Offensive Security
|
86f822c557
|
DB: 2017-06-23
11 new exploits
Microsoft Windows - ASN.1 LSASS.exe Remote Exploit (MS04-007)
Microsoft Windows - ASN.1 'LSASS.exe' Remote Exploit (MS04-007)
Slackware Linux - /usr/bin/ppp-off Insecure /tmp Call Exploit
Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call Exploit
Microsoft Windows XP/2000 - TCP Connection Reset Remote Attack Tool
Microsoft Windows XP/2000 - TCP Connection Reset Remote Exploit
PostgreSQL 8.01 - Remote Reboot Denial of Service
PostgreSQL 8.01 - Remote Reboot (Denial of Service)
Cisco IP Phone 7940 - (Reboot) Denial of Service
Cisco IP Phone 7940 - Reboot (Denial of Service)
Cisco Aironet Wireless Access Points - Memory Exhaustion ARP Attack Denial of Service
Cisco Aironet Wireless Access Points - Memory Exhaustion ARP (Denial of Service)
Dropbear / OpenSSH Server - (MAX_UNAUTH_CLIENTS) Denial of Service
Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service
2WIRE Modems/Routers - CRLF Denial of Service
2WIRE Modems/Routers - 'CRLF' Denial of Service
FTP Explorer 1.0.1 Build 047 - (CPU Consumption) Remote Denial of Service
FTP Explorer 1.0.1 Build 047 - Remote CPU Consumption (Denial of Service)
Cisco Phone 7940/7960 - (SIP INVITE) Remote Denial of Service
Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service
Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service)
Mozilla Firefox 2.0.0.3 / Gran Paradiso 3.0a3 - Hang / Crash (Denial of Service)
Linksys SPA941 - (remote reboot) Remote Denial of Service
Linksys SPA941 - Remote Reboot (Denial of Service)
CA BrightStor Backup 11.5.2.0 - caloggderd.exe Denial of Service
CA BrightStor Backup 11.5.2.0 - Mediasvr.exe Denial of Service
CA BrightStor Backup 11.5.2.0 - 'caloggderd.exe' Denial of Service
CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Denial of Service
Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service
Galaxy FTP Server 1.0 (Neostrada Livebox DSL Router) - Denial of Service
Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service
Mcafee EPO 4.0 - 'FrameworkService.exe' Remote Denial of Service
Xerox Phaser 8400 - (reboot) Remote Denial of Service
Xerox Phaser 8400 - Remote Reboot (Denial of Service)
Microsoft Windows Mobile 6.0 - Device long name Remote Reboot Exploit
Microsoft Windows Mobile 6.0 - Device Long Name Remote Reboot (Denial of Service)
Linksys WAG54G v2 (Wireless ADSL Router) - httpd Denial of Service
Linksys WAG54G v2 Wireless ADSL Router - httpd Denial of Service
Netgear SSL312 Router - Denial of Service
NETGEAR SSL312 Router - Denial of Service
Netgear WGR614v9 Wireless Router - Denial of Service
NETGEAR WGR614v9 Wireless Router - Denial of Service
Gigaset SE461 WiMAX router - Remote Denial of Service
Gigaset SE461 WiMAX Router - Remote Denial of Service
Netgear DG632 Router - Remote Denial of Service
NETGEAR DG632 Router - Remote Denial of Service
Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC)
Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC)
Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot Exploit
Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot (Denial of Service)
Siemens Gigaset SE361 WLAN - Remote Reboot Exploit
Siemens Gigaset SE361 WLAN - Remote Reboot (Denial of Service)
Apple Mac OSX 10.6 - HFS File System Attack (Denial of Service)
Apple Mac OSX 10.6 - HFS FileSystem Exploit (Denial of Service)
HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution
Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe Denial of Service (PoC)
Cyclope Internet Filtering Proxy 4.0 - 'CEPMServer.exe' Denial of Service (PoC)
AirTies-4450 - Unauthorized Remote Reboot
AirTies-4450 - Unauthorized Remote Reboot (Denial of Service)
Digital Ultrix 4.0/4.1 - /usr/bin/chroot Exploit
SunOS 4.1.1 - /usr/release/bin/makeinstall Exploit
SunOS 4.1.1 - /usr/release/bin/winstall Exploit
Digital Ultrix 4.0/4.1 - '/usr/bin/chroot' Exploit
SunOS 4.1.1 - '/usr/release/bin/makeinstall' Exploit
SunOS 4.1.1 - '/usr/release/bin/winstall' Exploit
Linux Kernel 2.2 - 'ldd core' Force Reboot
Linux Kernel 2.2 - 'ldd core' Force Reboot (Denial of Service)
Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - visiadmin.exe Denial of Service
Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - 'visiadmin.exe' Denial of Service
OReilly WebSite 1.x/2.0 - win-c-sample.exe Buffer Overflow
OReilly WebSite 1.x/2.0 - 'win-c-sample.exe' Buffer Overflow
Microsoft Internet Explorer 5.0.1/5.5 - 'mstask.exe' CPU Consumption
Microsoft Internet Explorer 5.0.1/5.5 - 'mstask.exe' CPU Consumption (Denial of Service)
ID Software Quake 3 - 'smurf attack' Denial of Service
ID Software Quake 3 - 'SMURF' Denial of Service
Melange Chat System 2.0.2 Beta 2 - /yell Remote Buffer Overflow
Melange Chat System 2.0.2 Beta 2 - '/yell' Remote Buffer Overflow
Microsoft Windows NT/2000 - cmd.exe CD Buffer Overflow
Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow
Gordano Messaging Suite 9.0 - WWW.exe Denial of Service
Gordano Messaging Suite 9.0 - 'WWW.exe' Denial of Service
TYPSoft FTP Server 1.1 - Remote CPU Consumption Denial of Service
TYPSoft FTP Server 1.1 - Remote CPU Consumption (Denial of Service)
Microsoft Windows XP - explorer.exe Remote Denial of Service
Microsoft Windows XP - 'explorer.exe' Remote Denial of Service
VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions
VMware Workstation - 'vprintproxy.exe' JPEG2000 Images Multiple Memory Corruptions
Gattaca Server 2003 - web.tmpl Language Variable CPU Consumption Denial of Service
Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service)
VMware Workstation - vprintproxy.exe TrueType NAME Tables Heap Buffer Overflow
VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow
Microsoft Windows XP - explorer.exe .tiff Image Denial of Service
Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service
Microsoft Windows XP - TSShutdn.exe Remote Denial of Service
Microsoft Windows XP - 'TSShutdn.exe' Remote Denial of Service
Orenosv HTTP/FTP Server 0.8.1 - CGISSI.exe Remote Buffer Overflow
Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow
PHPMailer 1.7 - Data() Function Remote Denial of Service
PHPMailer 1.7 - 'Data()' Function Remote Denial of Service
Sights 'N Sounds Streaming Media Server 2.0.3 - SWS.exe Buffer Overflow
Sights 'N Sounds Streaming Media Server 2.0.3 - 'SWS.exe' Buffer Overflow
DSocks 1.3 - Name Variable Buffer Overflow
DSocks 1.3 - 'Name' Parameter Buffer Overflow
Microsoft Class Package Export Tool 5.0.2752 - Clspack.exe Local Buffer Overflow
Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow
Android Zygote - Socket and Fork bomb Attack
Android Zygote - Socket and Fork Bomb (Denial of Service)
Nvidia NView 3.5 - Keystone.exe Local Denial of Service
Nvidia NView 3.5 - 'Keystone.exe' Local Denial of Service
Ipswitch WS_FTP 2007 Professional - WSFTPURL.exe Local Memory Corruption
Ipswitch WS_FTP 2007 Professional - 'WSFTPURL.exe' Local Memory Corruption
Larson Network Print Server 9.4.2 build 105 - (LstNPS) NPSpcSVR.exe License Command Remote Overflow
Larson Network Print Server 9.4.2 build 105 (LstNPS) - 'NPSpcSVR.exe' License Command Remote Overflow
Linksys WRH54G 1.1.3 - (Wireless-G Router) Malformed HTTP Request Denial of Service
Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service
Ability FTP Server 2.1.4 - afsmain.exe USER Command Remote Denial of Service
Ability FTP Server 2.1.4 - 'afsmain.exe' USER Command Remote Denial of Service
Adobe Flash - Setting Variable Use-After-Free
Adobe Flash - 'Setting' Variable Use-After-Free
Git 1.9.5 - ssh-agent.exe Buffer Overflow
Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow
Apple Mac OSX 10.11 - FTS Deep Structure of the File System Buffer Overflow
Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow
Adobe Flash TextField Variable - Use-After Free
Adobe Flash TextField.Variable Setter - Use-After-Free
Adobe Flash - 'TextField' Variable Use-After Free
Adobe Flash - TextField.Variable Setter Use-After-Free
Seowon Intech WiMAX SWC-9100 Router - /cgi-bin/reboot.cgi Unauthenticated Remote Reboot Denial of Service
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service)
Microsoft WinDbg - logviewer.exe Crash (PoC)
Microsoft WinDbg - 'logviewer.exe' Crash (PoC)
Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!NtGdiGetTextMetricsW' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!NtGdiGetRealizationInfo' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!ClientPrinterThunk' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationJobObject (BasicLimitInformation_ ExtendedLimitInformation)' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessVmCounters)' Kernel Stack Memory Disclosure
Microsoft Windows - 'win32k!NtGdiMakeFontDir' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 12)' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 28)' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationTransaction (information class 1)' Kernel Stack Memory Disclosure
UUCP Exploit - File Creation/Overwriting (symlinks) Exploit
UUCP Exploit - File Creation/Overwriting (Symlinks) Exploit
HP-UX 11.0 - /bin/cu Privilege Escalation
HP-UX 11.0 - '/bin/cu' Privilege Escalation
Solaris 2.6 / 2.7 - /usr/bin/write Local Overflow
Solaris 2.6 / 2.7 - '/usr/bin/write' Local Overflow
IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/bin/lpstat Local Exploit
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Exploit
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Exploit
Tru64 UNIX 4.0g - /usr/bin/at Privilege Escalation
Slackware 7.1 - /usr/bin/mail Local Exploit
Tru64 UNIX 4.0g - '/usr/bin/at' Privilege Escalation
Slackware 7.1 - '/usr/bin/mail' Local Exploit
Solaris 2.4 - /bin/fdformat Local Buffer Overflows
Solaris 2.5.1 lp and lpsched - Symlink Vulnerabilities
Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow
Solaris 2.5.1 lp / lpsched - Symlink Vulnerabilities
AIX 4.2 - /usr/dt/bin/dtterm Local Buffer Overflow
AIX 4.2 - '/usr/dt/bin/dtterm' Local Buffer Overflow
SGI IRIX - /bin/login Local Buffer Overflow
IRIX 5.3 - /usr/sbin/iwsh Buffer Overflow Privilege Escalation
SGI IRIX - '/bin/login Local' Buffer Overflow
IRIX 5.3 - '/usr/sbin/iwsh' Buffer Overflow Privilege Escalation
Apple Mac OSX 10.3.7 - mRouter Privilege Escalation
Apple Mac OSX 10.3.7 - 'mRouter' Privilege Escalation
Sudo 1.6.8p9 - (SHELLOPTS/PS4 ENV variables) Privilege Escalation
Sudo 1.6.8p9 - SHELLOPTS/PS4 Environment Variables Privilege Escalation
Appfluent Database IDS < 2.1.0.103 - (Env Variable) Local Exploit
Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Exploit
HP-UX 11i - (LIBC TZ enviroment Variable) Privilege Escalation
HP-UX 11i - 'LIBC TZ' Enviroment Variable Privilege Escalation
Xcode OpenBase 10.0.0 (OSX) - (symlink) Privilege Escalation
Xcode OpenBase 10.0.0 (OSX) - Symlink Privilege Escalation
Adobe Photoshop CS2 - / CS3 Unspecified '.bmp' File Buffer Overflow
Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow
Debian - (symlink attack in login) Arbitrary File Ownership (PoC)
Debian - (Symlink In Login) Arbitrary File Ownership (PoC)
Cain & Abel 4.9.25 - (Cisco IOS-MD5) Local Buffer Overflow
Cain & Abel 4.9.25 - 'Cisco IOS-MD5' Local Buffer Overflow
xscreensaver 5.01 - Arbitrary File Disclosure Symlink Attack
xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit
PHP 5.2.12/5.3.1 - symlink() open_basedir Bypass
PHP 5.2.12/5.3.1 - 'symlink()' open_basedir Bypass
HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH)
HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovwebsnmpsrv.exe' Buffer Overflow (SEH)
Microsoft Windows 7 - 'wab32res.dll' wab.exe DLL
Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking
Oracle 10/11g - exp.exe Parameter file Local Buffer Overflow (PoC)
Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC)
ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT symlink
ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT Symlink Exploit
Hancom Office 2007 - Reboot.ini Clear-Text Passwords
Hancom Office 2007 - 'Reboot.ini' Clear-Text Passwords
G. Wilford man 2.3.10 - Symlink
G. Wilford man 2.3.10 - Symlink Exploit
X11R6 3.3.3 - Symlink
X11R6 3.3.3 - Symlink Exploit
SGI IRIX 6.2 - /usr/lib/netaddpr Exploit
SGI IRIX 6.2 - '/usr/lib/netaddpr' Exploit
SCO Open Server 5.0.5 - 'userOsa' symlink
SCO Open Server 5.0.5 - 'userOsa' Symlink Exploit
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Spoolss.exe DLL Insertion
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Spoolss.exe' DLL Insertion
FreeBSD 3.3 gdc - Symlink
FreeBSD 3.3 gdc - Symlink Exploit
SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink
SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink Exploit
FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - /proc File Sytem
FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - '/proc' FileSystem Exploit
Debian 2.1 - apcd Symlink
Debian 2.1 - apcd Symlink Exploit
SCO Unixware 7.1/7.1.1 - ARCserver /tmp symlink
SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Exploit
Sun Workshop 5.0 - Licensing Manager Symlink
Sun Workshop 5.0 - Licensing Manager Symlink Exploit
Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - /tmp Symlink
Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink Exploit
OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink
OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink Exploit
KDE 1.1 - /1.1.1/1.1.2/1.2 kdesud DISPLAY Environment Variable Overflow
KDE 1.1/1.1.1/1.1.2/1.2 - kdesud DISPLAY Environment Variable Overflow
HP-UX 10.20/11.0 man - /tmp Symlink Exploit
HP-UX 10.20/11.0 - man '/tmp' Symlink Exploit
HP-UX 10.20/11.0 crontab - /tmp File
HP-UX 10.20/11.0 - crontab '/tmp' File Exploit
Solaris 10 Patch 137097-01 - Symlink Attack Privilege Escalation
Solaris 10 Patch 137097-01 - Symlink Privilege Escalation
Tower Toppler 0.99.1 - Display Variable Local Buffer Overflow
Tower Toppler 0.99.1 - 'Display' Parameter Local Buffer Overflow
Microsoft Windows Server 2000 - RegEdit.exe Registry Key Value Buffer Overflow
Microsoft Windows Server 2000 - 'RegEdit.exe' Registry Key Value Buffer Overflow
RedHat 9.0 / Slackware 8.1 - /bin/mail Carbon Copy Field Buffer Overrun
RedHat 9.0 / Slackware 8.1 - '/bin/mail' Carbon Copy Field Buffer Overrun
Linux Kernel 2.2.x / 2.4.x - /proc Filesystem Potential Information Disclosure
Linux Kernel 2.2.x / 2.4.x - '/proc' Filesystem Potential Information Disclosure
Microsoft Windows XP/2000 - RunDLL32.exe Buffer Overflow
Microsoft Windows XP/2000 - 'RunDLL32.exe' Buffer Overflow
Tower Toppler 0.96 - HOME Environment Variable Local Buffer Overflow
Tower Toppler 0.96 - 'HOME Environment' Parameter Local Buffer Overflow
Top 1.x/2.0 - Home Environment Variable Local Buffer Overflow
Top 1.x/2.0 - 'Home Environment' Parameter Local Buffer Overflow
XBlast 2.6.1 - HOME Environment Variable Buffer Overflow
XBlast 2.6.1 - 'HOME Environment' Variable Buffer Overflow
XPCD 2.0.8 - Home Environment Variable Local Buffer Overflow
XPCD 2.0.8 - 'Home Environment' Variable Local Buffer Overflow
XSOK 1.0 2 - LANG Environment Variable Local Buffer Overrun
XSOK 1.0 2 - 'LANG Environment' Variable Local Buffer Overrun
Linux Kernel 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure
Linux Kernel 2.6.32-5 (Debian 6.0.5) - '/dev/ptmx' Key Stroke Timing Local Disclosure
ELinks Relative 0.10.6 - /011.1 Path Arbitrary Code Execution
ELinks Relative 0.10.6 / 011.1 - Path Arbitrary Code Execution
Oracle - HtmlConverter.exe Buffer Overflow
Oracle - 'HtmlConverter.exe' Buffer Overflow
Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation
Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
Linux pam_lib_smb < 1.1.6 - /bin/login Remote Exploit
Linux pam_lib_smb < 1.1.6 - '/bin/login' Remote Exploit
Microsoft Windows - DHCP Client Broadcast Attack Exploit (MS06-036)
Microsoft Windows - DHCP Client Broadcast Exploit (MS06-036)
Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - (FTP) Remote Exploit
Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - 'FTP' Remote Exploit
Oracle 9i / 10g - 'utl_file' File System Access Exploit
Oracle 9i / 10g - 'utl_file' FileSystem Access Exploit
HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'ovalarmsrv.exe' Remote Overflow
Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)
Cisco IOS 12.3(18) - FTP Server Remote Exploit (Attached to GDB)
Sagem F@ST (Routers) - (dhcp hostname attack) Cross-Site Request Forgery
Sagem F@ST Routers - DHCP Hostname Cross-Site Request Forgery
Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Attack (PoC)
Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC)
Microsoft Windows - SmbRelay3 NTLM Replay Attack Tool/Exploit (MS08-068)
Microsoft Windows - SmbRelay3 NTLM Replay Exploit (MS08-068)
Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting Attack
Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting
Apple Safari 3.2.x - (XXE attack) Local File Theft
Apple Safari 3.2.x - (XXE) Local File Theft
Netgear DG632 Router - Authentication Bypass
NETGEAR DG632 Router - Authentication Bypass
BRS Webweaver 1.33 - /Scripts Access Restriction Bypass
BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass
Ada Image Server 0.6.7 - imgsrv.exe Buffer Overflow
Ada Image Server 0.6.7 - 'imgsrv.exe' Buffer Overflow
HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow
HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Unauthenticated Remote Buffer Overflow
HMS HICP Protocol + Intellicom - NetBiterConfig.exe Remote Buffer Overflow
Cisco ASA 8.x - VPN SSL module Clientless URL-list control Bypass
HMS HICP Protocol + Intellicom - 'NetBiterConfig.exe' Remote Buffer Overflow
Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass
HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow
HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Topic Overflow
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid MaxAge Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid ICount Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid Hostname Remote Code Execution
minerCPP 0.4b - Remote Buffer Overflow / Format String Attack Exploit
minerCPP 0.4b - Remote Buffer Overflow / Format String
Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution
COMTREND ADSL Router CT-5367 C01_R12 - Remote Code Execution
HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (1)
HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (1)
HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (2)
HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (2)
Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (MS10-023) (Metasploit)
Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023) (Metasploit)
IBM Lotus Domino Sametime - STMux.exe Stack Buffer Overflow (Metasploit)
IBM Lotus Domino Sametime - 'STMux.exe' Stack Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Unauthenticated Stack Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - Snmp.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'Snmp.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - OvWebHelp.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - Toolbar.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovalarm.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - OpenView5.exe CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'OpenView5.exe' CGI Buffer Overflow (Metasploit)
IBM TPM for OS Deployment 5.1.0.x - rembo.exe Buffer Overflow (Metasploit)
IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - EarthAgent.exe Buffer Overflow (Metasploit)
Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - snmpviewer.exe Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - ovwebsnmpsrv.exe ovutil Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' (MaxAge) CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit)
7-Technologies IGSS 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow (Metasploit)
7-Technologies IGSS 9.00.00 b11063 - 'IGSSdataServer.exe' Stack Overflow (Metasploit)
Citrix Provisioning Services 5.6 - streamprocess.exe Buffer Overflow (Metasploit)
Citrix Provisioning Services 5.6 - 'streamprocess.exe' Buffer Overflow (Metasploit)
FactoryLink - vrn.exe Opcode 9 Buffer Overflow (Metasploit)
FactoryLink - 'vrn.exe' Opcode 9 Buffer Overflow (Metasploit)
HP - OmniInet.exe Opcode 27 Buffer Overflow (Metasploit)
HP - 'OmniInet.exe' Opcode 27 Buffer Overflow (Metasploit)
Symantec Backup Exec 12.5 - MiTM Attack
Symantec Backup Exec 12.5 - Man In The Middle Exploit
HP OpenView Network Node Manager - Toolbar.exe CGI Cookie Handling Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Cookie Handling Buffer Overflow (Metasploit)
Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Exploit
Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Exploit
Procyon Core Server HMI 1.13 - Coreservice.exe Stack Buffer Overflow (Metasploit)
Procyon Core Server HMI 1.13 - 'Coreservice.exe' Stack Buffer Overflow (Metasploit)
HP Diagnostics Server - magentservice.exe Overflow (Metasploit)
HP Diagnostics Server - 'magentservice.exe' Overflow (Metasploit)
Sunway ForceControl - SNMP NetDBServer.exe Opcode 0x57 (Metasploit)
Sunway ForceControl - SNMP 'NetDBServer.exe' Opcode 0x57 (Metasploit)
Trend Micro Control Manger 5.5 - CmdProcessor.exe Stack Buffer Overflow (Metasploit)
Trend Micro Control Manger 5.5 - 'CmdProcessor.exe' Stack Buffer Overflow (Metasploit)
Antelope Software W4-Server 2.6 a/Win32 - Cgitest.exe Buffer Overflow
Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Buffer Overflow
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 - 'GWWEB.EXE' Multiple Vulnerabilities
FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - htimage.exe File Existence Disclosure
FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - 'htimage.exe' File Existence Disclosure
NAI Net Tools PKI Server 1.0 - strong.exe Buffer Overflow
NAI Net Tools PKI Server 1.0 - 'strong.exe' Buffer Overflow
Mandrake 6.1/7.0/7.1 - /perl http Directory Disclosure
Mandrake 6.1/7.0/7.1 - '/perl' HTTP Directory Disclosure
Microsoft IIS 3.0 - newdsn.exe File Creation
Microsoft IIS 3.0 - 'newdsn.exe' File Creation
Greg Matthews - Classifieds.cgi 1.0 Hidden Variable
Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable
WebCom datakommunikation Guestbook 0.1 - wguest.exe Arbitrary File Access
WebCom datakommunikation Guestbook 0.1 - rguest.exe Arbitrary File Access
WebCom datakommunikation Guestbook 0.1 - 'wguest.exe' Arbitrary File Access
WebCom datakommunikation Guestbook 0.1 - 'rguest.exe' Arbitrary File Access
MetaProducts Offline Explorer 1.x - File System Disclosure
MetaProducts Offline Explorer 1.x - FileSystem Disclosure
Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Attack Detection Evasion
Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Detection Evasion
Webmin 1.580 - /file/show.cgi Remote Command Execution (Metasploit)
Webmin 1.580 - '/file/show.cgi' Remote Command Execution (Metasploit)
HP Operations Agent Opcode - coda.exe 0x8c Buffer Overflow (Metasploit)
HP Operations Agent - Opcode coda.exe 0x34 Buffer Overflow (Metasploit)
HP Operations Agent - Opcode 'coda.exe' 0x8c Buffer Overflow (Metasploit)
HP Operations Agent - Opcode 'coda.exe' 0x34 Buffer Overflow (Metasploit)
Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure
NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure
Netgear FM114P ProSafe Wireless Router - Rule Bypass
NETGEAR FM114P ProSafe Wireless Router - Rule Bypass
M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - nph-psa.exe css Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting
Microsoft Internet Explorer 6 -' %USERPROFILE%' File Execution
Microsoft Internet Explorer 6 - '%USERPROFILE%' File Execution
EZMeeting 3.x - EZNet.exe Long HTTP Request Remote Buffer Overflow
EZMeeting 3.x - 'EZNet.exe' Long HTTP Request Remote Buffer Overflow
Enterasys NetSight - nssyslogd.exe Buffer Overflow (Metasploit)
IBM Cognos - tm1admsd.exe Overflow (Metasploit)
Enterasys NetSight - 'nssyslogd.exe' Buffer Overflow (Metasploit)
IBM Cognos - 'tm1admsd.exe' Overflow (Metasploit)
Webcam Corp Webcam Watchdog 4.0.1 - sresult.exe Cross-Site Scripting
Webcam Corp Webcam Watchdog 4.0.1 - 'sresult.exe' Cross-Site Scripting
Microsoft Windows XP/2000/2003 -'winhlp32' Phrase Integer Overflow
Microsoft Windows XP/2000/2003 - 'winhlp32' Phrase Integer Overflow
Oracle 8.x/9.x/10.x - Database Multiple SQL Injection
Oracle 8.x/9.x/10.x Database - Multiple SQL Injections
SAP Business Connector 4.6/4.7 - chopSAPLog.dsp fullName Variable Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - deleteSingle fullName Variable Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - adapter-index.dsp url Variable Arbitrary Site Redirect
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect
Microsoft PowerPoint 2003 - powerpnt.exe Unspecified Issue
Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue
Cruiseworks 1.09 - Cws.exe Doc Directory Traversal
Cruiseworks 1.09 - Cws.exe Doc Buffer Overflow
Cruiseworks 1.09 - 'Cws.exe' Doc Directory Traversal
Cruiseworks 1.09 - 'Cws.exe' Doc Buffer Overflow
aBitWhizzy - whizzypic.php d Variable Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing
LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow
LANDesk Management Suite 8.7 Alert Service - 'AOLSRVR.exe' Buffer Overflow
Trend Micro ServerProtect 5.58 - SpntSvc.exe Remote Stack Based Buffer Overflow
Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow
ABB MicroSCADA - wserver.exe Remote Code Execution (Metasploit)
ABB MicroSCADA - 'wserver.exe' Remote Code Execution (Metasploit)
SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities
SAP DB 7.x Web Server - 'WAHTTP.exe' Multiple Buffer Overflow Vulnerabilities
Cisco User-Changeable Password (UCP) 3.3.4.12.5 - CSUserCGI.exe Help Facility Cross-Site Scripting
Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSUserCGI.exe' Help Facility Cross-Site Scripting
HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access
HP OpenView Network Node Manager (OV NNM) 7.x - 'OpenView5.exe' Action Parameter Traversal Arbitrary File Access
F5 FirePass 6.0.2.3 - /vdesk/admincon/webyfiers.php css_exceptions Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - /vdesk/admincon/index.php sql_matchscope Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting
GE Proficy CIMPLICITY - gefebt.exe Remote Code Execution (Metasploit)
GE Proficy CIMPLICITY - 'gefebt.exe' Remote Code Execution (Metasploit)
SolidWorks Workgroup PDM 2014 - pdmwService.exe Arbitrary File Write (Metasploit)
SolidWorks Workgroup PDM 2014 - 'pdmwService.exe' Arbitrary File Write (Metasploit)
Yokogawa CENTUM CS 3000 - BKHOdeq.exe Buffer Overflow (Metasploit)
Yokogawa CENTUM CS 3000 - BKBCopyD.exe Buffer Overflow (Metasploit)
Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Buffer Overflow (Metasploit)
Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Buffer Overflow (Metasploit)
Apache Geronimo 2.1.x - /console/portal/Server/Monitoring Multiple Parameter Cross-Site Scripting
Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Parameter Cross-Site Scripting
Comtrend CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting
COMTREND CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - /diagnose Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - /configuration Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - /scripter.php Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - '/diagnose' Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Parameter Cross-Site Scripting
Juniper Junos 8.5/9.0 J-Web Interface - '/scripter.php' Multiple Parameter Cross-Site Scripting
Yokogawa CS3000 - BKESimmgr.exe Buffer Overflow (Metasploit)
Yokogawa CS3000 - 'BKESimmgr.exe' Buffer Overflow (Metasploit)
Yokogawa CS3000 - BKFSim_vhfd.exe Buffer Overflow (Metasploit)
Yokogawa CS3000 - 'BKFSim_vhfd.exe' Buffer Overflow (Metasploit)
U.S.Robotics USR5463 0.06 - Firmware setup_ddns.exe HTML Injection
U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection
WhatsApp 2.11.476 - Remote Reboot/Crash App Android
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu.maf jdeowpBackButtonProtect Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu_Menu.mafService e1.namespace Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/E1Menu_OCL.mafService e1.namespace Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/MafletClose.mafService RENDER_MAFLET Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - /jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget Parameter Cross-Site Scripting
WhatsApp 2.11.476 (Android) - Remote Reboot/Crash App (Denial of Service)
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting
Linksys WRT54GL (Wireless Router) - Cross-Site Request Forgery
Linksys WRT54GL Wireless Router - Cross-Site Request Forgery
Cisco Linksys E4200 - /apply.cgi Multiple Parameter Cross-Site Scripting
Cisco Linksys E4200 - '/apply.cgi' Multiple Parameter Cross-Site Scripting
Seowon Intech WiMAX SWC-9100 Router - /cgi-bin/diagnostic.cgi ping_ipaddr Parameter Remote Code Execution
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution
Netgear D6300B - /diag.cgi IPAddr4 Parameter Remote Command Execution
Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
Comtrend CT-5361T Router - Password.cgi Cross-Site Request Forgery (Admin Password Manipulation)
COMTREND CT-5361T Router - 'Password.cgi' Cross-Site Request Forgery (Admin Password Manipulation)
Alfresco - /proxy endpoint Parameter Server-Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server-Side Request Forgery
Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery
Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery
PhpTagCool 1.0.3 - SQL Injection Attacks Exploit
PhpTagCool 1.0.3 - SQL Injection
phpBB 2.0.18 - Remote Brute Force/Dictionary Attack Tool (2)
phpBB 2.0.18 - Remote Brute Force/Dictionary (2)
Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Attack Vectors
Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting
Yrch 1.0 - 'plug.inc.php path Variable' Remote File Inclusion
Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion
Vizayn Haber - 'haberdetay.asp id Variable' SQL Injection
Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection
iG Calendar 1.0 - 'user.php id Variable' SQL Injection
iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection
MGB 0.5.4.5 - 'email.php id Variable' SQL Injection
MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection
Alstrasoft e-Friends 4.98 - (seid) Multiple SQL Injection
Alstrasoft e-Friends 4.98 - 'seid' Multiple SQL Injections
MyPHP Forum 3.0 - (Final) Multiple SQL Injection
MyPHP Forum 3.0 (Final) - Multiple SQL Injections
File Store PRO 3.2 - Multiple Blind SQL Injection
File Store PRO 3.2 - Multiple Blind SQL Injections
AssetMan 2.5-b - SQL Injection using Session Fixation Attack
AssetMan 2.5-b - SQL Injection using Session Fixation
Kasra CMS - 'index.php' Multiple SQL Injection
Kasra CMS - 'index.php' Multiple SQL Injections
NEWSolved 1.1.6 - 'login grabber' Multiple SQL Injection
NEWSolved 1.1.6 - 'login grabber' Multiple SQL Injections
T-HTB Manager 0.5 - Multiple Blind SQL Injection
T-HTB Manager 0.5 - Multiple Blind SQL Injections
Joomla! Component com_oziogallery2 - / IMAGIN Arbitrary file write
Joomla! Component com_oziogallery2 / IMAGIN - Arbitrary File Write
Open Bulletin Board - Multiple Blind SQL Injection
Open Bulletin Board - Multiple Blind SQL Injections
AJ Matrix 3.1 - 'id' Multiple SQL Injection
AJ Matrix 3.1 - 'id' Multiple SQL Injections
Zylone IT - Multiple Blind SQL Injection
Zylone IT - Multiple Blind SQL Injections
WhiteBoard 0.1.30 - Multiple Blind SQL Injection
WhiteBoard 0.1.30 - Multiple Blind SQL Injections
AV Arcade 3 - Cookie SQL Injection Authentication Bypass
AV Arcade 3 - Cookie SQL Injection / Authentication Bypass
Joomla! Component Teams - Multiple Blind SQL Injection
Joomla! Component Teams - Multiple Blind SQL Injections
AneCMS - /registre/next SQL Injection
AneCMS - '/registre/next' SQL Injection
Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection
Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injections
Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injection
Joomla! Component Clantools 1.2.3 - Multiple Blind SQL Injections
ColdOfficeView 2.04 - Multiple Blind SQL Injection
ColdOfficeView 2.04 - Multiple Blind SQL Injections
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injections
Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injection
Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injections
Projekt Shop - 'details.php' Multiple SQL Injection
Projekt Shop - 'details.php' Multiple SQL Injections
PixelPost 1.7.3 - Multiple POST Variables SQL Injection
PixelPost 1.7.3 - Multiple POST Parameter SQL Injections
Webcat - Multiple Blind SQL Injection
Webcat - Multiple Blind SQL Injections
LiteRadius 3.2 - Multiple Blind SQL Injection
LiteRadius 3.2 - Multiple Blind SQL Injections
PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injection
PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injections
Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit
COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Exploit
Sagem F@ST 2604 (ADSL Router) - Cross-Site Request Forgery
Sagem F@ST 2604 ADSL Router - Cross-Site Request Forgery
Rivettracker 1.03 - Multiple SQL Injection
Rivettracker 1.03 - Multiple SQL Injections
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injection
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections
PHP Ticket System Beta 1 - 'index.php p Parameter' SQL Injection
PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection
X-Cart Gold 4.5 - 'products_map.php symb Parameter' Cross-Site Scripting
X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting
Symantec Web Gateway 5.0.2 - 'blocked.php id Parameter' Blind SQL Injection
Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid Parameter' Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection
Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injection
Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injections
YourArcadeScript 2.4 - 'index.php id Parameter' SQL Injection
YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection
AV Arcade Free Edition - 'add_rating.php id Parameter' Blind SQL Injection
AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injection
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections
Blog Mod 0.1.9 - 'index.php month Parameter' SQL Injection
Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection
Authoria HR Suite - AthCGI.exe Cross-Site Scripting
Authoria HR Suite - 'AthCGI.exe' Cross-Site Scripting
MyBB Profile Albums Plugin 0.9 - 'albums.php album Parameter' SQL Injection
MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection
M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - nph-psa.exe css Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion
friendsinwar FAQ Manager - SQL Injection (Authentication Bypass)
friendsinwar FAQ Manager - SQL Injection / Authentication Bypass
friendsinwar FAQ Manager - 'view_faq.php question Parameter' SQL Injection
friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection
SmartCMS - 'index.php idx Parameter' SQL Injection
SmartCMS - 'index.php' 'idx' Parameter SQL Injection
SmartCMS - 'index.php menuitem Parameter' SQL Injection / Cross-Site Scripting
SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting
Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection
Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injections
MyBB AwayList Plugin - 'index.php id Parameter' SQL Injection
MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection
PHP-Nuke Error Manager Module 2.1 - error.php language Variable Full Path Disclosure
PHP-Nuke Error Manager Module 2.1 - error.php Multiple Variables Cross-Site Scripting
PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure
PHP-Nuke Error Manager Module 2.1 - 'error.php' Multiple Parameters Cross-Site Scripting
phpHeaven phpMyChat 0.14.5 - edituser.php3 do_not_login Variable Authentication Bypass
phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass
NConf 1.3 - 'detail.php detail_admin_items.php id Parameter' SQL Injection
NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection
Gattaca Server 2003 - Language Variable Path Exposure
Gattaca Server 2003 - 'Language' Parameter Path Exposure
AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injection
AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injections
Scripts Genie Gallery Personals - 'gallery.php L Parameter' SQL Injection
Scripts Genie Gallery Personals - 'gallery.php' L' Parameter SQL Injection
AdaptCMS 2.0.4 - 'config.php question Parameter' SQL Injection
AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection
Scripts Genie Domain Trader - 'catalog.php id Parameter' SQL Injection
Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection
Scripts Genie Games Site Script - 'index.php id Parameter' SQL Injection
Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection
Scripts Genie Top Sites - 'out.php id Parameter' SQL Injection
Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid Parameter' SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id Parameter' SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection
MTP Image Gallery 1.0 - 'edit_photos.php title Parameter' Cross-Site Scripting
MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting
D-Link DSL-2740B (ADSL Router) - Authentication Bypass
D-Link DSL-2740B ADSL Router - Authentication Bypass
TIPS MailPost 5.1.1 - APPEND Variable Cross-Site Scripting
TIPS MailPost 5.1.1 - 'APPEND' Parameter Cross-Site Scripting
DUclassified 4.x - adDetail.asp Multiple Parameter SQL Injection
DUclassified 4.x - 'adDetail.asp' Multiple Parameter SQL Injections
Rebus:list - 'list.php list_id Parameter' SQL Injection
Rebus:list - 'list.php' 'list_id' Parameter SQL Injection
SynConnect Pms - 'index.php loginid Parameter' SQL Injection
SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection
AWS Xms 2.5 - 'importer.php what Parameter' Directory Traversal
Pollen CMS 0.6 - 'index.php p Parameter' Local File Disclosure
AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal
Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash Parameter' SQL Injection
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection
Kayako eSupport 2.x - Ticket System Multiple SQL Injection
Kayako eSupport 2.x - Ticket System Multiple SQL Injections
BibORB 1.3.2 Login Module - Multiple Parameter SQL Injection
BibORB 1.3.2 Login Module - Multiple Parameter SQL Injections
Active Auction House - default.asp Multiple SQL Injection
Active Auction House - 'default.asp' Multiple SQL Injections
CubeCart 2.0.x - 'index.php' Multiple Variable Full Path Disclosure
CubeCart 2.0.x - tellafriend.php product Variable Full Path Disclosure
CubeCart 2.0.x - view_cart.php add Variable Full Path Disclosure
CubeCart 2.0.x - view_product.php product Variable Full Path Disclosure
CubeCart 2.0.x - 'index.php' Multiple Parameter Full Path Disclosure
CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure
OneWorldStore - 'OWListProduct.asp' Multiple SQL Injection
OneWorldStore - 'OWListProduct.asp' Multiple SQL Injections
WHMCS 4.x - 'invoicefunctions.php id Parameter' SQL Injection
WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection
DUportal Pro 3.4 - default.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - 'default.asp' Multiple Parameter SQL Injections
DUportal Pro 3.4 - inc_vote.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - result.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - cat.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - detail.asp Multiple Parameter SQL Injection
DUportal Pro 3.4 - 'inc_vote.asp' Multiple Parameter SQL Injections
DUportal Pro 3.4 - 'result.asp' Multiple Parameter SQL Injections
DUportal Pro 3.4 - 'cat.asp' Multiple Parameter SQL Injections
DUportal Pro 3.4 - 'detail.asp' Multiple Parameter SQL Injections
DUportal 3.1.2 - inc_rating.asp Multiple Parameter SQL Injection
DUportal 3.1.2 - 'inc_rating.asp' Multiple Parameter SQL Injections
StorePortal 2.63 - default.asp Multiple SQL Injection
StorePortal 2.63 - 'default.asp' Multiple SQL Injections
MetaCart2 - SearchAction.asp Multiple SQL Injection
MetaCart2 - 'SearchAction.asp' Multiple SQL Injections
Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection
Claroline E-Learning 1.5/1.6 - 'userInfo.php' Multiple Parameter SQL Injections
JGS-Portal 3.0.1 - ID Variable SQL Injection
JGS-Portal 3.0.1 - 'ID' Parameter SQL Injection
AVE.CMS 2.09 - 'index.php module Parameter' Blind SQL Injection
AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection
RadioCMS 2.2 - 'menager.php playlist_id Parameter' SQL Injection
RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection
NPDS 4.8 - /5.0 modules.php Lettre Parameter Cross-Site Scripting
NPDS 4.8 /5.0 - 'modules.php' Lettre Parameter Cross-Site Scripting
Ampache 3.4.3 - 'login.php' Multiple SQL Injection
Ampache 3.4.3 - 'login.php' Multiple SQL Injections
FlatNuke 2.5.x - 'index.php' where Variable Full Path Disclosure
FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure
CarLine Forum Russian Board 4.2 - reply_in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - 'reply_in.php' Multiple Parameter SQL Injections
CarLine Forum Russian Board 4.2 - memory.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - line.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - enter.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - 'memory.php' Multiple Parameter SQL Injections
CarLine Forum Russian Board 4.2 - 'line.php' Multiple Parameter SQL Injections
CarLine Forum Russian Board 4.2 - 'in.php' Multiple Parameter SQL Injections
CarLine Forum Russian Board 4.2 - 'enter.php' Multiple Parameter SQL Injections
osTicket 1.2/1.3 - view.php inc Variable Arbitrary Local File Inclusion
osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion
Ruubikcms 1.1.1 - 'tinybrowser.php folder Parameter' Directory Traversal
Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal
Simple PHP Agenda 2.2.8 - 'edit_event.php eventid Parameter' SQL Injection
Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection
PHPFreeNews 1.40 - searchresults.php Multiple SQL Injection
PHPFreeNews 1.40 - searchresults.php Multiple SQL Injections
Aenovo - /Password/default.asp Password Field SQL Injection
Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection
Aenovo - '/Password/default.asp' Password Field SQL Injection
Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/user.php Multiple Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/usertitle.php usertitleid Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/usertools.php ids Parameter SQL Injection
NooToplist 1.0 - 'index.php' Multiple SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/css.php group Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/index.php Multiple Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/user.php email Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/language.php goto Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/modlog.php orderby Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - /admincp/template.php Multiple Parameter Cross-Site Scripting
MX Shop 3.2 - 'index.php' Multiple SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' Multiple Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection
NooToplist 1.0 - 'index.php' Multiple SQL Injections
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/index.php' Multiple Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/template.php' Multiple Parameter Cross-Site Scripting
MX Shop 3.2 - 'index.php' Multiple SQL Injections
Top Games Script 1.2 - 'play.php gid Parameter' SQL Injection
Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection
Elemata CMS RC3.0 - 'global.php id Parameter' SQL Injection
Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection
Woltlab 1.1/2.x - Info-DB Info_db.php Multiple SQL Injection
Woltlab 1.1/2.x - 'Info-DB Info_db.php' Multiple SQL Injections
OaBoard 1.0 - forum.php Multiple SQL Injection
OaBoard 1.0 - 'forum.php' Multiple SQL Injections
Comersus Backoffice 4.x/5.0/6.0 - /comersus/database/comersus.mdb Direct Request Database Disclosure
Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure
PHP-Charts 1.0 - 'index.php type Parameter' Remote Code Execution
PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution
PHPList Mailing List Manager 2.x - /admin/admin.php id Parameter SQL Injection
PHPList Mailing List Manager 2.x - /admin/editattributes.php id Parameter SQL Injection
PHPList Mailing List Manager 2.x - /admin/eventlog.php Multiple Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - /admin/configure.php id Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - /admin/users.php find Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/eventlog.php' Multiple Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - ts.exe tsurl Variable Arbitrary Article Access
Walla TeleSite 3.0 - ts.exe sug Parameter Cross-Site Scripting
Walla TeleSite 3.0 - ts.exe sug Parameter SQL Injection
Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection
Pearl Forums 2.0 - 'index.php' Multiple SQL Injection
Pearl Forums 2.0 - 'index.php' Multiple SQL Injections
Helpdesk Issue Manager 0.x - find.php Multiple Parameter SQL Injection
Helpdesk Issue Manager 0.x - 'find.php' Multiple Parameter SQL Injection
PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injection
Cars Portal 1.1 - 'index.php' Multiple SQL Injection
PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injections
Cars Portal 1.1 - 'index.php' Multiple SQL Injections
IceWarp Universal WebMail - /accounts/inc/include.php Multiple Parameter Remote File Inclusion
IceWarp Universal WebMail - /admin/inc/include.php Multiple Parameter Remote File Inclusion
IceWarp Universal WebMail - /dir/include.html lang Parameter Local File Inclusion
IceWarp Universal WebMail - /mail/settings.html Language Parameter Local File Inclusion
IceWarp Universal WebMail - /mail/index.html lang_settings Parameter Remote File Inclusion
IceWarp Universal WebMail - /mail/include.html Crafted HTTP_USER_AGENT Arbitrary File Access
IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Parameter Remote File Inclusion
IceWarp Universal WebMail - '/admin/inc/include.php' Multiple Parameter Remote File Inclusion
IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion
IceWarp Universal WebMail - '/mail/include.html' Crafted HTTP_USER_AGENT Arbitrary File Access
PHPJournaler 1.0 - Readold Variable SQL Injection
PHPJournaler 1.0 - 'Readold' Parameter SQL Injection
ScozNet ScozBook 1.1 - AdminName Variable SQL Injection
ScozNet ScozBook 1.1 - 'AdminName' Parameter SQL Injection
OnePlug CMS - /press/details.asp Press_Release_ID Parameter SQL Injection
OnePlug CMS - /services/details.asp Service_ID Parameter SQL Injection
OnePlug CMS - /products/details.asp Product_ID Parameter SQL Injection
OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection
OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection
OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection
Venom Board - Post.php3 Multiple SQL Injection
Venom Board - 'Post.php3' Multiple SQL Injections
microBlog 2.0 - 'index.php' Multiple SQL Injection
microBlog 2.0 - 'index.php' Multiple SQL Injections
NewsPHP - 'index.php' Multiple SQL Injection
NewsPHP - 'index.php' Multiple SQL Injections
ZixForum 1.12 - forum.asp Multiple SQL Injection
ZixForum 1.12 - forum.asp Multiple SQL Injections
HiveMail 1.2.2/1.3 - addressbook.update.php contactgroupid Variable Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - folders.update.php folderid Variable Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution
ImageVue 0.16.1 - readfolder.php path Variable Arbitrary Directory Listing
ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing
dotProject 2.0 - /modules/projects/gantt.php dPconfig[root_dir] Parameter Remote File Inclusion
dotProject 2.0 - /includes/db_connect.php baseDir Remote File Inclusion
dotProject 2.0 - /includes/session.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - /modules/projects/gantt2.php dPconfig[root_dir] Parameter Remote File Inclusion
dotProject 2.0 - /modules/projects/vw_files.php dPconfig[root_dir] Parameter Remote File Inclusion
dotProject 2.0 - /modules/admin/vw_usr_roles.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - /modules/public/calendar.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - /modules/public/date_format.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - /modules/tasks/gantt.php baseDir Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion
MyBB 1.0.3 - private.php Multiple SQL Injection
MyBB 1.0.3 - 'private.php' Multiple SQL Injections
Ginkgo CMS - 'index.php rang Parameter' SQL Injection
Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection
Telmanik CMS Press 1.01b - 'pages.php page_name Parameter' SQL Injection
Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection
DCI-Taskeen 1.03 - basket.php Multiple Parameter SQL Injection
DCI-Taskeen 1.03 - cat.php Multiple Parameter SQL Injection
DCI-Taskeen 1.03 - 'basket.php' Multiple Parameter SQL Injections
DCI-Taskeen 1.03 - 'cat.php' Multiple Parameter SQL Injections
sBlog 0.7.2 - search.php keyword Variable POST Method Cross-Site Scripting
sBlog 0.7.2 - comments_do.php Multiple Variable POST Method Cross-Site Scripting
sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting
sBlog 0.7.2 - 'comments_do.php' Multiple Variable POST Method Cross-Site Scripting
PHPFox 3.6.0 (build3) - Multiple SQL Injection
PHPFox 3.6.0 (build3) - Multiple SQL Injections
Verisign MPKI 6.0 - Haydn.exe Cross-Site Scripting
Verisign MPKI 6.0 - 'Haydn.exe' Cross-Site Scripting
DSLogin 1.0 - 'index.php' Multiple SQL Injection
DSLogin 1.0 - 'index.php' Multiple SQL Injections
MLMAuction Script - 'gallery.php id Parameter' SQL Injection
MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection
PHPMyForum 4.0 - 'index.php' type Variable CRLF Injection
PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection
APT-webshop 3.0/4.0 - modules.php Multiple SQL Injection
APT-webshop 3.0/4.0 - modules.php Multiple SQL Injections
Cisco CallManager 3.x/4.x - Web Interface ccmadmin/phonelist.asp pattern Parameter Cross-Site Scripting
Cisco CallManager 3.x/4.x - Web Interface ccmuser/logon.asp Cross-Site Scripting
Cisco CallManager 3.x/4.x - Web Interface 'ccmadmin/phonelist.asp' Pattern Parameter Cross-Site Scripting
Cisco CallManager 3.x/4.x - Web Interface 'ccmuser/logon.asp' Cross-Site Scripting
321soft PHP-Gallery 0.9 - 'index.php' path Variable Arbitrary Directory Listing
321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing
Pacheckbook 1.1 - 'index.php' Multiple SQL Injection
Pacheckbook 1.1 - 'index.php' Multiple SQL Injections
Creative Software UK Community Portal 1.1 - PollResults.php Multiple Parameter SQL Injection
Creative Software UK Community Portal 1.1 - 'PollResults.php' Multiple Parameter SQL Injections
EvoTopsite 2.0 - 'index.php' Multiple SQL Injection
timobraun Dynamic Galerie 1.0 - 'index.php' pfad Variable Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - galerie.php pfad Variable Arbitrary Directory Listing
EvoTopsite 2.0 - 'index.php' Multiple SQL Injections
timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing
Gphotos 1.4/1.5 - 'index.php' rep Variable Traversal Arbitrary Directory Listing
Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing
Mini-NUKE 2.3 - Your_Account.asp Multiple SQL Injection
Mini-NUKE 2.3 - 'Your_Account.asp' Multiple SQL Injections
Woltlab Burning Board FLVideo Addon - 'video.php value Parameter' SQL Injection
Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection
glFusion 1.3.0 - 'search.php cat_id Parameter' SQL Injection
glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection
Geodesic Solutions Multiple Products - 'index.php' b Parameter SQL Injection
Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection
RadScripts - a_editpage.php Filename Variable Arbitrary File Overwrite
RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite
Banex PHP MySQL Banner Exchange 2.21 - admin.php Multiple Parameter SQL Injection
Banex PHP MySQL Banner Exchange 2.21 - 'admin.php' Multiple Parameter SQL Injections
XennoBB 2.1 - profile.php Multiple SQL Injection
XennoBB 2.1 - 'profile.php' Multiple SQL Injections
Vtiger CRM 5.4.0 - 'index.php onlyforuser Parameter' SQL Injection
Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
CubeCart 3.0.x - /admin/print_order.php order_id Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting
CubeCart 3.0.x - /admin/nav.php Multiple Parameter Cross-Site Scripting
CubeCart 3.0.x - /admin/image.php image Parameter Cross-Site Scripting
CubeCart 3.0.x - /admin/header.inc.php Multiple Parameter Cross-Site Scripting
CubeCart 3.0.x - /footer.inc.php la_pow_by Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/nav.php' Multiple Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/header.inc.php' Multiple Parameter Cross-Site Scripting
CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting
AckerTodo 4.2 - 'login.php' Multiple SQL Injection
AckerTodo 4.2 - 'login.php' Multiple SQL Injections
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage Parameter' SQL Injection
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection
INFINICART - browsesubcat.asp Multiple Parameter SQL Injection
INFINICART - 'browsesubcat.asp' Multiple Parameter SQL Injection
Car Site Manager - csm/asp/listings.asp Multiple Parameter SQL Injection
Car Site Manager - 'csm/asp/listings.asp' Multiple Parameter SQL Injections
Dragon Internet Events Listing 2.0.01 - admin_login.asp Multiple Field SQL Injection
ASPIntranet 2.1 - Multiple SQL Injection
Dragon Internet Events Listing 2.0.01 - 'admin_login.asp' Multiple Field SQL Injections
ASPIntranet 2.1 - Multiple SQL Injections
Image Gallery with Access Database - default.asp Multiple Parameter SQL Injection
Image Gallery with Access Database - 'default.asp' Multiple Parameter SQL Injection
20/20 Applications Data Shed 1.0 - listings.asp Multiple Parameter SQL Injection
20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple Parameter SQL Injections
BestWebApp Dating Site Login Component - Multiple Field SQL Injection
BestWebApp Dating Site Login Component - Multiple Field SQL Injections
Enthrallweb eClassifieds - ad.asp Multiple Parameter SQL Injection
Enthrallweb eClassifieds - 'ad.asp' Multiple Parameter SQL Injection
BirdBlog 1.4 - /admin/admincore.php msg Parameter Cross-Site Scripting
BirdBlog 1.4 - /admin/comments.php month Parameter Cross-Site Scripting
BirdBlog 1.4 - /admin/entries.php month Parameter Cross-Site Scripting
BirdBlog 1.4 - /admin/logs.php page Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting
Grandora Rialto 1.6 - /admin/default.asp Multiple Field SQL Injection
Grandora Rialto 1.6 - '/admin/default.asp' Multiple Field SQL Injection
Grandora Rialto 1.6 - searchkey.asp Multiple Parameter SQL Injection
Grandora Rialto 1.6 - searchmain.asp Multiple Parameter SQL Injection
Grandora Rialto 1.6 - searchoption.asp Multiple Parameter SQL Injection
Grandora Rialto 1.6 - 'searchkey.asp' Multiple Parameter SQL Injection
Grandora Rialto 1.6 - 'searchmain.asp' Multiple Parameter SQL Injection
Grandora Rialto 1.6 - 'searchoption.asp' Multiple Parameter SQL Injection
Enthrallweb eHomes - compareHomes.asp Multiple Parameter SQL Injection
Enthrallweb eHomes - result.asp Multiple Parameter SQL Injection
Enthrallweb eHomes - 'compareHomes.asp' Multiple Parameter SQL Injection
Enthrallweb eHomes - 'result.asp' Multiple Parameter SQL Injection
DUdownload 1.0/1.1 - detail.asp Multiple Parameter SQL Injection
DUdownload 1.0/1.1 - 'detail.asp' Multiple Parameter SQL Injections
Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injection
Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injections
ClickContact - default.asp Multiple SQL Injection
ClickContact - 'default.asp' Multiple SQL Injections
Dol Storye - Dettaglio.asp Multiple SQL Injection
Dol Storye - 'Dettaglio.asp' Multiple SQL Injections
Efkan Forum 1.0 - Grup Variable SQL Injection
Efkan Forum 1.0 - 'Grup' Parameter SQL Injection
EditTag 1.2 - edittag.cgi file Variable Arbitrary File Disclosure
EditTag 1.2 - edittag.pl file Variable Arbitrary File Disclosure
EditTag 1.2 - edittag_mp.cgi file Variable Arbitrary File Disclosure
EditTag 1.2 - edittag_mp.pl file Variable Arbitrary File Disclosure
EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure
Indexu 5.0/5.3 - mailing_list.php Multiple Variables Cross-Site Scripting
Indexu 5.0/5.3 - 'mailing_list.php' Multiple Parameters Cross-Site Scripting
Project'Or RIA 3.4.0 - 'objectDetail.php objectId Parameter' SQL Injection
Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php' iz Variable Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Variable SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection
aBitWhizzy - whizzylink.php d Variable Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing
MyBloggie 2.1.x - 'index.php' Multiple SQL Injection
MyBloggie 2.1.x - 'index.php' Multiple SQL Injections
PHPLive! 3.2.2 - super/info.php BASE_URL Variable Parameter Cross-Site Scripting
PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting
JFFNms 0.8.3 - auth.php Multiple Parameter SQL Injection
JFFNms 0.8.3 - 'auth.php' Multiple Parameter SQL Injection
DotClear 1.2.x - /ecrire/trackback.php post_id Parameter Cross-Site Scripting
DotClear 1.2.x - /tools/thememng/index.php tool_url Parameter Cross-Site Scripting
DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting
DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting
PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injection
PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injections
Exponent CMS 0.96.5/0.96.6 - iconspopup.php icodir Variable Traversal Arbitrary Directory Listing
Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing
Phorum 5.1.20 - admin.php module[] Variable Full Path Disclosure
Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure
Chamilo Lms 1.9.6 - 'profile.php password0 Parameter' SQL Injection
Dokeos 2.2 RC2 - 'index.php language Parameter' SQL Injection
Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection
Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection
UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Variable Full Path Disclosure
UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Parameters Full Path Disclosure
PHPAccounts 0.5 - 'index.php' Multiple SQL Injection
PHPAccounts 0.5 - 'index.php' Multiple SQL Injections
NetFlow Analyzer 5 - /jspui/applicationList.jsp alpha Parameter Cross-Site Scripting
NetFlow Analyzer 5 - /jspui/appConfig.jsp task Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - /jspui/selectDevice.jsp rtype Parameter Cross-Site Scripting
NetFlow Analyzer 5 - /jspui/customReport.jsp rtype Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting
geoBlog MOD_1.0 - deletecomment.php id Variable Arbitrary Comment Deletion
geoBlog MOD_1.0 - deleteblog.php id Variable Arbitrary Blog Deletion
geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion
geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion
Next Gen Portfolio Manager - default.asp Multiple SQL Injection
Next Gen Portfolio Manager - 'default.asp' Multiple SQL Injections
ACG News 1.0 - 'index.php' Multiple SQL Injection
Cisco CallManager 4.2 - / CUCM 4.2 Logon Page lang Parameter SQL Injection
ACG News 1.0 - 'index.php' Multiple SQL Injections
Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' Parameter SQL Injection
WebBatch - webbatch.exe URL Cross-Site Scripting
WebBatch - webbatch.exe dumpinputdata Variable Remote Information Disclosure
WebBatch - 'webbatch.exe' URL Cross-Site Scripting
WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure
NetWin DNews - Dnewsweb.exe Multiple Cross-Site Scripting Vulnerabilities
NetWin DNews - 'Dnewsweb.exe' Multiple Cross-Site Scripting Vulnerabilities
Scott Manktelow Design Stride 1.0 - Courses detail.php Multiple SQL Injection
Scott Manktelow Design Stride 1.0 Courses - 'detail.php' Multiple SQL Injections
Article Dashboard - 'admin/login.php' Multiple SQL Injection
Article Dashboard - 'admin/login.php' Multiple SQL Injections
Multi-Forums - Directory.php Multiple SQL Injection
Multi-Forums - 'Directory.php' Multiple SQL Injections
JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injection
JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injections
Absolute News Manager .NET 5.1 - 'pages/default.aspx' template Variable Remote File Access
Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injection
Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access
Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injections
phpRPG 0.8 - /tmp Directory PHPSESSID Cookie Session Hijacking
phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking
Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injection
Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injections
eTicket 1.5.5.2 - search.php Multiple Parameter SQL Injection
eTicket 1.5.5.2 - admin.php Multiple Parameter SQL Injection
eTicket 1.5.5.2 - 'search.php' Multiple Parameter SQL Injection
eTicket 1.5.5.2 - 'admin.php' Multiple Parameter SQL Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/login.jsp Multiple Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/account/findForSelect.jsp resultsForm Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/help/index.jsp helpUrl Variable Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - /idm/user/main.jsp activeControl Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting
MyBB 1.2.10 - 'moderation.php' Multiple SQL Injection
MyBB 1.2.10 - 'moderation.php' Multiple SQL Injections
PacerCMS 0.6 - 'id' Parameter Multiple SQL Injection
PacerCMS 0.6 - 'id' Parameter Multiple SQL Injections
Ipswitch WS_FTP Server 6 - /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
Ipswitch WS_FTP Server 6 - '/WSFTPSVR/FTPLogServer/LogViewer.asp' Authentication Bypass
Cacti 0.8.7 - tree.php Multiple Parameter SQL Injection
Cacti 0.8.7 - 'tree.php' Multiple Parameter SQL Injections
Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injection
Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injections
WebcamXP 3.72.440/4.05.280 Beta - /pocketpc camnum Variable Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - /show_gallery_pic id Variable Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure
Elastic Path 4.1 - 'manager/FileManager.jsp' dir Variable Traversal Arbitrary Directory Listing
Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing
osCommerce 2.3.3.4 - 'geo_zones.php zID Parameter' SQL Injection
osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection
D-Link DSL-2750B (ADSL Router) - Cross-Site Request Forgery
D-Link DSL-2750B ADSL Route) - Cross-Site Request Forgery
Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities
NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities
Concrete5 5.6.2.1 - 'index.php cID Parameter' SQL Injection
Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
TLM CMS 1.1 - 'index.php' Multiple SQL Injection
TLM CMS 1.1 - 'index.php' Multiple SQL Injections
RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injection
RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injections
IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injection
IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injections
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php track Parameter' SQL Injection
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection
JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injection
Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injection
dvbbs 8.2 - 'login.asp' Multiple SQL Injection
JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injections
Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injections
dvbbs 8.2 - 'login.asp' Multiple SQL Injections
Te Ecard - 'id' Parameter Multiple SQL Injection
Te Ecard - 'id' Parameter Multiple SQL Injections
Benja CMS 0.1 - /admin/admin_edit_submenu.php URL Cross-Site Scripting
Benja CMS 0.1 - '/admin/admin_edit_submenu.php' URL Cross-Site Scripting
Benja CMS 0.1 - /admin/admin_edit_topmenu.php URL Cross-Site Scripting
Benja CMS 0.1 - '/admin/admin_edit_topmenu.php' URL Cross-Site Scripting
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id Parameter' SQL Injection
PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection
webERP 4.11.3 - 'SalesInquiry.php SortBy Parameter' SQL Injection
webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection
couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injection
couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injections
Claroline 1.8.9 - claroline/redirector.php url Variable Arbitrary Site Redirect
Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect
EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection / Cross-Site Scripting
EasyPublish 3.0 - 'read' Parameter Multiple SQL Injections / Cross-Site Scripting
ownCloud 4.0.x/4.5.x - 'upload.php Filename Parameter' Remote Code Execution
ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution
Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injection
Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injections
ZYXEL Router P-660HN-T1A - Login Bypass
ZYXEL P-660HN-T1A Router - Login Bypass
PromoProducts - 'view_product.php' Multiple SQL Injection
PromoProducts - 'view_product.php' Multiple SQL Injections
EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injection
EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injections
OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injection
OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i Parameter' SQL Injection
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection
Tandis CMS 2.5 - 'index.php' Multiple SQL Injection
Tandis CMS 2.5 - 'index.php' Multiple SQL Injections
TWiki 4.x - SEARCH Variable Remote Command Execution
TWiki 4.x - URLPARAM Variable Cross-Site Scripting
TWiki 4.x - 'SEARCH' Parameter Remote Command Execution
TWiki 4.x - 'URLPARAM' Parameter Cross-Site Scripting
DO-CMS 3.0 - 'p' Parameter Multiple SQL Injection
DO-CMS 3.0 - 'p' Parameter Multiple SQL Injections
MKPortal 1.2.1 - /modules/blog/index.php Home Template Textarea SQL Injection
MKPortal 1.2.1 - /modules/rss/handler_image.php i Parameter Cross-Site Scripting
MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection
MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting
Banking@Home 2.1 - 'login.asp' Multiple SQL Injection
Banking@Home 2.1 - 'login.asp' Multiple SQL Injections
kitForm CRM Extension 0.43 - 'sorter.php sorter_value Parameter' SQL Injection
kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection
dompdf 0.6.0 - 'dompdf.php read Parameter' Arbitrary File Read
dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read
Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injection
Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injections
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injection
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections
Pars CMS - 'RP' Parameter Multiple SQL Injection
Pars CMS - 'RP' Parameter Multiple SQL Injections
tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injection
tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injections
MODx 1.0.3 - 'index.php' Multiple SQL Injection
MODx 1.0.3 - 'index.php' Multiple SQL Injections
HuronCMS - 'index.php' Multiple SQL Injection
HuronCMS - 'index.php' Multiple SQL Injections
4x CMS - 'login.php' Multiple SQL Injection
4x CMS - 'login.php' Multiple SQL Injections
Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injection
Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections
ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injection
ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections
GREEZLE - Global Real Estate Agent Login Multiple SQL Injection
(GREEZLE) Global Real Estate Agent Login - Multiple SQL Injections
SaffaTunes CMS - 'news.php' Multiple SQL Injection
SaffaTunes CMS - 'news.php' Multiple SQL Injections
pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injection
pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections
DiamondList - /user/main/update_settings setting[site_title] Parameter Cross-Site Scripting
DiamondList - /user/main/update_category category[description] Parameter Cross-Site Scripting
DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting
vBulletin 4.0.x < 4.1.2 - 'search.php cat Parameter' SQL Injection
vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection
Mulitple WordPress Themes - 'admin-ajax.php img Parameter' Arbitrary File Download
Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download
tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injection
tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injections
APBook 1.3 - Admin Login Multiple SQL Injection
APBook 1.3 - Admin Login Multiple SQL Injections
MODx manager - /controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion
MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion
Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter' SQL Injection
Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection
PHP Scripts Now Riddles - /riddles/results.php searchQuery Parameter Cross-Site Scripting
PHP Scripts Now Riddles - /riddles/list.php catid Parameter SQL Injection
PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting
PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection
Easy Banner 2009.05.18 - member.php Multiple Parameter SQL Injection Authentication Bypass
Easy Banner 2009.05.18 - 'member.php' Multiple Parameter SQL Injection / Authentication Bypass
E-lokaler CMS 2 - Admin Login Multiple SQL Injection
E-lokaler CMS 2 - Admin Login Multiple SQL Injections
Blog:CMS 4.2.1 e - Multiple HTML Injection / Cross-Site Scripting
Blog:CMS 4.2.1 e - Multiple HTML Injections / Cross-Site Scripting
Piwigo 2.6.0 - 'picture.php rate Parameter' SQL Injection
Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection
Eleanor CMS - Cross-Site Scripting / Multiple SQL Injection
Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections
Netgear WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit
NETGEAR WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit
PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter' SQL Injection
PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injection
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections
BoutikOne - search.php Multiple Parameter SQL Injection
BoutikOne - 'search.php' Multiple Parameter SQL Injections
Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injection
Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections
Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injection
Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injection
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections
GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injection
GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injections
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass
CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution
CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution
PHPMyRecipes 1.2.2 - 'browse.php category Parameter' SQL Injection
PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection
4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection
4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injections
TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injection
TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injections
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injection
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections
Mambo Component Docman 1.3.0 - Multiple SQL Injection
Mambo Component Docman 1.3.0 - Multiple SQL Injections
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injection
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections
Paliz Portal - Cross-Site Scripting / Multiple SQL Injection
Paliz Portal - Cross-Site Scripting / Multiple SQL Injections
Sphider 1.3.x - Admin Panel Multiple SQL Injection
Sphider 1.3.x - Admin Panel Multiple SQL Injections
Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injection
Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injections
Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injection
Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections
EasyGallery 5 - 'index.php' Multiple SQL Injection
EasyGallery 5 - 'index.php' Multiple SQL Injections
Xenon - 'id' Parameter Multiple SQL Injection
Xenon - 'id' Parameter Multiple SQL Injections
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injection
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections
eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injection
eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injections
Dolibarr ERP/CRM - /user/index.php Multiple Parameter SQL Injection
Dolibarr ERP/CRM - /user/info.php id Parameter SQL Injection
Dolibarr ERP/CRM - /admin/boxes.php rowid Parameter SQL Injection
Dolibarr ERP/CRM - '/user/index.php' Multiple Parameter SQL Injections
Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection
PrestaShop 1.4.4.1 - /modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - /admin/ajaxfilemanager/ajax_save_text.php Multiple Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Parameter Cross-Site Scripting
Manx 1.0.1 - /admin/admin_blocks.php Filename Parameter Traversal Arbitrary File Access
Manx 1.0.1 - /admin/admin_pages.php Filename Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access
SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injection
SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injections
Balero CMS 0.7.2 - Multiple Blind SQL Injection
Balero CMS 0.7.2 - Multiple Blind SQL Injections
WordPress Plugin'WP Mobile Edition 2.7 - Remote File Disclosure
WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injection
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections
Dotclear 2.4.1.2 - /admin/auth.php login_data Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - /admin/blogs.php nb Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - /admin/comments.php Multiple Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - /admin/plugin.php page Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - /help/helpredir.aspx guide Parameter Cross-Site Scripting
SAP Business Objects InfoView System - /webi/webi_modify.aspx id Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - /lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml() Method Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting
PHP Designer 2007 - Personal Multiple SQL Injection
PHP Designer 2007 Personal - Multiple SQL Injections
WordPress Plugin All-in-One Event Calendar 1.4 agenda-widget.php Multiple Parameter Cross-Site Scripting
WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Parameter Cross-Site Scripting
XOOPS 2.5.4 - /modules/pm/pmlite.php to_userid Parameter Cross-Site Scripting
XOOPS 2.5.4 - /tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php Multiple Parameter Cross-Site Scripting
XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting
XOOPS 2.5.4 - '/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php' Multiple Parameter Cross-Site Scripting
XM Forum - 'id' Parameter Multiple SQL Injection
XM Forum - 'id' Parameter Multiple SQL Injections
AdaptCMS 2.0.2 TinyURL Plugin - admin.php Multiple Parameter SQL Injection
AdaptCMS 2.0.2 TinyURL Plugin - 'admin.php' Multiple Parameter SQL Injections
Classified Ads Script PHP - 'admin.php' Multiple SQL Injection
Classified Ads Script PHP - 'admin.php' Multiple SQL Injections
Limny - 'index.php' Multiple SQL Injection
Limny - 'index.php' Multiple SQL Injections
TCExam 11.2.x - /admin/code/tce_edit_answer.php Multiple Parameter SQL Injection
TCExam 11.2.x - /admin/code/tce_edit_question.php subject_module_id Parameter SQL Injection
TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple Parameter SQL Injection
TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection
jCore - /admin/index.php path Parameter Cross-Site Scripting
jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting
Netsweeper 4.0.8 - SQL Injection Authentication Bypass
Netsweeper 4.0.8 - SQL Injection / Authentication Bypass
dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injection
dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injections
MantisBT 1.2.19 - Host Header Attack
MantisBT 1.2.19 - Host Header Exploit
WordPress Plugin RokBox Plugin - /wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext Parameter Cross-Site Scripting
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting
cPanel WebHost Manager (WHM) - /webmail/x3/mail/clientconf.html acct Parameter Cross-Site Scripting
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting
WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - /wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injection
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
ezStats for Battlefield 3 - /ezStats2/compare.php Multiple Parameter Cross-Site Scripting
ezStats for Battlefield 3 - '/ezStats2/compare.php' Multiple Parameter Cross-Site Scripting
PHP Address Book - /addressbook/register/delete_user.php id Parameter SQL Injection
PHP Address Book - /addressbook/register/edit_user.php id Parameter SQL Injection
PHP Address Book - /addressbook/register/edit_user_save.php Multiple Parameter SQL Injection
PHP Address Book - /addressbook/register/linktick.php site Parameter SQL Injection
PHP Address Book - /addressbook/register/reset_password.php Multiple Parameter SQL Injection
PHP Address Book - /addressbook/register/reset_password_save.php Multiple Parameter SQL Injection
PHP Address Book - /addressbook/register/router.php BasicLogin Cookie Parameter SQL Injection
PHP Address Book - /addressbook/register/traffic.php var Parameter SQL Injection
PHP Address Book - /addressbook/register/user_add_save.php email Parameter SQL Injection
PHP Address Book - /addressbook/register/checklogin.php 'Username' Parameter SQL Injection
PHP Address Book - /addressbook/register/admin_index.php q Parameter SQL Injection
PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user_save.php' Multiple Parameter SQL Injection
PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection
PHP Address Book - '/addressbook/register/reset_password.php' Multiple Parameter SQL Injection
PHP Address Book - '/addressbook/register/reset_password_save.php' Multiple Parameter SQL Injection
PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection
PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection
PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection
PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection
PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection
Hero Framework - /users/login 'Username' Parameter Cross-Site Scripting
Hero Framework - /users/forgot_password error Parameter Cross-Site Scripting
Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting
Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting
RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injection
RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections
NetApp OnCommand System Manager - /zapiServlet CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting
NetApp OnCommand System Manager - /zapiServlet User Management Interface Multiple Parameter Cross-Site Scripting
NetApp OnCommand System Manager - '/zapiServlet' CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting
NetApp OnCommand System Manager - '/zapiServlet' User Management Interface Multiple Parameter Cross-Site Scripting
Jahia xCM - /engines/manager.jsp site Parameter Cross-Site Scripting
Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting
D-Link DIR-816L (Wireless Router) - Cross-Site Request Forgery
D-Link DIR-816L Wireless Router - Cross-Site Request Forgery
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injection
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injections
NeoBill - /modules/nullregistrar/PHPwhois/example.php query Parameter Remote Code Execution
NeoBill - /install/include/solidstate.php Multiple Parameter SQL Injection
NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution
NeoBill - '/install/include/solidstate.php' Multiple Parameter SQL Injection
C2C Forward Auction Creator 2.0 - /auction/asp/list.asp pa Parameter SQL Injection
C2C Forward Auction Creator - /auction/casp/Admin.asp SQL Injection Admin Authentication Bypass
C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection
C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass)
Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass
Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injections / Authentication Bypass
Command School Student Management System - /sw/admin_grades.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_terms.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_school_years.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_sgrades.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_media_codes_1.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_infraction_codes.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_generations.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_relations.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_titles.php id Parameter SQL Injection
Command School Student Management System - /sw/health_allergies.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_school_names.php id Parameter SQL Injection
Command School Student Management System - /sw/admin_subjects.php id Parameter SQL Injection
Command School Student Management System - /sw/backup/backup_ray2.php Database Backup Direct Request Information Disclosure
Command School Student Management System - /sw/Admin_change_Password.php Cross-Site Request Forgery (Admin Password Manipulation)
Command School Student Management System - /sw/add_topic.php Cross-Site Request Forgery (Topic Creation)
Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Request Information Disclosure
Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forgery (Admin Password Manipulation)
Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Creation)
Dredge School Administration System - /DSM/loader.php Id Parameter SQL Injection
Dredge School Administration System - /DSM/loader.php Account Information Disclosure
Dredge School Administration System - /DSM/loader.php Cross-Site Request Forgery (Admin Account Manipulation)
Dredge School Administration System - /DSM/Backup/processbackup.php Database Backup Information Disclosure
Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation)
Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure
UAEPD Shopping Script - /products.php Multiple Parameter SQL Injection
UAEPD Shopping Script - /news.php id Parameter SQL Injection
UAEPD Shopping Script - '/products.php' Multiple Parameter SQL Injection
UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection
BloofoxCMS - /bloofox/index.php 'Username' Parameter SQL Injection
BloofoxCMS - /bloofox/admin/index.php 'Username' Parameter SQL Injection
BloofoxCMS - /admin/index.php Cross-Site Request Forgery (Add Admin)
BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
Professional Designer E-Store - 'id' Parameter Multiple SQL Injection
GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injection
Professional Designer E-Store - 'id' Parameter Multiple SQL Injections
GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injections
Xangati - /servlet/MGConfigData Multiple Parameter Directory Traversal
Xangati - /servlet/Installer file Parameter Directory Traversal
Xangati - '/servlet/MGConfigData' Multiple Parameter Directory Traversal
Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal
Caldera - /costview2/jobs.php tr Parameter SQL Injection
Caldera - /costview2/printers.php tr Parameter SQL Injection
Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection
Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection
WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injection
WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injections
ol-commerce - /OL-Commerce/affiliate_signup.php a_country Parameter SQL Injection
ol-commerce - /OL-Commerce/affiliate_show_banner.php affiliate_banner_id Parameter SQL Injection
ol-commerce - /OL-Commerce/create_account.php country Parameter SQL Injection
ol-commerce - /OL-Commerce/admin/create_account.php entry_country_id Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections
Multiple Netgear Routers - Password Disclosure
Multiple NETGEAR Routers - Password Disclosure
WebKit - Stealing Variables via Page Navigation in FrameLoader::clear
WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'
|
2017-06-23 05:01:28 +00:00 |
|