exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	32e86030d5	DB: 2016-12-15 3 new exploits minix 3.1.2a - tty panic Local Denial of Service minix 3.1.2a - tty panic Remote Denial of Service Minix 3.1.2a - tty panic Local Denial of Service Minix 3.1.2a - tty panic Remote Denial of Service Microsoft IIS 5.0 - WebDav Lock Method Memory Leak Denial of Service Microsoft IIS 5.0 - WebDAV Lock Method Memory Leak Denial of Service MINIX 3.3.0 - Local Denial of Service (PoC) Minix 3.3.0 - Local Denial of Service (PoC) MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service Minix 3.3.0 - Remote TCP/IP Stack Denial of Service Apache 2.4.23 (mod_http2) - Denial of Service Adobe Animate 15.2.1.95 - Memory Corruption CoolPlayer - m3u File Local Buffer Overflow CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit) Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDAV Privilege Escalation (MS16-016) (Metasploit) Apache Tomcat (WebDAV) - Remote File Disclosure Apache Tomcat - (WebDAV) Remote File Disclosure Apache Tomcat (WebDAV) - Remote File Disclosure (SSL) Apache Tomcat - (WebDAV) Remote File Disclosure (SSL) APT - Repository Signing Bypass via Memory Allocation Failure PHPFootball 1.6 - (show.php) Remote Database Disclosure PHPFootball 1.6 - Remote Database Disclosure Aprox CMS Engine 5 (1.0.4) - Local File Inclusion Aprox CMS Engine 5.1.0.4 - Local File Inclusion PHP Help Agent 1.1 - (content) Local File Inclusion PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion Alstrasoft Affiliate Network Pro - (pgm) SQL Injection Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection Siteframe - 'folder.php id' SQL Injection PHPFootball 1.6 - (show.php) SQL Injection DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection Siteframe CMS 3.2.3 - 'folder.php' SQL Injection PHPFootball 1.6 - SQL Injection DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection HRS Multi - 'key' Parameter Blind SQL Injection MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection EZWebAlbum (dlfilename) - Remote File Disclosure Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection ShopCartDx 4.30 - 'pid' SQL Injection MojoPersonals - Blind SQL Injection MojoJobs - Blind SQL Injection MojoAuto - Blind SQL Injection EZWebAlbum - Remote File Disclosure Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection ShopCartDx 4.30 - 'pid' Parameter SQL Injection YouTube blog 0.1 - (Remote File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Pre Survey Poll - 'default.asp catid' SQL Injection Atom Photoblog 1.1.5b1 - (photoId) SQL Injection ibase 2.03 - 'download.php' Remote File Disclosure YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting Pre Survey Poll - 'catid' Parameter SQL Injection Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection ibase 2.03 - Remote File Disclosure Live Music Plus 1.1.0 - 'id' SQL Injection xrms 1.99.2 - (Remote File Inclusion / Cross-Site Scripting / Information Gathering) Multiple Vulnerabilities Live Music Plus 1.1.0 - 'id' Parameter SQL Injection XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering FizzMedia 1.51.2 - (comment.php mid) SQL Injection PHPTest 0.6.3 - (picture.php image_id) SQL Injection FizzMedia 1.51.2 - SQL Injection PHPTest 0.6.3 - SQL Injection Mobius 1.4.4.1 - (browse.php id) SQL Injection EPShop < 3.0 - 'pid' SQL Injection Mobius 1.4.4.1 - SQL Injection EPShop < 3.0 - 'pid' Parameter SQL Injection TriO 2.1 - (browse.php id) SQL Injection CMScout 2.05 - (common.php bit) Local File Inclusion Getacoder clone - (sb_protype) SQL Injection GC Auction Platinum - (cate_id) SQL Injection SiteAdmin CMS - (art) SQL Injection TriO 2.1 - 'browse.php' SQL Injection CMScout 2.05 - 'bit' Parameter Local File Inclusion Getacoder clone - 'sb_protype' Parameter SQL Injection GC Auction Platinum - 'cate_id' Parameter SQL Injection SiteAdmin CMS - 'art' Parameter SQL Injection Youtuber Clone - 'ugroups.php UID' SQL Injection Youtuber Clone - SQL Injection PixelPost 1.7.1 - (language_full) Local File Inclusion PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion ViArt Shop 3.5 - (category_id) SQL Injection Minishowcase 09b136 - 'lang' Local File Inclusion ViArt Shop 3.5 - 'category_id' Parameter SQL Injection Minishowcase 09b136 - 'lang' Parameter Local File Inclusion Gregarius 0.5.4 - rsargs[] SQL Injection PHP Hosting Directory 2.0 - (admin.php rd) Remote File Inclusion HIOX Random Ad 1.3 - (hioxRandomAd.php hm) Remote File Inclusion hiox browser Statistics 2.0 - Remote File Inclusion Gregarius 0.5.4 - SQL Injection PHP Hosting Directory 2.0 - Remote File Inclusion HIOX Random Ad 1.3 - Remote File Inclusion HIOX Browser Statistics 2.0 - Remote File Inclusion nzFotolog 0.4.1 - (action_file) Local File Inclusion ZeeReviews - 'comments.php ItemID' SQL Injection nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion ZeeReviews - SQL Injection Article Friendly Pro/Standard - (Cat) SQL Injection Article Friendly Pro/Standard - SQL Injection PozScripts Classified Ads Script - 'cid' SQL Injection TubeGuru Video Sharing Script - (UID) SQL Injection PozScripts Classified Ads Script - 'cid' Parameter SQL Injection TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection pligg 9.9.0 - (Cross-Site Scripting / Local File Inclusion / SQL Injection) Multiple Vulnerabilities pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection camera life 2.6.2b4 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting Alstrasoft Article Manager Pro - (Authentication Bypass) SQL Injection Alstrasoft Article Manager Pro 1.6 - Authentication Bypass viart shopping cart 3.5 - Multiple Vulnerabilities Viart shopping cart 3.5 - Multiple Vulnerabilities PHPFootball 1.6 - (filter.php) Remote Hash Disclosure PHPFootball 1.6 - Remote Hash Disclosure talkback 2.3.14 - Multiple Vulnerabilities Siteframe CMS 3.2.x - (SQL Injection / phpinfo()) Multiple Vulnerabilities TalkBack 2.3.14 - Multiple Vulnerabilities Siteframe CMS 3.2.x - SQL Injection / phpinfo() CMScout - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities CMScout - Cross-Site Scripting / HTML Injection ShopCartDx 4.30 - (products.php) Blind SQL Injection ShopCartDx 4.30 - 'products.php' Blind SQL Injection viart shop 4.0.5 - Multiple Vulnerabilities ViArt Shop 4.0.5 - Multiple Vulnerabilities Siteframe 3.2.3 - (user.php) SQL Injection Siteframe CMS 3.2.3 - 'user.php' SQL Injection viart shop 4.0.5 - Cross-Site Request Forgery ViArt Shop 4.0.5 - Cross-Site Request Forgery Siteframe 2.2.4 - search.php Cross-Site Scripting Siteframe 2.2.4 - download.php Information Disclosure Siteframe CMS 2.2.4 - 'download.php' Information Disclosure phpx 3.2.3 - Multiple Vulnerabilities PHPX 3.2.3 - Multiple Vulnerabilities PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/news.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/user.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/images.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - admin/forums.php Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - merchants/temp.php rowid Parameter Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php uploadProducts Action pgmid Parameter SQL Injection Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection PHPX 3.5.15/3.5.16 - print.php news_id Parameter SQL Injection PHPX 3.5.15/3.5.16 - forums.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - users.php user_id Parameter SQL Injection PHPX 3.5.15/3.5.16 - news.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - gallery.php Multiple Parameter SQL Injection PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection PHPX 3.5.15/3.5.16 - 'news.php' SQL Injection PHPX 3.5.15/3.5.16 - 'gallery.php' SQL Injection XRms 1.99.2 - activities/some.php title Parameter Cross-Site Scripting XRms 1.99.2 - companies/some.php company_name Parameter Cross-Site Scripting XRms 1.99.2 - contacts/some.php last_name Parameter Cross-Site Scripting XRms 1.99.2 - campaigns/some.php campaign_title Parameter Cross-Site Scripting XRms 1.99.2 - opportunities/some.php opportunity_title Parameter Cross-Site Scripting XRms 1.99.2 - cases/some.php case_title Parameter Cross-Site Scripting XRms 1.99.2 - files/some.php file_id Parameter Cross-Site Scripting XRms 1.99.2 - reports/custom/mileage.php starting Parameter Cross-Site Scripting XRms 1.99.2 - 'title' Parameter Cross-Site Scripting XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting Pligg 1.0.4 - 'install1.php' Cross-Site Scripting Joomla! Component DT Register - 'cat' SQL Injection Joomla! Component DT Register - 'cat' Parameter SQL Injection	2016-12-15 13:07:17 +00:00

Author

SHA1

Message

Date

Offensive Security

32e86030d5

DB: 2016-12-15

3 new exploits

minix 3.1.2a - tty panic Local Denial of Service
minix 3.1.2a - tty panic Remote Denial of Service
Minix 3.1.2a - tty panic Local Denial of Service
Minix 3.1.2a - tty panic Remote Denial of Service

Microsoft IIS 5.0 - WebDav Lock Method Memory Leak Denial of Service
Microsoft IIS 5.0 - WebDAV Lock Method Memory Leak Denial of Service

MINIX 3.3.0 - Local Denial of Service (PoC)
Minix 3.3.0 - Local Denial of Service (PoC)

MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service
Minix 3.3.0 - Remote TCP/IP Stack Denial of Service

Apache 2.4.23 (mod_http2) - Denial of Service

Adobe Animate 15.2.1.95 - Memory Corruption

CoolPlayer - m3u File Local Buffer Overflow
CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow

Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit)
Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDAV Privilege Escalation (MS16-016) (Metasploit)

Apache Tomcat (WebDAV) - Remote File Disclosure
Apache Tomcat - (WebDAV) Remote File Disclosure

Apache Tomcat (WebDAV) - Remote File Disclosure (SSL)
Apache Tomcat - (WebDAV) Remote File Disclosure (SSL)

APT - Repository Signing Bypass via Memory Allocation Failure

PHPFootball 1.6 - (show.php) Remote Database Disclosure
PHPFootball 1.6 - Remote Database Disclosure

Aprox CMS Engine 5 (1.0.4) - Local File Inclusion
Aprox CMS Engine 5.1.0.4 - Local File Inclusion

PHP Help Agent 1.1 - (content) Local File Inclusion
PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion

Alstrasoft Affiliate Network Pro - (pgm) SQL Injection
Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection
PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection
Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection
PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection
Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection
Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection
Siteframe - 'folder.php id' SQL Injection
PHPFootball 1.6 - (show.php) SQL Injection
DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection
HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection
Siteframe CMS 3.2.3 - 'folder.php' SQL Injection
PHPFootball 1.6 - SQL Injection
DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection
HRS Multi - 'key' Parameter Blind SQL Injection
MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection
MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection
MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection
EZWebAlbum (dlfilename) - Remote File Disclosure
Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection
ShopCartDx 4.30 - 'pid' SQL Injection
MojoPersonals - Blind SQL Injection
MojoJobs - Blind SQL Injection
MojoAuto - Blind SQL Injection
EZWebAlbum - Remote File Disclosure
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
ShopCartDx 4.30 - 'pid' Parameter SQL Injection
YouTube blog 0.1 - (Remote File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Pre Survey Poll - 'default.asp catid' SQL Injection
Atom Photoblog 1.1.5b1 - (photoId) SQL Injection
ibase 2.03 - 'download.php' Remote File Disclosure
YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting
Pre Survey Poll - 'catid' Parameter SQL Injection
Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection
ibase 2.03 - Remote File Disclosure
Live Music Plus 1.1.0 - 'id' SQL Injection
xrms 1.99.2 - (Remote File Inclusion / Cross-Site Scripting / Information Gathering) Multiple Vulnerabilities
Live Music Plus 1.1.0 - 'id' Parameter SQL Injection
XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering
FizzMedia 1.51.2 - (comment.php mid) SQL Injection
PHPTest 0.6.3 - (picture.php image_id) SQL Injection
FizzMedia 1.51.2 - SQL Injection
PHPTest 0.6.3 - SQL Injection
Mobius 1.4.4.1 - (browse.php id) SQL Injection
EPShop < 3.0 - 'pid' SQL Injection
Mobius 1.4.4.1 - SQL Injection
EPShop < 3.0 - 'pid' Parameter SQL Injection
TriO 2.1 - (browse.php id) SQL Injection
CMScout 2.05 - (common.php bit) Local File Inclusion
Getacoder clone - (sb_protype) SQL Injection
GC Auction Platinum - (cate_id) SQL Injection
SiteAdmin CMS - (art) SQL Injection
TriO 2.1 - 'browse.php' SQL Injection
CMScout 2.05 - 'bit' Parameter Local File Inclusion
Getacoder clone - 'sb_protype' Parameter SQL Injection
GC Auction Platinum - 'cate_id' Parameter SQL Injection
SiteAdmin CMS - 'art' Parameter SQL Injection

Youtuber Clone - 'ugroups.php UID' SQL Injection
Youtuber Clone - SQL Injection

PixelPost 1.7.1 - (language_full) Local File Inclusion
PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion
ViArt Shop 3.5 - (category_id) SQL Injection
Minishowcase 09b136 - 'lang' Local File Inclusion
ViArt Shop 3.5 - 'category_id' Parameter SQL Injection
Minishowcase 09b136 - 'lang' Parameter Local File Inclusion
Gregarius 0.5.4 - rsargs[] SQL Injection
PHP Hosting Directory 2.0 - (admin.php rd) Remote File Inclusion
HIOX Random Ad 1.3 - (hioxRandomAd.php hm) Remote File Inclusion
hiox browser Statistics 2.0 - Remote File Inclusion
Gregarius 0.5.4 - SQL Injection
PHP Hosting Directory 2.0 - Remote File Inclusion
HIOX Random Ad 1.3 - Remote File Inclusion
HIOX Browser Statistics 2.0 - Remote File Inclusion
nzFotolog 0.4.1 - (action_file) Local File Inclusion
ZeeReviews - 'comments.php ItemID' SQL Injection
nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion
ZeeReviews - SQL Injection

Article Friendly Pro/Standard - (Cat) SQL Injection
Article Friendly Pro/Standard - SQL Injection
PozScripts Classified Ads Script - 'cid' SQL Injection
TubeGuru Video Sharing Script - (UID) SQL Injection
PozScripts Classified Ads Script - 'cid' Parameter SQL Injection
TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection

pligg 9.9.0 - (Cross-Site Scripting / Local File Inclusion / SQL Injection) Multiple Vulnerabilities
pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection

camera life 2.6.2b4 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting

Alstrasoft Article Manager Pro - (Authentication Bypass) SQL Injection
Alstrasoft Article Manager Pro 1.6 - Authentication Bypass

viart shopping cart 3.5 - Multiple Vulnerabilities
Viart shopping cart 3.5 - Multiple Vulnerabilities

PHPFootball 1.6 - (filter.php) Remote Hash Disclosure
PHPFootball 1.6 - Remote Hash Disclosure
talkback 2.3.14 - Multiple Vulnerabilities
Siteframe CMS 3.2.x - (SQL Injection / phpinfo()) Multiple Vulnerabilities
TalkBack 2.3.14 - Multiple Vulnerabilities
Siteframe CMS 3.2.x - SQL Injection / phpinfo()

CMScout - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
CMScout - Cross-Site Scripting / HTML Injection

ShopCartDx 4.30 - (products.php) Blind SQL Injection
ShopCartDx 4.30 - 'products.php' Blind SQL Injection

viart shop 4.0.5 - Multiple Vulnerabilities
ViArt Shop 4.0.5 - Multiple Vulnerabilities

Siteframe 3.2.3 - (user.php) SQL Injection
Siteframe CMS 3.2.3 - 'user.php' SQL Injection

viart shop 4.0.5 - Cross-Site Request Forgery
ViArt Shop 4.0.5 - Cross-Site Request Forgery

Siteframe 2.2.4 - search.php Cross-Site Scripting

Siteframe 2.2.4 - download.php Information Disclosure
Siteframe CMS 2.2.4 - 'download.php' Information Disclosure

phpx 3.2.3 - Multiple Vulnerabilities
PHPX 3.2.3 - Multiple Vulnerabilities
PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/news.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/user.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/images.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/forums.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution

Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion
Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion
Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - merchants/temp.php rowid Parameter Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php uploadProducts Action pgmid Parameter SQL Injection
Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection
PHPX 3.5.15/3.5.16 - print.php news_id Parameter SQL Injection
PHPX 3.5.15/3.5.16 - forums.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - users.php user_id Parameter SQL Injection
PHPX 3.5.15/3.5.16 - news.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - gallery.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'news.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'gallery.php' SQL Injection
XRms 1.99.2 - activities/some.php title Parameter Cross-Site Scripting
XRms 1.99.2 - companies/some.php company_name Parameter Cross-Site Scripting
XRms 1.99.2 - contacts/some.php last_name Parameter Cross-Site Scripting
XRms 1.99.2 - campaigns/some.php campaign_title Parameter Cross-Site Scripting
XRms 1.99.2 - opportunities/some.php opportunity_title Parameter Cross-Site Scripting
XRms 1.99.2 - cases/some.php case_title Parameter Cross-Site Scripting
XRms 1.99.2 - files/some.php file_id Parameter Cross-Site Scripting
XRms 1.99.2 - reports/custom/mileage.php starting Parameter Cross-Site Scripting
XRms 1.99.2 - 'title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting
XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting
XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting
XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting

Pligg 1.0.4 - 'install1.php' Cross-Site Scripting

Joomla! Component DT Register - 'cat' SQL Injection
Joomla! Component DT Register - 'cat' Parameter SQL Injection

2016-12-15 13:07:17 +00:00

1 commit