusion MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure MyCal Personal Events Calendar - Database Disclosure Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection Ad Management Java - (Authentication Bypass) SQL Injection Banner Exchange Java - (Authentication Bypass) SQL Injection Affiliate Software Java 4.0 - Authentication Bypass Ad Management Java - Authentication Bypass Banner Exchange Java - Authentication Bypass ASP-CMS 1.0 - (index.asp cha) SQL Injection SUMON 0.7.0 - (chg.php host) Command Execution Xpoze 4.10 - (home.html menu) Blind SQL Injection Social Groupie - 'group_index.php id' SQL Injection ASP-CMS 1.0 - 'cha' Parameter SQL Injection SUMON 0.7.0 - Command Execution Xpoze 4.10 - 'menu' Parameter Blind SQL Injection Social Groupie - 'id' Parameter SQL Injection Umer Inc Songs Portal Script - 'id' SQL Injection Umer Inc Songs Portal Script - 'id' Parameter SQL Injection ASPired2Quote - 'quote.mdb' Remote Database Disclosure ASP-DEV Internal E-Mail System - (Authentication Bypass) SQL Injection ASPired2Quote - Remote Database Disclosure ASP-DEV Internal E-Mail System - Authentication Bypass iyzi Forum 1.0b3 - (iyziforum.mdb) Database Disclosure CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure iyzi Forum 1.0b3 - Database Disclosure CodeAvalanche FreeForum - Database Disclosure FLDS 1.2a - (redir.php id) SQL Injection FLDS 1.2a - 'redir.php' SQL Injection Mediatheka 4.2 - (index.php lang) Local File Inclusion Mediatheka 4.2 - 'lang' Parameter Local File Inclusion Forest Blog 1.3.2 - (blog.mdb) Remote Database Disclosure CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure Forest Blog 1.3.2 - Remote Database Disclosure CodeAvalanche Directory - Database Disclosure CodeAvalanche FreeForAll - Database Disclosure CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure CodeAvalanche Articles - Database Disclosure CodeAvalanche RateMySite - Database Disclosure FLDS 1.2a - (lpro.php id) SQL Injection BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit FLDS 1.2a - 'lpro.php' SQL Injection BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit The Rat CMS Alpha 2 - (Authentication Bypass) SQL Injection XOOPS Module Amevents - 'print.php id' SQL Injection CadeNix - 'cid' SQL Injection The Rat CMS Alpha 2 - Authentication Bypass XOOPS Module Amevents - SQL Injection CadeNix - SQL Injection CFAGCMS 1 - 'right.php title' SQL Injection CFAGCMS 1 - SQL Injection FaScript FaUpload - 'download.php' SQL Injection Web Wiz Guestbook 8.21 - (WWGGuestbook.mdb) DD FLDS 1.2a - report.php (linkida) SQL Injection FaScript FaUpload - SQL Injection Web Wiz Guestbook 8.21 - Database Disclosure FLDS 1.2a - 'report.php' SQL Injection Gnews Publisher .NET - (authors.asp authorID) SQL Injection Gnews Publisher .NET - SQL Injection Joomla! Component Tech Article 1.x - (item) SQL Injection TinyMCE 2.0.1 - (index.php menuID) SQL Injection Joomla! Component Tech Article 1.x - SQL Injection TinyMCE 2.0.1 - 'menuID' Parameter SQL Injection QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure QuickerSite Easy CMS - Database Disclosure I-Rater Basic - 'messages.php' SQL Injection I-Rater Basic - SQL Injection Injader CMS 2.1.1 - 'id' SQL Injection Injader CMS 2.1.1 - 'id' Parameter SQL Injection MyPHPsite - 'index.php mod' Local File Inclusion MyPBS - 'index.php seasonID' SQL Injection MyPHPsite - Local File Inclusion MyPBS - 'seasonID' Parameter SQL Injection Extract Website - 'download.php Filename' File Disclosure Extract Website - 'Filename' Parameter File Disclosure FreeLyrics 1.0 - (source.php p) Remote File Disclosure FreeLyrics 1.0 - Remote File Disclosure Userlocator 3.0 - (y) Blind SQL Injection Userlocator 3.0 - Blind SQL Injection chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting BLOG 1.55B - (image_upload.php) Arbitrary File Upload BLOG 1.55B - 'image_upload.php' Arbitrary File Upload RSS Simple News - 'news.php pid' SQL Injection Text Lines Rearrange Script - 'Filename' File Disclosure RSS Simple News - SQL Injection Text Lines Rearrange Script - 'Filename' Parameter File Disclosure Pligg 9.9.5b - (check_url.php url) Arbitrary File Upload / SQL Injection Pligg 9.9.5b - Arbitrary File Upload / SQL Injection Joomla! Component Volunteer 2.0 - (job_id) SQL Injection Joomla! Component Volunteer 2.0 - SQL Injection Calendar Script 1.1 - (Authentication Bypass) SQL Injection REDPEACH CMS - (zv) SQL Injection Calendar Script 1.1 - Authentication Bypass REDPEACH CMS - SQL Injection PHPLD 3.3 - (page.php name) Blind SQL Injection PHPLD 3.3 - Blind SQL Injection The Rat CMS Alpha 2 - 'viewarticle.php id' Blind SQL Injection The Rat CMS Alpha 2 - Blind SQL Injection Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass Flatnux 2009-01-27 - (Job fields) Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) flatnux 2009-01-27 - Remote File Inclusion Flatnux 2009-01-27 - Remote File Inclusion flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure Pligg 9.9.0 - (editlink.php id) Blind SQL Injection Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection CF Shopkart 5.3x - 'itemID' SQL Injection CF Shopkart 5.3x - 'itemID' Parameter SQL Injection worksimple_1.3.2 - Multiple Vulnerabilities WorkSimple 1.3.2 - Multiple Vulnerabilities Pligg 1.1.2 - Blind SQL Injection / Cross-Site Scripting Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting Constructr CMS 3.03 - MultipleRemote Vulnerabilities Constructr CMS 3.03 - Multiple Remote Vulnerabilities Pligg 1.1.4 - SQL Injection Pligg CMS 1.1.4 - SQL Injection phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1) phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1) phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2) phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2) OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection OneOrZero Helpdesk 1.4 - install.php Administrative Access OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access phpLDAPadmin 0.9.6/0.9.7 - welcome.php custom_welcome_page Variable Arbitrary File Inclusion phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion phpLDAPadmin 0.9.8 - compare_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - copy_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - rename_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - search.php scope Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - template_engine.php Multiple Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting Pligg 9.5 - Reset Forgotten Password Security Bypass Pligg CMS 9.5 - Reset Forgotten Password Security Bypass Click&BaneX - Details.asp SQL Injection Click&BaneX - 'Details.asp' SQL Injection ChiCoMaS 2.0.4 - 'index.php' Cross-Site Scripting Chicomas 2.0.4 - 'index.php' Cross-Site Scripting Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Pligg 1.0.4 - 'search.php' Cross-Site Scripting Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting Pligg 2.0.1 - Multiple Vulnerabilities Pligg CMS 2.0.1 - Multiple Vulnerabilities Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php Multiple Function Traversal Arbitrary File Manipulation Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation FlatnuX CMS - controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access FlatnuX CMS - Traversal Arbitrary File Access Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting	2017-01-06 05:01:17 +00:00
Offensive Security	0d43a7fe09	DB: 2017-01-05 2 new exploits Kaspersky 17.0.0 - Local CA root is Incorrectly Protected XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities XAMPP 1.7.4 - Cross-Site Scripting phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting ASPPortal 3.1.1 - (downloadid) SQL Injection ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection ASPPortal 4.0.0 - (default1.asp) SQL Injection ASPPortal 4.0.0 - 'default1.asp' SQL Injection ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection) ASPTicker 1.0 - Authentication Bypass Active Photo Gallery - 'default.asp catid' SQL Injection Active Photo Gallery - 'catid' Parameter SQL Injection Active Trade 2 - 'default.asp catid' SQL Injection Active Trade 2 - 'catid' Parameter SQL Injection Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection SailPlanner 0.3a - (Authentication Bypass) SQL Injection Bluo CMS 1.2 - (index.php id) Blind SQL Injection SailPlanner 0.3a - Authentication Bypass Bluo CMS 1.2 - Blind SQL Injection ReVou Twitter Clone - (Authentication Bypass) SQL Injection Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection Active Force Matrix 2 - (Authentication Bypass) SQL Injection ASPReferral 5.3 - 'AccountID' Blind SQL Injection ActiveVotes 2.2 - (Authentication Bypass) SQL Injection Active Test 2.1 - (Authentication Bypass) SQL Injection Active Websurvey 9.1 - (Authentication Bypass) SQL Injection Active Membership 2 - (Authentication Bypass) SQL Injection eWebquiz 8 - (Authentication Bypass) SQL Injection Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection Active Web Mail 4 - (Authentication Bypass) SQL Injection Active Trade 2 - (Authentication Bypass) SQL Injection Active Price Comparison 4 - (Authentication Bypass) SQL Injection PHP TV Portal 2.0 - (index.php mid) SQL Injection ReVou Twitter Clone - Authentication Bypass Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection Active Force Matrix 2 - Authentication Bypass ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection ActiveVotes 2.2 - Authentication Bypass Active Test 2.1 - Authentication Bypass Active Websurvey 9.1 - Authentication Bypass Active Membership 2 - Authentication Bypass eWebquiz 8 - Authentication Bypass Active NewsLetter 4.3 - Authentication Bypass Active Web Mail 4 - Authentication Bypass Active Trade 2 - Authentication Bypass Active Price Comparison 4 - Authentication Bypass PHP TV Portal 2.0 - 'mid' Parameter SQL Injection Active Price Comparison 4 - 'ProductID' Blind SQL Injection Active Bids 3.5 - 'itemID' Blind SQL Injection Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection Lito Lite CMS - 'cate.php cid' SQL Injection Active Test 2.1 - 'QuizID' Blind SQL Injection Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection Active Time Billing 3.2 - (Authentication Bypass) SQL Injection Active Web Helpdesk 2 - Authentication Bypass Lito Lite CMS - 'cid' Parameter SQL Injection Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection Active Photo Gallery 6.2 - Authentication Bypass Active Time Billing 3.2 - Authentication Bypass Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure Quick Tree View .NET 3.1 - Database Disclosure z1exchange 1.0 - (edit.php site) SQL Injection z1exchange 1.0 - 'site' Parameter SQL Injection E.Z. Poll 2 - (Authentication Bypass) SQL Injection ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure bcoos 1.0.13 - (viewcat.php cid) SQL Injection PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure E.Z. Poll 2 - Authentication Bypass ASPPortal 3.2.5 - Database Disclosure bcoos 1.0.13 - 'viewcat.php' SQL Injection PacPoll 4.0 - Database Disclosure SunByte e-Flower - 'id' SQL Injection Rapid Classified 3.1 - (cldb.mdb) Database Disclosure Codefixer MailingListPro (MailingList.mdb) - Database Disclosure Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection SunByte e-Flower - 'id' Parameter SQL Injection Rapid Classified 3.1 - Database Disclosure Codefixer MailingListPro - Database Disclosure Gallery MX 2.0.0 - Blind SQL Injection Check New 4.52 - 'findoffice.php search' SQL Injection Joomla! Component com_jmovies 1.1 - 'id' SQL Injection Check New 4.52 - SQL Injection Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection Rae Media Contact MS - (Authentication Bypass) SQL Injection Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion Rae Media Contact MS - Authentication Bypass Multi SEO phpBB 1.1.0 - Remote File Inclusion ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion Easy News Content Management - 'News.mdb' Database Disclosure Easy News Content Management - Database Disclosure My Simple Forum 3.0 - (index.php action) Local File Inclusion Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution My Simple Forum 3.0 - Local File Inclusion Joomla! Component mydyngallery 1.4.2 - SQL Injection Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution RankEm - 'rankup.asp siteID' SQL Injection RankEm - (Authentication Bypass) SQL Injection RankEm - 'siteID' Parameter SQL Injection Rankem - Authentication Bypass Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities Cold BBS - 'cforum.mdb' Remote Database Disclosure Tizag Countdown Creator .v.3 - Insecure Upload Merlix Teamworx Server - File Disclosure/Bypass Cold BBS - Remote Database Disclosure Tizag Countdown Creator 3 - Insecure Upload ASP PORTAL - Multiple SQL Injections ASPTicker 1.0 - (news.mdb) Remote Database Disclosure ASP Portal - Multiple SQL Injections ASPTicker 1.0 - Remote Database Disclosure ASP PORTAL - 'xportal.mdb' Remote Database Disclosure phpPgAdmin 4.2.1 - (_language) Local File Inclusion ASP PORTAL - Remote Database Disclosure phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion PayPal eStore - Admin Password Changing Exploit Product Sale Framework 0.1b - (forum_topic_id) SQL Injection PayPal eStore - Admin Password Change Product Sale Framework 0.1b - SQL Injection Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion Mini-CMS 1.0.1 - 'index.php' Local File Inclusion MG2 0.5.1 - 'Filename' Remote Code Execution MG2 0.5.1 - 'filename' Parameter Remote Code Execution dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection Poll Pro 2.0 - (Authentication Bypass) SQL Injection Professional Download Assistant 0.1 - Authentication Bypass Poll Pro 2.0 - Authentication Bypass Peel Shopping 3.1 - (index.php rubid) SQL Injection Peel Shopping 3.1 - 'rubid' Parameter SQL Injection ProQuiz 1.0 - (Authentication Bypass) SQL Injection ProQuiz 1.0 - Authentication Bypass PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation WebMaster Marketplace - 'member.php u' SQL Injection HTMPL 1.11 - Command Execution EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation WebMaster Marketplace - SQL Injection eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required) EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required) eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation ReVou Twitter Clone - Admin Password Changing Exploit ReVou Twitter Clone - Admin Password Change w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection w3blabor CMS 3.3.0 - Authentication Bypass rankem - File Disclosure / Cross-Site Scripting / Cookie Rankem - File Disclosure / Cross-Site Scripting / Cookie revou twitter clone - Cross-Site Scripting / SQL Injection Revou Twitter Clone - Cross-Site Scripting / SQL Injection My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution My Simple Forum 7.1 - Remote Command Execution Mini-CMS 1.0.1 - (page.php id) SQL Injection Mini-CMS 1.0.1 - 'page.php' SQL Injection Texas Rankem - 'player.asp player_id' SQL Injection Texas Rankem - 'player_id' Parameter SQL Injection Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection Mini-CMS RibaFS 1.0 - Authentication Bypass reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection Andy's PHP KnowledgeBase 0.95.4 - SQL Injection Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection Texas Rankem - player.asp selPlayer Parameter SQL Injection Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection Texas Rankem - 'selPlayer' Parameter SQL Injection Texas Rankem - 'tournament_id' Parameter SQL Injection Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting Rapid Classified 3.1 - 'viewad.asp' SQL Injection Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting Rapid Classified - AgencyCatResult.asp SQL Injection Rapid Classified - 'AgencyCatResult.asp' SQL Injection bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection bcoos 1.0.10 - 'ratephoto.php' SQL Injection bcoos 1.0.10 - 'ratelink.php' SQL Injection bcoos 1.0.10 - adresses/ratefile.php SQL Injection bcoos 1.0.10 - 'ratefile.php' SQL Injection bcoos 1.0.13 - 'include/common.php' Remote File Inclusion bcoos 1.0.13 - 'common.php' Remote File Inclusion bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection bcoos 1.0.13 - 'click.php' SQL Injection Z1Exchange 1.0 - showads.php id Parameter SQL Injection Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting Z1Exchange 1.0 - 'id' Parameter SQL Injection Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting dotnetindex Professional Download Assistant 0.1 - SQL Injection Professional Download Assistant 0.1 - SQL Injection Active Bids - search.asp search Parameter Cross-Site Scripting Active Bids - search.asp search Parameter SQL Injection Active Bids - 'search' Parameter Cross-Site Scripting Active Bids - 'search' Parameter SQL Injection eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting	2017-01-05 05:01:17 +00:00
Offensive Security	c512deac7f	DB: 2017-01-04 1 new exploits Nitrotech 0.0.3a - (includes/common.php) Remote Code Execution Nitrotech 0.0.3a - Remote Code Execution Basic-CMS - 'index.php' SQL Injection Basic-CMS - SQL Injection Simple Customer 1.2 - (Authentication Bypass) SQL Injection SaturnCMS - (view) Blind SQL Injection Simple Customer 1.2 - Authentication Bypass SaturnCMS - Blind SQL Injection Free Directory Script 1.1.1 - (API_HOME_DIR) Remote File Inclusion Free Directory Script 1.1.1 - 'API_HOME_DIR' Parameter Remote File Inclusion MyTopix 1.3.0 - (notes send) SQL Injection MyTopix 1.3.0 - SQL Injection RevSense - (Authentication Bypass) SQL Injection RevSense 1.0 - Authentication Bypass AskPert - (Authentication Bypass) SQL Injection AskPert - Authentication Bypass Natterchat 1.1 - (Authentication Bypass) SQL Injection Natterchat 1.1 - Authentication Bypass Natterchat 1.12 - (Authentication Bypass) SQL Injection ToursManager - 'tourview.php tourid' Blind SQL Injection Natterchat 1.12 - Authentication Bypass ToursManager - 'tourview.php' Blind SQL Injection VCalendar - 'VCalendar.mdb' Remote Database Disclosure Joomla! Component Thyme 1.0 - (event) SQL Injection e107 Plugin ZoGo-Shop 1.15.4 - (product) SQL Injection VCalendar - Remote Database Disclosure Joomla! Component Thyme 1.0 - SQL Injection e107 Plugin ZoGo-Shop 1.15.4 - 'product' Parameter SQL Injection Vlog System 1.1 - (blog.php user) SQL Injection Vlog System 1.1 - SQL Injection Netartmedia Cars Portal 2.0 - (image.php id) SQL Injection Netartmedia Blog System - 'image.php id' SQL Injection PG Real Estate - (Authentication Bypass) SQL Injection Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection PG Job Site - (poll_view_id) Blind SQL Injection Netartmedia Cars Portal 2.0 - SQL Injection Netartmedia Blog System - SQL Injection PG Real Estate - Authentication Bypass Pilot Group PG Roommate Finder Solution - Authentication Bypass PG Job Site - Blind SQL Injection bandwebsite 1.5 - SQL Injection / Cross-Site Scripting WebStudio CMS - 'index.php pageid' Blind SQL Injection Bandwebsite 1.5 - SQL Injection / Cross-Site Scripting WebStudio CMS - Blind SQL Injection nitrotech 0.0.3a - Remote File Inclusion / SQL Injection Nitrotech 0.0.3a - Remote File Inclusion / SQL Injection WebStudio eHotel - (pageid) Blind SQL Injection WebStudio eCatalogue - (pageid) Blind SQL Injection FAQ Manager 1.2 - (categorie.php cat_id) SQL Injection WebStudio eHotel - Blind SQL Injection WebStudio eCatalogue - Blind SQL Injection FAQ Manager 1.2 - 'categorie.php' SQL Injection FAQ Manager 1.2 - (config_path) Remote File Inclusion Clean CMS 1.5 - (full_txt.php id) Blind SQL Injection FAQ Manager 1.2 - 'header.php' Remote File Inclusion Clean CMS 1.5 - Blind SQL Injection SimpleBlog 3.0 - (simpleBlog.mdb) Database Disclosure SimpleBlog 3.0 - Database Disclosure VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection Jamit Job Board 3.x - (show_emp) Blind SQL Injection WebStudio CMS - (pageid) Blind SQL Injection (mil mixup) VideoGirls BiZ - Blind SQL Injection Jamit Job Board 3.x - Blind SQL Injection My Click Counter 1.0 - Authentication Bypass ParsBlogger - 'blog.asp wr' SQL Injection ParsBlogger - 'blog.asp' SQL Injection TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion TxtBlog 1.0 Alpha - Local File Inclusion Family Project 2.x - (Authentication Bypass) SQL Injection RakhiSoftware Shopping Cart - (subcategory_id) SQL Injection Family Project 2.x - Authentication Bypass RakhiSoftware Shopping Cart - SQL Injection Ocean12 Membership Manager Pro - (Authentication Bypass) SQL Injection Ocean12 Membership Manager Pro - Authentication Bypass Turnkey Arcade Script - 'id' SQL Injection (1) Turnkey Arcade Script - SQL Injection (1) Basic-CMS - 'index.php id' Blind SQL Injection Booking Centre 2.01 - (Authentication Bypass) SQL Injection Basic-CMS - Blind SQL Injection Booking Centre 2.01 - Authentication Bypass Natterchat 1.12 - (Natterchat112.mdb) Database Disclosure Natterchat 1.12 - Database Disclosure VIDEOSCRIPT.us - (Authentication Bypass) SQL Injection VIDEOSCRIPT.us - Authentication Bypass Turnkey Arcade Script - 'id' SQL Injection (2) Turnkey Arcade Script - SQL Injection (2) WEB Calendar - Remote Database Disclosure Web Calendar - Remote Database Disclosure Crossday Discuz! 2.0/3.0 - Cross-Site Scripting Discuz! 2.0/3.0 - Cross-Site Scripting 8Pixel.net SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities	2017-01-04 05:01:17 +00:00
Offensive Security	bac881f89a	DB: 2017-01-03 3 new exploits QNAP NAS Devices - Heap Overflow Castle Rock Computing SNMPc 7.0.19 - Community String Stack Based Buffer Overflow Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH) PHPFanBase 2.x - (protection.php) Remote File Inclusion PHPFanBase 2.x - 'protection.php' Remote File Inclusion DigiAffiliate 1.4 - (visu_user.asp id) SQL Injection DigiAffiliate 1.4 - 'id' Parameter SQL Injection ExoPHPDesk 1.2.1 - (faq.php) SQL Injection ExoPHPDesk 1.2.1 - 'faq.php' SQL Injection MiniGal b13 - (image backdoor) Remote Code Execution MiniGal b13 - Remote Code Execution PHP Auto Listings - 'moreinfo.php pg' SQL Injection Pre Simple CMS - SQL Injection (Authentication Bypass) PHP Auto Listings - 'pg' Parameter SQL Injection Pre Simple CMS - Authentication Bypass Harlandscripts drinks - (recid) SQL Injection Harlandscripts drinks - 'recid' Parameter SQL Injection Mole Group Taxi Calc Dist Script - (Authentication Bypass) SQL Injection Mole Group Taxi Calc Dist Script - Authentication Bypass DevelopItEasy Membership System 1.3 - (Authentication Bypass) SQL Injection DevelopItEasy Membership System 1.3 - Authentication Bypass NICE FAQ Script - (Authentication Bypass) SQL Injection NICE FAQ Script - Authentication Bypass SoftComplex PHP Image Gallery 1.0 - (Authentication Bypass) SQL Injection SoftComplex PHP Image Gallery 1.0 - Authentication Bypass DELTAScripts PHP Classifieds 7.5 - (Authentication Bypass) SQL Injection DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection SoftComplex PHP Image Gallery - (ctg) SQL Injection DELTAScripts PHP Classifieds 7.5 - Authentication Bypass DELTAScripts PHP Links 1.3 - Authentication Bypass DELTAScripts PHP Shop 1.0 - Authentication Bypass SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection Mole Group Pizza - (manufacturers_id) Script SQL Injection TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection E-topbiz Online Store 1 - (Authentication Bypass) SQL Injection PHP Auto Listings Script - (Authentication Bypass) SQL Injection Mole Group Rental Script - (Authentication Bypass) SQL Injection MyioSoft Ajax Portal 3.0 - (Authentication Bypass) SQL Injection MyioSoft EasyBookMarker - (Authentication Bypass) SQL Injection MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection E-topbiz Online Store 1 - Authentication Bypass PHP Auto Listings Script - Authentication Bypass Mole Group Rental Script - Authentication Bypass MyioSoft Ajax Portal 3.0 - Authentication Bypass MyioSoft EasyBookMarker 4.0 - Authentication Bypass MyioSoft EasyCalendar - Authentication Bypass E-topbiz Online Store 1 - 'cat_id' SQL Injection E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection Myiosoft EasyBookMarker 4 - (Parent) SQL Injection Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection DigiAffiliate 1.4 - Authentication Bypass Mole Group Airline Ticket Script - Authentication Bypass ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection ExoPHPDesk 1.2 Final - Authentication Bypass ZEEMATRI 3.0 - 'adid' Parameter SQL Injection Joomla! Component com_books - (book_id) SQL Injection Joomla! Component com_books - 'book_id' Parameter SQL Injection Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection PozScripts Business Directory Script - 'cid' SQL Injection PozScripts Business Directory Script - 'cid' Parameter SQL Injection Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection Quick Poll Script - 'code.php id' SQL Injection Alstrasoft Web Host Directory - Authentication Bypass Quick Poll Script - 'id' Parameter SQL Injection Bankoi Webhost Panel 1.20 - (Authentication Bypass) SQL Injection Bankoi Webhost Panel 1.20 - Authentication Bypass Minigal b13 - 'index.php list' Remote File Disclosure yahoo answers - 'id' SQL Injection Minigal b13 - Remote File Disclosure yahoo answers - 'id' Parameter SQL Injection PHPstore Wholesale - 'track.php?id' SQL Injection PHPstore Wholesale - 'id' Parameter SQL Injection E-topbiz ADManager 4 - (group) Blind SQL Injection E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection PHPfan 3.3.4 - (init.php includepath) Remote File Inclusion Jadu Galaxies - 'categoryId' Blind SQL Injection PHPfan 3.3.4 - 'init.php' Remote File Inclusion Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection MemHT Portal 4.0.1 - (avatar) Remote Code Execution MemHT Portal 4.0.1 - Remote Code Execution MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit MemHT Portal 4.0.1 - Delete All Private Messages Exploit MyioSoft Ajax Portal 3.0 - (page) SQL Injection MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection X10media Mp3 Search Engine < 1.6.2 Admin Access X10media Mp3 Search Engine < 1.6.2 - Admin Access Arab Portal 2.2 - (Authentication Bypass) SQL Injection Arab Portal 2.2 - Authentication Bypass Arab Portal 2.x - (forum.php qc) SQL Injection Arab Portal 2.x - 'forum.php' SQL Injection Arab Portal 2.2 - (mod.php module) Local File Inclusion Arab Portal 2.2 - 'mod.php' Local File Inclusion Collabtive - SQL Injection Collabtive 0.65 - SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation Collabtive 1.0 - (manageuser.php task Parameter) SQL Injection Collabtive 1.0 - 'manageuser.php' SQL Injection Arab Portal 2.0 - Link.php SQL Injection Arab Portal 2.0 - 'Link.php' SQL Injection Arab Portal System 2.0 - online.php title Parameter Cross-Site Scripting Arab Portal System 2.0 - download.php title Parameter Cross-Site Scripting Arab Portal 2.0 - 'online.php' Cross-Site Scripting Arab Portal 2.0 - 'download.php' Cross-Site Scripting ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion Collabtive 1.1 - (managetimetracker.php id Parameter) SQL Injection Collabtive 1.1 - 'managetimetracker.php' SQL Injection Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution	2017-01-03 05:01:17 +00:00
Offensive Security	5b4e91b545	DB: 2017-01-02 2 new exploits Windows x64 - Password Protected Bind Shellcode (825 bytes) Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery	2017-01-02 05:01:16 +00:00
Offensive Security	bcca475f6d	DB: 2017-01-01	2017-01-01 05:01:17 +00:00
Offensive Security	c203af40e6	DB: 2016-12-31 1 new exploits Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure cPanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure pppBlog 0.3.8 - (randompic.php) System Disclosure pppBlog 0.3.8 - System Disclosure NetRisk 1.9.7 - (change_submit.php) Remote Password Change Exploit NetRisk 1.9.7 - Remote Password Change Exploit netrisk 1.9.7 - Cross-Site Scripting / SQL Injection NetRisk 1.9.7 - Cross-Site Scripting / SQL Injection Cpanel 11.x - 'Fantastico' Local File Inclusion (sec Bypass) cPanel 11.x - 'Fantastico' Local File Inclusion (sec Bypass) MyForum 1.3 - (lecture.php id) SQL Injection MyForum 1.3 - 'lecture.php' SQL Injection MyForum 1.3 - (padmin) Local File Inclusion MyForum 1.3 - 'padmin' Parameter Local File Inclusion e107 Plugin alternate_profiles - 'id' SQL Injection MyKtools 2.4 - (langage) Local File Inclusion e107 Plugin alternate_profiles - 'id' Parameter SQL Injection MyKtools 2.4 - 'langage' Parameter Local File Inclusion questcms - Cross-Site Scripting / Directory Traversal / SQL Injection AIOCP 1.4 - 'poll_id' SQL Injection QuestCMS - Cross-Site Scripting / Directory Traversal / SQL Injection AIOCP 1.4 - 'poll_id' Parameter SQL Injection PersianBB - 'iranian_music.php id' SQL Injection Agares ThemeSiteScript 1.0 (loadadminpage) - Remote File Inclusion PersianBB - 'id' Parameter SQL Injection Agares ThemeSiteScript 1.0 - 'loadadminpage' Parameter Remote File Inclusion Sepal SPBOARD 4.5 - (board.cgi) Remote Command Execution Sepal SPBOARD 4.5 - 'board.cgi' Remote Command Execution Venalsur on-line Booking Centre - (OfertaID) Cross-Site Scripting / SQL Injection Pro Traffic One - 'poll_results.php id' SQL Injection Venalsur on-line Booking Centre - Cross-Site Scripting / SQL Injection Pro Traffic One - 'poll_results.php' SQL Injection e107 Plugin lyrics_menu - 'lyrics_song.php l_id' SQL Injection e107 Plugin lyrics_menu - 'l_id' Parameter SQL Injection SFS EZ Adult Directory - 'Directory.php id' SQL Injection Logz podcast CMS 1.3.1 - (add_url.php art) SQL Injection cpanel 11.x - Cross-Site Scripting / Local File Inclusion SFS EZ Adult Directory - 'directory.php' SQL Injection Logz podcast CMS 1.3.1 - 'art' Parameter SQL Injection cPanel 11.x - Cross-Site Scripting / Local File Inclusion SFS EZ HotScripts-like Site - 'cid' SQL Injection SFS EZ HotScripts-like Site - 'cid' Parameter SQL Injection SFS EZ Hosting Directory - 'cat_id' SQL Injection SFS EZ Hosting Directory - 'cat_id' Parameter SQL Injection SFS EZ Home Business Directory - 'cat_id' SQL Injection SFS EZ Link Directory - 'cat_id' SQL Injection Adult Banner Exchange Website - (targetid) SQL Injection SFS EZ BIZ PRO - 'track.php id' SQL Injection SFS EZ Affiliate - 'cat_id' SQL Injection Article Publisher PRO 1.5 - (Authentication Bypass) SQL Injection SFS EZ Webring - (cat) SQL Injection SFS EZ Hot or Not - (phid) SQL Injection SFS EZ Software - 'id' SQL Injection SFS EZ Home Business Directory - 'cat_id' Parameter SQL Injection SFS EZ Link Directory - 'cat_id' Parameter SQL Injection Adult Banner Exchange Website - 'targetid' Parameter SQL Injection SFS EZ BIZ PRO - SQL Injection SFS EZ Affiliate - 'cat_id' Parameter SQL Injection Article Publisher PRO 1.5 - Authentication Bypass SFS EZ Webring - 'cat' Parameter SQL Injection SFS EZ Hot or Not - 'phid' Parameter SQL Injection SFS EZ Software - 'id' Parameter SQL Injection Article Publisher PRO - (userid) SQL Injection SFS EZ Auction - 'viewfaqs.php cat' Blind SQL Injection SFS EZ Career - 'content.php topic' SQL Injection SFS EZ Top Sites - 'topsite.php ts' SQL Injection SFS EZ Webstore - (where) SQL Injection SFS EZ Pub Site - 'Directory.php cat' SQL Injection SFS EZ Gaming Cheats - 'id' SQL Injection Article Publisher PRO - 'userid' Parameter SQL Injection SFS EZ Auction - Blind SQL Injection SFS EZ Career - SQL Injection SFS EZ Top Sites - SQL Injection SFS EZ Webstore - 'where' Parameter SQL Injection SFS EZ Pub Site - SQL Injection SFS EZ Gaming Cheats - SQL Injection GO4I.NET ASP Forum 1.0 - (forum.asp iFor) SQL Injection YourFreeWorld Programs Rating - 'details.php id' SQL Injection GO4I.NET ASP Forum 1.0 - SQL Injection YourFreeWorld Programs Rating - SQL Injection Shahrood - 'ndetail.php id' Blind SQL Injection YourFreeWorld Downline Builder - 'id' SQL Injection YourFreeWorld Banner Management - 'id' SQL Injection YourFreeWorld Blog Blaster - 'id' SQL Injection YourFreeWorld Autoresponder Hosting - 'id' SQL Injection YourFreeWorld Forced Matrix Script - 'id' SQL Injection YourFreeWorld Short Url & Url Tracker - 'id' SQL Injection YourFreeWorld Viral Marketing - 'id' SQL Injection YourFreeWorld Scrolling Text Ads - 'id' SQL Injection YourFreeWorld Reminder Service - 'id' SQL Injection YourFreeWorld Classifieds Blaster - 'id' SQL Injection Shahrood - Blind SQL Injection YourFreeWorld Downline Builder - 'tr.php' SQL Injection YourFreeWorld Banner Management - SQL Injection YourFreeWorld Blog Blaster - 'tr.php' SQL Injection YourFreeWorld Autoresponder Hosting - 'tr.php' SQL Injection YourFreeWorld Forced Matrix Script - SQL Injection YourFreeWorld Short Url & Url Tracker - SQL Injection YourFreeWorld Viral Marketing - SQL Injection YourFreeWorld Scrolling Text Ads - SQL Injection YourFreeWorld Reminder Service - SQL Injection YourFreeWorld Classifieds Blaster - SQL Injection Downline Goldmine Builder - 'tr.php id' SQL Injection Downline Goldmine Category Addon - 'id' SQL Injection YourFreeWorld Classifieds Hosting - 'id' SQL Injection YourFreeWorld URL Rotator - 'id' SQL Injection Downline Goldmine paidversion - 'tr.php id' SQL Injection Downline Goldmine newdownlinebuilder - 'tr.php id' SQL Injection YourFreeWorld Shopping Cart - 'index.php c' Blind SQL Injection Maran PHP Shop - 'prod.php cat' SQL Injection Downline Goldmine Builder - SQL Injection Downline Goldmine Category Addon - SQL Injection YourFreeWorld Classifieds Hosting - SQL Injection YourFreeWorld URL Rotator - SQL Injection Downline Goldmine paidversion - SQL Injection Downline Goldmine newdownlinebuilder - SQL Injection YourFreeWorld Shopping Cart - Blind SQL Injection Maran PHP Shop - 'prod.php' SQL Injection 1st News - 'products.php id' SQL Injection 1st News - SQL Injection BosClassifieds - 'cat_id' SQL Injection BosClassifieds - 'cat_id' Parameter SQL Injection MatPo Link 1.2b - (view.php id) SQL Injection MatPo Link 1.2b - SQL Injection Apoll 0.7b - (Authentication Bypass) SQL Injection Apoll 0.7b - Authentication Bypass pppBlog 0.3.11 - (randompic.php) File Disclosure TBmnetCMS 1.0 - (index.php content) Local File Inclusion pppBlog 0.3.11 - File Disclosure TBmnetCMS 1.0 - Local File Inclusion WEBBDOMAIN Post Card 1.02 - 'catid' SQL Injection WEBBDOMAIN Post Card 1.02 - 'catid' Parameter SQL Injection nicLOR Puglia Landscape - 'id' Local File Inclusion nicLOR Puglia Landscape - Local File Inclusion Vibro-School-CMS - (nID) SQL Injection Vibro-School-CMS - 'nID' Parameter SQL Injection WEBBDOMAIN Petition 1.02/2.0/3.0 - (Authentication Bypass) SQL Injection WEBBDOMAIN Polls 1.01 - (Authentication Bypass) SQL Injection WEBBDOMAIN Quiz 1.02 - (Authentication Bypass) SQL Injection WEBBDOMAIN Webshop 1.02 - (Authentication Bypass) SQL Injection Simple Document Management System 1.1.4 - SQL Injection Authentication Bypass Tours Manager 1.0 - (cityview.php cityid) SQL Injection WEBBDOMAIN Post Card 1.02 - (Authentication Bypass) SQL Injection WEBBDOMAIN Petition 1.02/2.0/3.0 - Authentication Bypass WEBBDOMAIN Polls 1.01 - Authentication Bypass WEBBDOMAIN Quiz 1.02 - Authentication Bypass WEBBDOMAIN Webshop 1.02 - Authentication Bypass Simple Document Management System 1.1.4 - Authentication Bypass Tours Manager 1.0 - SQL Injection WEBBDOMAIN Post Card 1.02 - Authentication Bypass PHPX 3.5.16 - (news_id) SQL Injection Pre Podcast Portal - 'Tour.php id' SQL Injection PHPX 3.5.16 - 'news_id' Parameter SQL Injection Pre Podcast Portal - SQL Injection Graugon PHP Article Publisher 1.0 - (SQL Injection / Cookie Handling) Multiple Remote Vulnerabilities Graugon PHP Article Publisher 1.0 - SQL Injection / Cookie Handling Absolute Form Processor XE-V 1.5 - (Authentication Bypass) SQL Injection Absolute Form Processor XE-V 1.5 - Authentication Bypass MyForum 1.3 - (Authentication Bypass) SQL Injection MyForum 1.3 - Authentication Bypass Cpanel 11.25 - Cross-Site Request Forgery (Add FTP Account) cPanel 11.25 - Cross-Site Request Forgery (Add FTP Account) Simple Document Management System (SDMS) - SQL Injection Simple Document Management System - SQL Injection Cpanel 11.x - Cross-Site Request Forgery (Edit E-mail) cPanel 11.x - Cross-Site Request Forgery (Edit E-mail) PHPMyForum 4.0 - 'index.php' page Parameter Cross-Site Scripting PHPMyForum 4.0 - 'page' Parameter Cross-Site Scripting Cpanel 10 - Select.HTML Cross-Site Scripting cPanel 10 - Select.HTML Cross-Site Scripting CPanel 5-10 - SUID Wrapper Privilege Escalation cPanel 5-10 - SUID Wrapper Privilege Escalation AIOCP 1.3.x - 'cp_forum_view.php' Multiple Parameter Cross-Site Scripting AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter Cross-Site Scripting AIOCP 1.3.x - 'cp_show_ec_products.php' order_field Parameter Cross-Site Scripting AIOCP 1.3.x - 'cp_users_online.php order_field Parameter Cross-Site Scripting AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter Cross-Site Scripting AIOCP 1.3.x - '/admin/code/index.php' load_page Parameter Remote File Inclusion AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_news.php' Multiple Parameter SQL Injection AIOCP 1.3.x - 'cp_forum_view.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_edit_user.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_newsletter.php' Multiple Parameter SQL Injection AIOCP 1.3.x - 'cp_links.php' Multiple Parameter SQL Injection AIOCP 1.3.x - 'cp_contact_us.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_show_ec_products.php' Multiple Parameter SQL Injection AIOCP 1.3.x - 'cp_login.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_users_online.php' order_field Parameter SQL Injection AIOCP 1.3.x - 'cp_codice_fiscale.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter SQL Injection AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting AIOCP 1.3.x - 'cp_users_online.php' Cross-Site Scripting AIOCP 1.3.x - 'cp_links_search.php' Cross-Site Scripting AIOCP 1.3.x - 'load_page' Parameter Remote File Inclusion AIOCP 1.3.x - 'cp_dpage.php' SQL Injection AIOCP 1.3.x - 'cp_news.php' SQL Injection AIOCP 1.3.x - 'cp_forum_view.php' SQL Injection AIOCP 1.3.x - 'cp_edit_user.php' SQL Injection AIOCP 1.3.x - 'cp_newsletter.php' SQL Injection AIOCP 1.3.x - 'cp_links.php' SQL Injection AIOCP 1.3.x - 'cp_contact_us.php' SQL Injection AIOCP 1.3.x - 'cp_show_ec_products.php' SQL Injection AIOCP 1.3.x - 'cp_login.php' SQL Injection AIOCP 1.3.x - 'cp_users_online.php' SQL Injection AIOCP 1.3.x - 'cp_codice_fiscale.php' SQL Injection AIOCP 1.3.x - 'cp_links_search.php' SQL Injection CPanel 10 - DNSlook.HTML Cross-Site Scripting cPanel 10 - DNSlook.HTML Cross-Site Scripting CPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities cPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities CPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting CPanel 11 - PassWDMySQL Cross-Site Scripting cPanel 11 - PassWDMySQL Cross-Site Scripting CPanel 10.9.1 - Resname Parameter Cross-Site Scripting cPanel 10.9.1 - Resname Parameter Cross-Site Scripting netRisk 1.9.7 - 'index.php' Remote File Inclusion NetRisk 1.9.7 - 'index.php' Remote File Inclusion YourFreeWorld Downline Builder Pro - 'id' Parameter SQL Injection YourFreeWorld Downline Builder Pro - 'tr.php' SQL Injection XIGLA Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection TBmnetCMS 1.0 - 'content' Parameter Cross-Site Scripting TBmnetCMS 1.0 - Cross-Site Scripting pppBLOG 0.3 - 'search.php' Cross-Site Scripting Zend Framework / zend-mail < 2.4.11 - Remote Code Execution	2016-12-31 05:01:17 +00:00
Offensive Security	9f1fdff37d	DB: 2016-12-30 6 new exploits VicFTPS < 5.0 - (CWD) Remote Buffer Overflow (PoC) VicFTPS < 5.0 - 'CWD' Remote Buffer Overflow (PoC) SilverSHielD 1.0.2.34 - (opendir) Denial of Service SilverSHielD 1.0.2.34 - Denial of Service Android - get_user/put_user Exploit (Metasploit) LoudBlog 0.4 - (path) Arbitrary Remote File Inclusion LoudBlog 0.4 - Arbitrary Remote File Inclusion MyEvent 1.3 - (myevent_path) Remote File Inclusion MyEvent 1.3 - 'event.php' Remote File Inclusion LoudBlog 0.5 - (id) SQL Injection / Admin Credentials Disclosure LoudBlog 0.5 - SQL Injection / Admin Credentials Disclosure yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion PHP Easy Downloader 1.5 - (save.php) Remote Code Execution PHP Easy Downloader 1.5 - 'save.php' Remote Code Execution Ip Reg 0.3 - Multiple SQL Injections IP Reg 0.3 - Multiple SQL Injections AstroSPACES - 'id' SQL Injection AstroSPACES 1.1.1 - 'id' Parameter SQL Injection myEvent 1.6 - (viewevent.php) SQL Injection myEvent 1.6 - 'eventdate' Parameter SQL Injection Mosaic Commerce - 'category.php cid' SQL Injection Mosaic Commerce - 'cid' Parameter SQL Injection PokerMax Poker League - Insecure Cookie Handling Kure 0.6.3 - (index.php post & doc) Local File Inclusion PokerMax Poker League 0.13 - Insecure Cookie Handling Kure 0.6.3 - 'index.php' Local File Inclusion PHP Easy Downloader 1.5 - (file) File Disclosure PHP Easy Downloader 1.5 - 'file' Parameter File Disclosure Post Affiliate Pro 2.0 - (index.php md) Local File Inclusion Post Affiliate Pro 2.0 - 'md' Parameter Local File Inclusion XOOPS Module GesGaleri - (kategorino) SQL Injection XOOPS Module GesGaleri - SQL Injection zeeproperty - 'adid' SQL Injection zeeproperty - 'adid' Parameter SQL Injection Fast Click SQL 1.1.7 Lite - (init.php) Remote File Inclusion yappa-ng 2.3.3-beta0 - (album) Local File Inclusion Fast Click SQL 1.1.7 Lite - 'init.php' Remote File Inclusion Yappa-ng 2.3.3-beta0 - 'album' Parameter Local File Inclusion WBB Plugin rGallery 1.09 - 'itemID' Blind SQL Injection e107 <= 0.7.13 - (usersettings.php) Blind SQL Injection Joomla! Component ds-syndicate - (feed_id) SQL Injection XOOPS Module makale - SQL Injection WBB Plugin rGallery 1.09 - 'itemID' Parameter Blind SQL Injection e107 <= 0.7.13 - 'usersettings.php' Blind SQL Injection Joomla! Component ds-syndicate - 'feed_id' Parameter SQL Injection XOOPS Module makale 0.26 - SQL Injection ShopMaker 1.0 - (product.php id) SQL Injection Joomla! Component Daily Message 1.0.3 - 'id' SQL Injection ShopMaker CMS 1.0 - 'id' Parameter SQL Injection Joomla! Component Daily Message 1.0.3 - 'id' Parameter SQL Injection phpcrs 2.06 - (importFunction) Local File Inclusion LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection phpcrs 2.06 - 'importFunction' Parameter Local File Inclusion LoudBlog 0.8.0a - 'ajax.php' SQL Injection YDC - 'kdlist.php cat' SQL Injection YDC - 'cat' Parameter SQL Injection txtshop 1.0b (Windows) - 'Language' Local File Inclusion txtshop 1.0b (Windows) - 'Language' Parameter Local File Inclusion MindDezign Photo Gallery 2.2 - (index.php id) SQL Injection MindDezign Photo Gallery 2.2 - SQL Injection websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution Aj RSS Reader - 'EditUrl.php url' SQL Injection Aj RSS Reader - 'url' Parameter SQL Injection WordPress Plugin Media Holder - 'mediaHolder.php id' SQL Injection SFS Ez Forum - 'forum.php id' SQL Injection WordPress Plugin Media Holder - SQL Injection SFS Ez Forum - SQL Injection e107 Plugin EasyShop - (category_id) Blind SQL Injection e107 Plugin EasyShop - 'category_id' Parameter Blind SQL Injection Post Affiliate Pro 3 - (umprof_status) Blind SQL Injection Post Affiliate Pro 3 - 'umprof_status' Parameter Blind SQL Injection CafeEngine - 'index.php catid' SQL Injection CafeEngine - 'catid' Parameter SQL Injection shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion ShopMaker CMS 2.0 - Blind SQL Injection / Local File Inclusion CafeEngine CMS 2.3 - SQL Injection CafeEngine 2.3 - SQL Injection Yappa-NG 1.x/2.x - Unspecified Remote File Inclusion Yappa-NG 1.x/2.x - Unspecified Cross-Site Scripting Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting LoudBlog 0.41 - podcast.php id Parameter SQL Injection LoudBlog 0.41 - 'podcast.php' SQL Injection LoudBlog 0.41 - backend_settings.php language Parameter Traversal Arbitrary File Access LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access Fast Click SQL Lite 1.1.2/1.1.3 - show.php Remote File Inclusion Fast Click SQL Lite 1.1.2/1.1.3 - 'show.php' Remote File Inclusion myEvent 1.2/1.3 - Myevent.php Remote File Inclusion myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - search.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'day.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'week.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'month.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'search.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'report.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'help.php' Cross-Site Scripting yappa-ng - 'index.php' album Parameter Cross-Site Scripting yappa-ng - Query String Cross-Site Scripting Yappa-ng - 'index.php' album Parameter Cross-Site Scripting Yappa-ng - Query String Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/upload.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php Empty type Parameter Directory Listing tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php Empty type Parameter Directory Listing tinybrowser - 'type' Parameter Cross-Site Scripting tinybrowser - 'tinybrowser.php' Directory Listing tinybrowser - 'edit.php' Directory Listing Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 - SQL Injection PHPMailer < 5.2.18 - Remote Code Execution (Python) WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery	2016-12-30 05:01:19 +00:00
Offensive Security	f8746c89a4	DB: 2016-12-29 4 new exploits analogx SimpleServer:WWW 1.0.6 - Directory Traversal AnalogX SimpleServer:WWW 1.0.6 - Directory Traversal My PHP Dating - 'success_story.php id' SQL Injection My PHP Dating - 'id' Parameter SQL Injection Roundcube 0.3.1 - Cross-Site Request Forgery / SQL Injection Roundcube Webmail 0.3.1 - Cross-Site Request Forgery / SQL Injection Roundcube 1.1.3 - Directory Traversal Roundcube Webmail 1.1.3 - Directory Traversal PHPMailer 5.2.17 - Remote Code Execution PHPMailer < 5.2.18 - Remote Code Execution (Bash) PHPMailer < 5.2.18 - Remote Code Execution (PHP) PHPMailer < 5.2.20 - Remote Code Execution WordPress Plugin Simply Poll 1.4.1 - SQL Injection SwiftMailer < 5.4.5-DEV - Remote Code Execution	2016-12-29 05:01:16 +00:00
Offensive Security	e31e75b15f	DB: 2016-12-28 1 new exploits PHPMailer 5.2.17 - Remote Code Execution	2016-12-28 05:01:17 +00:00
Offensive Security	6a202bbb97	DB: 2016-12-27 4 new exploits Serv-U FTP Server < 5.2 - Remote Denial of Service RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service RhinoSoft Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service FTPShell Server 6.36 - '.csv' Local Denial of Service Serv-U FTP Server 3.x < 5.x - Privilege Escalation RhinoSoft Serv-U FTP Server 3.x < 5.x - Privilege Escalation Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal IndexScript 2.8 - (show_cat.php cat_id) SQL Injection IndexScript 2.8 - 'cat_id' Parameter SQL Injection GForge < 4.6b2 - (skill_delete) SQL Injection GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection torrenttrader classic 1.07 - Multiple Vulnerabilities TorrentTrader Classic 1.07 - Multiple Vulnerabilities Camera Life 2.6.2 - 'id' SQL Injection Camera Life 2.6.2 - 'id' Parameter SQL Injection Full PHP Emlak Script - 'arsaprint.php id' SQL Injection Full PHP Emlak Script - 'arsaprint.php' SQL Injection CCMS 3.1 - (skin) Multiple Local File Inclusion CCMS 3.1 - 'skin' Parameter Local File Inclusion JMweb - Multiple (src) Local File Inclusion JMweb - 'src' Parameter Local File Inclusion geccBBlite 2.0 - (leggi.php id) SQL Injection geccBBlite 2.0 - 'id' Parameter SQL Injection PHP-Fusion Mod raidtracker_panel - (INFO_RAID_ID) SQL Injection PHP-Fusion Mod recept - (kat_id) SQL Injection PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection Yerba SACphp 6.3 - (mod) Local File Inclusion Yerba SACphp 6.3 - Local File Inclusion Joomla! Component com_hotspots - (w) SQL Injection Joomla! Component com_hotspots - SQL Injection PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection PHP Auto Dealer 2.7 - (view_cat.php v_cat) SQL Injection PHP Autos 2.9.1 - (searchresults.php catid) SQL Injection Built2Go PHP Realestate 1.5 - (event_detail.php) SQL Injection PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection PHP Autos 2.9.1 - 'catid' Parameter SQL Injection Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection AdMan 1.1.20070907 - 'campaignId' SQL Injection AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection Gforge 4.5.19 - Multiple SQL Injections Gforge 4.6 rc1 - (skill_edit) SQL Injection GForge 4.5.19 - Multiple SQL Injections Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting IranMC Arad Center - 'news.php id' SQL Injection IranMC Arad Center - SQL Injection Ayco Okul Portali - (linkid) SQL Injection (tr) Ayco Okul Portali - 'linkid' Parameter SQL Injection Easynet4u faq Host - 'faq.php faq' SQL Injection Easynet4u faq Host - 'faq.php' SQL Injection MunzurSoft Wep Portal W3 - (kat) SQL Injection Easynet4u Link Host - 'cat_id' SQL Injection SlimCMS 1.0.0 - (redirect.php) Privilege Escalation Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection Easynet4u Link Host - 'cat_id' Parameter SQL Injection SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection Real Estate Scripts 2008 - 'index.php cat' SQL Injection Real Estate Scripts 2008 - 'cat' Parameter SQL Injection ParsBlogger - 'links.asp id' SQL Injection IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection ParsBlogger - 'links.asp' SQL Injection IndexScript 3.0 - 'parent_id' Parameter SQL Injection XOOPS Module xhresim - 'index.php no' SQL Injection XOOPS Module xhresim - SQL Injection SezHoo 0.1 - (IP) Remote File Inclusion SezHoo 0.1 - Remote File Inclusion torrenttrader classic 1.09 - Multiple Vulnerabilities TorrentTrader Classic 1.09 - Multiple Vulnerabilities AdaptCMS Lite 1.5 2009-07-07 - Exploit AdaptCMS Lite 1.5 - Arbitrary Add Admin Absolute Poll Manager XE 4.1 - xlaapmview.asp Cross-Site Scripting Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - DomainConfig.do Operation Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting Joomla! Component Blog Calendar - SQL Injection PHPMailer 5.2.17 - Remote Code Execution	2016-12-27 05:01:16 +00:00
Offensive Security	af66bcd9e5	DB: 2016-12-26 1 new exploits XAMPP Control Panel - Denial Of Service	2016-12-26 05:01:17 +00:00
Offensive Security	560fb055c7	DB: 2016-12-25	2016-12-25 05:01:18 +00:00
Offensive Security	897e1fa191	DB: 2016-12-24 3 new exploits WinFTP Server 2.0.2 - (PASV) Remote Denial of Service WinFTP Server 2.0.2 - 'PASV' Remote Denial of Service WinFTP Server 2.3.0 - (NLST) Denial of Service WinFTP Server 2.3.0 - 'NLST' Denial of Service vxFtpSrv 2.0.3 - CWD command Remote Buffer Overflow (PoC) vxFtpSrv 2.0.3 - 'CWD' Remote Buffer Overflow (PoC) OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation X7 Chat 2.0.5 - lib/message.php preg_replace() PHP Code Execution (Metasploit) X7 Chat 2.0.5 - 'message.php' PHP Code Execution (Metasploit) OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading X7 Chat 2.0 - (help_file) Remote Command Execution X7 Chat 2.0 - 'help_file' Parameter Remote Command Execution Ultimate WebBoard 3.00 - (Category) SQL Injection PromoteWeb MySQL - 'go.php id' SQL Injection 212Cafe Board 0.07 - (view.php qID) SQL Injection Ultimate WebBoard 3.00 - 'Category' Parameter SQL Injection PromoteWeb MySQL - 'id' Parameter SQL Injection 212Cafe Board 0.07 - 'qID' Parameter SQL Injection The Gemini Portal - 'lang' Remote File Inclusion RPG.Board 0.0.8Beta2 - (showtopic) SQL Injection ASPapp KnowledgeBase - 'catid' SQL Injection The Gemini Portal 4.7 - 'lang' Parameter Remote File Inclusion RPG.Board 0.0.8Beta2 - 'showtopic' Parameter SQL Injection ASPapp KnowledgeBase - 'catid' Parameter SQL Injection X7 Chat 2.0.1A1 - (mini.php help_file) Local File Inclusion X7 Chat 2.0.1A1 - 'mini.php' Local File Inclusion CoAST 0.95 - (sections_file) Remote File Inclusion Real Estate Manager - 'cat_id' SQL Injection LnBlog 0.9.0 - (plugin) Local File Inclusion PlugSpace 0.1 - (index.php navi) Local File Inclusion MyCard 1.0.2 - (gallery.php id) SQL Injection PowerPortal 2.0.13 - 'path' Local Directory Traversal PHP-Lance 1.52 - (show.php catid) SQL Injection Yoxel 1.23beta - (itpm_estimate.php a) Remote Code Execution CoAST 0.95 - 'sections_file' Parameter Remote File Inclusion Real Estate Manager 1.01 - 'cat_id' Parameter SQL Injection LnBlog 0.9.0 - 'plugin' Parameter Local File Inclusion PlugSpace 0.1 - 'navi' Parameter Local File Inclusion MyCard 1.0.2 - 'id' Parameter SQL Injection PowerPortal 2.0.13 - 'path' Parameter Local Directory Traversal PHP-Lance 1.52 - 'catid' Parameter SQL Injection Yoxel 1.23beta - 'itpm_estimate.php' Remote Code Execution ZEELYRICS 2.0 - (bannerclick.php adid) SQL Injection ZEELYRICS 2.0 - 'bannerclick.php' SQL Injection Pro Chat Rooms 3.0.3 - (guid) SQL Injection Pilot Group eTraining - 'news_read.php id' SQL Injection BbZL.php 0.92 - (lien_2) Local Directory Traversal Pro Chat Rooms 3.0.3 - SQL Injection Pilot Group eTraining - 'news_read.php' SQL Injection BbZL.php 0.92 - 'lien_2' Parameter Local Directory Traversal Arcadem Pro - 'articlecat' SQL Injection Arcadem Pro - 'articlecat' Parameter SQL Injection ArabCMS - 'rss.php rss' Local File Inclusion FAQ Management Script - 'catid' SQL Injection ArabCMS - 'rss.php' Local File Inclusion FAQ Management Script - 'catid' Parameter SQL Injection BookMarks Favourites Script - 'view_group.php id' SQL Injection BookMarks Favourites Script - 'id' Parameter SQL Injection BMForum 5.6 - (tagname) SQL Injection BMForum 5.6 - 'tagname' Parameter SQL Injection Crux Gallery 1.32 - (index.php theme) Local File Inclusion phpScheduleIt 1.2.10 - (reserve.php) Remote Code Execution RPortal 1.1 - (file_op) Remote File Inclusion Crux Gallery 1.32 - 'theme' Parameter Local File Inclusion phpScheduleIt 1.2.10 - 'reserve.php' Remote Code Execution RPortal 1.1 - 'file_op' Parameter Remote File Inclusion Link Trader - 'ratelink.php lnkid' SQL Injection Link Trader - 'lnkid' Parameter SQL Injection OLIB 7 WebView 2.5.1.1 - (infile) Local File Inclusion OpenX 2.6 - (ac.php bannerid) Blind SQL Injection OLIB 7 WebView 2.5.1.1 - 'infile' Parameter Local File Inclusion OpenX 2.6 - 'bannerid' Parameter Blind SQL Injection X7 Chat 2.0.5 - (Authentication Bypass) SQL Injection X7 Chat 2.0.5 - Authentication Bypass Arcadem Pro 2.8 - (article) Blind SQL Injection Arcadem Pro 2.8 - 'article' Parameter Blind SQL Injection Link Trader - (lnkid) SQL Injection phpScheduleIt PHP - reserve.php start_date Parameter Arbitrary Code Injection (Metasploit) phpScheduleIt 1.2.10 - 'reserve.php' Arbitrary Code Injection (Metasploit) PowerPortal 1.1/1.3 - modules.php Traversal Arbitrary Directory Listing PowerPortal 1.1/1.3 - 'modules.php' Traversal Arbitrary Directory Listing Atomic Photo Album 0.x/1.0 - Apa_PHPInclude.INC.php Remote File Inclusion Atomic Photo Album 0.x/1.0 - 'Apa_PHPInclude.INC.php' Remote File Inclusion BMForum 3.0 - topic.php Multiple Parameter Cross-Site Scripting BMForum 3.0 - forums.php Multiple Parameter Cross-Site Scripting BMForum 3.0 - post.php forumid Parameter Cross-Site Scripting BMForum 3.0 - announcesys.php forumid Parameter Cross-Site Scripting BMForum 3.0 - 'topic.php' Cross-Site Scripting BMForum 3.0 - 'forums.php' Cross-Site Scripting BMForum 3.0 - 'post.php' Cross-Site Scripting BMForum 3.0 - 'announcesys.php' Cross-Site Scripting PowerPortal 1.1/1.3 - 'index.php' search Parameter Cross-Site Scripting PowerPortal 1.1/1.3 - search.php search Parameter Cross-Site Scripting PowerPortal 1.1/1.3 - 'index.php' Cross-Site Scripting PowerPortal 1.1/1.3 - 'search.php' Cross-Site Scripting X7 Chat 2.0.4 - sources/frame.php room Parameter Cross-Site Scripting X7 Chat 2.0.4 - upgradev1.php INSTALL_X7CHATVERSION Parameter Cross-Site Scripting X7 Chat 2.0.4 - 'frame.php' Cross-Site Scripting X7 Chat 2.0.4 - 'upgradev1.php' Cross-Site Scripting BMForum 5.6 - 'index.php' outpused Parameter Cross-Site Scripting BMForum 5.6 - newtem/footer/bsd01footer.php Multiple Parameter Cross-Site Scripting BMForum 5.6 - newtem/header/bsd01header.php Multiple Parameter Cross-Site Scripting BMForum 5.6 - 'index.php' Cross-Site Scripting BMForum 5.6 - 'bsd01footer.php' Cross-Site Scripting BMForum 5.6 - 'bsd01header.php' Cross-Site Scripting Pilot Group eTraining - courses_login.php cat_id Parameter Cross-Site Scripting Pilot Group eTraining - news_read.php id Parameter Cross-Site Scripting Pilot Group eTraining - lessons_login.php Multiple Parameter Cross-Site Scripting Pilot Group eTraining - 'courses_login.php' Cross-Site Scripting Pilot Group eTraining - 'news_read.php' Cross-Site Scripting Pilot Group eTraining - 'lessons_login.php' Cross-Site Scripting OpenX - /www/admin/plugin-index.php parent Parameter Cross-Site Scripting OpenX 2.8.10 - 'plugin-index.php' Cross-Site Scripting Apache mod_session_crypto - Padding Oracle	2016-12-24 05:01:17 +00:00
Offensive Security	26b1e8b6ad	DB: 2016-12-23 10 new exploits Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 MSHTML - CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035) Microsoft Internet Explorer 11 - MSHTML CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035) macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation Vesta Control Panel 0.9.8-16 - Local Privilege Escalation macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation PHP iCalendar 2.21 - (publish.ical.php) Remote Code Execution PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution CzarNews 1.14 - (tpath) Remote File Inclusion CzarNews 1.14 - 'tpath' Parameter Remote File Inclusion N/X WCMS 4.1 - (nxheader.inc.php) Remote File Inclusion N/X WCMS 4.1 - 'nxheader.inc.php' Remote File Inclusion Powies pForum 1.29a - (editpoll.php) SQL Injection Powies pForum 1.29a - 'editpoll.php' SQL Injection AssetMan 2.4a - (download_pdf.php) Remote File Disclosure AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure Orion-Blog 2.0 - (AdminBlogNewsEdit.asp) Remote Authentication Bypass Orion-Blog 2.0 - Remote Authentication Bypass Ol BookMarks Manager 0.7.4 - (root) Remote File Inclusion Ol BookMarks Manager 0.7.4 - 'root' Parameter Remote File Inclusion AdminBot 9.0.5 - (live_status.lib.php ROOT) Remote File Inclusion AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion WSN Links Basic Edition - (displaycat catid) SQL Injection WSN Links Basic Edition - 'catid' Parameter SQL Injection phpRealty 0.02 - (MGR) Multiple Remote File Inclusion phpRealty 0.02 - 'MGR' Parameter Multiple Remote File Inclusion jPORTAL 2 - mailer.php SQL Injection jPORTAL 2.3.1 - articles.php SQL Injection jPORTAL 2 - 'mailer.php' SQL Injection jPORTAL 2.3.1 - 'articles.php' SQL Injection AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection AvailScript Jobs Portal Script - 'jid' Parameter SQL Injection PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion D-iscussion Board 3.01 - (topic) Local File Inclusion D-iscussion Board 3.01 - 'topic' Parameter Local File Inclusion PhpWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection PhpWebGallery 1.3.4 - Blind SQL Injection pForum 1.30 - (showprofil.php id) SQL Injection WebPortal CMS 0.7.4 - (download.php aid) SQL Injection iBoutique 4.0 - (cat) SQL Injection SkaLinks 1.5 - (register.php) Arbitrary Add Editor vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection pForum 1.30 - 'showprofil.php' SQL Injection WebPortal CMS 0.7.4 - 'download.php' SQL Injection iBoutique 4.0 - 'cat' Parameter SQL Injection SkaLinks 1.5 - 'register.php' Arbitrary Add Editor vbLOGIX Tutorial Script 1.0 - 'cat_id' Parameter SQL Injection pLink 2.07 - (linkto.php id) Blind SQL Injection pLink 2.07 - 'linkto.php' Blind SQL Injection FoT Video scripti 1.1b - (oyun) SQL Injection FoT Video scripti 1.1b - 'oyun' Parameter SQL Injection Pre Real Estate Listings - 'search.php c' SQL Injection Pre Real Estate Listings - 'search.php' SQL Injection iScripts EasyIndex - (produid) SQL Injection iScripts EasyIndex - 'produid' Parameter SQL Injection Hotel Reservation System - 'city.asp city' Blind SQL Injection phpRealty 0.3 - (INC) Remote File Inclusion PHP Crawler 0.8 - (footer) Remote File Inclusion Technote 7 - (shop_this_skin_path) Remote File Inclusion Hotel Reservation System - 'city.asp' Blind SQL Injection phpRealty 0.3 - 'INC' Parameter Remote File Inclusion PHP Crawler 0.8 - Remote File Inclusion Technote 7 - 'shop_this_skin_path' Parameter Remote File Inclusion E-PHP CMS - 'article.php es_id' SQL Injection addalink 4 - 'category_id' SQL Injection ProArcadeScript 1.3 - (random) SQL Injection CYASK 3.x - (collect.php neturl) Local File Disclosure Diesel Joke Site - 'picture_category.php id' SQL Injection ProActive CMS - 'template' Local File Inclusion E-PHP CMS - 'article.php' SQL Injection addalink 4 - 'category_id' Parameter SQL Injection ProArcadeScript 1.3 - 'random' Parameter SQL Injection CYASK 3.x - 'neturl' Parameter Local File Disclosure Diesel Joke Site - 'picture_category.php' SQL Injection ProActive CMS - 'template' Parameter Local File Inclusion Diesel Pay Script - (area) SQL Injection Plaincart 1.1.2 - (p) SQL Injection Oceandir 2.9 - (show_vote.php id) SQL Injection jPORTAL 2 - 'humor.php id' SQL Injection Diesel Pay Script - 'area' Parameter SQL Injection Plaincart 1.1.2 - 'p' Parameter SQL Injection Oceandir 2.9 - 'show_vote.php' SQL Injection jPORTAL 2 - 'humor.php' SQL Injection Diesel Job Site - (job_id) Blind SQL Injection Diesel Job Site - 'job_id' Parameter Blind SQL Injection e107 Plugin Image Gallery 0.9.6.2 - (image) SQL Injection e107 Plugin Image Gallery 0.9.6.2 - SQL Injection WSN Links 2.22/2.23 - (vote.php) SQL Injection WSN Links 2.22/2.23 - 'vote.php' SQL Injection BuzzyWall 1.3.1 - (search.php search) SQL Injection WCMS 1.0b - (news_detail.asp id) SQL Injection BuzzyWall 1.3.1 - 'search' Parameter SQL Injection WCMS 1.0b - 'news_detail.asp' SQL Injection OpenElec 3.01 - (form.php obj) Local File Inclusion OpenElec 3.01 - 'obj' Parameter Local File Inclusion basebuilder 2.0.1 - (main.inc.php) Remote File Inclusion Fez 1.3/2.0 RC1 - (list.php) SQL Injection basebuilder 2.0.1 - 'main.inc.php' Remote File Inclusion Fez 1.3/2.0 RC1 - 'list.php' SQL Injection OpenRat 0.8-beta4 - (tpl_dir) Remote File Inclusion Sofi WebGui 0.6.3 PRE - (mod_dir) Remote File Inclusion OpenRat 0.8-beta4 - 'tpl_dir' Parameter Remote File Inclusion Sofi WebGui 0.6.3 PRE - 'mod_dir' Parameter Remote File Inclusion JETIK-WEB Software - 'sayfa.php kat' SQL Injection JETIK-WEB Software - 'kat' Parameter SQL Injection WebPortal CMS 0.7.4 - (code) Remote Code Execution HotScripts Clone - 'cid' SQL Injection WebPortal CMS 0.7.4 - 'code' Parameter Remote Code Execution HotScripts Clone - 'cid' Parameter SQL Injection emergecolab 1.0 - (sitecode) Local File Inclusion mailwatch 1.0.4 - (docs.php doc) Local File Inclusion PHPcounter 1.3.2 - (defs.php l) Local File Inclusion emergecolab 1.0 - 'sitecode' Parameter Local File Inclusion mailwatch 1.0.4 - 'doc' Parameter Local File Inclusion PHPcounter 1.3.2 - 'defs.php' Local File Inclusion webcp 0.5.7 - (filelocation) Remote File Disclosure webcp 0.5.7 - 'filelocation' Parameter Remote File Disclosure LanSuite 3.3.2 - (design) Local File Inclusion PHPOCS 0.1-beta3 - (index.php act) Local File Inclusion Vikingboard 0.2 Beta - (task) Local File Inclusion LanSuite 3.3.2 - 'design' Parameter Local File Inclusion PHPOCS 0.1-beta3 - 'act' Parameter Local File Inclusion Vikingboard 0.2 Beta - 'task' Parameter Local File Inclusion barcodegen 2.0.0 - (class_dir) Remote File Inclusion barcodegen 2.0.0 - 'class_dir' Parameter Remote File Inclusion PHPcounter 1.3.2 - (index.php name) SQL Injection PHPcounter 1.3.2 - 'index.php' SQL Injection PhpWebGallery 1.7.2 - Session Hijacking / Code Execution PHPWebGallery 1.7.2 - Session Hijacking / Code Execution BuzzyWall 1.3.1 - (download id) Remote File Disclosure BuzzyWall 1.3.1 - 'id' Parameter Remote File Disclosure Pre Real Estate Listings - (Authentication Bypass) SQL Injection Pre Real Estate Listings - Authentication Bypass Netartmedia Real Estate Portal 1.2 - (ad_id) SQL Injection Netartmedia Real Estate Portal 1.2 - 'ad_id' Parameter SQL Injection SkaLinks 1.5 - (Authentication Bypass) SQL Injection SkaLinks 1.5 - Authentication Bypass diesel job site 1.4 - Multiple Vulnerabilities Diesel Job Site 1.4 - Multiple Vulnerabilities ProArcadeScript to Game - (game) SQL Injection ProArcadeScript to Game - SQL Injection Link Bid Script - 'links.php id' SQL Injection Link Bid Script - 'links.php' SQL Injection NetArt Media iBoutique 4.0 - (index.php key Parameter) SQL Injection iBoutique 4.0 - 'key' Parameter SQL Injection PHPForum 2.0 RC1 - Mainfile.php Remote File Inclusion PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion JPortal 2.2.1 - print.php SQL Injection jPORTAL 2.2.1 - 'print.php' SQL Injection CzarNews 1.13/1.14 - headlines.php Remote File Inclusion CzarNews 1.13/1.14 - 'headlines.php' Remote File Inclusion JPortal 2.3.1 - Banner.php SQL Injection jPORTAL 2.3.1 - 'Banner.php' SQL Injection CJ Ultra Plus 1.0.3/1.0.4 - OUT.php SQL Injection CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection JPortal 2.2.1/2.3.1 - download.php SQL Injection jPORTAL 2.2.1/2.3.1 - 'download.php' SQL Injection JPortal Web Portal 2.2.1/2.3.1 - comment.php id Parameter SQL Injection JPortal Web Portal 2.2.1/2.3.1 - news.php id Parameter SQL Injection JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection PHPWCMS 1.2.5 -DEV - random_image.php imgdir Parameter Traversal Arbitrary File Access PHPWCMS 1.2.5 -DEV - 'imgdir' Parameter Traversal Arbitrary File Access JPortal 2.2.1/2.3 Forum - forum.php SQL Injection jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection Diesel Joke Site - Category.php SQL Injection Diesel Joke Site - 'Category.php' SQL Injection TinyPHPForum 3.6 - error.php Information Disclosure TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass TinyPHPForum 3.6 - 'error.php' Information Disclosure TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass Vikingboard Viking board 0.1b - help.php act Parameter Cross-Site Scripting Vikingboard Viking board 0.1b - report.php p Parameter Cross-Site Scripting Vikingboard 0.1 - topic.php SQL Injection Vikingboard 0.1b - 'help.php' Cross-Site Scripting Vikingboard 0.1b - 'report.php' Cross-Site Scripting Vikingboard 0.1 - 'topic.php' SQL Injection PHP iCalendar 1.1/2.x - day.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - month.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - year.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - week.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - search.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - rss/index.php getdate Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - print.php getdate Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - preferences.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - 'day.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'month.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'year.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'week.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'search.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'getdate' Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - 'print.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'preferences.php' Cross-Site Scripting Vikingboard Viking board 0.1.2 - cp.php Multiple Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - user.php u Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - post.php Multiple Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - topic.php s Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - forum.php debug Variable Information Disclosure Vikingboard Viking board 0.1.2 - cp.php debug Variable Information Disclosure Vikingboard 0.1.2 - 'cp.php' Cross-Site Scripting Vikingboard 0.1.2 - 'user.php' Cross-Site Scripting Vikingboard 0.1.2 - 'post.php' Cross-Site Scripting Vikingboard 0.1.2 - 'topic.php' Cross-Site Scripting Vikingboard 0.1.2 - 'forum.php' Information Disclosure Vikingboard 0.1.2 - 'cp.php' Information Disclosure PaysiteReviewCMS 1.1 - search.php q Parameter Cross-Site Scripting PaysiteReviewCMS - image.php image Parameter Cross-Site Scripting PaysiteReviewCMS 1.1 - 'search.php' Cross-Site Scripting PaysiteReviewCMS - 'image.php' Cross-Site Scripting BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure	2016-12-23 05:01:18 +00:00
Offensive Security	31efda0762	DB: 2016-12-22	2016-12-22 20:51:38 +00:00
Offensive Security	a099e58626	DB: 2016-12-22 3 new exploits Android - getpidcon Usage binder Service Replacement Race Condition Google Android - getpidcon Usage binder Service Replacement Race Condition ADODB < 4.70 - (tmssql.php) Denial of Service ADODB < 4.70 - 'tmssql.php' Denial of Service FlashGet 3.x - IEHelper Remote Exec (PoC) FlashGet 3.x - IEHelper Remote Execution (PoC) SopCast SopCore Control ActiveX - Remote Exec (PoC) UUSee ReliPlayer ActiveX - Remote Exec (PoC) SPlayer XvidDecoder 3.3 - ActiveX Remote Exec (PoC) SopCast SopCore Control ActiveX - Remote Execution (PoC) UUSee ReliPlayer ActiveX - Remote Execution (PoC) SPlayer XvidDecoder 3.3 - ActiveX Remote Execution (PoC) Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Exec (PoC) Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Execution (PoC) EViews 7.0.0.1 - (aka 7.2) Multiple Vulnerabilities EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities Android Kernel 2.6 - Local Denial of Service Crash (PoC) Google Android Kernel 2.6 - Local Denial of Service Crash (PoC) IBM solidDB 6.0.10 - (Format String and Denial of Service) Multiple Vulnerabilities IBM solidDB 6.0.10 - Format String / Denial of Service OpenLDAP 2.4.22 - ('modrdn' Request) Multiple Vulnerabilities OpenLDAP 2.4.22 - 'modrdn' Request Multiple Vulnerabilities Apple Mac OSX Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities Apple Mac OSX Regex Engine (TRE) - Integer Signedness / Overflow Android - ih264d_process_intra_mb Memory Corruption Google Android - 'ih264d_process_intra_mb' Memory Corruption Android - IOMX getConfig/getParameter Information Disclosure Android - IMemory Native Interface is Insecure for IPC Use Google Android - IOMX getConfig/getParameter Information Disclosure Google Android - IMemory Native Interface is Insecure for IPC Use Android Broadcom Wi-Fi Driver - Memory Corruption Google Android Broadcom Wi-Fi Driver - Memory Corruption Android - /system/bin/sdcard Stack Buffer Overflow Google Android - '/system/bin/sdcard' Stack Buffer Overflow Android - Insufficient Binder Message Verification Pointer Leak Android - 'gpsOneXtra' Data Files Denial of Service Google Android - Insufficient Binder Message Verification Pointer Leak Google Android - 'gpsOneXtra' Data Files Denial of Service Android - Binder Generic ASLR Leak Google Android - Binder Generic ASLR Leak Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index Google Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index Google Android - WifiNative::setHotlist Stack Overflow Google Android - WifiNative::setHotlist Stack Overflow Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145) Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144) PHP 4.4.0 - (mysql_connect function) Local Buffer Overflow PHP 4.4.0 - 'mysql_connect function' Local Buffer Overflow Android 1.x/2.x - Privilege Escalation Google Android 1.x/2.x - Privilege Escalation Android - 'sensord' Privilege Escalation Google Android - 'sensord' Privilege Escalation tcpdump - ISAKMP Identification payload Integer Overflow tcpdump - ISAKMP Identification Payload Integer Overflow Smail 3.2.0.120 - Heap Overflow Smail 3.2.0.120 - Heap Overflow HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution Exploit HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution Motorola Wimax modem CPEi300 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting navicopa WebServer 3.0.1 - (Buffer Overflow / Script Source Disclosure) Multiple Vulnerabilities navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure dwebpro 6.8.26 - (Directory Traversal/File Disclosure) Multiple Vulnerabilities dwebpro 6.8.26 - Directory Traversal / File Disclosure citrix xencenterweb - (Cross-Site Scripting / SQL Injection / Remote Code Execution) Multiple Vulnerabilities citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Exec (PoC) Trend Micro Web-Deployment ActiveX - Remote Exec (PoC) Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC) Trend Micro Web-Deployment ActiveX - Remote Execution (PoC) Apache OFBiz - SQL Remote Execution PoC Payload Apache OFBiz - FULLADMIN Creator PoC Payload Apache OFBiz - Remote Execution (via SQL Execution) (PoC) Apache OFBiz - Admin Creator (PoC) Android 2.0 < 2.1 - Reverse Shell Exploit Google Android 2.0 < 2.1 - Reverse Shell Exploit Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit Google Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit Android 2.0 / 2.1 /2.1.1 - WebKit Use-After-Free Exploit Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Exploit Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution WinComLPD Total 3.0.2.623 - (Buffer Overflow and Authentication Bypass) Multiple Vulnerabilities WinComLPD Total 3.0.2.623 - Buffer Overflow / Authentication Bypass Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - (ePowner) Multiple Vulnerabilities McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities ServletExec - (Directory Traversal / Authentication Bypass) Multiple Vulnerabilities ServletExec - Directory Traversal / Authentication Bypass Android - 'Stagefright' Remote Code Execution Google Android - 'Stagefright' Remote Code Execution Android - libstagefright Integer Overflow Remote Code Execution Google Android - libstagefright Integer Overflow Remote Code Execution Android 2.3.5 - PowerVR SGX Driver Information Disclosure Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure Android ADB Debug Server - Remote Payload Execution (Metasploit) Google Android ADB Debug Server - Remote Payload Execution (Metasploit) Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass) Google Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass) Android - 'BadKernel' Remote Code Execution Google Android - 'BadKernel' Remote Code Execution Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit) Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit) NETGEAR WNR2000v5 - Remote Code Execution Linux/x86 - portbind payload Shellcode (Generator) Windows XP SP1 - portbind payload Shellcode (Generator) Linux/x86 - Portbind Payload Shellcode (Generator) Windows XP SP1 - Portbind Payload Shellcode (Generator) Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes) Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes) phpCOIN 1.2.2 - (phpcoinsessid) SQL Inj / Remote Code Execution phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution Aztek Forum 4.00 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities (PoC) Aztek Forum 4.00 - Cross-Site Scripting / SQL Injection Integramod Portal 2.x - (functions_portal.php) Remote File Inclusion Integramod Portal 2.x - 'functions_portal.php' Remote File Inclusion Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion Integramod Portal 2.0 rc2 - 'phpbb_root_path' Parameter Remote File Inclusion paBugs 2.0 Beta 3 - (class.mysql.php) Remote File Inclusion paBugs 2.0 Beta 3 - 'class.mysql.php' Remote File Inclusion Agora 1.4 RC1 - (MysqlfinderAdmin.php) Remote File Inclusion Agora 1.4 RC1 - 'MysqlfinderAdmin.php' Remote File Inclusion blogme 3.0 - (Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities blogme 3.0 - Cross-Site Scripting / Authentication Bypass torrentflux 2.2 - (Arbitrary File Create/ Execute / Delete) Multiple Vulnerabilities torrentflux 2.2 - Arbitrary File Create/ Execute/Delete BBS E-Market Professional - (Full Path Disclosure / File Inclusion) Multiple Vulnerabilities BBS E-Market Professional - Full Path Disclosure / File Inclusion myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Remote File Inclusion myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Parameter Remote File Inclusion ig shop 1.0 - (Code Execution / SQL Injection) Multiple Vulnerabilities ig shop 1.0 - Code Execution / SQL Injection QUOTE&ORDERING SYSTEM 1.0 - (ordernum) Multiple Vulnerabilities QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities vp-asp shopping cart 6.09 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities vp-asp shopping cart 6.09 - SQL Injection / Cross-Site Scripting forum livre 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities forum livre 1.0 - SQL Injection / Cross-Site Scripting otscms 2.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities otscms 2.1.5 - SQL Injection / Cross-Site Scripting Connectix Boards 0.7 - (p_skin) Multiple Vulnerabilities Connectix Boards 0.7 - 'p_skin' Multiple Vulnerabilities wbblog - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities wbblog - Cross-Site Scripting / SQL Injection PHP-Nuke Module Eve-Nuke 0.1 - (mysql.php) Remote File Inclusion PHP-Nuke Module Eve-Nuke 0.1 - 'mysql.php' Remote File Inclusion Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Quick and Dirty Blog (qdblog) 0.4 - SQL Injection / Local File Inclusion PHP Coupon Script 3.0 - (index.php bus) SQL Injection PHP Coupon Script 3.0 - 'bus' Parameter SQL Injection runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities runawaysoft haber portal 1.0 - 'tr' Multiple Vulnerabilities NetClassifieds - (SQL Injection / Cross-Site Scripting / Full Path) Multiple Vulnerabilities NetClassifieds - SQL Injection / Cross-Site Scripting / Full Path bugmall shopping cart 2.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting PHPVID 0.9.9 - (categories_type.php cat) SQL Injection PHPVID 0.9.9 - 'categories_type.php' SQL Injection bcoos 1.0.10 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities bcoos 1.0.10 - Local File Inclusion / SQL Injection ftp Admin 0.1.0 - (Local File Inclusion / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass falcon CMS 1.4.3 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting gf-3xplorer 2.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion PortalApp 4.0 - (SQL Injection / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities PortalApp 4.0 - SQL Injection / Cross-Site Scripting / Authentication Bypass netrisk 1.9.7 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities netrisk 1.9.7 - Cross-Site Scripting / SQL Injection EasyClassifields 3.0 - (go) SQL Injection CMSbright - (id_rub_page) SQL Injection EasyClassifields 3.0 - 'go' Parameter SQL Injection CMSbright - 'id_rub_page' Parameter SQL Injection myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection Coupon Script 4.0 - 'id' SQL Injection Reciprocal Links Manager 1.1 - (site) SQL Injection myPHPNuke < 1.8.8_8rc2 - 'artid' Parameter SQL Injection Coupon Script 4.0 - 'id' Parameter SQL Injection Reciprocal Links Manager 1.1 - 'site' Parameter SQL Injection CS-Cart 1.3.5 - (Authentication Bypass) SQL Injection Spice Classifieds - (cat_path) SQL Injection CS-Cart 1.3.5 - Authentication Bypass Spice Classifieds - 'cat_path' Parameter SQL Injection aspwebalbum 3.2 - (Arbitrary File Upload / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting Living Local Website - 'listtest.php r' SQL Injection ACG-PTP 1.0.6 - 'adid' SQL Injection qwicsite pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ACG-ScriptShop - 'cid' SQL Injection AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution Living Local Website - 'listtest.php' SQL Injection ACG-PTP 1.0.6 - 'adid' Parameter SQL Injection qwicsite pro - SQL Injection / Cross-Site Scripting ACG-ScriptShop - 'cid' Parameter SQL Injection AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution Vastal I-Tech Agent Zone - (ann_id) SQL Injection Vastal I-Tech Visa Zone - (news_id) SQL Injection Vastal I-Tech Toner Cart - 'id' SQL Injection Vastal I-Tech Share Zone - 'id' SQL Injection Vastal I-Tech DVD Zone - 'cat_id' SQL Injection Vastal I-Tech Jobs Zone - (news_id) SQL Injection Vastal I-Tech MMORPG Zone - (game_id) SQL Injection Vastal I-Tech Mag Zone - 'cat_id' SQL Injection Vastal I-Tech Freelance Zone - (coder_id) SQL Injection Vastal I-Tech Cosmetics Zone - 'cat_id' SQL Injection EsFaq 2.0 - (idcat) SQL Injection Vastal I-Tech Shaadi Zone 1.0.9 - (tage) SQL Injection Vastal I-Tech Dating Zone - (fage) SQL Injection Vastal I-Tech Agent Zone - 'ann_id' Parameter SQL Injection Vastal I-Tech Visa Zone - 'news_id' Parameter SQL Injection Vastal I-Tech Toner Cart - 'id' Parameter SQL Injection Vastal I-Tech Share Zone - 'id' Parameter SQL Injection Vastal I-Tech DVD Zone - 'cat_id' Parameter SQL Injection Vastal I-Tech Jobs Zone - 'news_id' Parameter SQL Injection Vastal I-Tech MMORPG Zone - 'game_id' Parameter SQL Injection Vastal I-Tech Mag Zone - 'cat_id' Parameter SQL Injection Vastal I-Tech Freelance Zone - 'coder_id' Parameter SQL Injection Vastal I-Tech Cosmetics Zone - 'cat_id' Parameter SQL Injection EsFaq 2.0 - 'idcat' Parameter SQL Injection Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' Parameter SQL Injection Vastal I-Tech Dating Zone - 'fage' Parameter SQL Injection Masir Camp E-Shop Module 3.0 - (ordercode) SQL Injection Alstrasoft Forum - (cat) SQL Injection Masir Camp E-Shop Module 3.0 - 'ordercode' Parameter SQL Injection Alstrasoft Forum - 'cat' Parameter SQL Injection Alstrasoft Forum - 'catid' SQL Injection Alstrasoft Forum - 'catid' Parameter SQL Injection Creator CMS 5.0 - (sideid) SQL Injection Creator CMS 5.0 - 'sideid' Parameter SQL Injection CMS Buzz - 'id' SQL Injection CMS Buzz - 'id' Parameter SQL Injection phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection PhpWebGallery 1.3.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities Autodealers CMS AutOnline - (pageid) SQL Injection Sports Clubs Web Panel 0.0.1 - (p) Local File Inclusion PHPVID 1.1 - Cross-Site Scripting / SQL Injection Zanfi CMS lite / Jaw Portal free - 'page' Parameter SQL Injection PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion Autodealers CMS AutOnline - 'pageid' Parameter SQL Injection Sports Clubs Web Panel 0.0.1 - 'p' Parameter Local File Inclusion Autodealers CMS AutOnline - 'id' SQL Injection Sports Clubs Web Panel 0.0.1 - 'id' SQL Injection PhpWebGallery 1.3.4 - (cat) Blind SQL Injection Autodealers CMS AutOnline - 'id' Parameter SQL Injection Sports Clubs Web Panel 0.0.1 - 'id' Parameter SQL Injection PhpWebGallery 1.3.4 - Blind SQL Injection phpsmartcom 0.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities phpsmartcom 0.2 - Local File Inclusion / SQL Injection AvailScript Article Script - 'view.php v' SQL Injection AvailScript Article Script - 'view.php' SQL Injection Fastpublish CMS 1.9999 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection mini-pub 0.3 - (File Disclosure/Code Execution) Multiple Vulnerabilities mini-pub 0.3 - File Disclosure / Code Execution websvn 2.0 - (Cross-Site Scripting / File Handling/Code Execution) Multiple Vulnerabilities websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution phpdaily - (SQL Injection / Cross-Site Scripting / lfd) Multiple Vulnerabilities phpdaily - SQL Injection / Cross-Site Scripting / Local File Download questcms - (Cross-Site Scripting / Directory Traversal / SQL Injection) Multiple Vulnerabilities questcms - Cross-Site Scripting / Directory Traversal / SQL Injection MatPo Link 1.2b - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities MatPo Link 1.2b - Blind SQL Injection / Cross-Site Scripting WEBBDOMAIN WebShop 1.02 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities WEBBDOMAIN WebShop 1.02 - SQL Injection / Cross-Site Scripting Prozilla Software Directory - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Prozilla Software Directory - Cross-Site Scripting / SQL Injection TurnkeyForms Local Classifieds - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities TurnkeyForms Local Classifieds - Cross-Site Scripting / SQL Injection zeeproperty 1.0 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities zeeproperty 1.0 - Arbitrary File Upload / Cross-Site Scripting Openfire Server 3.6.0a - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Collabtive 0.4.8 - (Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload) Multiple Vulnerabilities Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting Collabtive 0.4.8 - Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload MODx CMS 0.9.6.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting ftpzik - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities bandwebsite 1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ftpzik - Cross-Site Scripting / Local File Inclusion bandwebsite 1.5 - SQL Injection / Cross-Site Scripting nitrotech 0.0.3a - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities nitrotech 0.0.3a - Remote File Inclusion / SQL Injection chipmunk topsites - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities Clean CMS 1.5 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities chipmunk topsites - Authentication Bypass / Cross-Site Scripting Clean CMS 1.5 - Blind SQL Injection / Cross-Site Scripting Ocean12 Contact Manager Pro - (SQL Injection / Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure comersus asp shopping cart - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting minimal ablog 0.4 - (SQL Injection / Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass wbstreet 1.0 - (SQL Injection / File Disclosure) Multiple Vulnerabilities wbstreet 1.0 - SQL Injection / File Disclosure template creature - (SQL Injection / File Disclosure) Multiple Vulnerabilities template creature - SQL Injection / File Disclosure merlix educate servert - (Authentication Bypass/File Disclosure) Multiple Vulnerabilities merlix educate servert - Authentication Bypass / File Disclosure nightfall personal diary 1.0 - (Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities ASP AutoDealer - SQL Injection / File Disclosure aspmanage banners - (Arbitrary File Upload / File Disclosure) Multiple Vulnerabilities aspmanage banners - Arbitrary File Upload / File Disclosure asp talk - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities asp talk - SQL Injection / Cross-Site Scripting webcaf 1.4 - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities webcaf 1.4 - Local File Inclusion / Remote Code Execution PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion postecards - (SQL Injection / File Disclosure) Multiple Vulnerabilities postecards - SQL Injection / File Disclosure PHP Multiple Newsletters 2.7 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting living Local 1.1 - (Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities Pro Chat Rooms 3.0.2 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery cf shopkart 5.2.2 - (SQL Injection / File Disclosure) Multiple Vulnerabilities cf shopkart 5.2.2 - SQL Injection / File Disclosure the net guys aspired2blog - (SQL Injection / File Disclosure) Multiple Vulnerabilities the net guys aspired2blog - SQL Injection / File Disclosure Joomla! Component live chat - (SQL Injection / Open Proxy) Multiple Vulnerabilities Joomla! Component live chat - SQL Injection / Open Proxy Simple Text-File Login script (SiTeFiLo) 1.0.6 - (File Disclosure / Remote File Inclusion) Multiple Vulnerabilities Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion autositephp 2.0.3 - (Local File Inclusion / Cross-Site Request Forgery / Edit File) Multiple Vulnerabilities autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File PHP weather 2.2.2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting isweb CMS 3.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities isweb CMS 3.0 - SQL Injection / Cross-Site Scripting clickandemail - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities clickandemail - SQL Injection / Cross-Site Scripting Zelta E Store - (Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection) Multiple Vulnerabilities Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection chicomas 2.0.4 - (Database Backup/File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting phpg 1.6 - (Cross-Site Scripting / Full Path Disclosure/Denial of Service) Multiple Vulnerabilities phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service doop CMS 1.4.0b - (Cross-Site Request Forgery / Arbitrary File Upload) Multiple Vulnerabilities doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload phpskelsite 1.4 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting ezpack 4.2b2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities ezpack 4.2b2 - Cross-Site Scripting / SQL Injection Netvolution CMS 1.0 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Netvolution CMS 1.0 - Cross-Site Scripting / SQL Injection rankem - (File Disclosure / Cross-Site Scripting / cm) Multiple Vulnerabilities blogit! - (SQL Injection / File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities rankem - File Disclosure / Cross-Site Scripting / Cookie blogit! - SQL Injection / File Disclosure / Cross-Site Scripting gamescript 4.6 - (Cross-Site Scripting / SQL Injection / Local File Inclusion) Multiple Vulnerabilities gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion revou twitter clone - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities revou twitter clone - Cross-Site Scripting / SQL Injection bpautosales 1.0.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection sma-db 0.3.12 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting Android 'content://' URI - Multiple Information Disclosure Vulnerabilities Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities Power System Of Article Management 3.0 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities team 1.x - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting team 1.x - File Disclosure / Cross-Site Scripting gr blog 1.1.4 - (Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass Kipper 2.01 - (Cross-Site Scripting / Local File Inclusion / File Disclosure) Multiple Vulnerabilities Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure SilverNews 2.04 - (Authentication Bypass / Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution AdaptCMS Lite 1.4 - (Cross-Site Scripting / Remote File Inclusion) Multiple Vulnerabilities SnippetMaster Webpage Editor 2.2.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting dacio's CMS 1.08 - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure ideacart 0.02 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities ideacart 0.02 - Local File Inclusion / SQL Injection CmsFaethon 2.2.0 - (info.php item) SQL Command Injection CmsFaethon 2.2.0 - info.php item SQL Command Injection powermovielist 0.14b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities powermovielist 0.14b - SQL Injection / Cross-Site Scripting Graugon Forum 1 - 'id' SQL Command Injection Graugon Forum 1 - 'id' Command Injection (via SQL Injection) irokez blog 0.7.3.2 - (Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection) Multiple Vulnerabilities irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection ritsblog 0.4.2 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting blindblog 1.3.1 - (SQL Injection / Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities tghostscripter Amazon Shop - (Cross-Site Scripting / Directory Traversal / Remote File Inclusion) Multiple Vulnerabilities blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion Wili-CMS 0.4.0 - (Remote File Inclusion / Local File Inclusion / Authentication Bypass) Multiple Vulnerabilities Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass PHP Director 0.21 - (sql into outfile) eval() Injection PHP Director 0.21 - (SQL into outfile) eval() Injection phpCommunity 2.1.8 - (SQL Injection / Directory Traversal / Cross-Site Scripting) Multiple Vulnerabilities phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting phpmysport 1.4 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities phpmysport 1.4 - Cross-Site Scripting / SQL Injection Kim Websites 1.0 - (Authentication Bypass) SQL Injection Kim Websites 1.0 - Authentication Bypass Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Bloginator 1a - Cookie Bypass / SQL Injection Pixie CMS - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Pixie CMS - Cross-Site Scripting / SQL Injection Codice CMS 2 - SQL Command Execution Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection Codice CMS 2 - Command Execution (via SQL Injection) Syzygy CMS 0.3 - Local File Inclusion / SQL Injection acute control panel 1.0.0 - (SQL Injection / Remote File Inclusion) Multiple Vulnerabilities acute control panel 1.0.0 - SQL Injection / Remote File Inclusion Diskos CMS Manager - (SQL Injection / File Disclosure/Authentication Bypass) Multiple Vulnerabilities Diskos CMS Manager - SQL Injection / File Disclosure / Authentication Bypass ablespace 1.0 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities PHP-revista 1.1.2 - (Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection PHP-revista 1.1.2 - Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting flatnux 2009-03-27 - (Arbitrary File Upload / Information Disclosure) Multiple Vulnerabilities flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure fungamez rc1 - (Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities fungamez rc1 - Authentication Bypass / Local File Inclusion pastelcms 0.8.0 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities pastelcms 0.8.0 - Local File Inclusion / SQL Injection mixedcms 1.0b - (Local File Inclusion / Arbitrary File Upload / Authentication Bypass/File Disclosure) Multiple Vulnerabilities mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosure fowlcms 1.1 - (Authentication Bypass / Local File Inclusion / Arbitrary File Upload) Multiple Vulnerabilities fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload photo-rigma.biz 30 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting Dew-NewPHPLinks 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting Leap CMS 0.1.4 - (SQL Injection / Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting PHP recommend 1.3 - (Authentication Bypass / Remote File Inclusion / Code Inject) Multiple Vulnerabilities PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject my-colex 1.4.2 - (Authentication Bypass / Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities my-gesuad 0.9.14 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting vidshare pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities vidshare pro - SQL Injection / Cross-Site Scripting asp inline Corporate Calendar - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting minitwitter 0.3-beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities minitwitter 0.3-beta - SQL Injection / Cross-Site Scripting small pirate 2.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities amember 3.1.7 - (Cross-Site Scripting / SQL Injection / HTML Injection) Multiple Vulnerabilities small pirate 2.1 - Cross-Site Scripting / SQL Injection amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection elitecms 1.01 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities elitecms 1.01 - SQL Injection / Cross-Site Scripting flashlight free edition - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities flashlight free edition - Local File Inclusion / SQL Injection propertymax pro free - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities propertymax pro free - SQL Injection / Cross-Site Scripting virtue news - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities virtue news - SQL Injection / Cross-Site Scripting mrcgiguy freeticket - (Cookie Handling / SQL Injection) Multiple Vulnerabilities mrcgiguy freeticket - Cookie Handling / SQL Injection yogurt 0.3 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities yogurt 0.3 - Cross-Site Scripting / SQL Injection campus virtual-lms - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities campus virtual-lms - Cross-Site Scripting / SQL Injection translucid 1.75 - Multiple Vulnerabilities TransLucid 1.75 - Multiple Vulnerabilities impleo music Collection 2.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities impleo music Collection 2.0 - SQL Injection / Cross-Site Scripting adaptweb 0.9.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities adaptweb 0.9.2 - Local File Inclusion / SQL Injection CMS buzz - (Cross-Site Scripting / Password Change/HTML Injection) Multiple Vulnerabilities CMS buzz - Cross-Site Scripting / Password Change / HTML Injection elgg - (Cross-Site Scripting / Cross-Site Request Forgery/Change Password) Multiple Vulnerabilities elgg - Cross-Site Scripting / Cross-Site Request Forgery / Change Password phpCollegeExchange 0.1.5c - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting Tribiq CMS 5.0.12c - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities Tribiq CMS 5.0.12c - Cross-Site Scripting / Local File Inclusion Virtue Online Test Generator - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Virtue Online Test Generator - Authentication Bypass / SQL Injection / Cross-Site Scripting webasyst shop-script - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities webasyst shop-script - Blind SQL Injection / Cross-Site Scripting ebay clone 2009 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities ebay clone 2009 - Cross-Site Scripting / Blind SQL Injection censura 1.16.04 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities censura 1.16.04 - Blind SQL Injection / Cross-Site Scripting good/bad vote - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities good/bad vote - Cross-Site Scripting / Local File Inclusion mcshoutbox 1.1 - (SQL Injection / Cross-Site Scripting / shell) Multiple Vulnerabilities mcshoutbox 1.1 - SQL Injection / Cross-Site Scripting / shell Million-Dollar Pixel Ads Platinum - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting almond Classifieds ads - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities skadate dating - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities garagesalesjunkie - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities almond Classifieds ads - Blind SQL Injection / Cross-Site Scripting skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting garagesalesjunkie - SQL Injection / Cross-Site Scripting iwiccle 1.01 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities iwiccle 1.01 - Local File Inclusion / SQL Injection Orbis CMS 1.0 - (File Delete/Download File / Arbitrary File Upload / SQL Injection) Multiple Vulnerabilities Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection cmsphp 0.21 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities d.net CMS - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities cmsphp 0.21 - Local File Inclusion / Cross-Site Scripting d.net CMS - Local File Inclusion / SQL Injection mobilelib gold 3.0 - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities mobilelib gold 3.0 - Authentication Bypass / SQL Injection elvin bts 1.2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting shopmaker CMS 2.0 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion mybackup 1.4.0 - (File Download / Remote File Inclusion) Multiple Vulnerabilities tenrok 1.1.0 - (File Disclosure / Remote Code Execution) Multiple Vulnerabilities mybackup 1.4.0 - File Download / Remote File Inclusion tenrok 1.1.0 - File Disclosure / Remote Code Execution AccessoriesMe PHP Affiliate Script 1.4 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities opennews 1.0 - (SQL Injection / Remote Code Execution) Multiple Vulnerabilities AccessoriesMe PHP Affiliate Script 1.4 - Blind SQL Injection / Cross-Site Scripting opennews 1.0 - SQL Injection / Remote Code Execution PHP Script Forum Hoster - (Topic Delete / Cross-Site Scripting) Multiple Vulnerabilities PHP Script Forum Hoster - Topic Delete / Cross-Site Scripting LM Starmail 2.0 - (SQL Injection / File Inclusion) Multiple Vulnerabilities LM Starmail 2.0 - SQL Injection / File Inclusion logoshows bbs 2.0 - (File Disclosure / Insecure Cookie Handling) Multiple Vulnerabilities logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling tgs CMS 0.x - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities tgs CMS 0.x - Cross-Site Scripting / SQL Injection / File Disclosure Vtiger CRM 5.0.4 - (Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting totalcalendar 2.4 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities totalcalendar 2.4 - Blind SQL Injection / Local File Inclusion nullam blog 0.1.2 - (Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities nullam blog 0.1.2 - Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting gyro 5.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities gyro 5.0 - SQL Injection / Cross-Site Scripting Joomla! Component Hotel Booking System - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection Micro CMS 3.5 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Micro CMS 3.5 - SQL Injection / Local File Inclusion Ez Blog 1.0 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery Recipe Script 5.0 - (Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting eUploader PRO 3.1.1 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting Pre Job Board 1.0 - SQL Bypass Pre Job Board 1.0 - SQL Authentication Bypass Pre Jobo .NET - SQL Bypass Pre Jobo .NET - SQL Authentication Bypass PHPDirector Game Edition 0.1 - (Local File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting gridcc script 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities gridcc script 1.0 - SQL Injection / Cross-Site Scripting Layout CMS 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Layout CMS 1.0 - SQL Injection / Cross-Site Scripting KosmosBlog 0.9.3 - (SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities KosmosBlog 0.9.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery ZeusCMS 0.2 - (Database Backup Dump / Local File Inclusion) Multiple Vulnerabilities ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion Katalog Stron Hurricane 1.3.5 - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Remote File Inclusion / SQL Injection Open Source Classifieds 1.1.0 - Alpha (OSClassi) Multiple Vulnerabilities Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection / Cross-Site Scripting / Arbitrary Admin Change phpMySite - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities phpMySite - Cross-Site Scripting / SQL Injection quality point 1.0 newsfeed - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities quality point 1.0 newsfeed - SQL Injection / Cross-Site Scripting DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities DynPG CMS 4.1.0 - popup.php / counter.php Multiple Vulnerabilities jevoncms - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities jevoncms - Local File Inclusion / Remote File Inclusion SIESTTA 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - 'popup_slideshow.php' Multiple Vulnerabilities parlic Design - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities parlic Design - SQL Injection / Cross-Site Scripting / HTML Injection MileHigh Creative - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities MileHigh Creative - SQL Injection / Cross-Site Scripting / HTML Injection QuickTalk 1.2 - (Source Code Disclosure) Multiple Vulnerabilities QuickTalk 1.2 - Source Code Disclosure K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities K-Search - SQL Injection / Cross-Site Scripting Macs CMS 1.1.4 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities Macs CMS 1.1.4 - Cross-Site Scripting / Cross-Site Request Forgery Guestbook Script PHP - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities Guestbook Script PHP - Cross-Site Scripting / HTML Injection Max's Guestbook - (HTML Injection / Cross-Site Scripting) Multiple Vulnerabilities Max's Guestbook - HTML Injection / Cross-Site Scripting Allpc 2.5 osCommerce - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting TradeMC E-Ticaret - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting Cag CMS 0.2 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities Cag CMS 0.2 - Cross-Site Scripting / Blind SQL Injection Tastydir 1.2 - (1216) Multiple Vulnerabilities Tastydir 1.2 (1216) - Multiple Vulnerabilities WordPress - 'do_trackbacks()' function SQL Injection WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection F3Site 2011 alfa 1 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery PHP Coupon Script 6.0 - (bus) Blind SQL Injection PHP Coupon Script 6.0 - 'bus' Parameter Blind SQL Injection GAzie 5.10 - (Login Parameter) Multiple Vulnerabilities GAzie 5.10 - Login Parameter Multiple Vulnerabilities BST - BestShopPro (nowosci.php) Multiple Vulnerabilities BST (BestShopPro) - 'nowosci.php' Multiple Vulnerabilities Fork CMS 3.2.4 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting DFLabs PTK 1.0.5 - (Steal Authentication Credentials) Multiple Vulnerabilities DFLabs PTK 1.0.5 - Steal Authentication Credentials Wolfcms 0.75 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting Axous 1.1.1 - (Cross-Site Request Forgery / Persistent Cross-Site Scripting) Multiple Vulnerabilities Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting myPHPNuke 1.8.8 - links.php Cross-Site Scripting myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting Flying Dog Software Powerslave 4.3 Portalmanager - sql_id Information Disclosure Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information Disclosure PHPWebGallery 1.3.4/1.5.1 - comments.php Multiple Parameter SQL Injection PHPWebGallery 1.3.4/1.5.1 - category.php search Parameter SQL Injection PHPWebGallery 1.3.4/1.5.1 - picture.php image_id Parameter SQL Injection PHPWebGallery 1.3.4/1.5.1 - 'comments.php' SQL Injection PHPWebGallery 1.3.4/1.5.1 - 'category.php' SQL Injection PHPWebGallery 1.3.4/1.5.1 - 'picture.php' SQL Injection myPHPNuke 1.8.8 - reviews.php letter Parameter Cross-Site Scripting myPHPNuke 1.8.8 - download.php dcategory Parameter Cross-Site Scripting myPHPNuke 1.8.8 - 'reviews.php' Cross-Site Scripting myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting phpVID 1.2.3 - Multiple Vulnerabilities PHPVID 1.2.3 - Multiple Vulnerabilities PHPWebGallery 1.4.1 - category.php Multiple Parameter Cross-Site Scripting PHPWebGallery 1.4.1 - picture.php Multiple Parameter Cross-Site Scripting PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting phpMyAdmin 2.7 - sql.php Cross-Site Scripting phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting ADOdb 4.6/4.7 - Tmssql.php Cross-Site Scripting ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting PHPWebGallery 1.x - comments.php Cross-Site Scripting PHPWebGallery 1.x - 'comments.php' Cross-Site Scripting MySQLDumper 1.21 - sql.php Cross-Site Scripting MySQLDumper 1.21 - 'sql.php' Cross-Site Scripting KikChat - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities KikChat - Local File Inclusion / Remote Code Execution EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities EasyE-Cards 3.10 - SQL Injection / Cross-Site Scripting LuxCal 3.2.2 - (Cross-Site Request Forgery/Blind SQL Injection) Multiple Vulnerabilities LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter SQL Injection Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter Cross-Site Scripting Vastal I-Tech DVD Zone - 'view_mag.php' SQL Injection Vastal I-Tech DVD Zone - 'view_mag.php' Cross-Site Scripting Interspire Email Marketer - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (Execute SQL Query) miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution) ntop-ng 2.5.160805 - Username Enumeration ntop-ng 2.5.160805 - Username Enumeration	2016-12-22 05:01:16 +00:00
Offensive Security	be57520c6f	DB: 2016-12-21 2 new exploits FlashGet 1.9 - (FTP PWD Response) Remote Buffer Overflow (PoC) FlashGet 1.9 - 'FTP PWD Response' Remote Buffer Overflow (PoC) VMware Workstation - 'hcmon.sys 6.0.0.45731' Local Denial of Service VMware Workstation 6.5.1 - 'hcmon.sys 6.0.0.45731' Local Denial of Service Flashget 3.x - IEHelper Remote Exec (PoC) FlashGet 3.x - IEHelper Remote Exec (PoC) Rosoft media player 4.4.4 - Buffer Overflow (SEH) (PoC) Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (PoC) Google Android - WifiNative::setHotlist Stack Overflow Microsoft Internet Explorer 11 MSHTML - CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035) FlashGet 1.9.0.1012 - (FTP PWD Response) SEH STACK Overflow FlashGet 1.9.0.1012 - (FTP PWD Response) Buffer Overflow (SafeSEH) FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow FlashGet 1.9.0.1012 - 'FTP PWD Response' Buffer Overflow (SafeSEH) freeFTPd - Remote Authentication Bypass freeFTPd 1.2.6 - Remote Authentication Bypass freeFTPd 1.0.10 - 'PASS' SEH Overflow (Metasploit) freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow (Metasploit) freeFTPd - 'PASS' Buffer Overflow (Metasploit) freeFTPd 1.0.10 - 'PASS' Buffer Overflow (Metasploit) AlberT-EasySite 1.0a5 - (PSA_PATH) Remote File Inclusion iziContents RC6 - GLOBALS[] Remote Code Execution AlberT-EasySite 1.0a5 - 'PSA_PATH' Parameter Remote File Inclusion iziContents RC6 - Remote Code Execution SunShop Shopping Cart 3.5 - 'abs_path' Remote File Inclusion SunShop Shopping Cart 3.5 - 'abs_path' Parameter Remote File Inclusion SunShop 4.0 RC 6 - 'Search' Blind SQL Injection SunShop Shopping Cart 4.0 RC 6 - 'Search' Blind SQL Injection izicontents rc6 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities iziContents rc6 - Remote File Inclusion / Local File Inclusion gelato CMS 0.95 - (img) Remote File Disclosure dotCMS 1.6 - 'id' Multiple Local File Inclusion ZeeJobsite 2.0 - (adid) SQL Injection gelato CMS 0.95 - 'img' Parameter Remote File Disclosure dotCMS 1.6 - 'id' Parameter Local File Inclusion Zeeways ZeeJobsite 2.0 - 'adid' Parameter SQL Injection XNova 0.8 sp1 - (xnova_root_path) Remote File Inclusion XNova 0.8 sp1 - 'xnova_root_path' Parameter Remote File Inclusion PHPBasket - 'product.php pro_id' SQL Injection PHPBasket - 'pro_id' Parameter SQL Injection Ad Board - 'id' SQL Injection SunShop 4.1.4 - 'id' SQL Injection Banner Management Script - 'tr.php id' SQL Injection Ad Board - 'id' Parameter SQL Injection SunShop Shopping Cart 4.1.4 - 'id' Parameter SQL Injection Banner Management Script - 'id' Parameter SQL Injection phpBazar 2.0.2 - (adid) SQL Injection webEdition CMS - (we_objectID) Blind SQL Injection CustomCMS 4.0 - (CCMS) print.php SQL Injection phpBazar 2.0.2 - 'adid' Parameter SQL Injection webEdition CMS - 'we_objectID' Parameter Blind SQL Injection CustomCMS 4.0 - 'print.php' SQL Injection TinyCMS 1.1.2 - (templater.php) Local File Inclusion TinyCMS 1.1.2 - 'templater.php' Local File Inclusion onenews Beta 2 - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities 5 star review - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection 5 star review - Cross-Site Scripting / SQL Injection Web Directory Script 2.0 - (name) SQL Injection Web Directory Script 2.0 - 'name' Parameter SQL Injection Crafty Syntax Live Help 2.14.6 - (department) SQL Injection Crafty Syntax Live Help 2.14.6 - 'department' Parameter SQL Injection k-rate - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities CMME 1.12 - (Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory) Multiple Vulnerabilities Thickbox Gallery 2.0 - (Admins.php) Admin Data Disclosure k-rate - SQL Injection / Cross-Site Scripting CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory Thickbox Gallery 2.0 - 'Admins.php' Admin Data Disclosure phpMyRealty 1.0.9 - Multiple SQL Injections PHPMyRealty 1.0.9 - Multiple SQL Injections brim 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Web Directory Script 1.5.3 - (site) SQL Injection Words tag script 1.2 - (word) SQL Injection Brim 2.0.0 - SQL Injection / Cross-Site Scripting Web Directory Script 1.5.3 - 'site' Parameter SQL Injection Words tag script 1.2 - 'word' Parameter SQL Injection WeBid 0.5.4 - (item.php id) SQL Injection WeBid 0.5.4 - 'item.php' SQL Injection ZeeJobsite 2.0 - Arbitrary File Upload Zeeways ZeeJobsite 2.0 - Arbitrary File Upload BandSite CMS 1.1.4 - (members.php memid) SQL Injection BandSite CMS 1.1.4 - 'members.php' SQL Injection Thickbox Gallery 2 - 'index.php ln' Local File Inclusion Thickbox Gallery 2 - 'index.php' Local File Inclusion Joomla! Component 'com_wmtpic' 1.0 - SQL Injection Joomla! Component com_wmtpic 1.0 - SQL Injection Joomla! Component 'com_redshop' 1.0 - Local File Inclusion Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion Joomla! Component redSHOP 1.0 - Local File Inclusion Joomla! Component redTWITTER 1.0 - Local File Inclusion Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion Joomla! Component 'com_shoutbox' - Local File Inclusion Joomla! Component SVMap 1.1.1 - Local File Inclusion Joomla! Component Shoutbox Pro - Local File Inclusion Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection Joomla! Component XOBBIX 1.0 - 'prodid' Parameter SQL Injection Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion Joomla! Component VJDEO 1.0 - Local File Inclusion Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection Joomla! Component Real Estate Property 3.1.22-03 - 'aid' Parameter SQL Injection Joomla! Component 'com_tweetla' - Local File Inclusion Joomla! Component TweetLA 1.0.1 - Local File Inclusion Joomla! Component 'com_preventive' - Local File Inclusion Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion Joomla! Component RokModule 1.1 - 'moduleid' Parameter Blind SQL Injection Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion Joomla! Component 'com_webtv' - Local File Inclusion Joomla! Component Web TV 1.0 - Local File Inclusion Joomla! Component 'com_onlineexam' - Local File Inclusion Joomla! Component Online Exam 1.5.0 - Local File Inclusion Joomla! Component 'com_sweetykeeper' - Local File Inclusion Joomla! Component Sweetykeeper 1.5 - Local File Inclusion Joomla! Component 'com_sermonspeaker' - SQL Injection Joomla! Component SermonSpeaker - SQL Injection Joomla! Component 'com_QPersonel' - SQL Injection Joomla! Component QPersonel 1.0.2 - SQL Injection Joomla! Component 'com_photobattle' - Local File Inclusion Joomla! Component Photo Battle 1.0.1 - Local File Inclusion Joomla! Component 'com_zimbcomment' - Local File Inclusion Joomla! Component 'com_zimbcore' - Local File Inclusion Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion Joomla! Component ZiMBCore 0.1 - Local File Inclusion Joomla! Component 'com_wmi' - Local File Inclusion Joomla! Component 'com_orgchart' - Local File Inclusion Joomla! Component WMI 1.5.0 - Local File Inclusion Joomla! Component OrgChart 1.0.0 - Local File Inclusion Joomla! Component 'com_ultimateportfolio' - Local File Inclusion Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion Joomla! Component 'com_smartsite' - Local File Inclusion Joomla! Component SmartSite 1.0.0 - Local File Inclusion Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion Joomla! Component simpledownload 0.9.5 - Local File Inclusion Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure Joomla! Component simpledownload 0.9.5 - Local File Disclosure Wordpress Plugin TinyBrowser - Arbitrary File Upload WordPress Plugin TinyBrowser - Arbitrary File Upload Joomla! Component 'com_qpersonel' 1.0 - SQL Injection Joomla! Component Q-Personel 1.0 - SQL Injection Joomla! Component 'com_searchlog' - SQL Injection Joomla! Component Search Log 3.1.0 - SQL Injection Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities Joomla! Component Ozio Gallery 2 - Multiple Vulnerabilities Joomla! Component 'com_picasa2gallery' - Local File Inclusion Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion Joomla! Component 'jeeventcalendar' - SQL Injection Joomla! Component JE Ajax Event Calendar 1.0.5 - SQL Injection Joomla! Component 'com_realtyna' - Local File Inclusion Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion Joomla! Component 'jesubmit' - SQL Injection Joomla! Component 'com_sef' - Remote File Inclusion Joomla! Component jesubmit 1.4 - SQL Injection Joomla! Component com_sef - Remote File Inclusion Joomla! Component 'jesectionfinder' - Local File Inclusion Joomla! Component jesectionfinder - Local File Inclusion Joomla! Component 'Joomanager' - SQL Injection Joomla! Component Joomanager - SQL Injection Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting Joomla! Component Techjoomla SocialAds - Persistent Cross-Site Scripting Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection Joomla! Component 'com_quickfaq' - Blind SQL Injection Joomla! Component redSHOP 1.0 - 'pid' Parameter SQL Injection Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection Joomla! Component redSHOP 1.0.23.1 - Blind SQL Injection Joomla! Component 'com_staticxt' - SQL Injection Joomla! Component StaticXT - SQL Injection Joomla! Component 'com_oziogallery' - SQL Injection Joomla! Component Ozio Gallery - SQL Injection Joomla! Component 'com_youtube' - SQL Injection Joomla! Component YouTube 1.5 - SQL Injection Joomla! Component 'com_ttvideo' 1.0 - SQL Injection Joomla! Component TTVideo 1.0 - SQL Injection Joomla! Component 'com_teams' - Multiple Blind SQL Injection Joomla! Component Teams - Multiple Blind SQL Injection Joomla! Component 'com_picsell' - Local File Disclosure Joomla! Component PicSell 1.0 - Local File Disclosure Joomla! Component 'com_restaurantguide' - Multiple Vulnerabilities Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities Joomla! Component 'com_timetrack' 1.2.4 - Multiple SQL Injection Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection Joomla! Component 'com_sponsorwall' - SQL Injection Joomla! Component Sponsor Wall 1.1 - SQL Injection Joomla! Component 'com_pro_desk' 1.5 - Local File Inclusion Joomla! Component ProDesk 1.5 - Local File Inclusion Joomla! Component 'mdigg' - SQL Injection Joomla! Component mDigg 2.2.8 - SQL Injection phpMyRealty 1.0.7 - SQL Injection PHPMyRealty 1.0.7 - SQL Injection Joomla! Component 'com_timereturns' 2.0 - SQL Injection Joomla! Component Time Returns 2.0 - SQL Injection Joomla! Component 'com_techfolio' 1.0 - SQL Injection Joomla! Component Techfolio 1.0 - SQL Injection Joomla! Component 'com_vikrealestate' 1.0 - Multiple Vulnerabilities Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities BRIM < 2.0.0 - SQL Injection Brim < 2.0.0 - SQL Injection Joomla! Component 'com_rokmodule' - 'module' Parameter Blind SQL Injection Joomla! Component RokModule 1.1 - 'module' Parameter Blind SQL Injection Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting webid 1.0.5 - Directory Traversal weBid 1.0.5 - Directory Traversal Wordpress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload Webid 1.0.6 - Multiple Vulnerabilities WeBid 1.0.6 - Multiple Vulnerabilities MyBulletinBoard RC4 - 'Username' Parameter SQL Injection MyBulletinBoard RC4 - 'member.php' Multiple Parameter SQL Injection MyBulletinBoard RC4 - 'polloptions' Parameter SQL Injection MyBulletinBoard RC4 - 'action' Parameter SQL Injection MyBulletinBoard (MyBB) RC4 - 'Username' Parameter SQL Injection MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple Parameter SQL Injection MyBulletinBoard (MyBB) RC4 - 'polloptions' Parameter SQL Injection MyBulletinBoard (MyBB) RC4 - 'action' Parameter SQL Injection MyBulletinBoard 1.0 - Multiple SQL Injections MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections MyBulletinBoard 1.0 - 'RateThread.php' SQL Injection MyBulletinBoard (MyBB) 1.0 - 'RateThread.php' SQL Injection MyBulletinBoard 1.0 - 'usercp.php' SQL Injection MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection Joomla! Component 'com_redshop' 1.2 - SQL Injection Joomla! Component redSHOP 1.2 - SQL Injection MyBulletinBoard 1.0.x/1.1.x - 'usercp.php' SQL Injection MyBulletinBoard (MyBB) 1.0.x/1.1.x - 'usercp.php' SQL Injection MyBulletinBoard 1.x - 'usercp.php' Directory Traversal MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal Grayscale BandSite CMS 1.1 - help_news.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - help_merch.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - help_mp3.php max_file_size_purdy Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - sendemail.php message_text Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - header.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - login_header.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - bio_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - gbook_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - interview_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - links_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - lyrics_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - member_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - merch_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - mp3_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - news_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - pastshows_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - photo_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - releases_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - reviews_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - shows_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - signgbook_content.php the_band Parameter Cross-Site Scripting Grayscale BandSite CMS 1.1 - footer.php this_year Parameter Cross-Site Scripting BandSite CMS 1.1 - 'help_news.php' Cross-Site Scripting BandSite CMS 1.1 - 'help_merch.php' Cross-Site Scripting BandSite CMS 1.1 - 'help_mp3.php' Cross-Site Scripting BandSite CMS 1.1 - 'sendemail.php' Cross-Site Scripting BandSite CMS 1.1 - 'header.php' Cross-Site Scripting BandSite CMS 1.1 - 'login_header.php' Cross-Site Scripting BandSite CMS 1.1 - 'bio_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'gbook_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'interview_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'links_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'lyrics_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'member_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'merch_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'mp3_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'news_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'pastshows_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'photo_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'releases_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'reviews_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'shows_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'signgbook_content.php' Cross-Site Scripting BandSite CMS 1.1 - 'footer.php' Cross-Site Scripting Wordpress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting Active PHP BookMarks 1.1.2 - APB_SETTINGS['apb_path' ] Multiple Remote File Inclusion Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusion Wordpress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting WordPress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting TurnkeyWebTools Sunshop 3.5/4.0 - Multiple Remote File Inclusion SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusion Active PHP BookMarks 1.0 - APB.php Remote File Inclusion Active PHP BookMarks 1.0 - 'APB.php' Remote File Inclusion TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting Wordpress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery DMCMS 0.7 - 'index.php' SQL Injection deeemm CMS (dmcms) 0.7 - 'index.php' SQL Injection EasySite 2.0 - browser.php EASYSITE_BASE Parameter Remote File Inclusion EasySite 2.0 - image_editor.php EASYSITE_BASE Parameter Remote File Inclusion EasySite 2.0 - skin_chooser.php EASYSITE_BASE Parameter Remote File Inclusion EasySite 2.0 - 'browser.php' Remote File Inclusion EasySite 2.0 - 'image_editor.php' Remote File Inclusion EasySite 2.0 - 'skin_chooser.php' Remote File Inclusion MatterDaddy Market 1.1 - 'admin/login.php' Cross-Site Scripting MatterDaddy Market 1.1 - 'login.php' Cross-Site Scripting Wordpress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component Percha Image Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component Percha Fields Attach 1.0 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component Percha Downloads Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Parameter Arbitrary File Access Joomla! Component 'com_youtubegallery' - SQL Injection Joomla! Component Youtube Gallery 4.1.7 - SQL Injection Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection Wordpress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_weblinks' - 'Itemid' Parameter SQL Injection Joomla! Component Weblinks - 'Itemid' Parameter SQL Injection Wordpress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload Wordpress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting Wordpress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal Wordpress Plugin DukaPress 2.5.2 - Directory Traversal WordPress Plugin DukaPress 2.5.2 - Directory Traversal Wordpress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection Wordpress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting Wordpress Plugin Duplicator 0.5.8 - Privilege Escalation WordPress Plugin Duplicator 0.5.8 - Privilege Escalation Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection WordPress Plugin Single Personal Message 1.0.3 - SQL Injection Joomla! Component 'com_sanpham' - Multiple SQL Injections Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections Wordpress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload Joomla! Component 'mod_currencyconverter' - 'from' Parameter Cross-Site Scripting Joomla! Component Currency Converter 1.0.0 - 'from' Parameter Cross-Site Scripting Wordpress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting Wordpress Plugin Paypal Currency Converter Basic For WooCommerce - File Read WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read Joomla! Component 'mod_ccnewsletter' 1.0.7 - 'id' Parameter SQL Injection Joomla! Component CCNewsLetter 1.0.7 - 'id' Parameter SQL Injection Wordpress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection Wordpress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting Wordpress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting Wordpress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting WordPress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting Wordpress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Wordpress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting Wordpress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection Joomla! Component Sexy polling 1.0.8 - 'answer_id' Parameter SQL Injection Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload Joomla! Component Projoom NovaSFH 3.0.2 - 'upload.php' Arbitrary File Upload Wordpress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection Wordpress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting Wordpress Plugin Job Script by Scubez - Remote Code Execution WordPress Plugin Job Script by Scubez - Remote Code Execution Wordpress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite Wordpress Plugin Answer My Question 1.3 - SQL Injection Wordpress Plugin Sirv 1.3.1 - SQL Injection Wordpress Plugin BBS e-Franchise 1.1.1 - SQL Injection Wordpress Plugin Product Catalog 8 1.2.0 - SQL Injection WordPress Plugin Answer My Question 1.3 - SQL Injection WordPress Plugin Sirv 1.3.1 - SQL Injection WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection Wordpress Plugin Olimometer 2.56 - SQL Injection WordPress Plugin Olimometer 2.56 - SQL Injection Wordpress Plugin WP Vault 0.8.6.6 - Local File Inclusion WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection	2016-12-21 05:01:18 +00:00
g0tmi1k	1d549a3241	Merge pull request #69 from g0tmi1k/searchsploit Fixes for #64, #66 & #67 (Take 2)	2016-12-20 14:31:55 +00:00
g0tmi1k	688cd13e96	Fix for #67 - Show result when their’s only 1 for nmap’s XML mode	2016-12-20 14:30:14 +00:00
g0tmi1k	c00b72665a	Fix for #66 - Process the last port in nmap’s XML mode	2016-12-20 14:12:29 +00:00
g0tmi1k	2b92095822	Better solution for #64	2016-12-20 11:14:28 +00:00
Offensive Security	62dddb2f49	DB: 2016-12-20 9 new exploits Apache 2.2 - (Windows) Local Denial of Service Apache 2.2 (Windows) - Local Denial of Service Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service Apache 2.4.7 mod_status - Scoreboard Handling Race Condition Apache 2.4.7 (mod_status) - Scoreboard Handling Race Condition Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read Apache 1.3.31 mod_include - Local Buffer Overflow Apache 1.3.31 (mod_include) - Local Buffer Overflow Gopher 3.0.9 - (+VIEWS) Remote Client Side Buffer Overflow Gopher 3.0.9 - (+VIEWS) Remote Client-Side Buffer Overflow Apache 'Mod_Auth_OpenID' - Session Stealing Apache (Mod_Auth_OpenID) - Session Stealing Apache 2.0.4x mod_php Module - File Descriptor Leakage (1) Apache 2.0.4x mod_php Module - File Descriptor Leakage (2) Apache 2.0.4x (mod_php) - File Descriptor Leakage (1) Apache 2.0.4x (mod_php) - File Descriptor Leakage (2) Apache 2.0.4x mod_perl Module - File Descriptor Leakage (3) Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3) Apache 1.3.x mod_include - Local Buffer Overflow Apache 1.3.x (mod_include) - Local Buffer Overflow Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock) Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download Apache 1.3.x mod_mylo - Remote Code Execution Apache 1.3.x (mod_mylo) - Remote Code Execution Apache 1.3.x < 2.0.48 - mod_userdir Remote Users Disclosure Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (2) Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit Apache (Windows x86) - (Windows x86) Chunked Encoding (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache (mod_proxy) - Reverse Proxy Exposure (PoC) Apache 1.3.20 - Win32 PHP.exe Remote File Disclosure Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1) Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit) Joomla! Component Media Manager - Arbitrary File Upload (Metasploit) Apache 2.2.6 - 'mod_negotiation' HTML Injection and HTTP Response Splitting Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting Apache 7.0.x 'mod_proxy'- Reverse Proxy Security Bypass Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass Apache 2.2.15 - 'mod_proxy' Reverse Proxy Security Bypass Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass Apache 'mod_wsgi' Module - Information Disclosure Apache (mod_wsgi) - Information Disclosure Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection Joomla! Component JP Jobs 1.4.1 - SQL Injection Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion Joomla! Component Picasa 2.0 - Local File Inclusion Joomla! Component 'com_jinventory' - Local File Inclusion Joomla! Component JInventory 1.23.02 - Local File Inclusion Joomla! Component 'com_loginbox' - Local File Inclusion Joomla! Component LoginBox - Local File Inclusion Joomla! Component 'com_Joomlaupdater' - Local File Inclusion Joomla! Component Magic Updater - Local File Inclusion Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection Joomla! Component News Portal 1.5.x - Local File Inclusion Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' Parameter SQL Injection Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion Joomla! Component 'com_datafeeds' 880 - Local File Inclusion Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion Joomla! Component Juke Box 1.7 - Local File Inclusion Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Highslide 1.5 - Local File Inclusion Joomla! Component Fabrik 2.0 - Local File Inclusion Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion Joomla! Component 'com_javoice' - Local File Inclusion Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion Joomla! Component JA Voice 2.0 - Local File Inclusion Joomla! Component 'com_jfeedback' - Local File Inclusion Joomla! Component 'com_jprojectmanager' - Local File Inclusion Joomla! Component Jfeedback 1.2 - Local File Inclusion Joomla! Component JProject Manager 1.0 - Local File Inclusion Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 - SQL Injection Joomla! Component 'com_horoscope' - Local File Inclusion Joomla! Component Horoscope 1.5.0 - Local File Inclusion Joomla! Component 'com_market' - Local File Inclusion Joomla! Component Online Market 2.x - Local File Inclusion Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection Joomla! Component JP Jobs 1.2.0 - 'id' Parameter SQL Injection Joomla! Component 'com_mtfireeagle' - Local File Inclusion Joomla! Component 'com_mediamall' - Blind SQL Injection Joomla! Component 'com_lovefactory' - Local File Inclusion Joomla! Component 'com_jacomment' - Local File Inclusion Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection Joomla! Component Love Factory 1.3.4 - Local File Inclusion Joomla! Component JA Comment - Local File Inclusion Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component Intellectual Property 1.5.3 - 'id' Parameter SQL Injection Joomla! Component 'com_joltcard' - SQL Injection Joomla! Component JoltCard 1.2.1 - SQL Injection Joomla! Component 'com_gadgetfactory' - Local File Inclusion Joomla! Component 'com_matamko' - Local File Inclusion Joomla! Component 'com_multiroot' - Local File Inclusion Joomla! Component 'com_multimap' - Local File Inclusion Joomla! Component 'com_drawroot' - Local File Inclusion Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion Joomla! Component Matamko 1.01 - Local File Inclusion Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion Joomla! Component 'com_if_surfalert' - Local File Inclusion Joomla! Component iF surfALERT 1.2 - Local File Inclusion Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection Joomla! Component GBU Facebook 1.0.5 - SQL Injection Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection Joomla! Component Online News Paper Manager 1.0 - 'cid' Parameter SQL Injection Joomla! Component JTM Reseller 1.9 Beta - SQL Injection Joomla! Component 'com_mmsblog' - Local File Inclusion Joomla! Component MMS Blog 2.3.0 - Local File Inclusion Joomla! Component 'com_noticeboard' - Local File Inclusion Joomla! Component NoticeBoard 1.3 - Local File Inclusion Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion Joomla! Component Graphics 1.0.6 - Local File Inclusion Joomla! Component 'com_newsfeeds' - SQL Injection Joomla! Component Newsfeeds - SQL Injection Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection Joomla! Component Komento 1.0.0 - 'sid' Parameter SQL Injection Joomla! Component 'com_dioneformwizard' - Local File Inclusion Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion Joomla! Component 'com_jejob' 1.0 - Local File Inclusion Joomla! Component JE Job 1.0 - Local File Inclusion Joomla! Component 'com_jequoteform' - Local File Inclusion Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion Joomla! Component MS Comment 0.8.0b - Local File Inclusion Apache Axis2 Administration console - Authenticated Cross-Site Scripting Apache Axis2 Administration Console - Authenticated Cross-Site Scripting Joomla! Component 'com_mycar' - Multiple Vulnerabilities Joomla! Component My Car 1.0 - Multiple Vulnerabilities Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection Joomla! Component JE Job 1.0 - 'catid' Parameter SQL Injection Joomla! Component 'com_jsjobs' - SQL Injection Joomla! Component JS Jobs 1.0.5.8 - SQL Injection Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection Joomla! Component Gamesbox 1.0.2 - 'id' Parameter SQL Injection Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection Joomla! Component eventCal 1.6.4 - Blind SQL Injection Joomla! Component 'com_ninjamonials' - Blind SQL Injection Joomla! Component NinjaMonials - Blind SQL Injection Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection Joomla! Component NeoRecruit 1.6.4 - 'Itemid' Parameter Blind SQL Injection Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection Joomla! Component Huru Helpdesk - SQL Injection Joomla! Component 'com_joomdle' 0.24 - SQL Injection Joomla! Component Joomdle 0.24 - SQL Injection Joomla! Component 'com_Joomla-visites' - Remote File Inclusion Joomla! Component Visites 1.1 RC2 - Remote File Inclusion Joomla! Component 'com_jefaqpro' - Multiple Blind SQL Injection Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection Joomla! Component 'com_magazine' 3.0.1 - Remote File Inclusion Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component 'com_gantry' 3.0.10 - Blind SQL Injection Joomla! Component Gantry 3.0.10 - Blind SQL Injection Joomla! Component 'com_jphone' - Local File Inclusion Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion Joomla! Component 'com_jgen' - SQL Injection Joomla! Component JGen 0.9.33 - SQL Injection Joomla! Component 'com_ezautos' - SQL Injection Joomla! Component Joostina - SQL Injection Joomla! Component 'com_jeguestbook' 1.0 - Multiple Vulnerabilities Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities Joomla! Component 'com_jedirectory' - SQL Injection Joomla! Component JE Directory 1.0 - SQL Injection Joomla! Component 'com_jscalendar' 1.5.1 - Multiple Vulnerabilities Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities Joomla! Component 'com_jeajaxeventcalendar' - SQL Injection Joomla! Component JE Ajax Event Calendar - SQL Injection Joomla! Component 'com_flipwall' - SQL Injection Joomla! Component Pulse Infotech Flip Wall - SQL Injection Joomla! Component 'com_jquarks4s' 1.0.0 - Blind SQL Injection Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection Joomla! Component 'com_jsupport' - Cross-Site Scripting Joomla! Component 'com_jsupport' - SQL Injection Joomla! Component JSupport 1.5.6 - Cross-Site Scripting Joomla! Component JSupport 1.5.6 - SQL Injection Joomla! Component 'com_jimtawl' - Local File Inclusion Joomla! Component Jimtawl 1.0.2 - Local File Inclusion phpMyAdmin - Client Side Code Injection / Redirect Link Falsification phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification Joomla! Component 'com_jeauto' 1.0 - SQL Injection Joomla! Component JE Auto 1.0 - SQL Injection Joomla! Component 'com_jradio' - Local File Inclusion Joomla! Component JRadio - Local File Inclusion Joomla! Component 'com_jotloader' 2.2.1 - Local File Inclusion Joomla! Component JotLoader 2.2.1 - Local File Inclusion Joomla! Component 'com_hmcommunity' - Multiple Vulnerabilities Joomla! Component HM Community - Multiple Vulnerabilities Joomla! Component 'com_estateagent' - SQL Injection Joomla! Component Estate Agent - SQL Injection EPortfolio 1.0 - Client Side Input Validation EPortfolio 1.0 - Client-Side Input Validation ActiveWeb Contentserver 5.6.2929 CMS - Client Side Filtering Bypass ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting Joomla! Component JV Comment 3.0.2 - 'id' Parameter SQL Injection Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting Joomla! Component JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting Joomla! Component 'com_clubmanager' - 'cm_id' Parameter SQL Injection Joomla! Component Club Manager - 'cm_id' Parameter SQL Injection Joomla! Component 'com_jstore' - 'Controller' Parameter Local File Inclusion Joomla! Component Jstore - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection Joomla! Component ECommerce-WD 1.2.5 - SQL Injection Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection Joomla! Component Contact Form Maker 1.0.1 - SQL Injection Joomla! Component 'com_kp' - 'Controller' Parameter Local File Inclusion Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities Joomla! Component Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection ntop-ng 2.5.160805 - Username Enumeration	2016-12-20 05:01:16 +00:00
Offensive Security	50a756ae83	DB: 2016-12-19	2016-12-19 06:56:09 +00:00
Offensive Security	18d8085c6d	DB: 2016-12-18 13 new exploits Microsoft Internet Explorer 9 MSHTML - CMarkup::ReloadInCompatView Use-After-Free Microsoft Internet Explorer 9 IEFRAME - CMarkup::RemovePointerPos Use-After-Free (MS13-055) Orthanc DICOM Server 1.1.0 - Memory Corruption Microsoft Internet Explorer 9 - MSHTML CMarkup::ReloadInCompatView Use-After-Free Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055) OsiriX DICOM Viewer 8.0.1 - Memory Corruption ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow DCMTK 3.6.0 storescp - Stack Buffer Overflow Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service Microsoft Internet Explorer 9 IEFRAME - CMarkupPointer::MoveToGap Use-After-Free Microsoft Internet Explorer 9 IEFRAME - CView::EnsureSize Use-After-Free (MS13-021) Nagios < 4.2.4 - Privilege Escalation iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free Alienvault OSSIM - SQL Injection / Remote Code Execution (Metasploit) Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit) Alienvault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution Alienvault Open Source SIEM (OSSIM) < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution Alienvault OSSIM - av-centerd Command Injection (Metasploit) Alienvault Open Source SIEM (OSSIM) - av-centerd Command Injection (Metasploit) Horos 2.1.0 Web Portal - Directory Traversal Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Alienvault OSSIM Open Source SIEM 3.1 - Multiple Security Vulnerabilities Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Security Vulnerabilities Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault OSSIM 4.1.2 - Multiple SQL Injections Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections Alienvault OSSIM Open Source SIEM 4.1 - Multiple SQL Vulnerabilities Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Vulnerabilities Alienvault 4.3.1 - Unauthenticated SQL Injection Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting Alienvault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit) Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit) Alienvault OSSIM 4.3 - Cross-Site Request Forgery Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery WHMCS Addon VMPanel 2.7.4 - SQL Injection WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery	2016-12-18 05:01:16 +00:00
Offensive Security	89c8b47b83	DB: 2016-12-17 1 new exploits Nagios Core < 4.2.4 - Privilege Escalation Nagios < 4.2.4 - Privilege Escalation Nagios Core < 4.2.2 - Curl Command Injection / Remote Code Execution Nagios < 4.2.2 - Arbitrary Code Execution Joomla! Component 'com_clantools' 1.5 - Blind SQL Injection Joomla! Component 'com_clantools' 1.2.3 - Multiple Blind SQL Injection Joomla! Component Clantools 1.5 - Blind SQL Injection Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injection Joomla! Component 'com_ccinvoices' - SQL Injection Joomla! Component ccInvoices - SQL Injection Joomla! Component 'com_ckforms' - Local File Inclusion Joomla! Component Cookex Agency CKForms - Local File Inclusion Joomla! Component 'com_civicrm' 4.2.2 - Remote Code Injection Joomla! Component com_civicrm 4.2.2 - Remote Code Injection	2016-12-17 08:08:43 +00:00
Offensive Security	24bf161ca6	DB: 2016-12-16 5 new exploits HydraIrc 0.3.164 - (last) Remote Denial of Service Download Accelerator Plus - DAP 8.6 (AniGIF.ocx) Buffer Overflow (PoC) HydraIrc 0.3.164 - Remote Denial of Service Download Accelerator Plus DAP 8.6 - 'AniGIF.ocx' Buffer Overflow (PoC) Microsoft Internet Explorer 9 MSHTML - CMarkup::ReloadInCompatView Use-After-Free Microsoft Internet Explorer 9 IEFRAME - CMarkup::RemovePointerPos Use-After-Free (MS13-055) Nidesoft MP3 Converter 2.6.18 - SEH Local Buffer Overflow Nagios Core < 4.2.4 - Privilege Escalation Nagios Core < 4.2.2 - Curl Command Injection / Remote Code Execution Quicksilver Forums 1.2.1 - (set) Remote File Inclusion Quicksilver Forums 1.2.1 - Remote File Inclusion e-Vision CMS 2.0 - (all_users.php) SQL Injection e-Vision CMS 2.0 - 'all_users.php' SQL Injection LetterIt 2.0 - (inc/session.php) Remote File Inclusion LetterIt 2.0 - 'session.php' Remote File Inclusion e107 0.7.8 - (mailout.php) Access Escalation Exploit (Admin needed) e107 0.7.8 - 'mailout.php' Access Escalation Exploit (Admin needed) PHPMyRealty 1.0.x - (search.php type) SQL Injection PHPMyRealty 1.0.x - 'search.php' SQL Injection pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection LetterIt 2 - 'Language' Local File Inclusion phpMyRealty - (location) SQL Injection LetterIt 2 - 'Language' Parameter Local File Inclusion phpMyRealty 2.0.0 - 'location' Parameter SQL Injection ABG Blocking Script 1.0a - 'abg_path' Remote File Inclusion E-topbiz Dating 3 PHP Script - (mail_id) SQL Injection Scripts24 iTGP 1.0.4 - 'id' SQL Injection Scripts24 iPost 1.0.1 - 'id' SQL Injection eStoreAff 0.1 - 'cid' SQL Injection GreenCart PHP Shopping Cart - 'id' SQL Injection ABG Blocking Script 1.0a - 'abg_path' Parameter Remote File Inclusion E-topbiz Dating 3 PHP Script - 'mail_id' Parameter SQL Injection Scripts24 iTGP 1.0.4 - 'id' Parameter SQL Injection Scripts24 iPost 1.0.1 - 'id' Parameter SQL Injection eStoreAff 0.1 - 'cid' Parameter SQL Injection GreenCart PHP Shopping Cart - 'id' Parameter SQL Injection e-vision CMS 2.02 - (SQL Injection / Arbitrary File Upload / Information Gathering) Multiple Vulnerabilities e-vision CMS 2.02 - SQL Injection / Arbitrary File Upload / Information Gathering E-Store Kit-1 <= 2 PayPal Edition - 'pid' SQL Injection E-Store Kit-1 <= 2 PayPal Edition - 'pid' Parameter SQL Injection iges CMS 2.0 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities iges CMS 2.0 - Cross-Site Scripting / SQL Injection Multiple Wsn Products - (Local File Inclusion) Code Execution Multiple Wsn Products - Local File Inclusion / Code Execution Discuz! 6.0.1 - (searchid) SQL Injection pPIM 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities Discuz! 6.0.1 - 'searchid' Parameter SQL Injection pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting Vacation Rental Script 3.0 - 'id' SQL Injection Quicksilver Forums 1.4.1 - forums[] SQL Injection txtSQL 2.2 Final - (startup.php) Remote File Inclusion Vacation Rental Script 3.0 - 'id' Parameter SQL Injection Quicksilver Forums 1.4.1 - SQL Injection txtSQL 2.2 Final - 'startup.php' Remote File Inclusion OpenImpro 1.1 - (image.php id) SQL Injection ZeeBuddy 2.1 - (bannerclick.php adid) SQL Injection pPIM 1.0 - (upload/change Password) Multiple Vulnerabilities Ovidentia 6.6.5 - (item) SQL Injection BBlog 0.7.6 - (mod) SQL Injection OpenImpro 1.1 - 'image.php' SQL Injection ZeeBuddy 2.1 - 'adid' Parameter SQL Injection pPIM 1.0 - upload/change Password Ovidentia 6.6.5 - 'item' Parameter SQL Injection BBlog 0.7.6 - 'mod' Parameter SQL Injection pPIM 1.01 - (notes.php id) Local File Inclusion pPIM 1.01 - 'notes.php' Local File Inclusion e107 plugin fm pro 1 - (File Disclosure / Arbitrary File Upload / Directory Traversal) Multiple Vulnerabilities e107 plugin fm pro 1 - File Disclosure / Arbitrary File Upload / Directory Traversal Coppermine Photo Gallery 1.4.19 - Remote Arbitrary .PHP File Upload Coppermine Photo Gallery 1.4.19 - Remote File Upload pPIM 1.01 - (notes.php id) Remote Command Execution pPIM 1.01 - 'notes.php' Remote Command Execution moziloCMS 1.11 - (Local File Inclusion / Full Path Disclosure / Cross-Site Scripting) Multiple Vulnerabilities moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting Joomla! Component 'com_agenda' 1.0.1 - 'id' Parameter SQL Injection Joomla! Component Agenda Address Book 1.0.1 - 'id' Parameter SQL Injection Joomla! Component 'com_alphauserpoints' 1.5.5 - Local File Inclusion Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion Joomla! Component 'com_arcadegames' - Local File Inclusion Joomla! Component Arcade Games 1.0 - Local File Inclusion Joomla! Component 'com_AddressBook' - Local File Inclusion Joomla! Component 'com_advertising' - Local File Inclusion Joomla! Component Address Book 1.5.0 - Local File Inclusion Joomla! Component Advertising 0.25 - Local File Inclusion Joomla! Component 'com_blogfactory' - Local File Inclusion Joomla! Component 'com_beeheard' - Local File Inclusion Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion Joomla! Component BeeHeard 1.0 - Local File Inclusion Joomla! Component 'com_archeryscores' 1.0.6 - Local File Inclusion Joomla! Component Archery Scores 1.0.6 - Local File Inclusion Joomla! Component 'com_abc' - SQL Injection Joomla! Component ABC 1.1.7 - SQL Injection Joomla! Component 'com_bfquiztrial' - SQL Injection (1) Joomla! Component BF Quiz 1.3.0 - SQL Injection (1) Joomla! Component 'com_bfquiztrial' - SQL Injection (2) Joomla! Component BF Quiz 1.0 - SQL Injection (2) e107 0.7.21 full - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities e107 0.7.21 full - Remote File Inclusion / Cross-Site Scripting Joomla! Component 'com_awd_song' - Persistent Cross-Site Scripting Joomla! Component JE Awd Song - Persistent Cross-Site Scripting Joomla! Component 'com_addressbook' - Blind SQL Injection Joomla! Component Address Book - Blind SQL Injection Joomla! Component 'com_autartimonial' - SQL Injection Joomla! Component AutarTimonial 1.0.8 - SQL Injection Joomla! Component 'com_artforms' 2.1b7.2 rc2 - Multiple Vulnerabilities Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities Joomla! Component 'com_camelcitydb2' 2.2 - SQL Injection Joomla! Component CamelcityDB 2.2 - SQL Injection Joomla! Component 'com_amblog' 1.0 - Multiple SQL Injections Joomla! Component Amblog 1.0 - Multiple SQL Injections Joomla! Component 'com_aardvertiser' 2.1 - Blind SQL Injection Joomla! Component Aardvertiser 2.1 - Blind SQL Injection Joomla! Component 'com_cbe' - Local File Inclusion / Remote Code Execution Joomla! Component Community Builder Enhanced (CBE) 1.4.8/1.4.9/1.4.10 - Local File Inclusion / Remote Code Execution Joomla! Component 'com_allcinevid' 1.0.0 - Blind SQL Injection Joomla! Component allCineVid 1.0.0 - Blind SQL Injection Joomla! Component 'com_alameda' 1.0 - SQL Injection Joomla! Component Alameda 1.0 - SQL Injection Free Hosting Manager 2.0 - (packages.php id Parameter) SQL Injection Free Hosting Manager 2.0 - 'id' Parameter SQL Injection Coppermine Photo Gallery 1.x - menu.inc.php CPG_URL Parameter Cross-Site Scripting Coppermine Photo Gallery 1.x - modules.php startdir Parameter Traversal Arbitrary File Access Coppermine Photo Gallery 1.x - init.inc.php Remote File Inclusion Coppermine Photo Gallery 1.x - theme.php Multiple Parameter Remote File Inclusion Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Parameter Traversal Arbitrary File Access Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion BBlog 0.7.4 - PostID Parameter SQL Injection BBlog 0.7.4 - 'PostID' Parameter SQL Injection Coppermine Photo Gallery 1.x - Albmgr.php SQL Injection Coppermine Photo Gallery 1.4.11 - SQL Injection LoveCMS 1.4 - install/index.php step Parameter Remote File Inclusion LoveCMS 1.4 - install/index.php step Parameter Traversal Arbitrary File Access LoveCMS 1.4 - 'index.php' load Parameter Traversal Arbitrary File Access LoveCMS 1.4 - 'index.php' id Parameter Cross-Site Scripting LoveCMS 1.4 - 'step' Parameter Remote File Inclusion LoveCMS 1.4 - 'step' Parameter Traversal Arbitrary File Access LoveCMS 1.4 - 'load' Parameter Traversal Arbitrary File Access LoveCMS 1.4 - 'id' Parameter Cross-Site Scripting Coppermine Photo Gallery 1.4.x - mode.php referer Parameter Cross-Site Scripting Coppermine Photo Gallery 1.4.x - viewlog.php log Parameter Local File Inclusion Coppermine Photo Gallery 1.4.12 - 'referer' Parameter Cross-Site Scripting Coppermine Photo Gallery 1.4.12 - 'log' Parameter Local File Inclusion Joomla! / Mambo Component 'com_detail' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_lms' - 'cat' Parameter SQL Injection Joomla! / Mambo Component Showroom Joomlearn LMS - 'cat' Parameter SQL Injection Blog Manager - inc_webblogmanager.asp ItemID Parameter SQL Injection Blog Manager - inc_webblogmanager.asp categoryId Parameter Cross-Site Scripting Blog Manager - 'ItemID' Parameter SQL Injection Blog Manager - 'categoryId' Parameter Cross-Site Scripting e107 0.7.x - (CAPTCHA Security Bypass / Cross-Site Scripting) Multiple Vulnerabilities e107 0.7.x - CAPTCHA Security Bypass / Cross-Site Scripting Joomla! Component 'com_canteen' 1.0 - Local File Inclusion Joomla! Component Canteen 1.0 - Local File Inclusion Coppermine Photo Gallery 1.5.10 - help.php Multiple Parameter Cross-Site Scripting Coppermine Photo Gallery 1.5.10 - searchnew.php picfile_* Parameter Cross-Site Scripting Coppermine Photo Gallery 1.5.10 - 'help.php' Cross-Site Scripting Coppermine Photo Gallery 1.5.10 - 'searchnew.php' Cross-Site Scripting	2016-12-16 05:01:19 +00:00
Offensive Security	32e86030d5	DB: 2016-12-15 3 new exploits minix 3.1.2a - tty panic Local Denial of Service minix 3.1.2a - tty panic Remote Denial of Service Minix 3.1.2a - tty panic Local Denial of Service Minix 3.1.2a - tty panic Remote Denial of Service Microsoft IIS 5.0 - WebDav Lock Method Memory Leak Denial of Service Microsoft IIS 5.0 - WebDAV Lock Method Memory Leak Denial of Service MINIX 3.3.0 - Local Denial of Service (PoC) Minix 3.3.0 - Local Denial of Service (PoC) MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service Minix 3.3.0 - Remote TCP/IP Stack Denial of Service Apache 2.4.23 (mod_http2) - Denial of Service Adobe Animate 15.2.1.95 - Memory Corruption CoolPlayer - m3u File Local Buffer Overflow CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit) Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDAV Privilege Escalation (MS16-016) (Metasploit) Apache Tomcat (WebDAV) - Remote File Disclosure Apache Tomcat - (WebDAV) Remote File Disclosure Apache Tomcat (WebDAV) - Remote File Disclosure (SSL) Apache Tomcat - (WebDAV) Remote File Disclosure (SSL) APT - Repository Signing Bypass via Memory Allocation Failure PHPFootball 1.6 - (show.php) Remote Database Disclosure PHPFootball 1.6 - Remote Database Disclosure Aprox CMS Engine 5 (1.0.4) - Local File Inclusion Aprox CMS Engine 5.1.0.4 - Local File Inclusion PHP Help Agent 1.1 - (content) Local File Inclusion PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion Alstrasoft Affiliate Network Pro - (pgm) SQL Injection Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection Siteframe - 'folder.php id' SQL Injection PHPFootball 1.6 - (show.php) SQL Injection DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection Siteframe CMS 3.2.3 - 'folder.php' SQL Injection PHPFootball 1.6 - SQL Injection DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection HRS Multi - 'key' Parameter Blind SQL Injection MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection EZWebAlbum (dlfilename) - Remote File Disclosure Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection ShopCartDx 4.30 - 'pid' SQL Injection MojoPersonals - Blind SQL Injection MojoJobs - Blind SQL Injection MojoAuto - Blind SQL Injection EZWebAlbum - Remote File Disclosure Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection ShopCartDx 4.30 - 'pid' Parameter SQL Injection YouTube blog 0.1 - (Remote File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Pre Survey Poll - 'default.asp catid' SQL Injection Atom Photoblog 1.1.5b1 - (photoId) SQL Injection ibase 2.03 - 'download.php' Remote File Disclosure YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting Pre Survey Poll - 'catid' Parameter SQL Injection Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection ibase 2.03 - Remote File Disclosure Live Music Plus 1.1.0 - 'id' SQL Injection xrms 1.99.2 - (Remote File Inclusion / Cross-Site Scripting / Information Gathering) Multiple Vulnerabilities Live Music Plus 1.1.0 - 'id' Parameter SQL Injection XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering FizzMedia 1.51.2 - (comment.php mid) SQL Injection PHPTest 0.6.3 - (picture.php image_id) SQL Injection FizzMedia 1.51.2 - SQL Injection PHPTest 0.6.3 - SQL Injection Mobius 1.4.4.1 - (browse.php id) SQL Injection EPShop < 3.0 - 'pid' SQL Injection Mobius 1.4.4.1 - SQL Injection EPShop < 3.0 - 'pid' Parameter SQL Injection TriO 2.1 - (browse.php id) SQL Injection CMScout 2.05 - (common.php bit) Local File Inclusion Getacoder clone - (sb_protype) SQL Injection GC Auction Platinum - (cate_id) SQL Injection SiteAdmin CMS - (art) SQL Injection TriO 2.1 - 'browse.php' SQL Injection CMScout 2.05 - 'bit' Parameter Local File Inclusion Getacoder clone - 'sb_protype' Parameter SQL Injection GC Auction Platinum - 'cate_id' Parameter SQL Injection SiteAdmin CMS - 'art' Parameter SQL Injection Youtuber Clone - 'ugroups.php UID' SQL Injection Youtuber Clone - SQL Injection PixelPost 1.7.1 - (language_full) Local File Inclusion PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion ViArt Shop 3.5 - (category_id) SQL Injection Minishowcase 09b136 - 'lang' Local File Inclusion ViArt Shop 3.5 - 'category_id' Parameter SQL Injection Minishowcase 09b136 - 'lang' Parameter Local File Inclusion Gregarius 0.5.4 - rsargs[] SQL Injection PHP Hosting Directory 2.0 - (admin.php rd) Remote File Inclusion HIOX Random Ad 1.3 - (hioxRandomAd.php hm) Remote File Inclusion hiox browser Statistics 2.0 - Remote File Inclusion Gregarius 0.5.4 - SQL Injection PHP Hosting Directory 2.0 - Remote File Inclusion HIOX Random Ad 1.3 - Remote File Inclusion HIOX Browser Statistics 2.0 - Remote File Inclusion nzFotolog 0.4.1 - (action_file) Local File Inclusion ZeeReviews - 'comments.php ItemID' SQL Injection nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion ZeeReviews - SQL Injection Article Friendly Pro/Standard - (Cat) SQL Injection Article Friendly Pro/Standard - SQL Injection PozScripts Classified Ads Script - 'cid' SQL Injection TubeGuru Video Sharing Script - (UID) SQL Injection PozScripts Classified Ads Script - 'cid' Parameter SQL Injection TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection pligg 9.9.0 - (Cross-Site Scripting / Local File Inclusion / SQL Injection) Multiple Vulnerabilities pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection camera life 2.6.2b4 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting Alstrasoft Article Manager Pro - (Authentication Bypass) SQL Injection Alstrasoft Article Manager Pro 1.6 - Authentication Bypass viart shopping cart 3.5 - Multiple Vulnerabilities Viart shopping cart 3.5 - Multiple Vulnerabilities PHPFootball 1.6 - (filter.php) Remote Hash Disclosure PHPFootball 1.6 - Remote Hash Disclosure talkback 2.3.14 - Multiple Vulnerabilities Siteframe CMS 3.2.x - (SQL Injection / phpinfo()) Multiple Vulnerabilities TalkBack 2.3.14 - Multiple Vulnerabilities Siteframe CMS 3.2.x - SQL Injection / phpinfo() CMScout - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities CMScout - Cross-Site Scripting / HTML Injection ShopCartDx 4.30 - (products.php) Blind SQL Injection ShopCartDx 4.30 - 'products.php' Blind SQL Injection viart shop 4.0.5 - Multiple Vulnerabilities ViArt Shop 4.0.5 - Multiple Vulnerabilities Siteframe 3.2.3 - (user.php) SQL Injection Siteframe CMS 3.2.3 - 'user.php' SQL Injection viart shop 4.0.5 - Cross-Site Request Forgery ViArt Shop 4.0.5 - Cross-Site Request Forgery Siteframe 2.2.4 - search.php Cross-Site Scripting Siteframe 2.2.4 - download.php Information Disclosure Siteframe CMS 2.2.4 - 'download.php' Information Disclosure phpx 3.2.3 - Multiple Vulnerabilities PHPX 3.2.3 - Multiple Vulnerabilities PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/news.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/user.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/images.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/forums.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - merchants/temp.php rowid Parameter Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php uploadProducts Action pgmid Parameter SQL Injection Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection PHPX 3.5.15/3.5.16 - print.php news_id Parameter SQL Injection PHPX 3.5.15/3.5.16 - forums.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - users.php user_id Parameter SQL Injection PHPX 3.5.15/3.5.16 - news.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - gallery.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection PHPX 3.5.15/3.5.16 - 'news.php' SQL Injection PHPX 3.5.15/3.5.16 - 'gallery.php' SQL Injection XRms 1.99.2 - activities/some.php title Parameter Cross-Site Scripting XRms 1.99.2 - companies/some.php company_name Parameter Cross-Site Scripting XRms 1.99.2 - contacts/some.php last_name Parameter Cross-Site Scripting XRms 1.99.2 - campaigns/some.php campaign_title Parameter Cross-Site Scripting XRms 1.99.2 - opportunities/some.php opportunity_title Parameter Cross-Site Scripting XRms 1.99.2 - cases/some.php case_title Parameter Cross-Site Scripting XRms 1.99.2 - files/some.php file_id Parameter Cross-Site Scripting XRms 1.99.2 - reports/custom/mileage.php starting Parameter Cross-Site Scripting XRms 1.99.2 - 'title' Parameter Cross-Site Scripting XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting Pligg 1.0.4 - 'install1.php' Cross-Site Scripting Joomla! Component DT Register - 'cat' SQL Injection Joomla! Component DT Register - 'cat' Parameter SQL Injection	2016-12-15 13:07:17 +00:00
Offensive Security	eddddf7aa8	DB: 2016-12-15 5 new exploits Microsoft Internet Explorer 9 IEFRAME - CSelectionInteractButtonBehavior::_UpdateButtonLocation Use-After-Free (MS13-047) Microsoft Internet Explorer 9 - IEFRAME CSelectionInteractButtonBehavior::_UpdateButtonLocation Use-After-Free (MS13-047) Poppler 0.10.3 - Multiple Denial of Service Vulnerabilities Poppler 0.10.3 - Denial of Service Samsung Devices KNOX Extensions - OTP Service Heap Overflow Serva 3.0.0 HTTP Server - Denial of Service Serva 3.0.0 - HTTP Server Denial of Service TP-LINK TD-W8151N - Denial of Service Samsung Devices KNOX Extensions - OTP TrustZone Trustlet Stack Buffer Overflow CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH) Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH) Trixbox - (langChoice) Local File Inclusion (connect-back) (2) Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python) Fonality trixbox - 'langChoice' Parameter Local File Inclusion (connect-back) (2) Fonality trixbox 2.6.1 - 'langChoice' Parameter Remote Code Execution (Python) Youngzsoft 3.30/4.0 CMailServer - Buffer Overflow (1) Youngzsoft 3.30/4.0 CMailServer - Buffer Overflow (2) Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (1) Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (2) Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit) Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit) McAfee Virus Scan Enterprise for Linux - Remote Code Execution BrewBlogger 1.3.1 - (printLog.php) SQL Injection BrewBlogger 1.3.1 - 'printLog.php' SQL Injection ContentNow 1.30 - (Local File Inclusion / Arbitrary File Upload / Delete) Multiple Vulnerabilities ContentNow 1.30 - Local File Inclusion / Arbitrary File Upload/Delete ContentNow 1.30 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities ContentNow 1.30 - Arbitrary File Upload / Cross-Site Scripting ContentNow 1.39 - (pageid) SQL Injection ContentNow 1.39 - 'pageid' Parameter SQL Injection Maian Recipe 1.0 - (path_to_folder) Remote File Inclusion Maian Recipe 1.0 - 'path_to_folder' Parameter Remote File Inclusion Sisplet CMS 05.10 - (site_path) Remote File Inclusion Sisplet CMS 05.10 - 'site_path' Parameter Remote File Inclusion Sisplet CMS - 'index.php id' 2008-01-24 SQL Injection VanGogh Web CMS 0.9 - (article_ID) SQL Injection Sisplet CMS 2008-01-24 - 'id' Parameter SQL Injection VanGogh Web CMS 0.9 - 'article_ID' Parameter SQL Injection Efestech Shop 2.0 - 'cat_id' SQL Injection plx Ad Trader 3.2 - (adid) SQL Injection Joomla! Component versioning 1.0.2 - 'id' SQL Injection Joomla! Component mygallery - 'cid' SQL Injection XchangeBoard 1.70 - (boardID) SQL Injection CMS little 0.0.1 - (index.php template) Local File Inclusion Joomla! Component com_brightweblinks - 'catid' SQL Injection Efestech Shop 2.0 - 'cat_id' Parameter SQL Injection plx Ad Trader 3.2 - 'adid' Parameter SQL Injection Joomla! Component versioning 1.0.2 - 'id' Parameter SQL Injection Joomla! Component mygallery - 'cid' Parameter SQL Injection XchangeBoard 1.70 - 'boardID' Parameter SQL Injection CMS little 0.0.1 - 'template' Parameter Local File Inclusion Joomla! Component Brightcode Weblinks - 'catid' Parameter SQL Injection phPortal 1.2 - Multiple Remote File Inclusions PHPortal 1.2 - Multiple Remote File Inclusions phpWebNews 0.2 MySQL Edition - (id_kat) SQL Injection phpWebNews 0.2 MySQL Edition - (det) SQL Injection pHNews CMS - Multiple Local File Inclusion PHPwebnews 0.2 MySQL Edition - 'id_kat' Parameter SQL Injection PHPwebnews 0.2 MySQL Edition - 'det' Parameter SQL Injection pHNews CMS Alpha 1 - Local File Inclusion Kasseler CMS 1.3.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Kasseler CMS 1.3.0 - Local File Inclusion / Cross-Site Scripting XPOZE Pro 3.06 - 'uid' SQL Injection ContentNow 1.4.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (1) XPOZE Pro 3.06 - 'uid' Parameter SQL Injection ContentNow 1.4.1 - Arbitrary File Upload / Cross-Site Scripting SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1) Fuzzylime CMS 3.01a - (file) Local File Inclusion Triton CMS Pro - (x-forwarded-for) Blind SQL Injection Neutrino 0.8.4 Atomic Edition - Remote Code Execution SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (2) Fuzzylime CMS 3.01a - 'file' Parameter Local File Inclusion Triton CMS Pro 1.06 - 'x-forwarded-for' Blind SQL Injection QNX Neutrino 0.8.4 Atomic Edition - Remote Code Execution SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (2) Joomla! Component com_content 1.0.0 - 'itemID' SQL Injection Joomla! Component Content 1.0.0 - 'itemID' Parameter SQL Injection BoonEx Ray 3.5 - (sIncPath) Remote File Inclusion BoonEx Ray 3.5 - 'sIncPath' Parameter Remote File Inclusion DreamPics Builder - (page) SQL Injection DreamNews Manager - 'id' SQL Injection gapicms 9.0.2 - (dirDepth) Remote File Inclusion phpDatingClub - 'website.php' Local File Inclusion DreamPics Builder - 'page' Parameter SQL Injection DreamNews Manager - 'id' Parameter SQL Injection gapicms 9.0.2 - 'dirDepth' Parameter Remote File Inclusion phpDatingClub 3.7 - 'website.php' Local File Inclusion Million Pixels 3 - (id_cat) SQL Injection Million Pixels 3 - 'id_cat' Parameter SQL Injection Fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution (PHP) Fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution (Perl) Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (PHP) Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (Perl) WebCMS Portal Edition - 'id' SQL Injection jsite 1.0 oe - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Avlc Forum - 'vlc_forum.php id' SQL Injection Fuzzylime CMS 3.01 - (commrss.php) Remote Code Execution WebCMS Portal Edition - 'id' Parameter SQL Injection jsite 1.0 oe - SQL Injection / Local File Inclusion Avlc Forum - 'vlc_forum.php' SQL Injection Fuzzylime CMS 3.01 - 'commrss.php' Remote Code Execution Ultrastats 0.2.142 - (players-detail.php) Blind SQL Injection Ultrastats 0.2.142 - 'players-detail.php' Blind SQL Injection CodeDB - 'list.php lang' Local File Inclusion CodeDB 1.1.1 - 'list.php' Local File Inclusion Pluck 4.5.1 - (blogpost) Local File Inclusion (win only) Pluck CMS 4.5.1 - 'blogpost' Parameter Local File Inclusion (win only) Pragyan CMS 2.6.2 - (sourceFolder) Remote File Inclusion Comdev Web Blogger 4.1.3 - (arcmonth) SQL Injection Pragyan CMS 2.6.2 - 'sourceFolder' Parameter Remote File Inclusion Comdev Web Blogger 4.1.3 - 'arcmonth' Parameter SQL Injection phpWebNews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling PHPwebnews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling WebCMS Portal Edition - 'index.php id' Blind SQL Injection WebCMS Portal Edition - 'id' Parameter Blind SQL Injection Pluck 4.5.3 - (update.php) Remote File Corruption Exploit Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Exploit Ultrastats 0.2.144/0.3.11 - (index.php serverid) SQL Injection Ultrastats 0.2.144/0.3.11 - 'serverid' Parameter SQL Injection Pluck CMS 4.5.3 - (g_pcltar_lib_dir) Local File Inclusion Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Parameter Local File Inclusion Fuzzylime CMS 3.03 - (track.php p) Local File Inclusion Fuzzylime CMS 3.03 - 'track.php' Local File Inclusion CMS little 0.0.1 - (index.php term) SQL Injection CMS little 0.0.1 - 'term' Parameter SQL Injection SHOP-INET 4 - 'show_cat2.php grid' SQL Injection SHOP-INET 4 - 'grid' Parameter SQL Injection Pluck CMS 4.6.1 - (module_pages_site.php post) Local File Inclusion Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion Joomla! Component Maian Music 1.2.1 - (category) SQL Injection Joomla! Component Maian Music 1.2.1 - 'category' Parameter SQL Injection Pluck 4.6.2 - (langpref) Local File Inclusion Pluck CMS 4.6.2 - 'langpref' Parameter Local File Inclusion phportal 1.0 - Insecure Cookie Handling PHPortal 1.0 - Insecure Cookie Handling Kasseler CMS - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities Kasseler CMS - File Disclosure / Cross-Site Scripting DreamPics Builder - (exhibition_id) SQL Injection DreamPics Builder - 'exhibition_id' Parameter SQL Injection Trixbox 2.2.4 - PhonecDirectory.php SQL Injection Fonality trixbox 2.2.4 - 'PhonecDirectory.php' SQL Injection Kasseler CMS 1.4.x lite - (Module Jokes) SQL Injection Kasseler CMS 1.4.x lite Module Jokes - SQL Injection PHPortal_1.2 - (gunaysoft.php) Remote File Inclusion PHPortal 1.2 - 'gunaysoft.php' Remote File Inclusion Trixbox CE 2.6.1 - langChoice PHP Local File Inclusion (Metasploit) Fonality trixbox CE 2.6.1 - 'langChoice' Parameter Local File Inclusion (Metasploit) maian weblog 4.0 - Blind SQL Injection Maian Weblog 4.0 - Blind SQL Injection brewblogger 2.3.2 - Multiple Vulnerabilities BrewBlogger 2.3.2 - Multiple Vulnerabilities Maian Weblog 2.0 - print.php Multiple Parameter SQL Injection Maian Weblog 2.0 - mail.php Multiple Parameter SQL Injection Maian Weblog 2.0 - 'print.php' SQL Injection Maian Weblog 2.0 - 'mail.php' SQL Injection PHPwebnews 0.1 - iklan.php m_txt Parameter Cross-Site Scripting PHPwebnews 0.1 - 'index.php' m_txt Parameter Cross-Site Scripting PHPwebnews 0.1 - bukutamu.php m_txt Parameter Cross-Site Scripting PHPwebnews 0.1 - 'iklan.php' Cross-Site Scripting PHPwebnews 0.1 - 'index.php' Cross-Site Scripting PHPwebnews 0.1 - 'bukutamu.php' Cross-Site Scripting Joomla! Component com_content 1.5 RC3 - 'index.php' view Parameter SQL Injection Joomla! Component Content 1.5 RC3 - 'view' Parameter SQL Injection Trixbox 2.4.2 - user/index.php Query String Cross-Site Scripting Trixbox 2.4.2 - maint/index.php Query String Cross-Site Scripting Fonality trixbox 2.4.2 - Cross-Site Scripting Pluck 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities Trixbox - SQL Injection Fonality trixbox - SQL Injection Trixbox - 'endpoint_aastra.php mac Parameter' Remote Code Injection Fonality trixbox - 'mac' Parameter Remote Code Injection THELIA 1.4.2.1 - Multiple Cross-Site Scripting Vulnerabilities Pluck 4.6.3 - 'cont1' Parameter HTML Injection Pluck CMS 4.6.3 - 'cont1' Parameter HTML Injection Pluck 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities Pluck CMS 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities Boonex Dolphin 6.1 - 'xml/get_list.php' SQL Injection Boonex Dolphin 6.1 - 'get_list.php' SQL Injection Joomla! Component 'com_content' - 'year' Parameter SQL Injection Joomla! Component Content - 'year' Parameter SQL Injection Pluck 4.7 - Directory Traversal Pluck CMS 4.7 - Directory Traversal SenseSites CommonSense CMS - cat2.php id Parameter SQL Injection SenseSites CommonSense CMS - 'id' Parameter SQL Injection Fonality trixbox - /maint/modules/endpointcfg/endpoint_generic.php mac Parameter SQL Injection Fonality trixbox - /maint/modules/home/index.php lang Parameter Directory Traversal Fonality trixbox - '/maint/modules/asterisk_info/asterisk_info.php' lang Parameter Directory Traversal Fonality trixbox - /maint/modules/repo/repo.php lang Parameter Directory Traversal Fonality trixbox - '/maint/modules/endpointcfg/endpointcfg.php' lang Directory Traversal Fonality trixbox - /var/www/html/maint/modules/home/index.php lang Parameter Remote Code Execution Fonality trixbox - 'endpoint_generic.php' SQL Injection Fonality trixbox - 'index.php' Directory Traversal Fonality trixbox - 'asterisk_info.php' Directory Traversal Fonality trixbox - 'repo.php' Directory Traversal Fonality trixbox - 'endpointcfg.php' Directory Traversal Fonality trixbox - 'index.php' Remote Code Execution Joomla! Component DT Register - 'cat' SQL Injection	2016-12-15 05:01:19 +00:00
Offensive Security	b080c70f8b	DB: 2016-12-14 7 new exploits Microsoft Internet Explorer 9 IEFRAME - CSelectionInteractButtonBehavior::_UpdateButtonLocation Use-After-Free (MS13-047) Xitami Web Server 5.0a0 - Denial of Service OpenSSL 1.1.0a/1.1.0b - Denial of Service Serva 3.0.0 HTTP Server - Denial of Service iOS 10.1.x - Certificate File Memory Corruption OpenBSD 4.0 - (vga) Privilege Escalation OpenBSD 4.0 - 'vga' Privilege Escalation 10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections AShop Deluxe 4.x - (catalogue.php cat) SQL Injection AShop Deluxe 4.x - 'catalogue.php' SQL Injection HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion CAT2 - (spaw_root) Local File Inclusion CAT2 - 'spaw_root' Parameter Local File Inclusion MyBloggie 2.1.3 - search.php SQL Injection MyBloggie 2.1.2/2.1.3 - upload.php Multiple Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - delcomment.php Multiple Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - deluser.php 'id' Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - addcat.php errormsg Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - edituser.php errormsg Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - adduser.php errormsg Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - editcat.php errormsg Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - add.php trackback_url Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - delcat.php cat_id Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - del.php post_id Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting MyBloggie 2.1.x - Multiple Remote File Inclusion MyBloggie 2.1.x - MyBloggie_Root_Path Parameter Multiple Remote File Inclusion MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter Cross-Site Scripting AShop Deluxe 4.5 - ashop/basket.php cat Parameter Cross-Site Scripting AShop Deluxe 4.5 - ashop/search.php SearchString Parameter Cross-Site Scripting AShop Deluxe 4.5 - shipping.php Multiple Parameter Cross-Site Scripting AShop Deluxe 4.5 - admin/editcatalogue.php cat Parameter Cross-Site Scripting AShop Deluxe 4.5 - admin/salesadmin.php resultpage Parameter Cross-Site Scripting AShop Deluxe 4.5 - 'catalogue.php' Cross-Site Scripting AShop Deluxe 4.5 - 'basket.php' Cross-Site Scripting AShop Deluxe 4.5 - 'search.php' Cross-Site Scripting AShop Deluxe 4.5 - 'shipping.php' Cross-Site Scripting AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting AShop Deluxe 4.5 - 'salesadmin.php' Cross-Site Scripting MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting Smart Guard Network Manager 6.3.2 - SQL Injection WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery	2016-12-14 05:01:23 +00:00
Offensive Security	96bd05d39d	DB: 2016-12-12 3 new exploits BolinTech DreamFTP Server 1.0 - User Name Format String (1) BolinTech DreamFTP Server 1.0 - User Name Format String opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1) Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat (PoC) EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation Orca 2.0.2 - Cross-Site Scripting Orca 2.0.2 - 'topic ' Cross-Site Scripting Netgear R7000 - Cross-Site Scripting ARG-W4 ADSL Router - Multiple Vulnerabilities	2016-12-12 20:31:23 +00:00
Offensive Security	9cad083b49	DB: 2016-12-11 5 new exploits uTorrent 1.8.3 (Build 15772) - Create New Torrent Buffer Overflow (PoC) uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) F5 BIG-IP - Authentication Bypass (1) F5 BIG-IP - Authentication Bypass (PoC) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2) Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1) Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (2) Microsoft Internet Explorer 9 MSHTML - CElement::HasFlag Memory Corruption uTorrent - DLL Hijacking uTorrent 2.0.3 - DLL Hijacking F5 BIG-IP - Authentication Bypass (2) F5 BIG-IP - Authentication Bypass SePortal - SQL Injection / Remote Code Execution (Metasploit) SePortal 2.5 - SQL Injection / Remote Code Execution (Metasploit) MyPHP CMS 0.3 - (domain) Remote File Inclusion MyPHP CMS 0.3 - 'domain' Parameter Remote File Inclusion RSS-aggregator - 'display.php path' Remote File Inclusion RSS-aggregator - 'path' Parameter Remote File Inclusion HoMaP-CMS 0.1 - (plugin_admin.php) Remote File Inclusion HomePH Design 2.10 RC2 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities HoMaP-CMS 0.1 - 'plugin_admin.php' Remote File Inclusion HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting cmreams CMS 1.3.1.1 beta2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities cmreams CMS 1.3.1.1 beta2 - Local File Inclusion / Cross-Site Scripting HoMaP-CMS 0.1 - (index.php go) SQL Injection HoMaP-CMS 0.1 - 'go' Parameter SQL Injection Ready2Edit - 'pages.php menuid' SQL Injection ResearchGuide 0.5 - (guide.php id) SQL Injection MVC-Web CMS 1.0/1.2 - (index.asp newsid) SQL Injection Ready2Edit - 'menuid' Parameter SQL Injection ResearchGuide 0.5 - 'id' Parameter SQL Injection MVC-Web CMS 1.0/1.2 - 'newsid' Parameter SQL Injection Demo4 CMS - 'index.php id' SQL Injection Joomla! Component com_facileforms 1.4.4 - Remote File Inclusion Dagger CMS 2008 - (dir_inc) Remote File Inclusion TinxCMS 1.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities mm chat 1.5 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ourvideo CMS 9.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities cmsWorks 2.2 RC4 - (mod_root) Remote File Inclusion Demo4 CMS - 'id' Parameter SQL Injection Joomla! Component FacileForms 1.4.4 - Remote File Inclusion Dagger CMS 2008 - 'dir_inc' Parameter Remote File Inclusion TinXCMS 1.1 - Local File Inclusion / Cross-Site Scripting mm chat 1.5 - Local File Inclusion / Cross-Site Scripting ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting cmsWorks 2.2 RC4 - 'mod_root' Parameter Remote File Inclusion Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection Relative Real Estate Systems 3.0 - 'listing_id' Parameter SQL Injection DUcalendar 1.0 - (detail.asp iEve) SQL Injection HiveMaker Directory - 'cid' Parameter SQL Injection E-topbiz ViralDX 2.07 - (adclick.php bannerid) SQL Injection Link ADS 1 - 'out.php linkid' SQL Injection TOKOKITA - 'barang.php produk_id' SQL Injection Webdevindo-CMS 0.1 - (index.php hal) SQL Injection mUnky 0.0.1 - (index.php zone) Local File Inclusion Jokes & Funny Pics Script - (sb_jokeid) SQL Injection DUcalendar 1.0 - 'iEve' Parameter SQL Injection HiveMaker Directory 1.0.2 - 'cid' Parameter SQL Injection E-topbiz ViralDX 2.07 - 'bannerid' Parameter SQL Injection Link ADS 1 - 'linkid' Parameter SQL Injection TOKOKITA - 'produk_id' Parameter SQL Injection Webdevindo-CMS 0.1 - 'hal' Parameter SQL Injection mUnky 0.0.1 - 'zone' Parameter Local File Inclusion Jokes & Funny Pics Script - 'sb_jokeid' Parameter SQL Injection MyPHP CMS 0.3.1 - (page.php pid) SQL Injection PHPmotion 2.0 - (update_profile.php) Arbitrary File Upload MyPHP CMS 0.3.1 - 'pid' Parameter SQL Injection PHPmotion 2.0 - 'update_profile.php' Arbitrary File Upload polypager 1.0rc2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PHP-Fusion Mod Kroax 4.42 - (category) SQL Injection polypager 1.0rc2 - SQL Injection / Cross-Site Scripting PHP-Fusion Mod Kroax 4.42 - 'category' Parameter SQL Injection Riddles Complete Website 1.2.1 - (riddleid) SQL Injection Tips Complete Website 1.2.0 - (tipid) SQL Injection Jokes Complete Website 2.1.3 - (jokeid) SQL Injection Drinks Complete Website 2.1.0 - (drinkid) SQL Injection Cheats Complete Website 1.1.1 - 'itemID' SQL Injection Riddles Complete Website 1.2.1 - 'riddleid' Parameter SQL Injection Tips Complete Website 1.2.0 - 'tipid' Parameter SQL Injection Easysitenetwork Jokes Complete Website 2.1.3 - 'jokeid' Parameter SQL Injection Drinks Complete Website 2.1.0 - 'drinkid' Parameter SQL Injection Cheats Complete Website 1.1.1 - 'itemID' Parameter SQL Injection Orca 2.0/2.0.2 - (Parameters.php) Remote File Inclusion Orca 2.0/2.0.2 - 'Parameters.php' Remote File Inclusion OTManager CMS 24a - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities OTManager CMS 24a - Local File Inclusion / Cross-Site Scripting SePortal 2.4 - (poll.php poll_id) SQL Injection SePortal 2.4 - 'poll_id' Parameter SQL Injection poweraward 1.1.0 rc1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Joomla! Component jabode - 'id' SQL Injection Online Booking Manager 2.2 - 'id' SQL Injection poweraward 1.1.0 rc1 - Local File Inclusion / Cross-Site Scripting Joomla! Component jabode - 'id' Parameter SQL Injection Online Booking Manager 2.2 - 'id' Parameter SQL Injection Joomla! Component Xe webtv - 'id' Blind SQL Injection Joomla! Component Xe webtv - 'id' Parameter Blind SQL Injection AcmlmBoard 1.A2 - 'pow' SQL Injection eSHOP100 - (SUB) SQL Injection AcmlmBoard 1.A2 - 'pow' Parameter SQL Injection eSHOP100 - 'SUB' Parameter SQL Injection OTManager CMS 2.4 - (Tipo) Remote File Inclusion OTManager CMS 2.4 - 'Tipo' Parameter Remote File Inclusion Orca 2.0.2 - (Topic) Cross-Site Scripting Orca 2.0.2 - Cross-Site Scripting Hedgehog-CMS 1.21 - (Local File Inclusion) Remote Command Execution Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution catviz 0.4.0b1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting Joomla! Component com_facileforms - Cross-Site Scripting Joomla! Component FacileForms - Cross-Site Scripting PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload PHPmotion 1.62 - 'FCKeditor' Arbitrary File Upload Roundcube 1.2.2 - Remote Code Execution Pivot 1.0 - Remote module_db.php File Inclusion Pivot 1.0 - 'module_db.php' Remote File Inclusion MyBloggie 2.1 - 'index.php' year Parameter Cross-Site Scripting MyBloggie 2.1 - 'index.php' Cross-Site Scripting E-topbiz Link ADS 1 - 'out.php' SQL Injection PolyPager 0.9.51/1.0 - 'nr' Parameter Cross-Site Scripting RSS-aggregator 1.0 - admin/fonctions/supprimer_flux.php IdFlux Parameter SQL Injection RSS-aggregator 1.0 - admin/fonctions/supprimer_tag.php IdTag Parameter SQL Injection RSS-aggregator 1.0 - 'admin/fonctions/' Direct Request Administrator Authentication Bypass RSS-aggregator 1.0 - 'IdFlux' Parameter SQL Injection RSS-aggregator 1.0 - 'IdTag' Parameter SQL Injection RSS-aggregator 1.0 - Authentication Bypass Jokes Complete Website - joke.php id Parameter Cross-Site Scripting Jokes Complete Website - results.php searchingred Parameter Cross-Site Scripting Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting Splunk Enterprise 6.4.3 - Server-Side Request Forgery	2016-12-11 05:01:17 +00:00
Offensive Security	f88827eb1f	DB: 2016-12-10 4 new exploits Free MP3 CD Ripper 2.6 - Exploit (1) Free MP3 CD Ripper 2.6 - '.wav' PoC Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (1) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (1) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (2) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (3) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (2) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (3) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (1) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (PoC) Ascend R 4.5 Ci12 - Denial of Service (1) Ascend R 4.5 Ci12 - Denial of Service (2) Ascend R 4.5 Ci12 - Denial of Service (C) Ascend R 4.5 Ci12 - Denial of Service (Perl) Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (1) Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC) thttpd 2.2x - defang Remote Buffer Overflow (1) thttpd 2.2x - defang Remote Buffer Overflow (PoC) PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (1) PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) (1) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (3) Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2) Free MP3 CD Ripper 2.6 - (wav) Stack Buffer Overflow (PoC) Free MP3 CD Ripper 2.6 - '.wav' Stack Buffer Overflow Free MP3 CD Ripper 2.6 - Exploit (2) Free MP3 CD Ripper 2.6 - '.wav' Exploit Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (2) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1) Free MP3 CD Ripper 2.6 - Local Buffer Overflow Free MP3 CD Ripper 2.6 - '.wav' Local Buffer Overflow Free MP3 CD Ripper 2.6 2.8 '.wav' - SEH Based Buffer Overflow (Windows 7 DEP Bypass) Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass) Alt-N SecurityGateway - 'Username' Buffer Overflow (Metasploit) Alt-N SecurityGateway 1.0.1 - 'Username' Buffer Overflow (Metasploit) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (2) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow thttpd 2.2x - defang Remote Buffer Overflow (2) thttpd 2.2x - defang Remote Buffer Overflow Windows x64 - Bind Shell TCP Shellcode (508 bytes) CuteNews 1.4.1 - (function.php) Local File Inclusion CuteNews 1.4.1 - 'function.php' Local File Inclusion CoreNews 2.0.1 - (userid) SQL Injection CoreNews 2.0.1 - 'userid' Parameter SQL Injection phpAuction 2.1 - (phpAds_path) Remote File Inclusion phpAuction 2.1 - 'phpAds_path' Parameter Remote File Inclusion Freenews 1.1 - (moteur.php) Remote File Inclusion Freenews 1.1 - 'moteur.php' Remote File Inclusion SH-News 3.1 - (scriptpath) Multiple Remote File Inclusion SH-News 3.1 - 'scriptpath' Parameter Remote File Inclusion JaxUltraBB 2.0 - (delete.php) Remote Auto Deface Exploit JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit JaxUltraBB 2.0 - Topic Reply Command Execution JaxUltraBB 2.0 - Command Execution Oxygen 1.1.3 - (O2PHP Bulletin Board) SQL Injection Oxygen 1.1.3 (O2PHP Bulletin Board) - SQL Injection cutenews aj-fork 167f - (cutepath) Remote File Inclusion cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion SH-News 0.93 - (misc.php) Remote File Inclusion SH-News 0.93 - 'misc.php' Remote File Inclusion aspWebCalendar 4.5 - (calendar.asp eventid) SQL Injection AspWebCalendar 4.5 - 'eventid' Parameter SQL Injection SH-News 3.0 - (comments.php id) SQL Injection SH-News 3.0 - 'comments.php' SQL Injection ClipShare - 'uprofile.php UID' SQL Injection ClipShare - 'UID' Parameter SQL Injection Lasernet CMS 1.5 - SQL Injection (2) LaserNet CMS 1.5 - SQL Injection (2) Oxygen 2.0 - (repquote) SQL Injection Oxygen 2.0 - 'repquote' Parameter SQL Injection Open Azimyt CMS 0.22 - 'lang' Local File Inclusion Open Azimyt CMS 0.22 - 'lang' Parameter Local File Inclusion Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection Joomla! Component Simple Shop Galore 3.x - 'catid' Parameter SQL Injection Bizon-CMS 2.0 - (index.php Id) SQL Injection Basic-CMS - 'index.php r' SQL Injection Bizon-CMS 2.0 - 'Id' Parameter SQL Injection Basic-CMS - 'index.php' SQL Injection ClipShare < 3.0.1 - (tid) SQL Injection easyTrade 2.x - (detail.php id) SQL Injection ThaiQuickCart - (sLanguage) Local File Inclusion ClipShare < 3.0.1 - 'tid' Parameter SQL Injection easyTrade 2.x - 'id' Parameter SQL Injection ThaiQuickCart 3 - 'sLanguage' Cookie Local File Inclusion eroCMS 1.4 - (index.php site) SQL Injection WebCalendar 1.0.4 - (includedir) Remote File Inclusion traindepot 0.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities doITlive CMS 2.50 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities AspWebCalendar 2008 - Arbitrary File Upload netBIOS - 'shownews.php newsid' SQL Injection Maxtrade AIO 1.3.23 - (categori) SQL Injection Mybizz-Classifieds - 'index.php cat' SQL Injection Easy Webstore 1.2 - (index.php postid) SQL Injection eroCMS 1.4 - 'site' Parameter SQL Injection WebCalendar 1.0.4 - 'includedir' Parameter Remote File Inclusion traindepot 0.1 - Local File Inclusion / Cross-Site Scripting doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting AspWebCalendar 2008 - Arbitrary File Upload netBIOS - 'newsid' Parameter SQL Injection Maxtrade AIO 1.3.23 - 'categori' Parameter SQL Injection Mybizz-Classifieds - 'cat' Parameter SQL Injection Easy Webstore 1.2 - SQL Injection Carscripts Classifieds - 'index.php cat' SQL Injection BoatScripts Classifieds - 'index.php type' SQL Injection Carscripts Classifieds - 'cat' Parameter SQL Injection BoatScripts Classifieds - 'type' Parameter SQL Injection ownrs blog beta3 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities samart-cms 2.0 - (contentsid) SQL Injection CMS-BRD - (menuclick) SQL Injection ownrs blog beta3 - SQL Injection / Cross-Site Scripting Yektaweb Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities samart-cms 2.0 - 'contentsid' Parameter SQL Injection CMS-BRD - 'menuclick' Parameter SQL Injection CaupoShop Classic 1.3 - (saArticle[ID]) SQL Injection CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities Lightweight news portal [lnp] 1.0b - Multiple Vulnerabilities Lightweight news portal (LNP) 1.0b - Multiple Vulnerabilities CiBlog 3.1 - (links-extern.php id) SQL Injection CiBlog 3.1 - 'id' Parameter SQL Injection jaxultrabb 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities emuCMS 0.3 - 'cat_id' SQL Injection phpAuction - 'profile.php user_id' SQL Injection SiteXS CMS 0.1.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities @CMS 2.1.1 - (readarticle.php article_id) SQL Injection eNews 0.1 - (delete.php) Arbitrary Delete Post PHP KnowledgeBase Script 2.4 - 'cat_id' SQL Injection jaxultrabb 2.0 - Local File Inclusion / Cross-Site Scripting emuCMS 0.3 - 'cat_id' Parameter SQL Injection phpAuction - 'profile.php' SQL Injection SiteXS CMS 0.1.1 - Arbitrary File Upload / Cross-Site Scripting @CMS 2.1.1 - SQL Injection eNews 0.1 - 'delete.php' Arbitrary Delete Post PHP KnowledgeBase Script 2.4 - 'cat_id' Parameter SQL Injection OFFL 0.2.6 - (teams.php fflteam) SQL Injection Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection phpAuction 3.2.1 - (item.php id) SQL Injection Joomla! Component EXP Shop - 'catid' SQL Injection DUdForum 3.0 - (forum.asp iFor) SQL Injection shibby shop 2.2 - (SQL Injection / update) Multiple Vulnerabilities phpAuction 3.2.1 - 'item.php' SQL Injection Joomla! Component EXP Shop - 'catid' Parameter SQL Injection DUdForum 3.0 - 'iFor' Parameter SQL Injection shibby shop 2.2 - Multiple Vulnerabilities LiteNews 0.1 - 'id' SQL Injection LiteNews 0.1 - 'id' Parameter SQL Injection ClipShare Pro 2006-2007 - (chid) SQL Injection ClipShare Pro 2006-2007 - 'chid' Parameter SQL Injection phpauctionsystem - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities phpauctionsystem - Cross-Site Scripting / SQL Injection Jamroom - 'index.php t' Local File Inclusion Jamroom 4.0.2 - 't' Parameter Local File Inclusion Oxygen2PHP 1.1.3 - (member.php) SQL Injection Oxygen2PHP 1.1.3 - 'member.php' SQL Injection Oxygen2PHP 1.1.3 - (post.php) Blind SQL Injection Oxygen2PHP 1.1.3 - (forumdisplay.php) Blind SQL Injection Oxygen2PHP 1.1.3 - 'post.php' Blind SQL Injection Oxygen2PHP 1.1.3 - 'forumdisplay.php' Blind SQL Injection MyPhpAuction 2010 - 'id' SQL Injection MyPhpAuction 2010 - 'id' Parameter SQL Injection CuteNews - 'index.php?page' Local File Inclusion CuteNews - 'page' Parameter Local File Inclusion Lasernet CMS 1.5 - SQL Injection (1) LaserNet CMS 1.5 - SQL Injection (1) WebCalendar 1.2.4 - (install/index.php) Remote Code Execution WebCalendar 1.2.4 - Remote Code Execution MyMarket 1.71 - Form_Header.php Cross-Site Scripting MyMarket 1.71 - 'Form_Header.php' Cross-Site Scripting CuteNews 0.88 - shownews.php Remote File Inclusion CuteNews 0.88 - search.php Remote File Inclusion CuteNews 0.88 - comments.php Remote File Inclusion CuteNews 0.88 - 'shownews.php' Remote File Inclusion CuteNews 0.88 - 'search.php' Remote File Inclusion CuteNews 0.88 - 'comments.php' Remote File Inclusion WebCalendar 0.9.x - colors.php color Cross-Site Scripting WebCalendar 0.9.x - week.php user Cross-Site Scripting CuteNews 0.88/1.3 - example1.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - example2.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - show_archives.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting CuteNews 1.3.1 - show_archives.php archive Parameter Cross-Site Scripting CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting ClipShare 4.1.1 - (gmembers.php gid Parameter) Blind SQL Injection ClipShare 4.1.1 - 'gid' Parameter Blind SQL Injection CutePHP CuteNews 1.3.6 - x-forwarded-for Script Injection CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection CuteNews 1.4.1 - show_archives.php template Parameter Traversal Arbitrary File Access CuteNews 1.4.1 - show_news.php template Parameter Traversal Arbitrary File Access CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access CuteNews 1.4.1 - 'template' Parameter Traversal Arbitrary File Access WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting CuteNews 1.4.1 - show_news.php Cross-Site Scripting CuteNews 1.4.1 - 'show_news.php' Cross-Site Scripting O2PHP Oxygen 1.0/1.1 - post.php SQL Injection O2PHP Oxygen 1.0/1.1 - 'post.php' SQL Injection Freenews 1.1 - Aff_News.php Remote File Inclusion Freenews 1.1 - 'Aff_News.php' Remote File Inclusion ActiveNews Manager - activenews_view.asp articleId Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - default.asp page Parameter SQL Injection ActiveNews Manager - activenews_search.asp query Parameter Cross-Site Scripting Active News Manager - activeNews_categories.asp catID Parameter SQL Injection Active News Manager - activeNews_comments.asp articleId Parameter SQL Injection ActiveNews Manager - 'page' Parameter SQL Injection ActiveNews Manager - 'query' Parameter Cross-Site Scripting Active News Manager - 'catID' Parameter SQL Injection Active News Manager - 'articleId' Parameter SQL Injection CuteNews 1.4.5 - show_news.php Query String Cross-Site Scripting CuteNews 1.4.5 - rss.php rss_title Parameter Cross-Site Scripting CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting CuteNews 1.4.5 - 'rss_title' Parameter Cross-Site Scripting CuteNews 1.3.6 - Result Parameter Cross-Site Scripting CuteNews 1.3.6 - 'result' Parameter Cross-Site Scripting ClipShare 1.5.3 - ADODB-Connection.Inc.php Remote File Inclusion ClipShare 1.5.3 - 'ADODB-Connection.Inc.php' Remote File Inclusion WebCalendar 1.1.6 - pref.php Query String Cross-Site Scripting WebCalendar 1.1.6 - search.php adv Parameter Cross-Site Scripting WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting SiteXS CMS 0.0.1 - 'upload.php' Arbitrary File Upload SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload Basic-CMS - 'index.php' SQL Injection Joomla! Component EXP Shop 1.0 'com_expshop' - SQL Injection Joomla! Component EXP Shop 1.0 - SQL Injection Jamroom 3.3.8 - (Cookie Authentication Bypass and Unspecified Security Issues) Multiple Vulnerabilities Jamroom 3.3.8 - Cookie Authentication Bypass CuteNews 1.4.6 - register.php result Parameter Cross-Site Scripting CuteNews 1.4.6 - 'result' Parameter Cross-Site Scripting CuteNews 1.4.6 - search.php from_date_day Parameter Full Path Disclosure CuteNews 1.4.6 - 'from_date_day' Parameter Full Path Disclosure ZeroCMS 1.0 - (zero_view_article.php article_id Parameter) SQL Injection ZeroCMS 1.0 - 'zero_view_article.php' SQL Injection ZeroCMS 1.0 - zero_transact_user.php Handling Privilege Escalation ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation ZeroCMS 1.0 - (zero_transact_article.php article_id POST Parameter) SQL Injection ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (1) WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (2) Netgear R7000 - Command Injection	2016-12-10 05:01:16 +00:00
Offensive Security	0231ae9ba7	DB: 2016-12-09 5 new exploits Dual DHCP DNS Server 7.29 - Denial of Service TP-LINK TD-W8951ND - Denial of Service OpenSSH 7.2 - Denial of Service Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Advanced Webhost Billing System (AWBS) - cart2.php Remote File Inclusion Advanced Webhost Billing System (AWBS) 2.4.0 - 'cart2.php' Remote File Inclusion AWBS 2.7.1 - (news.php viewnews) SQL Injection Anata CMS 1.0b5 - (change.php) Arbitrary Add Admin Advanced Webhost Billing System (AWBS) 2.7.1 - 'news.php' SQL Injection Anata CMS 1.0b5 - 'change.php' Arbitrary Add Admin Simple Machines Forum 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Simple Machines Forum (SMF) 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Simple Machines Forum (SMF) - Multiple Security Vulnerabilities Simple Machines Forum (SMF) 1.1.10/2.0 RC2 - Multiple Security Vulnerabilities Advanced Webhost Billing System 2.2.2 - contact.php Multiple Cross-Site Scripting Vulnerabilities Advanced Webhost Billing System 2.9.2 - 'oid' Parameter SQL Injection Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' Parameter SQL Injection Simple Machines Forum (SMF) 2.0.2 - 'index.php' scheduled Parameter Cross-Site Scripting Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Parameter Cross-Site Scripting Cisco Unified Communications Manager 7/8/9 - Directory Traversal	2016-12-09 05:01:19 +00:00

1 2 3 4 5 ...

1169 commits