Offensive Security
438afbcaf8
DB: 2017-02-25
...
12 new exploits
Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion
Joomla! Component JooDatabase 3.1.0 - SQL Injection
Joomla! Component JO Facebook Gallery 4.5 - SQL Injection
Joomla! Component AJAX Search for K2 2.2 - SQL Injection
Joomla! Component Community Surveys 4.3 - SQL Injection
Joomla! Component Community Polls 4.5.0 - SQL Injection
Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting
Joomla! Component GPS Tools 4.0.1 - SQL Injection
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
Joomla! Component Community Quiz 4.3.5 - SQL Injection
Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting
memcache-viewer - Cross-Site Scripting
2017-02-25 05:01:19 +00:00
Offensive Security
c7c1c7d92e
DB: 2017-02-23
...
13 new exploits
EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
EasyCom For PHP 4.0.0 - Denial of Service
Google Chrome - 'layout' Out-of-Bounds Read
Shutter 0.93.1 - Code Execution
DiskSavvy Enterprise - GET Buffer Overflow (Metasploit)
Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)
Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)
Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection
Joomla! Component VehicleManager 3.9 - SQL Injection
Joomla! Component RealEstateManager 3.9 - SQL Injection
Joomla! Component BookLibrary 3.6.1 - SQL Injection
Joomla! Component MediaLibrary Basic 3.5 - SQL Injection
Lock Photos Album&Videos Safe 4.3 - Directory Traversal
ProjectSend r754 - Insecure Direct Object Reference
Teradici Management Console 2.2.0 - Privilege Escalation
2017-02-23 05:01:18 +00:00
Offensive Security
ad7bd81657
DB: 2017-02-22
...
21 new exploits
Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption
Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access
Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check
Adobe Flash - MP4 AMF Parsing Overflow
Adobe Flash - SWF Stack Corruption
Adobe Flash - Use-After-Free in Applying Bitmap Filter
Adobe Flash - YUVPlane Decoding Heap Overflow
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery
Joomla! Component J-HotelPortal 6.0.2 - 'review_id' Parameter SQL Injection
Joomla! Component J-CruiseReservation Standard 3.0 - 'city' Parameter SQL Injection
Joomla! Component Eventix Events Calendar 1.0 - SQL Injection
Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' Parameter SQL Injection
Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection
Joomla! Component Magic Deals Web 1.2.0 - SQL Injection
Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection
Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit)
Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit)
AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)
2017-02-22 05:01:19 +00:00
Offensive Security
ae0dd9fa7c
DB: 2017-02-20
...
14 new exploits
Linux - Reverse Shell Shellcode (66 bytes)
Joomla! Component com_Joomlaoc - 'id' SQL Injection
Joomla! Component Joomloc 1.0 - 'id' Parameter SQL Injection
Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection
Joomla! Component AWDwall 1.5.4 - Local File Inclusion / SQL Injection
Joomla! Component 'com_osproperty' 2.0.2 - Unrestricted Arbitrary File Upload
Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload
Horde 3.3.5 - Administration Interface admin/PHPshell.php PATH_INFO Parameter Cross-Site Scripting
Horde 3.3.5 - Cross-Site Scripting
Joomla! Component Joomloc-CAT 4.1.3 - 'ville' Parameter SQL Injection
Joomla! Component Joomloc-Lite 1.3.2 - 'site_id' Parameter SQL Injection
Joomla! Component JomWALL 4.0 - 'wuid' Parameter SQL Injection
Joomla! Component OS Property 3.0.8 - SQL Injection
Joomla! Component EShop 2.5.1 - 'id' Parameter SQL Injection
Joomla! Component OS Services Booking 2.5.1 - SQL Injection
Joomla! Component Room Management 1.0 - SQL Injection
Joomla! Component Bazaar Platform 3.0 - SQL Injection
Joomla! Component Google Map Store Locator 4.4 - SQL Injection
Joomla! Component Most Wanted Real Estate 1.1.0 - SQL Injection
NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
Sawmill Enterprise 8.7.9 - Authentication Bypass
PHPShell 2.4 - Session Fixation
2017-02-20 05:01:17 +00:00
Offensive Security
d9f5d919c6
DB: 2017-02-16
...
10 new exploits
Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure
NVIDIA Driver 375.70 - DxgkDdiEscape 0x100008b Out-of-Bounds Read/Write
NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission
GOM Player 2.3.10.5266 - '.fpx' Denial of Service
Cisco ASA - WebVPN CIFS Handling Buffer Overflow
OpenText Documentum D2 - Remote Code Execution
Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 - Multiple Vulnerabilities
Joomla! Component JoomBlog 1.3.1 - SQL Injection
Joomla! Component JSP Store Locator 2.2 - 'id' Parameter SQL Injection
2017-02-16 05:01:17 +00:00
Offensive Security
2f4b2745b1
DB: 2017-02-15
...
11 new exploits
Linux Kernel 3.10.0 (CentOS7) - Denial of Service
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
LG G4 - lghashstorageserver Directory Traversal
LG G4 - Touchscreen Driver write_log Kernel Read/Write
Google Android - Inter-process munmap in android.util.MemoryIntArray
Google Android - android.util.MemoryIntArray Ashmem Race Conditions
Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145)
ShadeYouVPN Client 2.0.1.11 - Privilege Escalation
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation
MLdonkey 2.9.7 - HTTP DOUBLE SLASH Arbitrary File Disclosure
MLdonkey 2.9.7 - Arbitrary File Disclosure
Mldonkey 2.5 -4 - Web Interface Error Message Cross-Site Scripting
MLdonkey 2.5-4 - Cross-Site Scripting
Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)
Joomla! Component NeoRecruit 1.4 - 'id' SQL Injection
Joomla! Component NeoRecruit 1.4 - 'id' Parameter SQL Injection
taifajobs 1.0 - (jobid) SQL Injection
taifajobs 1.0 - 'jobid' Parameter SQL Injection
Pyrophobia 2.1.3.1 - modules/out.php id Parameter Cross-Site Scripting
Pyrophobia 2.1.3.1 - admin/index.php Multiple Parameter Traversal Arbitrary File Access
Pyrophobia 2.1.3.1 - Cross-Site Scripting
Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access
Itech B2B Script 4.29 - Multiple Vulnerabilities
2017-02-15 05:01:16 +00:00
Offensive Security
8b6bfd7f93
DB: 2017-02-13
...
19 new exploits
Cimetrics BACstac 6.2f - Privilege Escalation
Cimetrics BACnet Explorer 4.0 - XML External Entity Injection
SonicDICOM PACS 2.3.2 - Cross-Site Scripting
SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)
SonicDICOM PACS 2.3.2 - Privilege Escalation
Kodi 17.1 - Arbitrary File Disclosure
WhizBiz 1.9 - SQL Injection
TI Online Examination System 2.0 - SQL Injection
Viavi Real Estate - SQL Injection
Viavi Movie Review - 'id' Parameter SQL Injection
Viavi Product Review - 'id' Parameter SQL Injection
Quadz School Management System 3.1 - 'uisd' Parameter SQL Injection
Domains & Hostings Manager PRO 3.0 - 'entries' Parameter SQL Injection
Joomla! Component onisPetitions 2.5 - 'tag' Parameter SQL Injection
Joomla! Component onisQuotes 2.5 - 'tag' Parameter SQL Injection
Joomla! Component onisMusic 2 - 'tag' Parameter SQL Injection
Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection
Joomla! Component Vik Booking 1.7 - SQL Injection
Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection
2017-02-13 05:01:18 +00:00
Offensive Security
ebbc883f34
DB: 2017-02-07
...
13 new exploits
IVPN Client 2.6.1 - Privilege Escalation
Questions and Answers Script 1.1.3 - SQL Injection
Questions and Answers Script 1.1.3 - 'id' Parameter SQL Injection
ThisIsWhyImBroke Clone Script 4.0 - 'id' Parameter SQL Injection
Upworthy Clone Script 1.1.0 - 'id' Parameter SQL Injection
Ultimate Viral Media Script 1.0 - 'id' Parameter SQL Injection
Visual Link Sharing Websites Builder Script 2.1.0 - SQL Injection
ThisIsWhyImBroke Clone Script 4.0.0 - 'id' Parameter SQL Injection
Funny Image and Video Script 2.0.0 - 'id' Parameter SQL Injection
Clone Script Directory Script 1.1.0 - 'cid' Parameter SQL Injection
Viral Pictures and Video Script 2.0.0 - 'id' Parameter SQL Injection
NewsBee CMS - SQL Injection
Web Inspiration Gallery Script 1.0.0 - 'id' Parameter SQL Injection
Viral Fun Facts Sharing Script 1.1.0 - 'id' Parameter SQL Injection
Questions and Answers Script 2.0.0 - 'cid' Parameter SQL Injection
2017-02-07 05:01:16 +00:00
Offensive Security
8290029acb
DB: 2017-02-03
...
12 new exploits
Microsoft Windows 2000 - RPC DCOM Interface Denial of Service
Microsoft Windows Server 2000 - RPC DCOM Interface Denial of Service
Microsoft Windows 2003/XP - Samba Share Resource Exhaustion Exploit
Microsoft Windows Server 2003/XP - Samba Share Resource Exhaustion Exploit
Microsoft Windows 2000/XP - TCP Connection Reset Remote Attack Tool
Microsoft Windows Server 2000/XP - TCP Connection Reset Remote Attack Tool
Microsoft Windows 2003/XP - Remote Denial of Service
Microsoft Windows Server 2003/XP - Remote Denial of Service
Microsoft Windows 2003/XP - IPv6 Remote Denial of Service
Microsoft Windows Server 2003/XP - IPv6 Remote Denial of Service
Microsoft Windows 2000 - UPNP (getdevicelist) Memory Leak Denial of Service
Microsoft Windows Server 2000 - UPNP (getdevicelist) Memory Leak Denial of Service
Microsoft Windows 2003 - '.EOT' Blue Screen of Death Crash
Microsoft Windows Server 2003 - '.EOT' Blue Screen of Death Crash
Microsoft Windows 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)
Microsoft Windows Server 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)
Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service
Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnINSTRING Local kernel Denial of Service
Microsoft Windows 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow
Microsoft Windows Server 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow
Microsoft Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name - Denial of Service
Microsoft Windows Server 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name - Denial of Service
NT 4.0 / Windows 2000 - TCP/IP Printing Service Denial of Service
Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service
Microsoft Windows 2000 - Telnet Server Denial of Service
Microsoft Windows Server 2000 - Telnet Server Denial of Service
Microsoft Windows 2000 - Telnet 'Username' Denial of Service
Microsoft Windows Server 2000 - Telnet 'Username' Denial of Service
Microsoft Windows 2000 - RunAs Service Denial of Service
Microsoft Windows Server 2000 - RunAs Service Denial of Service
Microsoft Windows 2000/NT - Terminal Server Service RDP Denial of Service
Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service
Microsoft Windows 2000/XP - GDI Denial of Service
Microsoft Windows Server 2000/XP - GDI Denial of Service
Microsoft Windows 2000 - Internet Key Exchange Denial of Service (1)
Microsoft Windows 2000 - Internet Key Exchange Denial of Service (2)
Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (1)
Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (2)
Microsoft Windows 2000/NT 4 - TCP Stack Denial of Service (1)
Microsoft Windows 2000/NT 4 - TCP Stack Denial of Service (2)
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1)
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2)
Microsoft Windows 2000 - Lanman Denial of Service (1)
Microsoft Windows 2000 - Lanman Denial of Service (2)
Microsoft Windows Server 2000 - Lanman Denial of Service (1)
Microsoft Windows Server 2000 - Lanman Denial of Service (2)
Microsoft Windows 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows 2000/2003/XP - Graphical Device Interface Library Denial of Service
Microsoft Windows Server 2000/2003/XP - Graphical Device Interface Library Denial of Service
Microsoft Windows 2000/XP - Internet Protocol Validation Remote Code Execution (1)
Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (1)
Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051)
Microsoft Windows Server 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051)
Microsoft Windows 2000/2003/XP - CreateRemoteThread Local Denial of Service
Microsoft Windows Server 2000/2003/XP - CreateRemoteThread Local Denial of Service
Microsoft Windows 2000/XP - Registry Access Local Denial of Service
Microsoft Windows Server 2000/XP - Registry Access Local Denial of Service
Microsoft Windows 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities
Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities
Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service
Microsoft Windows Server 2003/XP - Explorer .WMF File Handling Denial of Service
Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Windows 10 - SMBv3 Tree Connect (PoC)
Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption
Microsoft Windows 2003 - Token Kidnapping Local Exploit (PoC)
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)
Microsoft Windows Server 2003 - Token Kidnapping Local Exploit (PoC)
Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)
Microsoft Windows NT/2000/XP/2003/Vista/2008/7 - User Mode to Ring Escalation (KiTrap0D) (MS10-015)
Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - User Mode to Ring Escalation (KiTrap0D) (MS10-015)
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)
Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (MS11-080)
Microsoft Windows 2000/95/98/NT 4.0 - Long Filename Extension
Microsoft Windows Server 2000/95/98/NT 4.0 - Long Filename Extension
Microsoft Windows 2000 - Named Pipes Predictability
Microsoft Windows Server 2000 - Named Pipes Predictability
Microsoft Windows 2000 - Still Image Service Privilege Escalation
Microsoft Windows Server 2000 - Still Image Service Privilege Escalation
Microsoft Windows 2000/NT 4 - DLL Search Path
Microsoft Windows Server 2000/NT 4 - DLL Search Path
Microsoft Windows 2000 - Debug Registers
Microsoft Windows Server 2000 - Debug Registers
Microsoft Windows 2000 - RunAs Service Named Pipe Hijacking
Microsoft Windows Server 2000 - RunAs Service Named Pipe Hijacking
Microsoft Windows 2000/NT 4 - NTFS File Hiding
Microsoft Windows Server 2000/NT 4 - NTFS File Hiding
Microsoft Windows 2000 / NT 4.0 - Process Handle Local Privilege Elevation
Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (1)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (2)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (3)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (4)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (5)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (6)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (7)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (8)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8)
Microsoft Windows 2000/XP/NT 4 - NetDDE Privilege Escalation (1)
Microsoft Windows 2000/XP/NT 4 - NetDDE Privilege Escalation (2)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2)
Microsoft Windows 2000 - Help Facility .CNT File :Link Buffer Overflow
Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow
Microsoft Windows 2000 - RegEdit.exe Registry Key Value Buffer Overflow
Microsoft Windows Server 2000 - RegEdit.exe Registry Key Value Buffer Overflow
Microsoft Windows 2000 - CreateFile API Named Pipe Privilege Escalation (1)
Microsoft Windows 2000 - CreateFile API Named Pipe Privilege Escalation (2)
Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1)
Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2)
Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
Microsoft Windows NT/2000/XP/2003/Vista/2008/7/8 - Local Ring Exploit (EPATHOBJ)
Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - Local Ring Exploit (EPATHOBJ)
Microsoft Windows 2000/2003/XP - Keyboard Event Privilege Escalation
Microsoft Windows Server 2000/2003/XP - Keyboard Event Privilege Escalation
Microsoft Windows 2003/XP - ReadDirectoryChangesW Information Disclosure
Microsoft Windows Server 2003/XP - ReadDirectoryChangesW Information Disclosure
Microsoft Windows XP/2003/Vista/2008 - WMI Service Isolation Privilege Escalation
Microsoft Windows XP/2003 - RPCSS Service Isolation Privilege Escalation
Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation
Microsoft Windows Server 2003/XP - RPCSS Service Isolation Privilege Escalation
Microsoft Windows 2000/XP/2003 - Desktop Wall Paper System Parameter Privilege Escalation
Microsoft Windows Server 2000/2003/XP - Desktop Wall Paper System Parameter Privilege Escalation
Microsoft Windows 2000/XP/2003/Vista - Double-Free Memory Corruption Privilege Escalation
Microsoft Windows Server 2000/2003/XP/Vista - Double-Free Memory Corruption Privilege Escalation
Ghostscript 9.20 - 'Filename' Command Execution
Microsoft Windows 2000 - RSVP Server Authority Hijacking (PoC)
Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC)
Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit
Microsoft Windows Server 2000/XP - RPC Remote (Non Exec Memory) Exploit
Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (2)
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (2)
Microsoft Windows 2000 - WINS Remote Code Execution
Microsoft Windows Server 2000 - WINS Remote Code Execution
Microsoft Windows XP/2003 - Metafile Escape() Code Execution (Metasploit)
Microsoft Windows Server 2003/XP - Metafile Escape() Code Execution (Metasploit)
WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Python)
WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Perl)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)
Microsoft Windows 2000 SP4 - DNS RPC Remote Buffer Overflow
Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow
Microsoft IIS 5.0/6.0 FTP Server - Remote Stack Overflow (Windows 2000)
Microsoft IIS 5.0/6.0 FTP Server (Windows 2000) - Remote Stack Overflow
Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)
Microsoft Windows Server 2003/XP/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)
Microsoft Internet Explorer 5 (Windows 2000/95/98/NT 4) - XML HTTP Redirect
Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4) - XML HTTP Redirect
Microsoft Index Server 2.0 / Indexing Services (Windows 2000) - Directory Traversal
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - Directory Traversal
Cat Soft Serv-U FTP Server 2.5/a/b (Windows 2000/95/98/NT 4.0) - Shortcut Exploit
Cat Soft Serv-U FTP Server 2.5/a/b (Windows 95/98/2000/NT 4.0) - Shortcut Exploit
Microsoft Windows 2000 - Remote CPU-overload
Microsoft Windows Server 2000 - Remote CPU-overload
Microsoft Windows 2000 - telnet.exe NTLM Authentication
Microsoft Windows Server 2000 - telnet.exe NTLM Authentication
Microsoft Indexing Services (Windows 2000/NT 4.0) - '.htw' Cross-Site Scripting
Microsoft Indexing Service (Windows 2000/NT 4.0) - '.htw' Cross-Site Scripting
Microsoft Indexing Services (Windows 2000) - File Verification
Microsoft Indexing Service (Windows 2000) - File Verification
SurfControl SuperScout WebFilter for windows 2000 - File Disclosure
SurfControl SuperScout WebFilter for windows 2000 - SQL Injection
Microsoft Windows 2000/XP/NT 4 - Help Facility ActiveX Control Buffer Overflow
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
SurfControl SuperScout WebFilter for Windows 2000 - SQL Injection
Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow
Microsoft Windows 2000 - Active Directory Remote Stack Overflow
Microsoft Windows Server 2000 - Active Directory Remote Stack Overflow
Microsoft Windows 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow
Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow
Microsoft Windows 2000 - Subnet Bandwidth Manager RSVP Server Authority Hijacking
Microsoft Windows Server 2000 - Subnet Bandwidth Manager RSVP Server Authority Hijacking
Microsoft Windows 2000/2003/XP - winhlp32 Phrase Integer Overflow
Microsoft Windows 2000/2003/XP - winhlp32 Phrase Heap Overflow
Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Integer Overflow
Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Heap Overflow
Microsoft Windows 2000/XP - Internet Protocol Validation Remote Code Execution (2)
Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (2)
Microsoft Windows 2000/2003 - Recursive DNS Spoofing (1)
Microsoft Windows 2000/2003 - Recursive DNS Spoofing (2)
Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing (1)
Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing (2)
Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes)
Travel Portal Script 9.33 - SQL Injection
Movie Portal Script 7.35 - SQL Injection
Itech Travel Portal Script 9.33 - SQL Injection
Itech Movie Portal Script 7.35 - SQL Injection
Auction Script 6.49 - SQL Injection
Itech Auction Script 6.49 - 'mcid' Parameter SQL Injection
Itech News Portal Script 6.28 - SQL Injection
Itech News Portal Script 6.28 - 'inf' Parameter SQL Injection
Video Sharing Script 4.94 - SQL Injection
Itech Video Sharing Script 4.94 - 'v' Parameter SQL Injection
Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection
Itech Classifieds Script 7.27 - SQL Injection
Video Sharing Script 4.94 - 'uid' Parameter SQL Injection
Itech Video Sharing Script 4.94 - SQL Injection
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby)
Itech Travel Portal Script 9.35 - SQL Injection
Property Listing Script - 'propid' Parameter Blind SQL Injection
Itech Inventory Management Software 3.77 - SQL Injection
Itech Movie Portal Script 7.37 - SQL Injection
Itech News Portal Script 6.28 - 'sc' Parameter SQL Injection
Itech Auction Script 6.49 - 'pid' Parameter SQL Injection
2017-02-03 05:01:17 +00:00
Offensive Security
1a4e6f50a9
DB: 2017-02-01
...
65 new exploits
Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow
Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service
PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow
PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)
Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service
Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service
Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service
ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC)
ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x86/x64) - LZH archive parsing (PoC)
Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service
VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
Samba < 3.6.2 (x86) - Denial of Serviec (PoC)
Adobe Flash - Bad Dereference at 0x23c on Linux x64
Adobe Flash (Linux x64) - Bad Dereference at 0x23c
Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Core FTP Server 32-bit Build 587 - Heap Overflow
Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC)
Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC)
RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation
RedHat 6.2 /usr/bin/rcp - 'SUID' Privilege Escalation
Setuid perl - PerlIO_Debug() Root Owned File Creation Privilege Escalation
Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation
Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid)
Qpopper 4.0.8 (Linux) - (poppassd) Privilege Escalation
Wireless Tools 26 (IWConfig) - Privilege Escalation
Qpopper 4.0.8 (Linux) - 'poppassd' Privilege Escalation
Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure
Rocks Clusters 4.1 - (umount-loop) Privilege Escalation
Rocks Clusters 4.1 - (mount-loop) Privilege Escalation
Rocks Clusters 4.1 - 'umount-loop' Privilege Escalation
Rocks Clusters 4.1 - 'mount-loop' Privilege Escalation
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation
Postfix 2.6-20080814 - (symlink) Privilege Escalation
Postfix 2.6-20080814 - 'symlink' Privilege Escalation
Oracle Database Vault - ptrace(2) Privilege Escalation
Oracle Database Vault - 'ptrace(2)' Privilege Escalation
Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off-by-One Local Exploit
Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load (Privilege Escalation)
GNU C Library 2.x (libc6) - (Dynamic Linker LD_AUDIT Arbitrary DSO Load) Privilege Escalation
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Privilege Escalation (1)
Free Download Manager - Torrent Parsing Buffer Overflow (Metasploit)
Free Download Manager 3.0 Build 844 - Torrent Parsing Buffer Overflow (Metasploit)
VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)
PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation
PolicyKit polkit-1 < 0.101 - Privilege Escalation
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail) (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail 8.10.1) (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
QNX RTOS 4.25/6.1 - phgrafxPrivilege Escalation
QNX RTOS 4.25/6.1 - phgrafx-startup Privilege Escalation
QNX RTOS 4.25/6.1 - 'phgrafx' Privilege Escalation
QNX RTOS 4.25/6.1 - 'phgrafx-startup' Privilege Escalation
Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure
Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)
Microsoft Windows 10 10586 (x86/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)
MySQL 3.23.x - mysqld Privilege Escalation
MySQL 3.23.x - 'mysqld' Privilege Escalation
Platform Load Sharing Facility 4/5/6 - EAuth Privilege Escalation
MTools 3.9.x - MFormat Privilege Escalation
Platform Load Sharing Facility 4/5/6 - 'EAuth' Privilege Escalation
MTools 3.9.x - 'MFormat' Privilege Escalation
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)
sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Privilege Escalation + glibc FORTIFY_SOURCE Bypass
sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation
Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2)
ZABBIX 1.1.4/1.4.2 - daemon_start Privilege Escalation
ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3)
LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure
Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation
Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)
Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation
Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)
TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure
Linux Kernel 3.13 - Privilege Escalation PoC (SGID)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)
OSSEC 2.8 - hosts.deny Privilege Escalation
OSSEC 2.8 - 'hosts.deny' Privilege Escalation
Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition
Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation
Linux espfix64 - Privilege Escalation (Nested NMIs Interrupting)
Linux (x86) - Memory Sinkhole Privilege Escalation (PoC)
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation (PoC)
RHEL 7.0/7.1 - abrt/sosreport Privilege Escalation
RHEL 7.0/7.1 - 'abrt/sosreport' Privilege Escalation
MySQL 5.5.45 (x64) - Local Credentials Disclosure
Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Privilege Escalation
Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation
ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Microsoft Windows 7 (x32/x64) - Group Policy Privilege Escalation (MS16-072)
Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)
Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak
Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)
Viscosity 1.6.7 - Privilege Escalation
BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution
BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution
Solaris /bin/login (SPARC/x86) - Remote Code Execution
gpsdrive 2.09 (x86) - (friendsd2) Remote Format String
PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit)
dproxy-nexgen (Linux/x86) - Buffer Overflow
dproxy-nexgen (Linux x86) - Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)
AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit)
32bit FTP Client - Stack Buffer Overflow (Metasploit)
Free Download Manager - Remote Control Server Buffer Overflow (Metasploit)
Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)
PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)
CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit)
Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Webmin 0.x - RPC Function Privilege Escalation
Webmin 0.x - 'RPC' Function Privilege Escalation
Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit
Nginx 1.4.0 (x64) - (Generic Linux) Remote Exploit
Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit
technote 7.2 - Remote File Inclusion
Technote 7.2 - Remote File Inclusion
JAWS 0.2/0.3 - 'index.php' gadget Parameter Traversal Arbitrary File Access
JAWS 0.2/0.3 - Cookie Manipulation Authentication Bypass
JAWS 0.2/0.3 - 'index.php' action Parameter Cross-Site Scripting
Jaws 0.2/0.3 - 'gadget' Parameter Traversal Arbitrary File Access
Jaws 0.2/0.3 - Cookie Manipulation Authentication Bypass
Jaws 0.2/0.3 - 'action' Parameter Cross-Site Scripting
JAWS 0.2/0.3/0.4 - ControlPanel.php SQL Injection
Jaws 0.2/0.3/0.4 - ControlPanel.php SQL Injection
JAWS Glossary 0.4/0.5 - Cross-Site Scripting
Jaws Glossary 0.4/0.5 - Cross-Site Scripting
JAWS 0.x - Remote File Inclusion
Jaws 0.x - Remote File Inclusion
FlatNux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities
Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities
Multiple Netgear Routers - Password Disclosure
Video Sharing Script 4.94 - 'uid' Parameter SQL Injection
Netman 204 - Backdoor Account / Password Reset
2017-02-01 05:01:19 +00:00
Offensive Security
bf6526a40b
DB: 2017-01-31
...
39 new exploits
OpenSSL 1.1.0 - Remote Client Denial of Service
CDRTools CDRecord 2.0 - Mandrake Privilege Escalation
CDRTools CDRecord 2.0 (Mandrake / Slackware) - Privilege Escalation
RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit
RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation
BitchX 1.0c19 - Privilege Escalation (suid?)
Apache 1.3.31 (mod_include) - Local Buffer Overflow
BitchX 1.0c19 - Privilege Escalation
Apache 1.3.31 mod_include - Local Buffer Overflow
AIX 4.3/5.1 < 5.3 - lsmcode Command Execution Privilege Escalation
AIX 4.3/5.1 < 5.3 - 'lsmcode' Command Execution Privilege Escalation
Debian 2.2 - /usr/bin/pileup Privilege Escalation
Debian 2.2 /usr/bin/pileup - Privilege Escalation
Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation
GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow
Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow
IBM AIX 5.3 sp6 - ftp gets() Privilege Escalation
IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation
IBM AIX 5.3.0 - setlocale() Privilege Escalation
IBM AIX 5.3.0 - 'setlocale()' Privilege Escalation
FreeBSD 6x/7 - protosw kernel Local Privilege Escalation Exploit
FreeBSD 6x/7 protosw Kernel - Privilege Escalation
PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit
HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow
(Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation
(Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation
Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit)
Linux Kernel 4.6.3 (x86) - 'Netfilter' Privilege Escalation (Metasploit)
FreeBSD 6.4 - Netgraph Local Privilege Escalation Exploit
FreeBSD 6.4 - Netgraph Privilege Escalation
PHP 5.4.3 (Windows x86 Polish) - Code Execution
Apache (Mod_Auth_OpenID) - Session Stealing
Apache Mod_Auth_OpenID - Session Stealing
cPanel 5.0 - Openwebmail Privilege Escalation
cPanel 5.0 - 'Openwebmail' Privilege Escalation
Apache 2.0.4x (mod_php) - File Descriptor Leakage (1)
Apache 2.0.4x (mod_php) - File Descriptor Leakage (2)
Apache 2.0.4x mod_php - File Descriptor Leakage (1)
Apache 2.0.4x mod_php - File Descriptor Leakage (2)
Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3)
Apache 2.0.4x mod_perl - File Descriptor Leakage (3)
cPanel 5-9 - Privilege Escalation
cPanel 5 < 9 - Privilege Escalation
Apache 1.3.x (mod_include) - Local Buffer Overflow
Apache 1.3.x mod_include - Local Buffer Overflow
IBM AIX 5.x - Diag Privilege Escalation Vulnerabilities
IBM AIX 5.x - 'Diag' Privilege Escalation
Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation
Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation
Amanda 3.3.1 - amstar Command Injection Privilege Escalation
Amanda 3.3.1 - 'amstar' Command Injection Privilege Escalation
Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1)
Deepin Linux 15 - lastore-daemon Privilege Escalation
Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1)
Deepin Linux 15 - 'lastore-daemon' Privilege Escalation
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)
Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)
Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)
Allwinner 3.4 Legacy Kernel - Privilege Escalation (Metasploit)
Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('mysql' System User) Privilege Escalation / Race Condition
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' Privilege Escalation
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('root' System User) Privilege Escalation
Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)
Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Privilege Escalation (Metasploit)
Apache CouchDB 2.0.0 - Local Privilege Escalation
Apache CouchDB 2.0.0 - Privilege Escalation
Vesta Control Panel 0.9.8-16 - Local Privilege Escalation
Vesta Control Panel 0.9.8-16 - Privilege Escalation
Systemd 228 - Privilege Escalation (PoC)
Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Privilege Escalation (PoC)
Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation (PoC)
Apache 1.3.x (mod_mylo) - Remote Code Execution
Apache 1.3.x mod_mylo - Remote Code Execution
Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure
Apache 1.3.x < 2.0.48 mod_userdir - Remote Users Disclosure
Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit
Veritas NetBackup 6.0 (Windows x86) - (bpjava-msvc) Remote Exploit
Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow
Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow
Apache 2.0.58 mod_rewrite (Windows 2003) - Remote Overflow
Apache Tomcat Connector (mod_jk) - Remote Exploit (exec-shield)
Apache Tomcat Connector mod_jk - 'exec-shield' Remote Exploit
3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)
SapLPD 6.28 (Windows x86) - Remote Buffer Overflow
Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow
Apache Tomcat Connector jk2-2.0.2 (mod_jk2) - Remote Overflow
Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow
Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow
Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting
Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting
Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit
Apache (mod_proxy) - Reverse Proxy Exposure (PoC)
Apache mod_proxy - Reverse Proxy Exposure (PoC)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit
Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting
Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting
Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass
Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass
Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass
Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass
Apache (mod_wsgi) - Information Disclosure
Apache mod_wsgi - Information Disclosure
Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Exploit
Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution
phpGraphy 0.9.12 - Privilege Escalation / Commands Execution Exploit
phpGraphy 0.9.12 - Privilege Escalation / Commands Execution
PEAR 1.9.0 - Multiple Remote File Inclusion
PHP PEAR 1.9.0 - Multiple Remote File Inclusion
Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload
PHP PEAR HTTP_Upload 1.0.0b3 - Arbitrary File Upload
Radisys MRF - Command Injection
PHP PEAR 1.10.1 - Arbitrary File Download
Caregiver Script 2.57 - SQL Injection
Auction Script 6.49 - SQL Injection
Itech B2B Script 4.28 - SQL Injection
Itech Classifieds Script 7.27 - 'scat' Parameter SQL Injection
Itech Dating Script 3.26 - SQL Injection
Itech Freelancer Script 5.13 - SQL Injection
Itech Multi Vendor Script 6.49 - SQL Injection
Itech News Portal Script 6.28 - SQL Injection
Itech Real Estate Script 3.12 - SQL Injection
PHP Product Designer Script - Arbitrary File Upload
PHP Logo Designer Script - Arbitrary File Upload
Video Sharing Script 4.94 - SQL Injection
HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download
Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection
Itech Dating Script 3.26 - 'send_gift.php' SQL Injection
Itech Real Estate Script 3.12 - 'id' Parameter SQL Injection
2017-01-31 05:01:15 +00:00
Offensive Security
2b017ecadf
DB: 2017-01-28
...
6 new exploits
Palo Alto Networks Terminal Services Agent 7.0.3-13 - Integer Overflow
My Photo Gallery 1.0 - SQL Injection
Maian Weblog 4.0 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
Online Hotel Booking System Pro 1.2 - SQL Injection
WordPress Plugin Online Hotel Booking System Pro 1.0 - SQL Injection
2017-01-28 05:01:17 +00:00
Offensive Security
d0b74905e8
DB: 2017-01-27
...
17 new exploits
Google Android - 'pm_qos' KASLR Bypass
macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption
macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free
macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free
Systemd 228 - Privilege Escalation (PoC)
OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation
Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference Denial of Service
Haraka < 2.8.9 - Remote Command Execution
Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)
Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1)
Drupal 7.0 < 7.31 - SQL Injection (1)
Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2)
Drupal 7.0 < 7.31 - SQL Injection (2)
Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload
KB Affiliate Referral Script 1.0 - Authentication Bypass
KB Login Authentication Script 1.1 - Authentication Bypass
KB Messages PHP Script 1.0 - Authentication Bypass
Web Based TimeSheet Script - Authentication Bypass
TM RG4332 Wireless Router - Arbitrary File Disclosure
PHPBack < 1.3.1 - SQL Injection / Cross-Site Scripting
Polycom VVX Web Interface - Change Admin Password
2017-01-27 05:01:17 +00:00
Offensive Security
45360ed27c
DB: 2017-01-26
...
7 new exploits
OpenSSL ASN.1 <= 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs
OpenSSL ASN.1 < 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs
Inframail Advantage Server Edition 6.0 <= 6.37 - (SMTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 <= 6.37 - (FTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow
Blitzkrieg 2 <= 1.21 - (server/client) Denial of Service
Blitzkrieg 2 < 1.21 - (Server/Client) Denial of Service
Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1)
DESlock+ <= 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC)
DESlock+ < 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC)
DESlock+ <= 3.2.7 - Local Kernel Overflow (PoC)
DESlock+ <= 3.2.7 - Local Kernel Race Condition Denial of Service (PoC)
DESlock+ <= 3.2.7 - (probe read) Local Kernel Denial of Service (PoC)
DESlock+ < 3.2.7 - Local Kernel Overflow (PoC)
DESlock+ < 3.2.7 - Local Kernel Race Condition Denial of Service (PoC)
DESlock+ < 3.2.7 - (probe read) Local Kernel Denial of Service (PoC)
ViPlay3 <= 3.00 - '.vpl' Local Stack Overflow (PoC)
ViPlay3 < 3.00 - '.vpl' Local Stack Overflow (PoC)
Microsoft Windows 2000<2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)
Microsoft Windows 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)
Adobe Flash - No Checks on Vector.<uint> Capacity Field
Adobe Flash - 'uint' Capacity Field
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (1)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (2)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4)
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (1)
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (2)
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3)
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'logrotate prctl()' Privilege Escalation
Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Privilege Escalation
X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1)
X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow
X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow
X11R6 < 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1)
X11R6 < 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow
X11R6 < 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow
X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2)
X11R6 < 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2)
AtomixMP3 <= 2.3 - '.m3u' Buffer Overflow
AtomixMP3 < 2.3 - '.m3u' Buffer Overflow
Linux Kernel 2.6.17 <= 2.6.24.1 - 'vmsplice' Privilege Escalation (2)
Linux Kernel 2.6.23 <= 2.6.24 - 'vmsplice' Privilege Escalation (1)
Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Privilege Escalation (2)
Linux Kernel 2.6.23 < 2.6.24 - 'vmsplice' Privilege Escalation (1)
DESlock+ <= 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC)
DESlock+ <= 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit
DESlock+ <= 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit
DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC)
DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit
DESlock+ < 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit
AtomixMP3 <= 2.3 - 'Playlist' Universal Overwrite (SEH)
AtomixMP3 < 2.3 - 'Playlist' Universal Overwrite (SEH)
Linux Kernel 2.6.18 <= 2.6.18-20 - Privilege Escalation
Linux Kernel 2.6.18 < 2.6.18-20 - Privilege Escalation
Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC)
Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC)
AhnLab V3 Internet Security 8.0 <= 1.2.0.4 - Privilege Escalation
NProtect Anti-Virus 2007 <= 2010.5.11.1 - Privilege Escalation
ESTsoft ALYac Anti-Virus 1.5 <= 5.0.1.2 - Privilege Escalation
ViRobot Desktop 5.5 and Server 3.5 <= 2008.8.1.1 - Privilege Escalation
AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Privilege Escalation
NProtect Anti-Virus 2007 < 2010.5.11.1 - Privilege Escalation
ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Privilege Escalation
ViRobot Desktop 5.5 and Server 3.5 < 2008.8.1.1 - Privilege Escalation
DESlock+ <= 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit
DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit
PolicyKit polkit-1 <= 0.101 - Linux Privilege Escalation
PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation
Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)
Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit)
Linux Kernel 2.4.4 < 2.4.37.4 / 2.6.0 < 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit)
Linux Kernel 2.6.32 <= 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1)
Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1)
Linux Kernel 2.6.0 <= 2.6.31 - 'pipe.c' Privilege Escalation (1)
Linux Kernel 2.6.0 < 2.6.31 - 'pipe.c' Privilege Escalation (1)
Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation
Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation
Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)
OSSEC 2.7 <= 2.8.1 - 'diff' Command Privilege Escalation
OSSEC 2.7 < 2.8.1 - 'diff' Command Privilege Escalation
GNU Screen 4.5.0 - Privilege Escalation (PoC)
GNU Screen 4.5.0 - Privilege Escalation
Man-db 2.6.7.1 - Privilege Escalation (PoC)
e107 <= 0.6172 - 'resetcore.php' SQL Injection
e107 < 0.6172 - 'resetcore.php' SQL Injection
Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2)
Mercur Messaging 2005 <= SP4 - IMAP Remote Exploit (Egghunter)
Mercur Messaging 2005 < SP4 - IMAP Remote Exploit (Egghunter)
Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite
Mercury/32 Mail Server 3.32 < 4.51 - SMTP Unauthenticated EIP Overwrite
Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure
Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure
Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl)
Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby)
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl)
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby)
Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python)
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python)
navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure
Navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure
NaviCopa Web Server 3.01 - Remote Buffer Overflow
NaviCopa WebServer 3.01 - Remote Buffer Overflow
Oracle Database 10.1.0.5 <= 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow
Oracle Database 10.1.0.5 < 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow
Liquid XML Studio 2010 <= 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow
TFTPD32 <= 2.21 - Long Filename Buffer Overflow (Metasploit)
TFTPD32 < 2.21 - Long Filename Buffer Overflow (Metasploit)
Mercury/32 <= 4.01b - PH Server Module Buffer Overflow (Metasploit)
Mercury/32 < 4.01b - PH Server Module Buffer Overflow (Metasploit)
Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit)
Mercury/32 Mail Server < 4.01b - LOGIN Buffer Overflow (Metasploit)
Exim4 <= 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
Mozilla Firefox 7 / 8 <= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit)
Mozilla Firefox 7 / 8 < 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit)
Active Collab 'chat module' <= 2.3.8 - Remote PHP Code Injection (Metasploit)
Active Collab 'chat module' < 2.3.8 - Remote PHP Code Injection (Metasploit)
Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting
Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting
ntop/nbox 2.3 <= 2.5 - Multiple Vulnerabilities
ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities
Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
Mozilla Firefox < 50.0.2 - nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution (Metasploit)
Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit)
Geutebrueck GCore 1.3.8.42/1.4.2.37 - Remote Code Execution (Metasploit)
Drupal 4.5.3 <= 4.6.1 - Comments PHP Injection
Drupal 4.5.3 < 4.6.1 - Comments PHP Injection
FCKEditor 2.0 <= 2.2 - 'FileManager connector.php' Arbitrary File Upload
FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
RechnungsZentrale V2 <= 1.1.3 - Remote File Inclusion
RechnungsZentrale V2 < 1.1.3 - Remote File Inclusion
RsGallery2 <= 1.11.2 - 'rsgallery.html.php' File Inclusion
RsGallery2 < 1.11.2 - 'rsgallery.html.php' File Inclusion
Invision Power Board 2.1 <= 2.1.6 - SQL Injection (1)
Invision Power Board 2.1 < 2.1.6 - SQL Injection (1)
Invision Power Board 2.1 <= 2.1.6 - SQL Injection (2)
Invision Power Board 2.1 < 2.1.6 - SQL Injection (2)
vbPortal 3.0.2 <= 3.6.0 b1 - 'cookie' Remote Code Execution
vbPortal 3.0.2 < 3.6.0 b1 - 'cookie' Remote Code Execution
Wikepage Opus 10 <= 2006.2a (lng) - Remote Command Execution
Wikepage Opus 10 < 2006.2a (lng) - Remote Command Execution
e107 <= 0.75 - (GLOBALS Overwrite) Remote Code Execution
e107 < 0.75 - (GLOBALS Overwrite) Remote Code Execution
Haberx 1.02 <= 1.1 - (tr) SQL Injection
Haberx 1.02 < 1.1 - (tr) SQL Injection
PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion
PNPHPBB2 < 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion
exV2 <= 2.0.4.3 - (sort) SQL Injection
exV2 < 2.0.4.3 - (sort) SQL Injection
exV2 <= 2.0.4.3 - extract() Remote Command Execution
exV2 < 2.0.4.3 - extract() Remote Command Execution
Kietu? <= 4.0.0b2 - 'hit.php' Remote File Inclusion
Kietu? < 4.0.0b2 - 'hit.php' Remote File Inclusion
Forum82 <= 2.5.2b - (repertorylevel) Multiple File Inclusion
Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion
e107 <= 0.75 - (e107language_e107cookie) Local File Inclusion
e107 < 0.75 - (e107language_e107cookie) Local File Inclusion
Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure
Mambo Component com_flyspray < 1.0.1 - Remote File Disclosure
PNPHPBB2 <= 1.2 - 'index.php' SQL Injection
PNPHPBB2 < 1.2 - 'index.php' SQL Injection
e107 <= 0.7.8 - (photograph) Arbitrary File Upload
e107 < 0.7.8 - (photograph) Arbitrary File Upload
EVA-Web 1.1 <= 2.2 - 'index.php3' Remote File Inclusion
EVA-Web 1.1 < 2.2 - 'index.php3' Remote File Inclusion
PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection
PNPHPBB2 < 1.2i - 'viewforum.php' SQL Injection
WordPress 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities
WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion
PNPHPBB2 < 1.2i - 'PHPEx' Parameter Local File Inclusion
zKup CMS 2.0 <= 2.3 - Remote Add Admin
zKup CMS 2.0 <= 2.3 - Arbitrary File Upload
zKup CMS 2.0 < 2.3 - Remote Add Admin
zKup CMS 2.0 < 2.3 - Arbitrary File Upload
GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection
GLLCTS2 < 4.2.4 - 'detail' Parameter SQL Injection
PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection
PHPHoo3 < 5.2.6 - 'viewCat' Parameter SQL Injection
E-Store Kit-1 <= 2 PayPal Edition - 'pid' Parameter SQL Injection
E-Store Kit-1 < 2 PayPal Edition - 'pid' Parameter SQL Injection
e107 <= 0.7.11 - Arbitrary Variable Overwriting
e107 < 0.7.11 - Arbitrary Variable Overwriting
e107 <= 0.7.13 - 'usersettings.php' Blind SQL Injection
e107 < 0.7.13 - 'usersettings.php' Blind SQL Injection
VideoScript 3.0 <= 4.0.1.50 - Official Shell Injection
VideoScript 3.0 <= 4.1.5.55 - Unofficial Shell Injection
VideoScript 3.0 < 4.0.1.50 - Official Shell Injection
VideoScript 3.0 < 4.1.5.55 - Unofficial Shell Injection
IPNPro3 <= 1.44 - Admin Password Changing Exploit
IPNPro3 < 1.44 - Admin Password Changing Exploit
PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion
PNPHPBB2 < 1.2i - (ModName) Multiple Local File Inclusion
WEBalbum 2.4b - 'photo.php id' Blind SQL Injection
WEBalbum 2.4b - 'id' Parameter Blind SQL Injection
e107 <= 0.7.15 - (extended_user_fields) Blind SQL Injection
e107 < 0.7.15 - (extended_user_fields) Blind SQL Injection
Alqatari group 1.0 <= 5.0 - 'id' SQL Injection
AlefMentor 2.0 <= 5.0 - 'id' SQL Injection
Alqatari group 1.0 < 5.0 - 'id' SQL Injection
AlefMentor 2.0 < 5.0 - 'id' SQL Injection
2DayBiz Matrimonial Script - smartresult.php SQL Injection
2DayBiz Matrimonial Script - 'smartresult.php' SQL Injection
fozzcom shopping<= 7.94+8.04 - Multiple Vulnerabilities
Fozzcom Shopping < 7.94 / < 8.04 - Multiple Vulnerabilities
Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution (Metasploit)
Jcow Social Networking Script 4.2 < 5.2 - Arbitrary Code Execution (Metasploit)
Concrete5 <= 5.4.2.1 - Multiple Vulnerabilities
Concrete5 < 5.4.2.1 - Multiple Vulnerabilities
CaupoShop Pro (2.x / <= 3.70) Classic 3.01 - Local File Inclusion
CaupoShop Pro (2.x < 3.70) Classic 3.01 - Local File Inclusion
Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
Apache Struts2 < 2.3.1 - Multiple Vulnerabilities
Ruslan Communications <Body>Builder - SQL Injection
Ruslan Communications <Body>Builder - Authentication Bypass
AllMyVisitors 0.x - info.inc.php Arbitrary Code Execution
AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution
AllMyVisitors 0.x - 'info.inc.php' Arbitrary Code Execution
AllMyLinks 0.x - 'footer.inc.php' Arbitrary Code Execution
MyBB - 'editpost.php posthash' SQL Injection
MyBB 1.6.9 - 'editpost.php posthash' Time Based SQL Injection
CoolForum 0.5/0.7/0.8 - register.php login Parameter SQL Injection
CoolForum 0.5/0.7/0.8 - 'register.php' login Parameter SQL Injection
MyBB - Multiple Cross-Site Scripting / SQL Injection
MyBulletinBoard (MyBB) RC4 - Multiple Cross-Site Scripting / SQL Injection
4homepages 4Images 1.7 - member.php Cross-Site Scripting
4homepages 4Images 1.7 - 'member.php' Cross-Site Scripting
4Images 1.7.1 - member.php sessionid Parameter SQL Injection
4Images 1.7.1 - 'member.php' sessionid Parameter SQL Injection
Alex DownloadEngine 1.4.1 - comments.php SQL Injection
Alex DownloadEngine 1.4.1 - 'comments.php' SQL Injection
Album Photo Sans Nom 1.6 - Getimg.php Remote File Inclusion
Album Photo Sans Nom 1.6 - 'Getimg.php' Remote File Inclusion
4Images 1.7 - details.php Cross-Site Scripting
4Images 1.7 - 'details.php' Cross-Site Scripting
212Cafe Guestbook 4.00 - show.php Cross-Site Scripting
212Cafe Guestbook 4.00 - 'show.php' Cross-Site Scripting
2z Project 0.9.5 - rating.php Cross-Site Scripting
2z Project 0.9.5 - 'rating.php' Cross-Site Scripting
Openads (PHPAdsNew) <=c 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
212Cafe WebBoard 6.30 - Read.php SQL Injection
212Cafe WebBoard 6.30 - 'Read.php' SQL Injection
PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection
PHP-Nuke Advertising Module 0.9 - 'modules.php' SQL Injection
Drupal 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (1)
Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1)
Drupal 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (2)
Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2)
ManageEngine ServiceDesk Plus 9.0 (< Build 9031) - User Privileges Management
ManageEngine ServiceDesk Plus 9.0 < Build 9031 - User Privileges Management
Joomla! - 'redirect.php' SQL Injection
Joomla! 2.5.1 - 'redirect.php' Time Based SQL Injection
Plone - 'in_portal.py' <= 4.1.3 Session Hijacking
Plone - 'in_portal.py' < 4.1.3 Session Hijacking
Kaltura Community Edition <= 11.1.0-2 - Multiple Vulnerabilities
Kaltura Community Edition < 11.1.0-2 - Multiple Vulnerabilities
Skybox Platform <= 7.0.611 - Multiple Vulnerabilities
Skybox Platform < 7.0.611 - Multiple Vulnerabilities
SOLIDserver <= 5.0.4 - Local File Inclusion
SOLIDserver < 5.0.4 - Local File Inclusion
WordPress Plugin DZS Videogallery <= 8.60 - Multiple Vulnerabilities
WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities
Movie Portal Script 7.36 - Multiple Vulnerabilities
Joomla! < 2.5.2 - Admin Creation
Joomla! < 3.6.4 - Admin TakeOver
2017-01-26 05:01:18 +00:00
Offensive Security
763b417a35
DB: 2017-01-25
...
6 new exploits
Mozilla Firefox 1.5 - (history.dat) Looping (PoC)
Mozilla Firefox 1.5 - 'history.dat' Looping (PoC)
Microsoft Internet Explorer 6 - (script action handlers) 'mshtml.dll' Denial of Service
Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (1)
Microsoft Internet Explorer 6 - Script Action Handlers 'mshtml.dll' Denial of Service
Microsoft Windows Server 2003/XP - IGMP v3 Denial of Service (MS06-007) (1)
Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2)
Microsoft Windows Server 2003/XP - IGMP v3 Denial of Service (MS06-007) (2)
Apple Mac OSX Safari 2.0.3 - (417.9.2) (ROWSPAN) Denial of Service (PoC)
Apple Mac OSX Safari 2.0.3 (417.9.2) - 'ROWSPAN' Denial of Service (PoC)
acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow (PoC)
acFTP FTP Server 1.4 - 'USER' Remote Buffer Overflow (PoC)
0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash (PoC)
0verkill 0.16 - ASCII-ART Game Remote Integer Overflow Crash (PoC)
Clam AntiVirus 0.88.4 - (rebuildpe) Remote Heap Overflow (PoC)
Asterisk 1.0.12 / 1.2.12.1 - (chan_skinny) Remote Heap Overflow (PoC)
Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)
Asterisk 1.0.12 / 1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow (PoC)
AT-TFTP 1.9 - 'Long Filename' Remote Buffer Overflow (PoC)
LeadTools ISIS Control - (ltisi14E.ocx v.14.5.0.44) Remote Denial of Service
LeadTools ISIS Control - 'ltisi14E.ocx 14.5.0.44' Remote Denial of Service
Microsoft Visual FoxPro 6.0 - (FPOLE.OCX 6.0.8450.0) - Remote (PoC)
Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)
Castle Rock Computing SNMPc < 7.1.1 - (Community) Remote Buffer Overflow (PoC)
Castle Rock Computing SNMPc < 7.1.1 - 'Community' Remote Buffer Overflow (PoC)
BitDefender - (module pdf.xmd) Infinite Loop Denial of Service (PoC)
BitDefender - Module pdf.xmd Infinite Loop Denial of Service (PoC)
ClamAV < 0.94.2 - (JPEG Parsing) Recursive Stack Overflow (PoC)
ClamAV < 0.94.2 - JPEG Parsing Recursive Stack Overflow (PoC)
Amaya Web Browser 10.0.1/10.1-pre5 - (html tag) Buffer Overflow (PoC)
Amaya Web Browser 10.0.1/10.1-pre5 - HTML Tag Buffer Overflow (PoC)
Amaya Web Editor - XML and HTML parser Vulnerabilities
Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities
Elecard AVC HD PLAYER - '.m3u' / '.xpl' Local Stack Overflow (PoC)
RealVNC 4.1.2 - (vncviewer.exe) RFB Protocol Remote Code Execution (PoC)
Elecard AVC HD player - '.m3u' / '.xpl' Local Stack Overflow (PoC)
RealVNC 4.1.2 - 'vncviewer.exe' RFB Protocol Remote Code Execution (PoC)
Apple Mac OSX xnu 1228.3.13 - (zip-notify) Remote Kernel Overflow (PoC)
Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
Apple Mac OSX xnu 1228.3.13 - (profil) Kernel Memory Leak/Denial of Service (PoC)
Apple Mac OSX xnu 1228.x - (vfssysctl) Local Kernel Denial of Service (PoC)
Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)
Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
AIMP 2.51 build 330 - (ID3v1/ID3v2 Tag) Remote Stack Buffer Overflow PoC (SEH)
AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow PoC (SEH)
eEye Retina WiFi Security Scanner 1.0 - (.rws Parsing) Buffer Overflow (PoC)
AwingSoft Web3D Player - (WindsPly.ocx) Remote Buffer Overflow (PoC)
eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)
AwingSoft Web3D Player - 'WindsPly.ocx' Remote Buffer Overflow (PoC)
Apple Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC)
Apple Safari 4.0.2 - WebKit Parsing of Floating Point Numbers Buffer Overflow (PoC)
Cerberus FTP 3.0.1 - (ALLO) Remote Overflow Denial of Service (Metasploit)
Cerberus FTP 3.0.1 - 'ALLO' Remote Overflow Denial of Service (Metasploit)
Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5.0 < 0.5.37 / 0.4.0 < 0.4.14 - (PoC)
Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5.0 < 0.5.37 / 0.4.0 < 0.4.14 - Denial of Service (PoC)
Spider Solitaire - Denial of Service (PoC)
Ofilter Player - (skin.ini) Local Crash (PoC)
Ofilter Player - 'skin.ini' Local Crash (PoC)
NPlayer - (.dat Skin) Local Heap Overflow (PoC)
NPlayer - '.dat Skin' Local Heap Overflow (PoC)
MediaMonkey Player - Local Denial of Service
MediaMonkey 3.2.0 - Local Denial of Service
Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)
Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Denial of Service (Crash)
RPM Select/Elite 5.0 - (.xml config parsing) Unicode Buffer Overflow (PoC)
RPM Select/Elite 5.0 - '.xml config parsing' Unicode Buffer Overflow (PoC)
EDraw Flowchart ActiveX Control 2.3 - (EDImage.ocx) Remote Denial of Service (IE)
EDraw Flowchart ActiveX Control 2.3 - 'EDImage.ocx' Remote Denial of Service (IE)
Apple Safari 4.0.5 - (531.22.7) Denial of Service
Apple Safari 4.0.5 (531.22.7) - Denial of Service
Savy Soda Documents - (Mobile Office Suite) '.XLS' Denial of Service
Savy Soda Documents - Mobile Office Suite '.XLS' Denial of Service
Corel WordPerfect Office X5 15.0.0.357 - (wpd) Buffer Overflow (PoC)
Corel Presentations X5 15.0.0.357 - (shw) Buffer Preoccupation (PoC)
Corel WordPerfect Office X5 15.0.0.357 - 'wpd' Buffer Overflow (PoC)
Corel Presentations X5 15.0.0.357 - 'shw' Buffer Preoccupation (PoC)
Barcodewiz BarCode ActiveX 3.29 - (PoC)
Barcodewiz BarCode ActiveX 3.29 - Denial of Service (PoC)
LeadTools 11.5.0.9 - (ltisi11n.ocx) DriverName() Access Violation Denial of Service
LeadTools 11.5.0.9 - (ltlst11n.ocx) Insert() Access Violation Denial of Service
LeadTools 11.5.0.9 - 'ltisi11n.ocx' DriverName() Access Violation Denial of Service
LeadTools 11.5.0.9 - 'ltlst11n.ocx' Insert() Access Violation Denial of Service
LeadTools 11.5.0.9 - (ltdlg11n.ocx) Bitmap Access Violation Denial of Service
LeadTools 11.5.0.9 - 'ltdlg11n.ocx' Bitmap Access Violation Denial of Service
MediaMonkey 3.2.4.1304 - 'mp3' Buffer Overflow (PoC)
MediaMonkey 3.2.4.1304 - '.mp3' Buffer Overflow (PoC)
Flash Player - (Flash6.ocx) AllowScriptAccess Denial of Service (PoC)
Flash Player - 'Flash6.ocx' AllowScriptAccess Denial of Service (PoC)
Microsoft IIS 7.5 (Windows 7) - FTPSVC UNAUTH'D Remote Denial of Service (PoC)
Microsoft IIS 7.5 (Windows 7) - FTPSVC Unauthorized Remote Denial of Service (PoC)
Avira AntiVir QUA file - (avcenter.exe) Local Crash (PoC)
Avira AntiVir - '.QUA' File 'avcenter.exe' Local Crash (PoC)
SlimPDF Reader - (PoC)
SlimPDF Reader - Denial of Service (PoC)
VideoLAN VLC Media Player 1.1.11 - (libav) 'libavcodec_plugin.dll' Denial of Service
VideoLAN VLC Media Player 1.1.11 - libav 'libavcodec_plugin.dll' Denial of Service
PHP Hash Table Collision - (PoC)
PHP Hash Table Collision - Denial of Service (PoC)
EdrawSoft Office Viewer Component ActiveX 5.6 - (officeviewermme.ocx) Buffer Overflow (PoC)
EdrawSoft Office Viewer Component ActiveX 5.6 - 'officeviewermme.ocx' Buffer Overflow (PoC)
PowerNet Twin Client 8.9 - (RFSync 1.0.0.1) Crash (PoC)
PowerNet Twin Client 8.9 - 'RFSync 1.0.0.1' Crash (PoC)
Spytech NetVizor 6.1 - (services.exe) Denial of Service
Spytech NetVizor 6.1 - 'services.exe' Denial of Service
Microsoft Windows Help program - (WinHlp32.exe) Crash (PoC)
Microsoft Windows Help program - 'WinHlp32.exe' Crash (PoC)
Easy DVD Player 3.5.1 - (libav) 'libavcodec_plugin.dll' Denial of Service
Easy DVD Player 3.5.1 - libav 'libavcodec_plugin.dll' Denial of Service
TeraCopy 2.3 - (default.mo) Language File Integer Overflow
TeraCopy 2.3 - 'default.mo' Language File Integer Overflow
Samba < 3.6.2 (x86) - (PoC)
Samba < 3.6.2 (x86) - Denial of Serviec (PoC)
Acoustica Pianissimo 1.0 Build 12 - (Registration ID) Buffer Overflow (PoC)
Acoustica Pianissimo 1.0 Build 12 - 'Registration ID' Buffer Overflow (PoC)
WHMCS 5.12 - 'cart.php' Denial of Service
WHMCompleteSolution (WHMCS) 5.12 - 'cart.php' Denial of Service
BSD chpass - (pw_error(3)) Privilege Escalation
BSD chpass - 'pw_error(3)' Privilege Escalation
Solaris 2.6/7/8/9 (sparc) - (ld.so.1) Privilege Escalation
Solaris 2.6/7/8/9 (sparc) - 'ld.so.1' Privilege Escalation
Tru64 UNIX 5.0 - (Rev. 910) rdist NLSPATH Buffer Overflow
Tru64 UNIX 5.0 - (Rev. 910) edauth NLSPATH Buffer Overflow
Tru64 UNIX 5.0 (Rev. 910) - rdist NLSPATH Buffer Overflow
Tru64 UNIX 5.0 (Rev. 910) - edauth NLSPATH Buffer Overflow
Kerio WebSTAR 5.4.2 (OSX) - (libucache.dylib) Privilege Escalation
Kerio WebSTAR 5.4.2 (OSX) - 'libucache.dylib' Privilege Escalation
Apache 1.3.33/1.3.34 (Ubuntu / Debian) - (CGI TTY) Privilege Escalation
Apache 1.3.33/1.3.34 (Ubuntu / Debian) - CGI TTY Privilege Escalation
East Wind Software - (advdaudio.ocx 1.5.1.1) Local Buffer Overflow
East Wind Software - 'advdaudio.ocx 1.5.1.1' Local Buffer Overflow
Total Video Player 1.31 - (DefaultSkin.ini) Local Stack Overflow
Total Video Player 1.31 - 'DefaultSkin.ini' Local Stack Overflow
Mp3-Nator 2.0 - (ListData.dat) Universal Buffer Overflow (SEH)
Mp3-Nator 2.0 - 'ListData.dat' Universal Buffer Overflow (SEH)
Adobe 9.x Related Service - (getPlus_HelperSvc.exe) Privilege Escalation
Adobe 9.x Related Service - 'getPlus_HelperSvc.exe' Privilege Escalation
Easy Music Player 1.0.0.2 - (wav) Universal Local Buffer Exploit (SEH) (1)
Easy Music Player 1.0.0.2 - (wav) Universal Local Buffer Exploit (SEH) (2)
Easy Music Player 1.0.0.2 - (wav) Universal Local Buffer Exploit (SEH) (3)
Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (1)
Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (2)
Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (3)
Hamster Audio Player 0.3a - (Associations.cfg) Local Buffer Exploit (SEH) (1)
Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer Exploit (SEH) (1)
Hamster Audio Player 0.3a - (Associations.cfg) Local Buffer Exploit (SEH) (2)
Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer Exploit (SEH) (2)
Spider Solitaire - (PoC)
EDraw Flowchart ActiveX Control 2.3 - (.edd parsing) Remote Buffer Overflow (PoC)
EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC)
Gesytec ElonFmt ActiveX 1.1.14 - (ElonFmt.ocx) pid Item Buffer Overflow (SEH)
Gesytec ElonFmt ActiveX 1.1.14 - 'ElonFmt.ocx' pid Item Buffer Overflow (SEH)
SopCast 3.4.7 - (Diagnose.exe) Improper Permissions
SopCast 3.4.7 - 'Diagnose.exe' Improper Permissions
ACE Stream Media 2.1 - (acestream://) Format String (PoC)
ACE Stream Media 2.1 - 'acestream://' Format String (PoC)
Total Video Player 1.3.1 - (Settings.ini) Buffer Overflow (SEH) (Metasploit)
Total Video Player 1.3.1 - 'Settings.ini' Buffer Overflow (SEH) (Metasploit)
RedStar 2.0 Desktop - (World-writeable rc.sysinit) Privilege Escalation
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Privilege Escalation
RedStar 3.0 Desktop - 'Software Manager swmng.app' Privilege Escalation
MASM321 11 Quick Editor - (.qeditor) 4.0g- .qse SEH Based Buffer Overflow (ASLR & SAFESEH Bypass)
MASM321 11 Quick Editor - '.qeditor' 4.0g - .qse SEH Based Buffer Overflow (ASLR & SAFESEH Bypass)
ACROS Security 0patch 2016.05.19.539 - (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation
ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation
Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution
Solaris 2.6/7/8 - (TTYPROMPT in.telnet) Remote Authentication Bypass
Solaris 2.6/7/8 - 'TTYPROMPT in.telnet' Remote Authentication Bypass
BIND 8.2.x - (TSIG) Stack Overflow (1)
BIND 8.2.x - (TSIG) Stack Overflow (2)
BIND 8.2.x - (TSIG) Stack Overflow (3)
BIND 8.2.x - (TSIG) Stack Overflow (4)
BIND 8.2.x - 'TSIG' Stack Overflow (1)
BIND 8.2.x - 'TSIG' Stack Overflow (2)
BIND 8.2.x - 'TSIG' Stack Overflow (3)
BIND 8.2.x - 'TSIG' Stack Overflow (4)
Microsoft IIS 5.0 - (500-100.asp) Server Name Spoof Exploit
Microsoft IIS 5.0 - '500-100.asp' Server Name Spoof Exploit
phpBB 2.0.13 - (admin_styles.php) Remote Command Execution
e107 <= 0.6172 - (resetcore.php) SQL Injection
phpBB 2.0.13 - 'admin_styles.php' Remote Command Execution
e107 <= 0.6172 - 'resetcore.php' SQL Injection
Apple Mac OSX Safari Browser - (Safe File) Remote Code Execution (Metasploit)
Apple Mac OSX Safari Browser - 'Safe File' Remote Code Execution (Metasploit)
Darwin Streaming Server 4.1.2 - (parse_xml.cgi) Code Execution
Darwin Streaming Server 4.1.2 - 'parse_xml.cgi' Code Execution
Cyrus IMAPD 2.3.2 - (pop3d) Remote Buffer Overflow (1)
Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (1)
CesarFTP 0.99g - (MKD) Remote Buffer Overflow (Metasploit)
CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)
Cyrus IMAPD 2.3.2 - (pop3d) Remote Buffer Overflow (2)
Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (2)
AIM Triton 1.0.4 - (SipXtapi) Remote Buffer Overflow (PoC)
AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC)
Microsoft Internet Explorer - (MDAC) Remote Code Execution (MS06-014) (Metasploit) (2)
Cyrus IMAPD 2.3.2 - (pop3d) Remote Buffer Overflow (3)
Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014) (Metasploit) (2)
Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (3)
IBM Director < 5.10 - (Redirect.bat) Directory Traversal
IBM Director < 5.10 - 'Redirect.bat' Directory Traversal
Microsoft Internet Explorer - (VML) Remote Buffer Overflow (SP2) (Perl)
Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl)
Omni-NFS Server 5.2 - (nfsd.exe) Remote Stack Overflow (Metasploit)
Omni-NFS Server 5.2 - 'nfsd.exe' Remote Stack Overflow (Metasploit)
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - 'Long Filename' Remote Buffer Overflow
CA BrightStor ARCserve - (msgeng.exe) Remote Heap Overflow (1)
CA BrightStor ARCserve - (msgeng.exe) Remote Heap Overflow (2)
CA BrightStor ARCserve - 'msgeng.exe' Remote Heap Overflow (1)
CA BrightStor ARCserve - 'msgeng.exe' Remote Heap Overflow (2)
Mozilla Firefox 2.0.0.1 - (location.hostname) Cross-Domain
Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain
3Com TFTP Service (3CTftpSvc) 2.0.1 - (Long Transporting Mode) Exploit (Perl)
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode Exploit (Perl)
CA BrightStor Backup 11.5.2.0 - (Mediasvr.exe) Remote Code Exploit
CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Remote Code Exploit
Aircrack-NG 0.7 - (Specially Crafted 802.11 Packets) Remote Buffer Overflow
Aircrack-NG 0.7 - 'Specially Crafted 802.11 Packets' Remote Buffer Overflow
eCentrex VOIP Client module - (uacomx.ocx 2.0.1) Remote Buffer Overflow
eCentrex VOIP Client module - 'uacomx.ocx 2.0.1' Remote Buffer Overflow
Microsoft Visual Studio 6.0 - (PDWizard.ocx) Remote Command Execution
Microsoft Visual Studio 6.0 - 'PDWizard.ocx' Remote Command Execution
MySpace Uploader - (MySpaceUploader.ocx 1.0.0.4) Buffer Overflow
MySpace Uploader - 'MySpaceUploader.ocx 1.0.0.4' Buffer Overflow
Philips VOIP841 'Firmware 1.0.4.800' - Multiple Vulnerabilities
Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities
Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (1)
Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (1)
Black Ice Software Annotation Plugin - (BiAnno.ocx) Buffer Overflow (2)
Black Ice Software Annotation Plugin - 'BiAnno.ocx' Buffer Overflow (2)
Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (2)
Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (2)
Microsoft Access - (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit
Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote Exploit
Amaya Web Browser 11 - (bdo tag) Remote Stack Overflow (Windows XP)
Amaya Web Browser 11 - (bdo tag) Remote Stack Overflow (Windows Vista)
Amaya Web Browser 11 (Windows XP) - bdo tag Remote Stack Overflow
Amaya Web Browser 11 (Windows Vista) - bdo tag Remote Stack Overflow
Steamcast - (HTTP Request) Remote Buffer Overflow (SEH) (1)
Steamcast - (HTTP Request) Remote Buffer Overflow (SEH) (2)
Steamcast - HTTP Request Remote Buffer Overflow (SEH) (1)
Steamcast - HTTP Request Remote Buffer Overflow (SEH) (2)
32bit FTP (09.04.24) - (CWD Response) Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - (CWD Response) Universal Overwrite (SEH)
32bit FTP - (PASV) Reply Client Remote Overflow (Metasploit)
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
Apple iTunes 8.1.1 - (ITMS) Multiple Protocol Handler Buffer Overflow (Metasploit)
Apple iTunes 8.1.1 - 'ITMS' Multiple Protocol Handler Buffer Overflow (Metasploit)
Apple iTunes 8.1.1.10 (Windows) - (itms/itcp) Remote Buffer Overflow
Apple iTunes 8.1.1.10 (Windows) - 'itms/itcp' Remote Buffer Overflow
THOMSON TG585n 7.4.3.2 - (user.ini) Arbitrary Download
THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Download
Adobe Flash and Reader - (PoC)
Adobe Flash and Reader - Live Malware (PoC)
Microsoft Internet Explorer - (VML) Fill Method Code Execution (MS06-055) (Metasploit)
Microsoft Internet Explorer - 'VML' Fill Method Code Execution (MS06-055) (Metasploit)
WinZip FileView - (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow (Metasploit)
WinZip FileView - 'WZFILEVIEW.FileViewCtrl.61' ActiveX Buffer Overflow (Metasploit)
CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit)
CesarFTP 0.99g - 'MKD' Command Buffer Overflow (Metasploit)
UltraVNC 1.0.2 Client - (vncviewer.exe) Buffer Overflow (Metasploit)
UltraVNC 1.0.2 Client - 'vncviewer.exe' Buffer Overflow (Metasploit)
Audio File Library 0.2.6 - (libaudiofile) 'msadpcm.c' WAV File Processing Buffer Overflow
Audio File Library 0.2.6 - libaudiofile 'msadpcm.c' .WAV File Processing Buffer Overflow
Linksys WRT54GC 1.5.7 - (Firmware) 'administration.cgi' Access Validation
Linksys WRT54GC 1.5.7 Firmware - 'administration.cgi' Access Validation
Cisco WebEx - 'nativeMessaging' Arbitrary Remote Command Execution
Mozilla Firefox < 50.0.2 - nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution (Metasploit)
Aztek Forum 4.0 - (myadmin.php) Database Dumper Exploit
Aztek Forum 4.0 - 'myadmin.php' Database Dumper Exploit
E-Cart 1.1 - (index.cgi) Remote Command Execution
E-Cart 1.1 - 'index.cgi' Remote Command Execution
UBBCentral UBB.Threads < 6.5.2 Beta - (mailthread.php) SQL Injection
ASPNuke 0.80 - (article.asp) SQL Injection
ASPNuke 0.80 - (comment_post.asp) SQL Injection
UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injection
ASPNuke 0.80 - 'article.asp' SQL Injection
ASPNuke 0.80 - 'comment_post.asp' SQL Injection
w-Agora 4.2.0 - (quicklist.php) Remote Code Execution
w-Agora 4.2.0 - 'quicklist.php' Remote Code Execution
Cyphor 0.19 - (show.php id) SQL Injection
Cyphor 0.19 - 'show.php id' SQL Injection
eFiction 2.0 - (Fake .gif) Arbitrary File Upload
eFiction 2.0 - 'Fake .gif' Arbitrary File Upload
CuteNews 1.4.1 - (categories.mdu) Remote Command Execution
CuteNews 1.4.1 - 'categories.mdu' Remote Command Execution
FlatCMS 1.01 - (file_editor.php) Remote Command Execution
FlatCMS 1.01 - 'file_editor.php' Remote Command Execution
FCKEditor 2.0 <= 2.2 - (FileManager connector.php) Arbitrary File Upload
FCKEditor 2.0 <= 2.2 - 'FileManager connector.php' Arbitrary File Upload
FlySpray 0.9.7 - (install-0.9.7.php) Remote Commands Execution Exploit
FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution Exploit
GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)
GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution Exploit
phpWebSite 0.10.0-full - (topics.php) SQL Injection
phpWebSite 0.10.0-full - 'topics.php' SQL Injection
iGENUS WebMail 2.0.2 - (config_inc.php) Remote Code Execution
iGENUS WebMail 2.0.2 - 'config_inc.php' Remote Code Execution
TotalECommerce 1.0 - (index.asp id) SQL Injection
TotalECommerce 1.0 - 'index.asp id' SQL Injection
CilemNews System 1.1 - (yazdir.asp haber_id) SQL Injection
CilemNews System 1.1 - 'yazdir.asp haber_id' SQL Injection
ShoutLIVE 1.1.0 - (savesettings.php) Remote Code Execution
ShoutLIVE 1.1.0 - 'savesettings.php' Remote Code Execution
FreeWPS 2.11 - (images.php) Remote Code Execution
FreeWPS 2.11 - 'images.php' Remote Code Execution
phpBookingCalendar 1.0c - (details_view.php) SQL Injection
phpBookingCalendar 1.0c - 'details_view.php' SQL Injection
Aztek Forum 4.00 - (myadmin.php) User Privilege Escalation
Aztek Forum 4.00 - 'myadmin.php' User Privilege Escalation
Claroline 1.7.4 - (scormExport.inc.php) Remote Code Execution
Claroline 1.7.4 - 'scormExport.inc.php' Remote Code Execution
Sire 2.0 - (lire.php) Remote File Inclusion / Arbitrary File Upload
Sire 2.0 - 'lire.php' Remote File Inclusion / Arbitrary File Upload
Sphider 1.3 - (configset.php) Arbitrary Remote File Inclusion
Sphider 1.3 - 'configset.php' Arbitrary Remote File Inclusion
Censtore 7.3.x - (censtore.cgi) Remote Command Execution
quizz 1.01 - (quizz.pl) Remote Command Execution
Censtore 7.3.x - 'censtore.cgi' Remote Command Execution
quizz 1.01 - 'quizz.pl' Remote Command Execution
SysInfo 1.21 - (sysinfo.cgi) Remote Command Execution
SysInfo 1.21 - 'sysinfo.cgi' Remote Command Execution
FlexBB 0.5.5 - (/inc/start.php _COOKIE) SQL Bypass Exploit
FlexBB 0.5.5 - '/inc/start.php _COOKIE' SQL Bypass Exploit
ASPSitem 1.83 - (Haberler.asp) SQL Injection
ASPSitem 1.83 - 'Haberler.asp' SQL Injection
FlexBB 0.5.5 - (function/showprofile.php) SQL Injection
BK Forum 4.0 - (member.asp) SQL Injection
FlexBB 0.5.5 - 'function/showprofile.php' SQL Injection
BK Forum 4.0 - 'member.asp' SQL Injection
Fast Click 1.1.3 / 2.3.8 - (show.php) Remote File Inclusion
Fast Click 1.1.3 / 2.3.8 - 'show.php' Remote File Inclusion
HiveMail 1.3 - (addressbook.add.php) Remote Code Execution
VP-ASP 6.00 - (shopcurrency.asp) SQL Injection
HiveMail 1.3 - 'addressbook.add.php' Remote Code Execution
VP-ASP 6.00 - 'shopcurrency.asp' SQL Injection
Dokeos Lms 1.6.4 - (authldap.php) Remote File Inclusion
Claroline E-Learning 1.75 - (ldap.inc.php) Remote File Inclusion
Dokeos Lms 1.6.4 - 'authldap.php' Remote File Inclusion
Claroline E-Learning 1.75 - 'ldap.inc.php' Remote File Inclusion
Squirrelcart 2.2.0 - (cart_content.php) Remote File Inclusion
Squirrelcart 2.2.0 - 'cart_content.php' Remote File Inclusion
Woltlab Burning Board 2.3.5 - (links.php) SQL Injection
Woltlab Burning Board 2.3.5 - 'links.php' SQL Injection
open-medium.CMS 0.25 - (404.php) Remote File Inclusion
Back-End CMS 0.7.2.2 - (BE_config.php) Remote File Inclusion
open-medium.CMS 0.25 - '404.php' Remote File Inclusion
Back-End CMS 0.7.2.2 - 'BE_config.php' Remote File Inclusion
DoceboLms 2.0.5 - (help.php) Remote File Inclusion
DoceboLms 2.0.5 - 'help.php' Remote File Inclusion
PrideForum 1.0 - (forum.asp) SQL Injection
PrideForum 1.0 - 'forum.asp' SQL Injection
Bytehoard 2.1 - (server.php) Remote File Inclusion
Bytehoard 2.1 - 'server.php' Remote File Inclusion
Igloo 0.1.9 - (Wiki.php) Remote File Inclusion
Igloo 0.1.9 - 'Wiki.php' Remote File Inclusion
Informium 0.12.0 - (common-menu.php) Remote File Inclusion
Informium 0.12.0 - 'common-menu.php' Remote File Inclusion
DotClear 1.2.4 - (prepend.php) Arbitrary Remote File Inclusion
DotClear 1.2.4 - 'prepend.php' Arbitrary Remote File Inclusion
Wikiwig 4.1 - (wk_lang.php) Remote File Inclusion
myNewsletter 1.1.2 - (adminLogin.asp) Login Bypass
Wikiwig 4.1 - 'wk_lang.php' Remote File Inclusion
myNewsletter 1.1.2 - 'adminLogin.asp' Login Bypass
Xtreme/Ditto News 1.0 - (post.php) Remote File Inclusion
Back-End CMS 0.7.2.1 - (jpcache.php) Remote File Inclusion
Xtreme/Ditto News 1.0 - 'post.php' Remote File Inclusion
Back-End CMS 0.7.2.1 - 'jpcache.php' Remote File Inclusion
aWebNews 1.5 - (visview.php) Remote File Inclusion
aWebNews 1.5 - 'visview.php' Remote File Inclusion
PHP Blue Dragon CMS 2.9.1 - (template.php) File Inclusion
PHP Blue Dragon CMS 2.9.1 - 'template.php' File Inclusion
DreamAccount 3.1 - (auth.api.php) Remote File Inclusion
DreamAccount 3.1 - 'auth.api.php' Remote File Inclusion
RsGallery2 <= 1.11.2 - (rsgallery.html.php) File Inclusion
RsGallery2 <= 1.11.2 - 'rsgallery.html.php' File Inclusion
Plume CMS 1.1.3 - (dbinstall.php) Remote File Inclusion
Randshop 1.1.1 - (header.inc.php) Remote File Inclusion
Plume CMS 1.1.3 - 'dbinstall.php' Remote File Inclusion
Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
SQuery 4.5 - (gore.php) Remote File Inclusion
SQuery 4.5 - 'gore.php' Remote File Inclusion
FlushCMS 1.0.0-pre2 - (class.rich.php) Remote File Inclusion
FlushCMS 1.0.0-pre2 - 'class.rich.php' Remote File Inclusion
Etomite CMS 0.6.1 - (rfiles.php) Remote Command Execution
Etomite CMS 0.6.1 - 'rfiles.php' Remote Command Execution
TSEP 0.942 - (copyright.php) Remote File Inclusion
TSEP 0.942 - 'copyright.php' Remote File Inclusion
WoW Roster 1.70 - (/lib/phpBB.php) Remote File Inclusion
WoW Roster 1.70 - '/lib/phpBB.php' Remote File Inclusion
TSEP 0.942 - (colorswitch.php) Remote File Inclusion
TSEP 0.942 - 'colorswitch.php' Remote File Inclusion
SQLiteWebAdmin 0.1 - (tpl.inc.php) Remote File Inclusion
SQLiteWebAdmin 0.1 - 'tpl.inc.php' Remote File Inclusion
PHPCodeCabinet 0.5 - (Core.php) Remote File Inclusion
PHPCodeCabinet 0.5 - 'Core.php' Remote File Inclusion
See-Commerce 1.0.625 - (owimg.php3) Remote File Inclusion
See-Commerce 1.0.625 - 'owimg.php3' Remote File Inclusion
PHPMyRing 4.2.0 - (view_com.php) SQL Injection
PHPMyRing 4.2.0 - 'view_com.php' SQL Injection
VWar 1.50 R14 - (online.php) SQL Injection
VWar 1.50 R14 - 'online.php' SQL Injection
Wheatblog 1.1 - (session.php) Remote File Inclusion
Wheatblog 1.1 - 'session.php' Remote File Inclusion
PHPay 2.02 - (nu_mail.inc.php) Remote mail() Injection
PHPay 2.02 - 'nu_mail.inc.php' Remote mail() Injection
WEBInsta CMS 0.3.1 - (users.php) Remote File Inclusion
WEBInsta CMS 0.3.1 - 'users.php' Remote File Inclusion
WTcom 0.2.4-alpha - (torrents.php) SQL Injection
WTcom 0.2.4-alpha - 'torrents.php' SQL Injection
PHlyMail Lite 3.4.4 - (mod.listmail.php) Remote File Inclusion
PHlyMail Lite 3.4.4 - 'mod.listmail.php' Remote File Inclusion
LBlog 1.05 - (comments.asp) SQL Injection
LBlog 1.05 - 'comments.asp' SQL Injection
PHlyMail Lite 3.4.4 - (folderprops.php) Remote File Inclusion (2)
Empire CMS 3.7 - (checklevel.php) Remote File Inclusion
PHlyMail Lite 3.4.4 - 'folderprops.php' Remote File Inclusion (2)
Empire CMS 3.7 - 'checklevel.php' Remote File Inclusion
VistaBB 2.x - (functions_mod_user.php) Remote File Inclusion
VistaBB 2.x - 'functions_mod_user.php' Remote File Inclusion
PHPCOIN 1.2.3 - (session_set.php) Remote File Inclusion
PHPCOIN 1.2.3 - 'session_set.php' Remote File Inclusion
FlashChat 4.5.7 - (aedating4CMS.php) Remote File Inclusion
FlashChat 4.5.7 - 'aedating4CMS.php' Remote File Inclusion
Beautifier 0.1 - (Core.php) Remote File Inclusion
Beautifier 0.1 - 'Core.php' Remote File Inclusion
Q-Shop 3.5 - (browse.asp) SQL Injection
Q-Shop 3.5 - 'browse.asp' SQL Injection
Charon Cart 3.0 - (Review.asp) SQL Injection
CMtextS 1.0 - (users_logins/admin.txt) Credentials Disclosure
Charon Cart 3.0 - 'Review.asp' SQL Injection
CMtextS 1.0 - 'users_logins/admin.txt' Credentials Disclosure
PHPartenaire 1.0 - (dix.php3) Remote File Inclusion
PHPartenaire 1.0 - 'dix.php3' Remote File Inclusion
ProgSys 0.156 - (RR.php) Remote File Inclusion
ProgSys 0.156 - 'RR.php' Remote File Inclusion
xweblog 2.1 - (kategori.asp) SQL Injection
xweblog 2.1 - 'kategori.asp' SQL Injection
Web-News 1.6.3 - (template.php) Remote File Inclusion
Web-News 1.6.3 - 'template.php' Remote File Inclusion
Advaced-Clan-Script 3.4 - (mcf.php) Remote File Inclusion
Advaced-Clan-Script 3.4 - 'mcf.php' Remote File Inclusion
SyntaxCMS 1.3 - (0004_init_urls.php) Remote File Inclusion
Polaring 0.04.03 - (general.php) Remote File Inclusion
SyntaxCMS 1.3 - '0004_init_urls.php' Remote File Inclusion
Polaring 0.04.03 - 'general.php' Remote File Inclusion
BrudaNews 1.1 - (admin/index.php) Remote File Inclusion
BrudaGB 1.1 - (admin/index.php) Remote File Inclusion
faceStones personal 2.0.42 - (fs_form_links.php) File Inclusion
BrudaNews 1.1 - 'admin/index.php' Remote File Inclusion
BrudaGB 1.1 - 'admin/index.php' Remote File Inclusion
faceStones personal 2.0.42 - 'fs_form_links.php' File Inclusion
Kietu? <= 4.0.0b2 - (hit.php) Remote File Inclusion
Newswriter SW 1.42 - (editfunc.inc.php) File Inclusion
Kietu? <= 4.0.0b2 - 'hit.php' Remote File Inclusion
Newswriter SW 1.42 - 'editfunc.inc.php' File Inclusion
Newswriter SW 1.4.2 - (main.inc.php) Remote File Inclusion
PPA Gallery 1.0 - (functions.inc.php) Remote File Inclusion
Newswriter SW 1.4.2 - 'main.inc.php' Remote File Inclusion
PPA Gallery 1.0 - 'functions.inc.php' Remote File Inclusion
phpMyWebmin 1.0 - (window.php) Remote File Inclusion
PHPSecurePages 0.28b - (secure.php) Remote File Inclusion
phpMyWebmin 1.0 - 'window.php' Remote File Inclusion
PHPSecurePages 0.28b - 'secure.php' Remote File Inclusion
PHP Krazy Image Hosting 0.7a - (display.php) SQL Injection
UBB.Threads 6.5.1.1 - (doeditconfig.php) Code Execution
PHP Krazy Image Hosting 0.7a - 'display.php' SQL Injection
UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution
VAMP Webmail 2.0beta1 - (yesno.phtml) Remote File Inclusion
VAMP Webmail 2.0beta1 - 'yesno.phtml' Remote File Inclusion
BBaCE 3.5 - (includes/functions.php) Remote File Inclusion
BBaCE 3.5 - 'includes/functions.php' Remote File Inclusion
Klinza Professional CMS 5.0.1 - (show_hlp.php) File Inclusion
Klinza Professional CMS 5.0.1 - 'show_hlp.php' File Inclusion
PHPGreetz 0.99 - (footer.php) Remote File Inclusion
PHPGreetz 0.99 - 'footer.php' Remote File Inclusion
phpBB Security Suite Mod 1.0.0 - (logger_engine.php) Remote File Inclusion
phpBB Security Suite Mod 1.0.0 - 'logger_engine.php' Remote File Inclusion
Cahier de texte 2.0 - (lire.php) SQL Injection
Cahier de texte 2.0 - 'lire.php' SQL Injection
PHPPC 1.03 RC1 - (/lib/functions.inc.php) Remote File Inclusion
docmint 2.0 - (engine/require.php) Remote File Inclusion
PHPPC 1.03 RC1 - '/lib/functions.inc.php' Remote File Inclusion
docmint 2.0 - 'engine/require.php' Remote File Inclusion
phpMyAgenda 3.1 - (templates/header.php3) Local File Inclusion
TribunaLibre 3.12 Beta - (ftag.php) Remote File Inclusion
phpMyAgenda 3.1 - 'templates/header.php3' Local File Inclusion
TribunaLibre 3.12 Beta - 'ftag.php' Remote File Inclusion
compteur 2.0 - (param_editor.php) Remote File Inclusion
compteur 2.0 - 'param_editor.php' Remote File Inclusion
Foafgen 0.3 - (redir.php) Local Source Disclosure
Foafgen 0.3 - 'redir.php' Local Source Disclosure
Exhibit Engine 1.5 RC 4 - (photo_comment.php) File Inclusion
Claroline 1.8.0 rc1 - (import.lib.php) Remote File Inclusion
PHPLibrary 1.5.3 - (grid3.lib.php) Remote File Inclusion
Jinzora 2.1 - (media.php) Remote File Inclusion
ae2 - (standart.inc.php) Remote File Inclusion
n@board 3.1.9e - (naboard_pnr.php) Remote File Inclusion
CommunityPortals 1.0 - (import-archive.php) File Inclusion
PHP News Reader 2.6.4 - (phpBB.inc.php) Remote File Inclusion
Exhibit Engine 1.5 RC 4 - 'photo_comment.php' File Inclusion
Claroline 1.8.0 rc1 - 'import.lib.php' Remote File Inclusion
PHPLibrary 1.5.3 - 'grid3.lib.php' Remote File Inclusion
Jinzora 2.1 - 'media.php' Remote File Inclusion
ae2 - 'standart.inc.php' Remote File Inclusion
n@board 3.1.9e - 'naboard_pnr.php' Remote File Inclusion
CommunityPortals 1.0 - 'import-archive.php' File Inclusion
PHP News Reader 2.6.4 - 'phpBB.inc.php' Remote File Inclusion
Minichat 6.0 - (ftag.php) Remote File Inclusion
Minichat 6.0 - 'ftag.php' Remote File Inclusion
PHPMyConferences 8.0.2 - (menu.inc.php) File Inclusion
PHPMyConferences 8.0.2 - 'menu.inc.php' File Inclusion
maluinfo 206.2.38 - (bb_usage_stats.php) Remote File Inclusion
phpBB PlusXL 2.0_272 - (constants.php) Remote File Inclusion
Genepi 1.6 - (genepi.php) Remote File Inclusion
Cdsagenda 4.2.9 - (SendAlertEmail.php) File Inclusion
maluinfo 206.2.38 - 'bb_usage_stats.php' Remote File Inclusion
phpBB PlusXL 2.0_272 - 'constants.php' Remote File Inclusion
Genepi 1.6 - 'genepi.php' Remote File Inclusion
Cdsagenda 4.2.9 - 'SendAlertEmail.php' File Inclusion
phpBB lat2cyr Mod 1.0.1 - (lat2cyr.php) Remote File Inclusion
phpBB lat2cyr Mod 1.0.1 - 'lat2cyr.php' Remote File Inclusion
phpBB Security 1.0.1 - (PHP_security.php) Remote File Inclusion
YaBBSM 3.0.0 - (Offline.php) Remote File Inclusion
phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion
YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion
IncCMS Core 1.0.0 - (settings.php) Remote File Inclusion
Jinzora 2.6 - (extras/mt.php) Remote File Inclusion
CyberBrau 0.9.4 - (forum/track.php) Remote File Inclusion
IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion
Jinzora 2.6 - 'extras/mt.php' Remote File Inclusion
CyberBrau 0.9.4 - 'forum/track.php' Remote File Inclusion
NuralStorm Webmail 0.98b - (process.php) Remote File Inclusion
NuralStorm Webmail 0.98b - 'process.php' Remote File Inclusion
Def-Blog 1.0.3 - (comadd.php) SQL Injection
Def-Blog 1.0.3 - 'comadd.php' SQL Injection
PHPMyManga 0.8.1 - (template.php) Multiple File Inclusion
PHPMyManga 0.8.1 - 'template.php' Multiple File Inclusion
WSN Forum 1.3.4 - (prestart.php) Remote Code Execution
WSN Forum 1.3.4 - 'prestart.php' Remote Code Execution
PHPPowerCards 2.10 - (txt.inc.php) Remote Code Execution
PHP AMX 0.90 - (plugins/main.php) Remote File Inclusion
PHPPowerCards 2.10 - 'txt.inc.php' Remote Code Execution
PHP AMX 0.90 - 'plugins/main.php' Remote File Inclusion
YapBB 1.2 Beta2 - (yapbb_session.php) Remote File Inclusion
LoCal Calendar 1.1 - (lcUser.php) Remote File Inclusion
EPNadmin 0.7 - (constantes.inc.php) Remote File Inclusion
PH Pexplorer 0.24 - (explorer_load_lang.php) Local File Inclusion
YapBB 1.2 Beta2 - 'yapbb_session.php' Remote File Inclusion
LoCal Calendar 1.1 - 'lcUser.php' Remote File Inclusion
EPNadmin 0.7 - 'constantes.inc.php' Remote File Inclusion
PH Pexplorer 0.24 - 'explorer_load_lang.php' Local File Inclusion
Lou Portail 1.4.1 - (admin_module.php) Remote File Inclusion
WGCC 0.5.6b - (quiz.php) SQL Injection
Lou Portail 1.4.1 - 'admin_module.php' Remote File Inclusion
WGCC 0.5.6b - 'quiz.php' SQL Injection
CASTOR 1.1.1 - (lib/rs.php) Remote File Inclusion
CASTOR 1.1.1 - 'lib/rs.php' Remote File Inclusion
Net_DNS 0.3 - (DNS/RR.php) Remote File Inclusion
Net_DNS 0.3 - 'DNS/RR.php' Remote File Inclusion
SourceForge 1.0.4 - (database.php) Remote File Inclusion
SourceForge 1.0.4 - 'database.php' Remote File Inclusion
Jaws 0.5.2 - (include/JawsDB.php) Remote File Inclusion
JumbaCMS 0.0.1 - (includes/functions.php) Remote File Inclusion
InteliEditor 1.2.x - (lib.editor.inc.php) Remote File Inclusion
Ascended Guestbook 1.0.0 - (embedded.php) File Inclusion
Jaws 0.5.2 - 'include/JawsDB.php' Remote File Inclusion
JumbaCMS 0.0.1 - 'includes/functions.php' Remote File Inclusion
InteliEditor 1.2.x - 'lib.editor.inc.php' Remote File Inclusion
Ascended Guestbook 1.0.0 - 'embedded.php' File Inclusion
UeberProject 1.0 - (login/secure.php) Remote File Inclusion
UeberProject 1.0 - 'login/secure.php' Remote File Inclusion
TextPattern 1.19 - (publish.php) Remote File Inclusion
TextPattern 1.19 - 'publish.php' Remote File Inclusion
ask_rave 0.9 PR - (end.php footfile) Remote File Inclusion
ask_rave 0.9 PR - 'end.php footfile' Remote File Inclusion
PHP League 0.82 - (classement.php) SQL Injection
PHP League 0.82 - 'classement.php' SQL Injection
PHPMyDesk 1.0 Beta - (viewticket.php) Local File Inclusion
PHPMyDesk 1.0 Beta - 'viewticket.php' Local File Inclusion
mp3SDS 3.0 - (Core/core.inc.php) Remote File Inclusion
mp3SDS 3.0 - 'Core/core.inc.php' Remote File Inclusion
MiraksGalerie 2.62 - (pcltar.lib.php) Remote File Inclusion
Free Image Hosting 1.0 - (forgot_pass.php) File Inclusion
Free File Hosting 1.1 - (forgot_pass.php) File Inclusion
MiraksGalerie 2.62 - 'pcltar.lib.php' Remote File Inclusion
Free Image Hosting 1.0 - 'forgot_pass.php' File Inclusion
Free File Hosting 1.1 - 'forgot_pass.php' File Inclusion
MySource CMS 2.16.2 - (init_mysource.php) Remote File Inclusion
MySource CMS 2.16.2 - 'init_mysource.php' Remote File Inclusion
Faq Administrator 2.1 - (faq_reply.php) Remote File Inclusion
PHPMyRing 4.2.1 - (cherche.php) SQL Injection
Faq Administrator 2.1 - 'faq_reply.php' Remote File Inclusion
PHPMyRing 4.2.1 - 'cherche.php' SQL Injection
PwsPHP 1.1 - (themes/fin.php) Remote File Inclusion
T.G.S. CMS 0.1.7 - (logout.php) SQL Injection
PwsPHP 1.1 - 'themes/fin.php' Remote File Inclusion
T.G.S. CMS 0.1.7 - 'logout.php' SQL Injection
Innovate Portal 2.0 - (acp.php) Remote Code Execution
Innovate Portal 2.0 - 'acp.php' Remote Code Execution
Lithium CMS 4.04c - (classes/index.php) Local File Inclusion
Article System 0.6 - (volume.php) Remote File Inclusion
Lithium CMS 4.04c - 'classes/index.php' Local File Inclusion
Article System 0.6 - 'volume.php' Remote File Inclusion
Ultimate PHP Board 2.0 - (header_simple.php) File Inclusion
Ultimate PHP Board 2.0 - 'header_simple.php' File Inclusion
iWare Pro 5.0.4 - (chat_panel.php) Remote Code Execution
PHPAdventure 1.1 - (ad_main.php) Remote File Inclusion
iWare Pro 5.0.4 - 'chat_panel.php' Remote Code Execution
PHPAdventure 1.1 - 'ad_main.php' Remote File Inclusion
IrayoBlog 0.2.4 - (inc/irayofuncs.php) Remote File Inclusion
IrayoBlog 0.2.4 - 'inc/irayofuncs.php' Remote File Inclusion
AspPired2Poll 1.0 - (MoreInfo.asp) SQL Injection
MyAlbum 3.02 - (language.inc.php) Remote File Inclusion
PHPManta 1.0.2 - (view-sourcecode.php) Local File Inclusion
EncapsCMS 0.3.6 - (core/core.php) Remote File Inclusion
AspPired2Poll 1.0 - 'MoreInfo.asp' SQL Injection
MyAlbum 3.02 - 'language.inc.php' Remote File Inclusion
PHPManta 1.0.2 - 'view-sourcecode.php' Local File Inclusion
EncapsCMS 0.3.6 - 'core/core.php' Remote File Inclusion
NuCommunity 1.0 - (cl_CatListing.asp) SQL Injection
NuRems 1.0 - (propertysdetails.asp) SQL Injection
NuStore 1.0 - (Products.asp) SQL Injection
NuSchool 1.0 - (CampusNewsDetails.asp) SQL Injection
NuCommunity 1.0 - 'cl_CatListing.asp' SQL Injection
NuRems 1.0 - 'propertysdetails.asp' SQL Injection
NuStore 1.0 - 'Products.asp' SQL Injection
NuSchool 1.0 - 'CampusNewsDetails.asp' SQL Injection
Munch Pro 1.0 - (switch.asp) SQL Injection
Munch Pro 1.0 - 'switch.asp' SQL Injection
UStore 1.0 - (detail.asp) SQL Injection
USupport 1.0 - (detail.asp) SQL Injection
UPublisher 1.0 - (viewarticle.asp) SQL Injection
UStore 1.0 - 'detail.asp' SQL Injection
USupport 1.0 - 'detail.asp' SQL Injection
UPublisher 1.0 - 'viewarticle.asp' SQL Injection
Quick.Cart 2.0 - (actions_client/gallery.php) Local File Inclusion
Online Event Registration 2.0 - (save_profile.asp) Pass Change Exploit
Quick.Cart 2.0 - 'actions_client/gallery.php' Local File Inclusion
Online Event Registration 2.0 - 'save_profile.asp' Pass Change Exploit
Property Pro 1.0 - (vir_Login.asp) Remote Login Bypass
Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass
PHPPeanuts 1.3 Beta - (Inspect.php) Remote File Inclusion
PHPPeanuts 1.3 Beta - 'Inspect.php' Remote File Inclusion
NetVIOS 2.0 - (page.asp) SQL Injection
NetVIOS 2.0 - 'page.asp' SQL Injection
Etomite CMS 0.6.1.2 - (manager/index.php) Local File Inclusion
Etomite CMS 0.6.1.2 - 'manager/index.php' Local File Inclusion
miniCWB 1.0.0 - (contact.php) Local File Inclusion
miniCWB 1.0.0 - 'contact.php' Local File Inclusion
Powies MatchMaker 4.05 - (matchdetail.php) SQL Injection
mxBB Module calsnails 1.06 - (mx_common.php) File Inclusion
Powies MatchMaker 4.05 - 'matchdetail.php' SQL Injection
mxBB Module calsnails 1.06 - 'mx_common.php' File Inclusion
Dicshunary 0.1a - (check_status.php) Remote File Inclusion
Dicshunary 0.1a - 'check_status.php' Remote File Inclusion
PHPWebThings 1.5.2 - (editor.php) Remote File Inclusion
PHPWebThings 1.5.2 - 'editor.php' Remote File Inclusion
ASPNuke 0.80 - (register.asp) SQL Injection
ASPNuke 0.80 - 'register.asp' SQL Injection
Photo Cart 3.9 - (adminprint.php) Remote File Inclusion
e-Ark 1.0 - (src/ark_inc.php) Remote File Inclusion
Photo Cart 3.9 - 'adminprint.php' Remote File Inclusion
e-Ark 1.0 - 'src/ark_inc.php' Remote File Inclusion
fipsGallery 1.5 - (index1.asp) SQL Injection
fipsForum 2.6 - (default2.asp) SQL Injection
fipsGallery 1.5 - 'index1.asp' SQL Injection
fipsForum 2.6 - 'default2.asp' SQL Injection
JiRos FAQ Manager 1.0 - (index.asp) SQL Injection
HSRS 1.0 - (addcode.php) Remote File Inclusion
OWLLib 1.0 - (OWLMemoryProperty.php) Remote File Inclusion
JiRos FAQ Manager 1.0 - 'index.asp' SQL Injection
HSRS 1.0 - 'addcode.php' Remote File Inclusion
OWLLib 1.0 - 'OWLMemoryProperty.php' Remote File Inclusion
Basic Forum 1.1 - (edit.asp) SQL Injection
Basic Forum 1.1 - 'edit.asp' SQL Injection
Exhibit Engine 1.22 - (styles.php) Remote File Inclusion
Exhibit Engine 1.22 - 'styles.php' Remote File Inclusion
SimpleBlog 2.3 - (admin/edit.asp) SQL Injection
SimpleBlog 2.3 - 'admin/edit.asp' SQL Injection
P-News 2.0 - (user.txt) Remote Password Disclosure
P-News 2.0 - 'user.txt' Remote Password Disclosure
b2evolution 1.8.5 < 1.9b - (import-mt.php) Remote File Inclusion
b2evolution 1.8.5 < 1.9b - 'import-mt.php' Remote File Inclusion
LDU 8.x - (polls.php) SQL Injection
LDU 8.x - 'polls.php' SQL Injection
ContentServ 4.x - (admin/FileServer.php) File Disclosure
ContentServ 4.x - 'admin/FileServer.php' File Disclosure
PHP Upload Center 2.0 - (activate.php) File Inclusion
PHP Upload Center 2.0 - 'activate.php' File Inclusion
QuickCart 2.0 - (categories.php) Local File Inclusion
QuickCart 2.0 - 'categories.php' Local File Inclusion
ThinkEdit 1.9.2 - (render.php) Remote File Inclusion
ThinkEdit 1.9.2 - 'render.php' Remote File Inclusion
TorrentFlux 2.2 - (downloaddetails.php) Local File Disclosure
TorrentFlux 2.2 - (maketorrent.php) Remote Command Execution
TorrentFlux 2.2 - 'downloaddetails.php' Local File Disclosure
TorrentFlux 2.2 - 'maketorrent.php' Remote Command Execution
HR Assist 1.05 - (vdateUsr.asp) Remote Login Bypass
PHPAlbum 0.4.1 Beta 6 - (language.php) Local File Inclusion
HR Assist 1.05 - 'vdateUsr.asp' Remote Login Bypass
PHPAlbum 0.4.1 Beta 6 - 'language.php' Local File Inclusion
Barman 0.0.1r3 - (Interface.php) Remote File Inclusion
Barman 0.0.1r3 - 'Interface.php' Remote File Inclusion
Blog:CMS 4.1.3 - (NP_UserSharing.php) Remote File Inclusion
Blog:CMS 4.1.3 - 'NP_UserSharing.php' Remote File Inclusion
PHPMyCMS 0.3 - (basic.inc.php) Remote File Inclusion
yaplap 0.6.1b - (ldap.php) Remote File Inclusion
PHPMyCMS 0.3 - 'basic.inc.php' Remote File Inclusion
yaplap 0.6.1b - 'ldap.php' Remote File Inclusion
Azucar CMS 1.3 - (admin/index_sitios.php) File Inclusion
Azucar CMS 1.3 - 'admin/index_sitios.php' File Inclusion
RateMe 1.3.2 - (main.inc.php) Remote File Inclusion
RateMe 1.3.2 - 'main.inc.php' Remote File Inclusion
Paristemi 0.8.3b - (buycd.php) Remote File Inclusion
Paristemi 0.8.3b - 'buycd.php' Remote File Inclusion
cwmVote 1.0 - (archive.php) Remote File Inclusion
cwmCounter 5.1.1 - (statistic.php) Remote File Inclusion
cwmVote 1.0 - 'archive.php' Remote File Inclusion
cwmCounter 5.1.1 - 'statistic.php' Remote File Inclusion
TextSend 1.5 - (config/sender.php) Remote File Inclusion
TextSend 1.5 - 'config/sender.php' Remote File Inclusion
PHP/Mysql Site Builder 0.0.2 - (htm2PHP.php) File Disclosure
Newxooper-PHP 0.9.1 - (mapage.php) Remote File Inclusion
PHP/Mysql Site Builder 0.0.2 - 'htm2PHP.php' File Disclosure
Newxooper-PHP 0.9.1 - 'mapage.php' Remote File Inclusion
inertianews 0.02b - (inertianews_main.php) Remote File Inclusion
inertianews 0.02b - 'inertianews_main.php' Remote File Inclusion
EternalMart Guestbook 1.10 - (admin/auth.php) Remote File Inclusion
EternalMart Guestbook 1.10 - 'admin/auth.php' Remote File Inclusion
b2 Blog 0.5 - (b2verifauth.php) Remote File Inclusion
b2 Blog 0.5 - 'b2verifauth.php' Remote File Inclusion
Enthrallweb ePhotos 1.0 - (subLevel2.asp) SQL Injection
Enthrallweb ePhotos 1.0 - 'subLevel2.asp' SQL Injection
Enthrallweb eCars 1.0 - (types.asp) SQL Injection
Enthrallweb emates 1.0 - (newsdetail.asp) SQL Injection
Enthrallweb eCars 1.0 - 'types.asp' SQL Injection
Enthrallweb emates 1.0 - 'newsdetail.asp' SQL Injection
Enthrallweb eCoupons 1.0 - (myprofile.asp) Remote Pass Change Exploit
Enthrallweb eCoupons 1.0 - 'myprofile.asp' Remote Pass Change Exploit
File Upload Manager 1.0.6 - (detail.asp) SQL Injection
File Upload Manager 1.0.6 - 'detail.asp' SQL Injection
Ultimate PHP Board 2.0b1 - (chat/login.php) Code Execution
Pagetool CMS 1.07 - (pt_upload.php) Remote File Inclusion
Ultimate PHP Board 2.0b1 - 'chat/login.php' Code Execution
Pagetool CMS 1.07 - 'pt_upload.php' Remote File Inclusion
HLStats 1.34 - (hlstats.php) SQL Injection
HLStats 1.34 - 'hlstats.php' SQL Injection
eNdonesia 8.4 - (mod.php/friend.php/admin.php) Multiple Vulnerabilities
MTCMS 2.0 - (admin/admin_settings.php) Remote File Inclusion
eNdonesia 8.4 - 'mod.php/friend.php/admin.php' Multiple Vulnerabilities
MTCMS 2.0 - 'admin/admin_settings.php' Remote File Inclusion
Okul Merkezi Portal 1.0 - (ataturk.php) Remote File Inclusion
Okul Merkezi Portal 1.0 - 'ataturk.php' Remote File Inclusion
PHP-Update 2.7 - (admin/uploads.php) Remote Code Execution
Yrch 1.0 - (plug.inc.php path Variable) Remote File Inclusion
Bubla 1.0.0rc2 - (bu/process.php) Remote File Inclusion
PHP-Update 2.7 - 'admin/uploads.php' Remote Code Execution
Yrch 1.0 - 'plug.inc.php path Variable' Remote File Inclusion
Bubla 1.0.0rc2 - 'bu/process.php' Remote File Inclusion
aFAQ 1.0 - (faqDsp.asp catcode) SQL Injection
aFAQ 1.0 - 'faqDsp.asp catcode' SQL Injection
x-news 1.1 - (users.txt) Remote Password Disclosure
Voodoo chat 1.0RC1b - (users.dat) Password Disclosure
x-news 1.1 - 'users.txt' Remote Password Disclosure
Voodoo chat 1.0RC1b - 'users.dat' Password Disclosure
SoftArtisans SAFileUp 5.0.14 - (viewsrc.asp) Script Source Disclosure
FreeStyle Wiki 3.6.2 - (user.dat) Password Disclosure
SoftArtisans SAFileUp 5.0.14 - 'viewsrc.asp' Script Source Disclosure
FreeStyle Wiki 3.6.2 - 'user.dat' Password Disclosure
P-News 1.16 / 1.17 - (user.dat) Remote Password Disclosure
P-News 1.16 / 1.17 - 'user.dat' Remote Password Disclosure
RBlog 1.0 - (admin.mdb) Remote Password Disclosure
RBlog 1.0 - 'admin.mdb' Remote Password Disclosure
AutoDealer 2.0 - (detail.asp iPro) SQL Injection
WWWBoard 2.0 - (passwd.txt) Remote Password Disclosure
AutoDealer 2.0 - 'detail.asp iPro' SQL Injection
WWWBoard 2.0 - 'passwd.txt' Remote Password Disclosure
TaskTracker 1.5 - (Customize.asp) Remote Add Administrator Exploit
TaskTracker 1.5 - 'Customize.asp' Remote Add Administrator Exploit
VerliAdmin 0.3 - (language.php) Local File Inclusion
VerliAdmin 0.3 - 'language.php' Local File Inclusion
Aratix 0.2.2b11 - (inc/init.inc.php) Remote File Inclusion
Aratix 0.2.2b11 - 'inc/init.inc.php' Remote File Inclusion
iG Calendar 1.0 - (user.php id Variable) SQL Injection
iG Calendar 1.0 - 'user.php id Variable' SQL Injection
LunarPoll 1.0 - (show.php PollDir) Remote File Inclusion
TLM CMS 1.1 - (i-accueil.php chemin) Remote File Inclusion
Mint Haber Sistemi 2.7 - (duyuru.asp id) SQL Injection
LunarPoll 1.0 - 'show.php PollDir' Remote File Inclusion
TLM CMS 1.1 - 'i-accueil.php chemin' Remote File Inclusion
Mint Haber Sistemi 2.7 - 'duyuru.asp id' SQL Injection
KGB 1.9 - (sesskglogadmin.php) Local File Inclusion
KGB 1.9 - 'sesskglogadmin.php' Local File Inclusion
MGB 0.5.4.5 - (email.php id Variable) SQL Injection
MGB 0.5.4.5 - 'email.php id Variable' SQL Injection
PHPMyphorum 1.5a - (mep/frame.php) Remote File Inclusion
PHPMyphorum 1.5a - 'mep/frame.php' Remote File Inclusion
Oreon 1.2.3 RC4 - (lang/index.php) Remote File Inclusion
ComVironment 4.0 - (grab_globals.lib.php) Remote File Inclusion
Oreon 1.2.3 RC4 - 'lang/index.php' Remote File Inclusion
ComVironment 4.0 - 'grab_globals.lib.php' Remote File Inclusion
PHPSherpa - (include/config.inc.php) Remote File Inclusion
Bradabra 2.0.5 - (include/includes.php) Remote File Inclusion
Neon Labs Website 3.2 - (nl.php g_strRootDir) Remote File Inclusion
PHPSherpa - 'include/config.inc.php' Remote File Inclusion
Bradabra 2.0.5 - 'include/includes.php' Remote File Inclusion
Neon Labs Website 3.2 - 'nl.php g_strRootDir' Remote File Inclusion
MySpeach 2.1b - (up.php) Remote File Inclusion
WebChat 0.77 - (defines.php WEBCHATPATH) Remote File Inclusion
Mafia Scum Tools 2.0.0 - (index.php gen) Remote File Inclusion
MySpeach 2.1b - 'up.php' Remote File Inclusion
WebChat 0.77 - 'defines.php WEBCHATPATH' Remote File Inclusion
Mafia Scum Tools 2.0.0 - 'index.php gen' Remote File Inclusion
Upload Service 1.0 - (top.php maindir) Remote File Inclusion
Upload Service 1.0 - 'top.php maindir' Remote File Inclusion
Vote-Pro 4.0 - (poll_frame.php poll_id) Remote Code Execution
BBClone 0.31 - (selectlang.php) Remote File Inclusion
Vote-Pro 4.0 - 'poll_frame.php poll_id' Remote Code Execution
BBClone 0.31 - 'selectlang.php' Remote File Inclusion
RPW 1.0.2 - (config.php sql_language) Remote File Inclusion
ASP EDGE 1.2b - (user.asp) SQL Injection
ASP NEWS 3.0 - (news_detail.asp) SQL Injection
RPW 1.0.2 - 'config.php sql_language' Remote File Inclusion
ASP EDGE 1.2b - 'user.asp' SQL Injection
ASP NEWS 3.0 - 'news_detail.asp' SQL Injection
GPS CMS 1.2 - (print.asp) SQL Injection
GPS CMS 1.2 - 'print.asp' SQL Injection
Virtual Path 1.0 - (vp/configure.php) Remote File Inclusion
MyPHPcommander 2.0 - (package.php) Remote File Inclusion
AINS 0.02b - (ains_main.php ains_path) Remote File Inclusion
Virtual Path 1.0 - 'vp/configure.php' Remote File Inclusion
MyPHPcommander 2.0 - 'package.php' Remote File Inclusion
AINS 0.02b - 'ains_main.php ains_path' Remote File Inclusion
nsGalPHP - (includes/config.inc.php racineTBS) Remote File Inclusion
nsGalPHP - 'includes/config.inc.php racineTBS' Remote File Inclusion
PHPMyReports 3.0.11 - (lib_head.php) Remote File Inclusion
PHPMyReports 3.0.11 - 'lib_head.php' Remote File Inclusion
xNews 1.3 - (xNews.php) SQL Injection
xNews 1.3 - 'xNews.php' SQL Injection
Webfwlog 0.92 - (debug.php) Remote File Disclosure
Galeria Zdjec 3.0 - (zd_numer.php) Local File Inclusion
Webfwlog 0.92 - 'debug.php' Remote File Disclosure
Galeria Zdjec 3.0 - 'zd_numer.php' Local File Inclusion
MyNews 4.2.2 - (themefunc.php) Remote File Inclusion
MyNews 4.2.2 - 'themefunc.php' Remote File Inclusion
SIPS 0.3.1 - (box.inc.php) Remote File Inclusion
SIPS 0.3.1 - 'box.inc.php' Remote File Inclusion
Epistemon 1.0 - (common.php inc_path) Remote File Inclusion
WebBuilder 2.0 - (StageLoader.php) Remote File Inclusion
Epistemon 1.0 - 'common.php inc_path' Remote File Inclusion
WebBuilder 2.0 - 'StageLoader.php' Remote File Inclusion
Flipper Poll 1.1.0 - (poll.php root_path) Remote File Inclusion
Flipper Poll 1.1.0 - 'poll.php root_path' Remote File Inclusion
Photo Galerie Standard 1.1 - (view.php) SQL Injection
Woltlab Burning Board Lite 1.0.2pl3e - (pms.php) SQL Injection
KDPics 1.11 - (exif.php lib_path) Remote File Inclusion
Flip 2.01 final - (previewtheme.php inc_path) Remote File Inclusion
Photo Galerie Standard 1.1 - 'view.php' SQL Injection
Woltlab Burning Board Lite 1.0.2pl3e - 'pms.php' SQL Injection
KDPics 1.11 - 'exif.php lib_path' Remote File Inclusion
Flip 2.01 final - 'previewtheme.php inc_path' Remote File Inclusion
SMA-DB 0.3.9 - (settings.php) Remote File Inclusion
SMA-DB 0.3.9 - 'settings.php' Remote File Inclusion
LightRO CMS 1.0 - (inhalt.php) Remote File Inclusion
LightRO CMS 1.0 - 'inhalt.php' Remote File Inclusion
AgerMenu 0.01 - (top.inc.php rootdir) Remote File Inclusion
WebMatic 2.6 - (index_album.php) Remote File Inclusion
AgerMenu 0.01 - 'top.inc.php rootdir' Remote File Inclusion
WebMatic 2.6 - 'index_album.php' Remote File Inclusion
LightRO CMS 1.0 - (index.php projectid) SQL Injection
LightRO CMS 1.0 - 'index.php projectid' SQL Injection
LushiWarPlaner 1.0 - (register.php) SQL Injection
LushiWarPlaner 1.0 - 'register.php' SQL Injection
philboard 1.14 - (philboard_forum.asp) SQL Injection
philboard 1.14 - 'philboard_forum.asp' SQL Injection
Xaran CMS 2.0 - (xarancms_haupt.php) SQL Injection
PHPCC 4.2 Beta - (nickpage.php npid) SQL Injection
Xaran CMS 2.0 - 'xarancms_haupt.php' SQL Injection
PHPCC 4.2 Beta - 'nickpage.php npid' SQL Injection
PollMentor 2.0 - (pollmentorres.asp id) SQL Injection
PollMentor 2.0 - 'pollmentorres.asp id' SQL Injection
nabopoll 1.2 - (survey.inc.php path) Remote File Inclusion
nabopoll 1.2 - 'survey.inc.php path' Remote File Inclusion
Snitz Forums 2000 3.1 SR4 - (pop_profile.asp) SQL Injection
Snitz Forums 2000 3.1 SR4 - 'pop_profile.asp' SQL Injection
Xpression News 1.0.1 - (archives.php) Remote File Disclosure
Xpression News 1.0.1 - 'archives.php' Remote File Disclosure
Ultimate Fun Book 1.02 - (function.php) Remote File Inclusion
NukeSentinel 2.5.05 - (nsbypass.php) Blind SQL Injection
NukeSentinel 2.5.05 - (nukesentinel.php) File Disclosure
Ultimate Fun Book 1.02 - 'function.php' Remote File Inclusion
NukeSentinel 2.5.05 - 'nsbypass.php' Blind SQL Injection
NukeSentinel 2.5.05 - 'nukesentinel.php' File Disclosure
Nabopoll 1.2 - (result.php surv) Blind SQL Injection
Nabopoll 1.2 - 'result.php surv' Blind SQL Injection
FlashGameScript 1.5.4 - (index.php func) Remote File Inclusion
FlashGameScript 1.5.4 - 'index.php func' Remote File Inclusion
FCRing 1.31 - (fcring.php s_fuss) Remote File Inclusion
Sinapis 2.2 Gastebuch - (sinagb.php fuss) Remote File Inclusion
Sinapis Forum 2.2 - (sinapis.php fuss) Remote File Inclusion
FCRing 1.31 - 'fcring.php s_fuss' Remote File Inclusion
Sinapis 2.2 Gastebuch - 'sinagb.php fuss' Remote File Inclusion
Sinapis Forum 2.2 - 'sinapis.php fuss' Remote File Inclusion
CS-Gallery 2.0 - (index.php album) Remote File Inclusion
CS-Gallery 2.0 - 'index.php album' Remote File Inclusion
PHP-MIP 0.1 - (top.php laypath) Remote File Inclusion
STWC-Counter 3.4.0 - (downloadcounter.php) Remote File Inclusion
Admin Phorum 3.3.1a - (del.php include_path) Remote File Inclusion
vBulletin 3.6.4 - (inlinemod.php postids) SQL Injection
Angel Lms 7.1 - (default.asp id) SQL Injection
PHP-MIP 0.1 - 'top.php laypath' Remote File Inclusion
STWC-Counter 3.4.0 - 'downloadcounter.php' Remote File Inclusion
Admin Phorum 3.3.1a - 'del.php include_path' Remote File Inclusion
vBulletin 3.6.4 - 'inlinemod.php postids' SQL Injection
Angel Lms 7.1 - 'default.asp id' SQL Injection
News-Letterman 1.1 - (eintrag.php sqllog) Remote File Inclusion
News-Letterman 1.1 - 'eintrag.php sqllog' Remote File Inclusion
AJ Dating 1.0 - (view_profile.php) SQL Injection
AJ Dating 1.0 - 'view_profile.php' SQL Injection
AJ Forum 1.0 - (topic_title.php) SQL Injection
AJ Forum 1.0 - 'topic_title.php' SQL Injection
Flat Chat 2.0 - (include online.txt) Remote Code Execution
netForo! 0.1 - (down.php file_to_download) Remote File Disclosure
Flat Chat 2.0 - 'include online.txt' Remote Code Execution
netForo! 0.1 - 'down.php file_to_download' Remote File Disclosure
Magic CMS 4.2.747 - (mysave.php) Remote File Inclusion
Magic CMS 4.2.747 - 'mysave.php' Remote File Inclusion
HC Newssystem 1.0-1.4 - (index.php ID) SQL Injection
HC Newssystem 1.0-1.4 - 'index.php ID' SQL Injection
Top Auction 1.0 - (viewcat.php) SQL Injection
Top Auction 1.0 - 'viewcat.php' SQL Injection
X-ice News System 1.0 - (devami.asp id) SQL Injection
JGBBS 3.0beta1 - (search.asp author) SQL Injection
X-ice News System 1.0 - 'devami.asp id' SQL Injection
JGBBS 3.0beta1 - 'search.asp author' SQL Injection
Woltlab Burning Board 2.x - (usergroups.php) SQL Injection
Woltlab Burning Board 2.x - 'usergroups.php' SQL Injection
Absolute Image Gallery 2.0 - (gallery.asp categoryId) SQL Injection
Absolute Image Gallery 2.0 - 'gallery.asp categoryId' SQL Injection
Creative Files 1.2 - (kommentare.php) SQL Injection
Particle Blogger 1.2.0 - (post.php postid) SQL Injection
Creative Files 1.2 - 'kommentare.php' SQL Injection
Particle Blogger 1.2.0 - 'post.php postid' SQL Injection
PHP-Stats 0.1.9.1b - (PHP-stats-options.php) Admin 2 exec() eExploit
MPM Chat 2.5 - (view.php logi) Local File Inclusion
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 exec() eExploit
MPM Chat 2.5 - 'view.php logi' Local File Inclusion
ScriptMagix Jokes 2.0 - (index.php catid) SQL Injection
ScriptMagix Recipes 2.0 - (index.php catid) SQL Injection
ScriptMagix Jokes 2.0 - 'index.php catid' SQL Injection
ScriptMagix Recipes 2.0 - 'index.php catid' SQL Injection
ScriptMagix Lyrics 2.0 - (index.php recid) SQL Injection
ScriptMagix Lyrics 2.0 - 'index.php recid' SQL Injection
PHP-Nuke Module htmltonuke 2.0alpha - (htmltonuke.php) Remote File Inclusion
PHPRaid < 3.0.7 - (rss.php PHPraid_dir) Remote File Inclusion
Monster Top List 1.4.2 - (functions.php root_path) Remote File Inclusion
PHP-Nuke Module htmltonuke 2.0alpha - 'htmltonuke.php' Remote File Inclusion
PHPRaid < 3.0.7 - 'rss.php PHPraid_dir' Remote File Inclusion
Monster Top List 1.4.2 - 'functions.php root_path' Remote File Inclusion
Digital Eye CMS 0.1.1b - (module.php) Remote File Inclusion
Digital Eye CMS 0.1.1b - 'module.php' Remote File Inclusion
ActiveBuyandSell 6.2 - (buyersend.asp catid) SQL Injection
Active Auction Pro 7.1 - (default.asp catid) SQL Injection
ActiveBuyandSell 6.2 - 'buyersend.asp catid' SQL Injection
Active Auction Pro 7.1 - 'default.asp catid' SQL Injection
Net-Side.net CMS - (index.php cms) Remote File Inclusion
Net-Side.net CMS - 'index.php cms' Remote File Inclusion
XOOPS module Articles 1.02 - (print.php id) SQL Injection
XOOPS module Articles 1.02 - 'print.php id' SQL Injection
XOOPS module Articles 1.03 - (index.php cat_id) SQL Injection
XOOPS module Articles 1.03 - 'index.php cat_id' SQL Injection
XOOPS Module Friendfinder 3.3 - (view.php id) SQL Injection
MangoBery CMS 0.5.5 - (quotes.php) Remote File Inclusion
XOOPS Module Friendfinder 3.3 - 'view.php id' SQL Injection
MangoBery CMS 0.5.5 - 'quotes.php' Remote File Inclusion
sBLOG 0.7.3 Beta - (inc/lang.php) Local File Inclusion
sBLOG 0.7.3 Beta - 'inc/lang.php' Local File Inclusion
Picture-Engine 1.2.0 - (wall.php cat) SQL Injection
Picture-Engine 1.2.0 - 'wall.php cat' SQL Injection
JSBoard 2.0.10 - (login.php table) Local File Inclusion
JSBoard 2.0.10 - 'login.php table' Local File Inclusion
XOOPS Module eCal 2.24 - (display.php) SQL Injection
BT-sondage 1.12 - (gestion_sondage.php) Remote File Inclusion
XOOPS Module eCal 2.24 - 'display.php' SQL Injection
BT-sondage 1.12 - 'gestion_sondage.php' Remote File Inclusion
XOOPS Module debaser 0.92 - (genre.php) Blind SQL Injection
XOOPS Module debaser 0.92 - 'genre.php' Blind SQL Injection
XOOPS Module Zmagazine 1.0 - (print.php) SQL Injection
XOOPS Module Zmagazine 1.0 - 'print.php' SQL Injection
XOOPS Module Rha7 Downloads 1.0 - (visit.php) SQL Injection
XOOPS Module Rha7 Downloads 1.0 - 'visit.php' SQL Injection
WebSPELL 4.01.02 - (picture.php) File Disclosure
Beryo 2.0 - (downloadpic.php chemin) Remote File Disclosure
cattaDoc 2.21 - (download2.php fn1) Remote File Disclosure
WebSPELL 4.01.02 - 'picture.php' File Disclosure
Beryo 2.0 - 'downloadpic.php chemin' Remote File Disclosure
cattaDoc 2.21 - 'download2.php fn1' Remote File Disclosure
Scorp Book 1.0 - (smilies.php config) Remote File Inclusion
Scorp Book 1.0 - 'smilies.php config' Remote File Inclusion
WitShare 0.9 - (index.php menu) Local File Inclusion
WitShare 0.9 - 'index.php menu' Local File Inclusion
Pathos CMS 0.92-2 - (warn.php) Remote File Inclusion
Pathos CMS 0.92-2 - 'warn.php' Remote File Inclusion
PHPGalleryScript 1.0 - (init.gallery.php include_class) Remote File Inclusion
PHPGalleryScript 1.0 - 'init.gallery.php include_class' Remote File Inclusion
Expow 0.8 - (autoindex.php cfg_file) Remote File Inclusion
Request It 1.0b - (index.php id) Remote File Inclusion
Chatness 2.5.3 - (options.php/save.php) Remote Code Execution
Expow 0.8 - 'autoindex.php cfg_file' Remote File Inclusion
Request It 1.0b - 'index.php id' Remote File Inclusion
Chatness 2.5.3 - 'options.php/save.php' Remote Code Execution
Pixaria Gallery 1.x - (class.Smarty.php) Remote File Inclusion
Pixaria Gallery 1.x - 'class.Smarty.php' Remote File Inclusion
CNStats 2.9 - (who_r.php bj) Remote File Inclusion
NMDeluxe 1.0.1 - (footer.php template) Local File Inclusion
CNStats 2.9 - 'who_r.php bj' Remote File Inclusion
NMDeluxe 1.0.1 - 'footer.php template' Local File Inclusion
openMairie 1.10 - (scr/soustab.php) Local File Inclusion
openMairie 1.10 - 'scr/soustab.php' Local File Inclusion
Anthologia 0.5.2 - (index.php ads_file) Remote File Inclusion
Anthologia 0.5.2 - 'index.php ads_file' Remote File Inclusion
Joomla! Component JoomlaPack 1.0.4a2 RE - (CAltInstaller.php) Remote File Inclusion
Joomla! Component JoomlaPack 1.0.4a2 RE - 'CAltInstaller.php' Remote File Inclusion
ShoutPro 1.5.2 - (shout.php) Remote Code Injection
ShoutPro 1.5.2 - 'shout.php' Remote Code Injection
AimStats 3.2 - (process.php update) Remote Code Execution
AimStats 3.2 - 'process.php update' Remote Code Execution
CreaDirectory 1.2 - (error.asp id) SQL Injection
CreaDirectory 1.2 - 'error.asp id' SQL Injection
JChit counter 1.0.0 - (imgsrv.php ac) Remote File Disclosure
JChit counter 1.0.0 - 'imgsrv.php ac' Remote File Disclosure
Joomla! 1.5.0 Beta - (pcltar.php) Remote File Inclusion
Pagode 0.5.8 - (navigator_ok.php asolute) Remote File Disclosure
Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
Pagode 0.5.8 - 'navigator_ok.php asolute' Remote File Disclosure
wavewoo 0.1.1 - (loading.php path_include) Remote File Inclusion
JulmaCMS 1.4 - (file.php) Remote File Disclosure
Ext 1.0 - (feed-proxy.php feed) Remote File Disclosure
PHPBandManager 0.8 - (index.php pg) Remote File Inclusion
PHPOracleView - (include_all.inc.php page_dir) Remote File Inclusion
wavewoo 0.1.1 - 'loading.php path_include' Remote File Inclusion
JulmaCMS 1.4 - 'file.php' Remote File Disclosure
Ext 1.0 - 'feed-proxy.php feed' Remote File Disclosure
PHPBandManager 0.8 - 'index.php pg' Remote File Inclusion
PHPOracleView - 'include_all.inc.php page_dir' Remote File Inclusion
EsForum 3.0 - (forum.php idsalon) SQL Injection
EsForum 3.0 - 'forum.php idsalon' SQL Injection
Imageview 5.3 - (fileview.php album) Local File Inclusion
The Merchant 2.2.0 - (index.php show) Remote File Inclusion
psipuss 1.0 - (editusers.php) Remote Change Admin Password
Imageview 5.3 - 'fileview.php album' Local File Inclusion
The Merchant 2.2.0 - 'index.php show' Remote File Inclusion
psipuss 1.0 - 'editusers.php' Remote Change Admin Password
Sendcard 3.4.1 - (sendcard.php form) Local File Inclusion
Sendcard 3.4.1 - 'sendcard.php form' Local File Inclusion
PStruh-CZ 1.3/1.5 - (download.asp) File Disclosure
PStruh-CZ 1.3/1.5 - 'download.asp' File Disclosure
Open Translation Engine (OTE) 0.7.8 - (header.php ote_home) Remote File Inclusion
Open Translation Engine (OTE) 0.7.8 - 'header.php ote_home' Remote File Inclusion
Censura 1.15.04 - (censura.php vendorid) SQL Injection
E-GADS! 2.2.6 - (common.php locale) Remote File Inclusion
Versado CMS 1.07 - (ajax_listado.php urlModulo) Remote File Inclusion
workbench 0.11 - (header.php path) Remote File Inclusion
Censura 1.15.04 - 'censura.php vendorid' SQL Injection
E-GADS! 2.2.6 - 'common.php locale' Remote File Inclusion
Versado CMS 1.07 - 'ajax_listado.php urlModulo' Remote File Inclusion
workbench 0.11 - 'header.php path' Remote File Inclusion
PHPtree 1.3 - (cms2.php s_dir) Remote File Inclusion
NoAh 0.9 pre 1.2 - (mfa_theme.php) Remote File Inclusion
PHPtree 1.3 - 'cms2.php s_dir' Remote File Inclusion
NoAh 0.9 pre 1.2 - 'mfa_theme.php' Remote File Inclusion
ACGVAnnu 1.3 - (acgv.php rubrik) Local File Inclusion
ACGVAnnu 1.3 - 'acgv.php rubrik' Local File Inclusion
LaVague 0.3 - (printbar.php views_path) Remote File Inclusion
LaVague 0.3 - 'printbar.php views_path' Remote File Inclusion
Miplex2 - (SmartyFU.class.php) Remote File Inclusion
Miplex2 - 'SmartyFU.class.php' Remote File Inclusion
SimpleNews 1.0.0 FINAL - (print.php news_id) SQL Injection
TutorialCMS 1.00 - (search.php search) SQL Injection
SimpleNews 1.0.0 FINAL - 'print.php news_id' SQL Injection
TutorialCMS 1.00 - 'search.php search' SQL Injection
maGAZIn 2.0 - (PHPThumb.php src) Remote File Disclosure
R2K Gallery 1.7 - (galeria.php lang2) Local File Inclusion
maGAZIn 2.0 - 'PHPThumb.php src' Remote File Disclosure
R2K Gallery 1.7 - 'galeria.php lang2' Local File Inclusion
PHP FirstPost 0.1 - (block.php Include) Remote File Inclusion
iG Shop 1.4 - (page.php) SQL Injection
PHP FirstPost 0.1 - 'block.php Include' Remote File Inclusion
iG Shop 1.4 - 'page.php' SQL Injection
Beacon 0.2.0 - (splash.lang.php) Remote File Inclusion
Beacon 0.2.0 - 'splash.lang.php' Remote File Inclusion
BlogMe 3.0 - (archshow.asp var) SQL Injection
BlogMe 3.0 - 'archshow.asp var' SQL Injection
NagiosQL 2005 2.00 - (prepend_adm.php) Remote File Inclusion
Feindt Computerservice News 2.0 - (newsadmin.php action) Remote File Inclusion
NagiosQL 2005 2.00 - 'prepend_adm.php' Remote File Inclusion
Feindt Computerservice News 2.0 - 'newsadmin.php action' Remote File Inclusion
FAQEngine 4.16.03 - (question.php questionref) SQL Injection
FAQEngine 4.16.03 - 'question.php questionref' SQL Injection
Libstats 1.0.3 - (template_csv.php) Remote File Inclusion
MolyX BOARD 2.5.0 - (index.php lang) Local File Inclusion
Libstats 1.0.3 - 'template_csv.php' Remote File Inclusion
MolyX BOARD 2.5.0 - 'index.php lang' Local File Inclusion
Dokeos 1.8.0 - (my_progress.php course) SQL Injection
Dokeos 1.6.5 - (courseLog.php scormcontopen) SQL Injection
Dokeos 1.8.0 - 'my_progress.php course' SQL Injection
Dokeos 1.6.5 - 'courseLog.php scormcontopen' SQL Injection
Webavis 0.1.1 - (class.php root) Remote File Inclusion
Webavis 0.1.1 - 'class.php root' Remote File Inclusion
My Little Forum 1.7 - (user.php id) SQL Injection
My Little Forum 1.7 - 'user.php id' SQL Injection
TROforum 0.1 - (admin.php site_url) Remote File Inclusion
TROforum 0.1 - 'admin.php site_url' Remote File Inclusion
Fundanemt 2.2.0 - (spellcheck.php) Remote Code Execution
Fundanemt 2.2.0 - 'spellcheck.php' Remote Code Execution
Madirish Webmail 2.0 - (addressbook.php) Remote File Inclusion
Madirish Webmail 2.0 - 'addressbook.php' Remote File Inclusion
Fuzzylime Forum 1.0 - (low.php topic) SQL Injection
Fuzzylime Forum 1.0 - 'low.php topic' SQL Injection
Sitellite CMS 4.2.12 - (559668.php) Remote File Inclusion
PHP::HTML 0.6.4 - (PHPhtml.php) Remote File Inclusion
PHPMyInventory 2.8 - (global.inc.php) Remote File Inclusion
Sitellite CMS 4.2.12 - '559668.php' Remote File Inclusion
PHP::HTML 0.6.4 - 'PHPhtml.php' Remote File Inclusion
PHPMyInventory 2.8 - 'global.inc.php' Remote File Inclusion
MiniBill 1.2.5 - (run_billing.php) Remote File Inclusion
MiniBill 1.2.5 - 'run_billing.php' Remote File Inclusion
LiveCMS 3.4 - (categoria.php cid) SQL Injection
LiveCMS 3.4 - 'categoria.php cid' SQL Injection
SerWeb 0.9.4 - (load_lang.php) Remote File Inclusion
Powl 0.94 - (htmledit.php) Remote File Inclusion
SerWeb 0.9.4 - 'load_lang.php' Remote File Inclusion
Powl 0.94 - 'htmledit.php' Remote File Inclusion
Pharmacy System 2.0 - (index.php ID) SQL Injection
Pharmacy System 2.0 - 'index.php ID' SQL Injection
b1gbb 2.24.0 - (footer.inc.php tfooter) Remote File Inclusion
b1gbb 2.24.0 - 'footer.inc.php tfooter' Remote File Inclusion
SiteDepth CMS 3.44 - (ShowImage.php name) File Disclosure
DreamLog 0.5 - (upload.php) Arbitrary File Upload
SiteDepth CMS 3.44 - 'ShowImage.php name' File Disclosure
DreamLog 0.5 - 'upload.php' Arbitrary File Upload
PHPSiteBackup 0.1 - (pcltar.lib.php) Remote File Inclusion
EVA-Web 1.1 <= 2.2 - (index.php3) Remote File Inclusion
PHPSiteBackup 0.1 - 'pcltar.lib.php' Remote File Inclusion
EVA-Web 1.1 <= 2.2 - 'index.php3' Remote File Inclusion
WebChat 0.78 - (login.php rid) SQL Injection
Buddy Zone 1.5 - (view_sub_cat.php cat_id) SQL Injection
WebChat 0.78 - 'login.php rid' SQL Injection
Buddy Zone 1.5 - 'view_sub_cat.php cat_id' SQL Injection
TotalCalendar 2.402 - (view_event.php) SQL Injection
XCMS 1.1 - (Galerie.php) Local File Inclusion
TotalCalendar 2.402 - 'view_event.php' SQL Injection
XCMS 1.1 - 'Galerie.php' Local File Inclusion
phpEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection
phpEventCalendar 0.2.3 - 'eventdisplay.php' SQL Injection
AV Arcade 2.1b - (index.php id) SQL Injection
PHPDirector 0.21 - (videos.php id) SQL Injection
vbzoom 1.x - (forum.php MainID) SQL Injection
AV Arcade 2.1b - 'index.php id' SQL Injection
PHPDirector 0.21 - 'videos.php id' SQL Injection
vbzoom 1.x - 'forum.php MainID' SQL Injection
Girlserv ads 1.5 - (details_news.php) SQL Injection
Girlserv ads 1.5 - 'details_news.php' SQL Injection
AsteriDex 3.0 - (callboth.php) Remote Code Execution
AsteriDex 3.0 - 'callboth.php' Remote Code Execution
vBulletin Mod RPG Inferno 2.4 - (inferno.php) SQL Injection
OpenLD 1.2.2 - (index.php id) SQL Injection
FlashBB 1.1.8 - (sendmsg.php) Remote File Inclusion
vBulletin Mod RPG Inferno 2.4 - 'inferno.php' SQL Injection
OpenLD 1.2.2 - 'index.php id' SQL Injection
FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion
PsNews 1.1 - (show.php newspath) Local File Inclusion
PsNews 1.1 - 'show.php newspath' Local File Inclusion
QuickEStore 8.2 - (insertorder.cfm) SQL Injection
QuickEStore 8.2 - 'insertorder.cfm' SQL Injection
phpBB Module SupaNav 1.0.0 - (link_main.php) Remote File Inclusion
phpBB Module SupaNav 1.0.0 - 'link_main.php' Remote File Inclusion
Blog System 1.x - (index.php news_id) SQL Injection
Blog System 1.x - 'index.php news_id' SQL Injection
Confixx Pro 3.3.1 - (saveserver.php) Remote File Inclusion
Confixx Pro 3.3.1 - 'saveserver.php' Remote File Inclusion
SimpleBlog 3.0 - (comments_get.asp id) SQL Injection
SimpleBlog 3.0 - 'comments_get.asp id' SQL Injection
paBugs 2.0 Beta 3 - (main.php cid) SQL Injection
paBugs 2.0 Beta 3 - 'main.php cid' SQL Injection
YNP Portal System 2.2.0 - (showpage.cgi p) Remote File Disclosure
YNP Portal System 2.2.0 - 'showpage.cgi p' Remote File Disclosure
FishCart 3.2 RC2 - (fc_example.php) Remote File Inclusion
Ncaster 1.7.2 - (archive.php) Remote File Inclusion
FishCart 3.2 RC2 - 'fc_example.php' Remote File Inclusion
Ncaster 1.7.2 - 'archive.php' Remote File Inclusion
Pixlie 1.7 - (pixlie.php root) Remote File Disclosure
Pixlie 1.7 - 'pixlie.php root' Remote File Disclosure
Squirrelcart 1.x.x - (cart.php) Remote File Inclusion
Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion
SomeryC 0.2.4 - (include.php skindir) Remote File Inclusion
SomeryC 0.2.4 - 'include.php skindir' Remote File Inclusion
Micro CMS 3.5 - (revert-content.php) SQL Injection
Micro CMS 3.5 - 'revert-content.php' SQL Injection
DL PayCart 1.01 - (viewitem.php ItemID) Blind SQL Injection
VWar 1.5.0 R15 - (mvcw.php) Remote File Inclusion
DL PayCart 1.01 - 'viewitem.php ItemID' Blind SQL Injection
VWar 1.5.0 R15 - 'mvcw.php' Remote File Inclusion
xGB 2.0 - (xGB.php) Remote Security Bypass
xGB 2.0 - 'xGB.php' Remote Security Bypass
PHPNS 1.1 - (shownews.php id) SQL Injection
PHPNS 1.1 - 'shownews.php id' SQL Injection
Ourspace 2.0.9 - (uploadmedia.cgi) Arbitrary File Upload
Ourspace 2.0.9 - 'uploadmedia.cgi' Arbitrary File Upload
Yvora CMS 1.0 - (error_view.php ID) SQL Injection
Yvora CMS 1.0 - 'error_view.php ID' SQL Injection
PHPOF 20040226 - (DB_adodb.class.php) Remote File Inclusion
AnyInventory 2.0 - (Environment.php) Remote File Inclusion
PHPOF 20040226 - 'DB_adodb.class.php' Remote File Inclusion
AnyInventory 2.0 - 'Environment.php' Remote File Inclusion
Webace-Linkscript 1.3 SE - (start.php) SQL Injection
RW::Download 2.0.3 lite - (index.php dlid) SQL Injection
Webace-Linkscript 1.3 SE - 'start.php' SQL Injection
RW::Download 2.0.3 lite - 'index.php dlid' SQL Injection
Sisfo Kampus 2006 - (blanko.preview.php) Local File Disclosure
Sisfo Kampus 2006 - 'blanko.preview.php' Local File Disclosure
PHPress 0.2.0 - (adisplay.php lang) Local File Inclusion
PHPress 0.2.0 - 'adisplay.php lang' Local File Inclusion
Ajax File Browser 3b - (settings.inc.php approot) Remote File Inclusion
Ajax File Browser 3b - 'settings.inc.php approot' Remote File Inclusion
JBlog 1.0 - (index.php id) SQL Injection
JBlog 1.0 - 'index.php id' SQL Injection
neuron news 1.0 - (index.php q) Local File Inclusion
neuron news 1.0 - 'index.php q' Local File Inclusion
Wordsmith 1.1b - (config.inc.php _path) Remote File Inclusion
Wordsmith 1.1b - 'config.inc.php _path' Remote File Inclusion
helplink 0.1.0 - (show.php) Remote File Inclusion
helplink 0.1.0 - 'show.php' Remote File Inclusion
Novus 1.0 - (notas.asp nota_id) SQL Injection
Novus 1.0 - 'notas.asp nota_id' SQL Injection
lustig.cms Beta 2.5 - (forum.php view) Remote File Inclusion
lustig.cms Beta 2.5 - 'forum.php view' Remote File Inclusion
Ossigeno CMS 2.2a3 - (footer.php) Remote File Inclusion
Ossigeno CMS 2.2a3 - 'footer.php' Remote File Inclusion
Picturesolution 2.1 - (config.php path) Remote File Inclusion
Picturesolution 2.1 - 'config.php path' Remote File Inclusion
xKiosk 3.0.1i - (xkurl.php PEARPATH) Remote File Inclusion
xKiosk 3.0.1i - 'xkurl.php PEARPATH' Remote File Inclusion
LimeSurvey 1.52 - (language.php) Remote File Inclusion
LimeSurvey 1.52 - 'language.php' Remote File Inclusion
emagiC CMS.Net 4.0 - (emc.asp) SQL Injection
FireConfig 0.5 - (dl.php) Remote File Disclosure
emagiC CMS.Net 4.0 - 'emc.asp' SQL Injection
FireConfig 0.5 - 'dl.php' Remote File Disclosure
Ax Developer CMS 0.1.1 - (index.php module) Local File Inclusion
GuppY 4.6.3 - (includes.inc selskin) Remote File Inclusion
Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion
scWiki 1.0 Beta 2 - (common.php pathdot) Remote File Inclusion
Ax Developer CMS 0.1.1 - 'index.php module' Local File Inclusion
GuppY 4.6.3 - 'includes.inc selskin' Remote File Inclusion
Quick and Dirty Blog (qdblog) 0.4 - 'categories.php' Local File Inclusion
scWiki 1.0 Beta 2 - 'common.php pathdot' Remote File Inclusion
Content Injector 1.52 - (index.php cat) SQL Injection
Content Injector 1.52 - 'index.php cat' SQL Injection
Amber Script 1.0 - (show_content.php id) Local File Inclusion
Amber Script 1.0 - 'show_content.php id' Local File Inclusion
project alumni 1.0.9 - (index.php act) Local File Inclusion
project alumni 1.0.9 - 'index.php act' Local File Inclusion
Web-MeetMe 3.0.3 - (play.php) Remote File Disclosure
Web-MeetMe 3.0.3 - 'play.php' Remote File Disclosure
KML share 1.1 - (region.php layer) Remote File Disclosure
KML share 1.1 - 'region.php layer' Remote File Disclosure
EZContents 1.4.5 - (index.php link) Remote File Disclosure
EZContents 1.4.5 - 'index.php link' Remote File Disclosure
PolDoc CMS 0.96 - (download_file.php) File Disclosure
PolDoc CMS 0.96 - 'download_file.php' File Disclosure
xml2owl 0.1.1 - (filedownload.php) Remote File Disclosure
xml2owl 0.1.1 - 'filedownload.php' Remote File Disclosure
Wallpaper Site 1.0.09 - (category.php) SQL Injection
Wallpaper Site 1.0.09 - 'category.php' SQL Injection
PHP ZLink 0.3 - (go.php) SQL Injection
PHP ZLink 0.3 - 'go.php' SQL Injection
ThemeSiteScript 1.0 - (index.php loadadminpage) Remote File Inclusion
ThemeSiteScript 1.0 - 'index.php loadadminpage' Remote File Inclusion
ZenPhoto 1.1.3 - (rss.php albumnr) SQL Injection
ZenPhoto 1.1.3 - 'rss.php albumnr' SQL Injection
Docebo 3.5.0.3 - (lib.regset.php) Command Execution
Docebo 3.5.0.3 - 'lib.regset.php' Command Execution
Docebo 3.5.0.3 - (lib.regset.php/non-blind) SQL Injection
Docebo 3.5.0.3 - 'lib.regset.php/non-blind' SQL Injection
Quinsonnas Mail Checker 1.55 - (footer.php) Remote File Inclusion
Quinsonnas Mail Checker 1.55 - 'footer.php' Remote File Inclusion
PHPMesFilms 1.0 - (index.php id) SQL Injection
PHPMesFilms 1.0 - 'index.php id' SQL Injection
CuteNews 1.4.6 - (ip ban) Cross-Site Scripting / Command Execution (Administrator Required)
CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution
GNUBoard 4.31.03 - (08.12.29) Local File Inclusion
GNUBoard 4.31.03 (08.12.29) - Local File Inclusion
Gazelle CMS - 'template' Local File Inclusion
Gazelle CMS 1.0 - 'template' Local File Inclusion
Social Engine - (category_id) SQL Injection
SmartSiteCMS 1.0 - (articles.php var) Blind SQL Injection
Social Engine 3.06 - 'category_id' Parameter SQL Injection
SmartSiteCMS 1.0 - Blind SQL Injection
Star Articles 6.0 - (admin.manage) Remote Contents Change
Star Articles 6.0 - Remote Contents Change
PLE CMS 1.0 Beta 4.2 - (login.php school) Blind SQL Injection
PLE CMS 1.0 Beta 4.2 - Blind SQL Injection
GNUBoard 4.31.04 - (09.01.30) Multiple Local+Remote Vulnerabilities
GNUBoard 4.31.04 (09.01.30) - Multiple Local+Remote Vulnerabilities
eVision CMS 2.0 - (field) SQL Injection
eVision CMS 2.0 - SQL Injection
phpBLASTER 1.0 RC1 - (blaster_user) Blind SQL Injection
phpBLASTER 1.0 RC1 - Blind SQL Injection
phpslash 0.8.1.1 - Remote Code Execution
PHPSlash 0.8.1.1 - Remote Code Execution
WEBalbum 2.4b - (photo.php id) Blind SQL Injection
WEBalbum 2.4b - 'photo.php id' Blind SQL Injection
PHPbbBook 1.3 - (bbcode.php l) Local File Inclusion
PHPbbBook 1.3 - 'bbcode.php l' Local File Inclusion
IF-CMS 2.0 - (frame.php id) Blind SQL Injection
IF-CMS 2.0 - 'frame.php id' Blind SQL Injection
ZeroBoardXE 1.1.5 - (09.01.22) Cross-Site Scripting
ZeroBoardXE 1.1.5 (09.01.22) - Cross-Site Scripting
Gaeste 1.6 - (gastbuch.php) Remote File Disclosure
Gaeste 1.6 - 'gastbuch.php' Remote File Disclosure
Bloggeruniverse 2.0 Beta - (editcomments.php id) SQL Injection
Den Dating 9.01 - (searchmatch.php) SQL Injection
Bloggeruniverse 2.0 Beta - 'editcomments.php id' SQL Injection
Den Dating 9.01 - 'searchmatch.php' SQL Injection
PHP Krazy Image Host Script 1.01 - (viewer.php id) SQL Injection
PHP Krazy Image Host Script 1.01 - 'viewer.php id' SQL Injection
phpBB 3 - (autopost bot mod 0.1.3) Remote File Inclusion
i-dreams Mailer 1.2 Final - (admin.dat) File Disclosure
i-dreams GB 5.4 Final - (admin.dat) File Disclosure
phpBB 3 - 'autopost bot mod 0.1.3' Remote File Inclusion
i-dreams Mailer 1.2 Final - 'admin.dat' File Disclosure
i-dreams GB 5.4 Final - 'admin.dat' File Disclosure
Osmodia Bulletin Board 1.x - (admin.txt) File Disclosure
Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure
Supernews 1.5 - (valor.php noticia) SQL Injection
X-BLC 0.2.0 - (get_read.php section) SQL Injection
Supernews 1.5 - 'valor.php noticia' SQL Injection
X-BLC 0.2.0 - 'get_read.php section' SQL Injection
SurfMyTV Script 1.0 - (view.php id) SQL Injection
SurfMyTV Script 1.0 - 'view.php id' SQL Injection
WeBid 0.7.3 RC9 - (upldgallery.php) Arbitrary File Upload
WeBid 0.7.3 RC9 - 'upldgallery.php' Arbitrary File Upload
vsp stats processor 0.45 - (gamestat.php gameID) SQL Injection
vsp stats processor 0.45 - 'gamestat.php gameID' SQL Injection
Back-End CMS 5.0 - (main.asp id) SQL Injection
Back-End CMS 5.0 - 'main.asp id' SQL Injection
GuestCal 2.1 - (index.php lang) Local File Inclusion
GuestCal 2.1 - 'index.php lang' Local File Inclusion
W2B Restaurant 1.2 - (conf.inc) Config File Disclosure
W2B Restaurant 1.2 - 'conf.inc' Config File Disclosure
NetHoteles 3.0 - (ficha.php) SQL Injection
eLitius 1.0 - (manage-admin.php) Add Admin/Change Password Exploit
NetHoteles 3.0 - 'ficha.php' SQL Injection
eLitius 1.0 - 'manage-admin.php' Add Admin/Change Password Exploit
Dokeos Lms 1.8.5 - (whoisonline.php) PHP Code Injection
Dokeos Lms 1.8.5 - 'whoisonline.php' PHP Code Injection
Flatchat 3.0 - (pmscript.php with) Local File Inclusion
Flatchat 3.0 - 'pmscript.php with' Local File Inclusion
VisionLms 1.0 - (changePW.php) Remote Password Change Exploit
VisionLms 1.0 - 'changePW.php' Remote Password Change Exploit
eLitius 1.0 - (banner-details.php id) SQL Injection
ProjectCMS 1.0b - (index.php sn) SQL Injection
eLitius 1.0 - 'banner-details.php id' SQL Injection
ProjectCMS 1.0b - 'index.php sn' SQL Injection
pecio CMS 1.1.5 - (index.php language) Local File Inclusion
pecio CMS 1.1.5 - 'index.php language' Local File Inclusion
Uguestbook 1.0b - (Guestbook.mdb) Arbitrary Database Disclosure
Uguestbook 1.0b - 'Guestbook.mdb' Arbitrary Database Disclosure
beLive 0.2.3 - (arch.php arch) Local File Inclusion
beLive 0.2.3 - 'arch.php arch' Local File Inclusion
PHPenpals 1.1 - (mail.php ID) SQL Injection
PHPenpals 1.1 - 'mail.php ID' SQL Injection
MaxCMS 2.0 - (inc/ajax.asp) SQL Injection
MaxCMS 2.0 - 'inc/ajax.asp' SQL Injection
Realty Web-Base 1.0 - (list_list.php id) SQL Injection
Realty Web-Base 1.0 - 'list_list.php id' SQL Injection
vBulletin vbBux/vbPlaza 2.x - (vbplaza.php) Blind SQL Injection
vBulletin vbBux/vbPlaza 2.x - 'vbplaza.php' Blind SQL Injection
ShaadiClone 2.0 - (addAdminmembercode.php) Add Admin
ShaadiClone 2.0 - 'addAdminmembercode.php' Add Admin
ecsportal rel 6.5 - (article_view_photo.php id) SQL Injection
ecsportal rel 6.5 - 'article_view_photo.php id' SQL Injection
Supernews 2.6 - (index.php noticia) SQL Injection
Supernews 2.6 - 'index.php noticia' SQL Injection
Movie PHP Script 2.0 - (init.php anticode) Code Execution
Movie PHP Script 2.0 - 'init.php anticode' Code Execution
VT-Auth 1.0 - (zHk8dEes3.txt) File Disclosure
VT-Auth 1.0 - 'zHk8dEes3.txt' File Disclosure
PHPWebThings 1.5.2 - (help.php module) Local File Inclusion
PHPWebThings 1.5.2 - 'help.php module' Local File Inclusion
DB Top Sites 1.0 - (index.php u) Local File Inclusion
DB Top Sites 1.0 - 'index.php u' Local File Inclusion
PHPCollegeExchange 0.1.5c - (listing_view.php itemnr) SQL Injection
PHPCollegeExchange 0.1.5c - 'listing_view.php itemnr' SQL Injection
XOOPS 2.3.3 - (.htaccess) Remote File Disclosure
PHPFK 7.03 - (page_bottom.php) Local File Inclusion
XOOPS 2.3.3 - '.htaccess' Remote File Disclosure
PHPFK 7.03 - 'page_bottom.php' Local File Inclusion
Glossword 1.8.11 - (index.php x) Local File Inclusion
Glossword 1.8.11 - 'index.php x' Local File Inclusion
LightOpenCMS 0.1 - (smarty.php cwd) Local File Inclusion
LightOpenCMS 0.1 - 'smarty.php cwd' Local File Inclusion
Messages Library 2.0 - (cat.php CatID) SQL Injection
Messages Library 2.0 - 'cat.php CatID' SQL Injection
PHP-Sugar 0.80 - (index.php t) Local File Inclusion
PHP-Sugar 0.80 - 'index.php t' Local File Inclusion
Universe CMS 1.0.6 - (vnews.php id) SQL Injection
Universe CMS 1.0.6 - 'vnews.php id' SQL Injection
Phenotype CMS 2.8 - (login.php user) Blind SQL Injection
Phenotype CMS 2.8 - 'login.php user' Blind SQL Injection
webLeague 2.2.0 - (install.php) Remote Change Password Exploit
webLeague 2.2.0 - 'install.php' Remote Change Password Exploit
VS PANEL 7.5.5 - (results.php Cat_ID) SQL Injection
VS PANEL 7.5.5 - 'results.php Cat_ID' SQL Injection
WebVision 2.1 - (news.php n) SQL Injection
WebVision 2.1 - 'news.php n' SQL Injection
Silentum Guestbook 2.0.2 - (silentum_Guestbook.php) SQL Injection
Silentum Guestbook 2.0.2 - 'silentum_Guestbook.php' SQL Injection
Basilic 1.5.13 - (index.php idAuthor) SQL Injection
Basilic 1.5.13 - 'index.php idAuthor' SQL Injection
ProjectButler 1.5.0 - (pda_projects.php offset) Remote File Inclusion
ProjectButler 1.5.0 - 'pda_projects.php offset' Remote File Inclusion
Netpet CMS 1.9 - (confirm.php language) Local File Inclusion
Netpet CMS 1.9 - 'confirm.php language' Local File Inclusion
simplePHPWeb 0.2 - (files.php) Authentication Bypass
simplePHPWeb 0.2 - 'files.php' Authentication Bypass
Discloser 0.0.4-rc2 - (index.php more) SQL Injection
Discloser 0.0.4-rc2 - 'index.php more' SQL Injection
elgg 1.5 - (/_css/js.php) Local File Inclusion
elgg 1.5 - '/_css/js.php' Local File Inclusion
In-portal 4.3.1 - (index.php env) Local File Inclusion
In-portal 4.3.1 - 'index.php env' Local File Inclusion
E CMS 1.0 - (index.php s) SQL Injection
E CMS 1.0 - 'index.php s' SQL Injection
New5starRating 1.0 - (rating.php) SQL Injection
New5starRating 1.0 - 'rating.php' SQL Injection
Moa Gallery 1.2.0 - (index.php action) SQL Injection
Moa Gallery 1.2.0 - 'index.php action' SQL Injection
PAD Site Scripts 3.6 - (list.php string) SQL Injection
PAD Site Scripts 3.6 - 'list.php string' SQL Injection
PHPSANE 0.5.0 - (save.php) Remote File Inclusion
PHPSANE 0.5.0 - 'save.php' Remote File Inclusion
Modern Script 5.0 - (index.php s) SQL Injection
Re-Script 0.99 Beta - (listings.php op) SQL Injection
Modern Script 5.0 - 'index.php s' SQL Injection
Re-Script 0.99 Beta - 'listings.php op' SQL Injection
KingCMS 0.6.0 - (menu.php) Remote File Inclusion
KingCMS 0.6.0 - 'menu.php' Remote File Inclusion
Ve-EDIT 0.1.4 - (debug_PHP.php) Local File Inclusion
Ve-EDIT 0.1.4 - 'debug_PHP.php' Local File Inclusion
OBOphiX 2.7.0 - (fonctions_racine.php) Remote File Inclusion
OBOphiX 2.7.0 - 'fonctions_racine.php' Remote File Inclusion
PHPNagios 1.2.0 - (menu.php) Local File Inclusion
PHPNagios 1.2.0 - 'menu.php' Local File Inclusion
An image Gallery 1.0 - (navigation.php) Local Directory Traversal
An image Gallery 1.0 - 'navigation.php' Local Directory Traversal
Image voting 1.0 - (index.php show) SQL Injection
Image voting 1.0 - 'index.php show' SQL Injection
Aurora CMS 1.0.2 - (install.plugin.php) Remote File Inclusion
Aurora CMS 1.0.2 - 'install.plugin.php' Remote File Inclusion
efront 3.5.4 - (database.php path) Remote File Inclusion
efront 3.5.4 - 'database.php path' Remote File Inclusion
OpenSiteAdmin 0.9.7b - (pageHeader.php path) Remote File Inclusion
OpenSiteAdmin 0.9.7b - 'pageHeader.php path' Remote File Inclusion
ActiveBuyandSell 6.2 - (buyersend.asp catid) Blind SQL Injection
ActiveBuyandSell 6.2 - 'buyersend.asp catid' Blind SQL Injection
V.H.S. Booking - (hotel_habitaciones.php HotelID) SQL Injection
V.H.S. Booking - 'hotel_habitaciones.php HotelID' SQL Injection
Datenator 0.3.0 - (event.php id) SQL Injection
Datenator 0.3.0 - 'event.php id' SQL Injection
XlentCMS 1.0.4 - (downloads.php?cat) SQL Injection
XlentCMS 1.0.4 - 'downloads.php?cat' SQL Injection
Rezervi 3.0.2 - (mail.inc.php) Remote File Inclusion
Rezervi 3.0.2 - 'mail.inc.php' Remote File Inclusion
LightOpenCMS 0.1 - (smarty.php) Remote File Inclusion
LightOpenCMS 0.1 - 'smarty.php' Remote File Inclusion
ULoki Community Forum 2.1 - (usercp.php) Cross-Site Scripting
ULoki Community Forum 2.1 - 'usercp.php' Cross-Site Scripting
PHPCOIN 1.2.1 - (mod.php) SQL Injection
PHPCOIN 1.2.1 - 'mod.php' SQL Injection
PHPCOIN 1.2.1 - (mod.php) Local File Inclusion
PHPCOIN 1.2.1 - 'mod.php' Local File Inclusion
Anantasoft Gazelle CMS - Cross-Site Request Forgery
Gazelle CMS - Cross-Site Request Forgery
SiteX CMS 0.7.4 Beta - (/photo.php) SQL Injection
SiteX CMS 0.7.4 Beta - '/photo.php' SQL Injection
FCKEditor Core - (FileManager test.html) Arbitrary File Upload (1)
FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (1)
WHMCS control (WHMCompleteSolution) - SQL Injection
WHMCompleteSolution (WHMCS) control (WHMCompleteSolution) - SQL Injection
WHMCS Control 2 - 'announcements.php' SQL Injection
WHMCompleteSolution (WHMCS) Control 2 - 'announcements.php' SQL Injection
tekno.Portal 0.1b - (makale.php id) SQL Injection
tekno.Portal 0.1b - 'makale.php id' SQL Injection
Heaven Soft CMS 4.7 - (photogallery_open.php) SQL Injection
Heaven Soft CMS 4.7 - 'photogallery_open.php' SQL Injection
Multi Vendor Mall - (itemdetail.php & shop.php) SQL Injection
Multi Vendor Mall - 'itemdetail.php & shop.php' SQL Injection
PPhlogger 2.2.5 - (trace.php) Remote Command Execution
PPhlogger 2.2.5 - 'trace.php' Remote Command Execution
Eyeland Studio Inc. - (game.php) SQL Injection
Eyeland Studio Inc. - 'game.php' SQL Injection
PHPDirector 0.30 - (videos.php) SQL Injection
PHPDirector 0.30 - 'videos.php' SQL Injection
PHPaaCMS 0.3.1 - (show.php?id=) SQL Injection
PHPaaCMS 0.3.1 - 'show.php?id=' SQL Injection
BS Business Directory - (articlesdetails.php) SQL Injection (PoC)
BS Classifieds Ads - (articlesdetails.php) SQL Injection (PoC)
BS Events Directory - (articlesdetails.php) SQL Injection (PoC)
BS Business Directory - 'articlesdetails.php' SQL Injection (PoC)
BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC)
BS Events Directory - 'articlesdetails.php' SQL Injection (PoC)
Mayasan Portal 2.0 - (makaledetay.asp) SQL Injection
Mayasan Portal 2.0 - (haberdetay.asp) SQL Injection
Mayasan Portal 2.0 - 'makaledetay.asp' SQL Injection
Mayasan Portal 2.0 - 'haberdetay.asp' SQL Injection
PhotoPost PHP 4.6.5 - (ecard.php) SQL Injection
PhotoPost PHP 4.6.5 - 'ecard.php' SQL Injection
sNews 1.7 - (index.php?category) SQL Injection
sNews 1.7 - 'index.php?category' SQL Injection
Ananta Gazelle CMS - Multiple Vulnerabilities
Gazelle CMS - Multiple Vulnerabilities
CF Image Hosting Script 1.3 - (settings.cdb) Information Disclosure
CF Image Hosting Script 1.3 - 'settings.cdb' Information Disclosure
mBlogger 1.0.04 - (viewpost.php) SQL Injection
mBlogger 1.0.04 - 'viewpost.php' SQL Injection
mBlogger 1.0.04 - (addcomment.php) Persistent Cross-Site Scripting
mBlogger 1.0.04 - 'addcomment.php' Persistent Cross-Site Scripting
Chipmunk Board 1.3 - (index.php?forumID) SQL Injection
Chipmunk Board 1.3 - 'index.php?forumID' SQL Injection
SmarterMail 7.x - (7.2.3925) LDAP Injection
SmarterMail 7.x (7.2.3925) - LDAP Injection
xWeblog 2.2 - (oku.asp?makale_id) SQL Injection
xWeblog 2.2 - (arsiv.asp tarih) SQL Injection
xWeblog 2.2 - 'oku.asp?makale_id' SQL Injection
xWeblog 2.2 - 'arsiv.asp tarih' SQL Injection
FCKEditor Core 2.x 2.4.3 - (FileManager upload.php) Arbitrary File Upload
FCKEditor Core 2.x 2.4.3 - 'FileManager upload.php' Arbitrary File Upload
WebRCSdiff 0.9 - (viewver.php) Remote File Inclusion
WebRCSdiff 0.9 - 'viewver.php' Remote File Inclusion
Ananda Real Estate 3.4 - (list.asp) Multiple SQL Injection
Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injection
SquareCMS 0.3.1 - (post.php) SQL Injection
SquareCMS 0.3.1 - 'post.php' SQL Injection
PHP-AddressBook 6.2.4 - (group.php) SQL Injection
PHP-AddressBook 6.2.4 - 'group.php' SQL Injection
Ignition 1.3 - (page.php) Local File Inclusion
Ignition 1.3 - 'page.php' Local File Inclusion
AWBS 2.9.2 - (cart.php) Blind SQL Injection
AWBS 2.9.2 - 'cart.php' Blind SQL Injection
Woltlab Burning Board 2.3.6 Addon - (hilfsmittel.php) SQL Injection
Woltlab Burning Board 2.3.6 Addon - 'hilfsmittel.php' SQL Injection
WordPress Plugin PHP Speedy 0.5.2 - (admin_container.php) Remote Code Execution
WordPress Plugin PHP Speedy 0.5.2 - 'admin_container.php' Remote Code Execution
ilchClan 1.0.5 - (regist.php) SQL Injection
ilchClan 1.0.5 - 'regist.php' SQL Injection
OrangeHRM 2.6.3 - (PluginController.php) Local File Inclusion
OrangeHRM 2.6.3 - 'PluginController.php' Local File Inclusion
Traidnt UP 2.0 - (view.php) SQL Injection
Traidnt UP 2.0 - 'view.php' SQL Injection
osCommerce 2.3.1 - (banner_manager.php) Arbitrary File Upload
osCommerce 2.3.1 - 'banner_manager.php' Arbitrary File Upload
Extcalendar 2.0b2 - (cal_search.php) SQL Injection
Extcalendar 2.0b2 - 'cal_search.php' SQL Injection
WeBid 1.0.2 - (converter.php) Remote Code Execution
WeBid 1.0.2 - 'converter.php' Remote Code Execution
FCKEditor Core - (FileManager test.html) Arbitrary File Upload (2)
FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (2)
MyBB Advanced Forum Signatures - (afsignatures-2.0.4) SQL Injection
MyBB Advanced Forum Signatures - 'afsignatures-2.0.4' SQL Injection
Ruubikcms 1.1.0 - (/extra/image.php) Local File Inclusion
Ruubikcms 1.1.0 - '/extra/image.php' Local File Inclusion
Dolphin 7.0.7 - (member_menu_queries.php) Remote PHP Code Injection
Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection
WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - (cart.php) Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure
CMSmini 0.2.2 - Local File Inclusion
CMS mini 0.2.2 - Local File Inclusion
WHMCS 3.x.x - (clientarea.php) Local File Disclosure
ZenPhoto 1.4.1.4 - (ajax_create_folder.php) Remote Code Execution
PHPMyFAQ 2.7.0 - (ajax_create_folder.php) Remote Code Execution
aidiCMS 3.55 - (ajax_create_folder.php) Remote Code Execution
WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure
ZenPhoto 1.4.1.4 - 'ajax_create_folder.php' Remote Code Execution
PHPMyFAQ 2.7.0 - 'ajax_create_folder.php' Remote Code Execution
aidiCMS 3.55 - 'ajax_create_folder.php' Remote Code Execution
WordPress Plugin Zingiri 2.2.3 - (ajax_save_name.php) Remote Code Execution
Support Incident Tracker 3.65 - (translate.php) Remote Code Execution
WordPress Plugin Zingiri 2.2.3 - 'ajax_save_name.php' Remote Code Execution
Support Incident Tracker 3.65 - 'translate.php' Remote Code Execution
FreeWebShop 2.2.9 R2 - (ajax_save_name.php) Remote Code Execution
FreeWebShop 2.2.9 R2 - 'ajax_save_name.php' Remote Code Execution
Log1 CMS 2.0 - (ajax_create_folder.php) Remote Code Execution
Log1 CMS 2.0 - 'ajax_create_folder.php' Remote Code Execution
PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (2) (Metasploit)
PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (2) (Metasploit)
Tiki Wiki CMS Groupware 8.2 - (snarf_ajax.php) Remote PHP Code Injection
Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection
Mnews 1.1 - (view.php) SQL Injection
Mnews 1.1 - 'view.php' SQL Injection
appRain CMF 0.1.5 - (Uploadify.php) Unrestricted Arbitrary File Upload
appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload
BASE 1.4.5 - (base_qry_main.php t_view) SQL Injection
BASE 1.4.5 - 'base_qry_main.php t_view' SQL Injection
Ananta Gazelle CMS - Update Statement SQL Injection
Gazelle CMS 1.0 - Update Statement SQL Injection
PHPFox 3.0.1 - (ajax.php) Remote Command Execution
PHPFox 3.0.1 - 'ajax.php' Remote Command Execution
OpenConf 4.11 - (author/edit.php) Blind SQL Injection
OpenConf 4.11 - 'author/edit.php' Blind SQL Injection
NewsAdd 1.0 - (lerNoticia.php id) SQL Injection
Supernews 2.6.1 - (noticias.php cat) SQL Injection
NewsAdd 1.0 - 'lerNoticia.php id' SQL Injection
Supernews 2.6.1 - 'noticias.php cat' SQL Injection
SN News 1.2 - (visualiza.php) SQL Injection
SN News 1.2 - 'visualiza.php' SQL Injection
PHPNet 1.8 - (ler.php) SQL Injection
PHPNet 1.8 - 'ler.php' SQL Injection
X-Cart Gold 4.5 - (products_map.php symb Parameter) Cross-Site Scripting
X-Cart Gold 4.5 - 'products_map.php symb Parameter' Cross-Site Scripting
Dell SonicWALL Scrutinizer 9.0.1 - (statusFilter.php q Parameter) SQL Injection
Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php q Parameter' SQL Injection
Symantec Web Gateway 5.0.2 - (blocked.php id Parameter) Blind SQL Injection
Symantec Web Gateway 5.0.2 - 'blocked.php id Parameter' Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - (deptUploads_data.php groupid Parameter) Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid Parameter' Blind SQL Injection
YourArcadeScript 2.4 - (index.php id Parameter) SQL Injection
YourArcadeScript 2.4 - 'index.php id Parameter' SQL Injection
vlinks 2.0.3 - (site.php id Parameter) SQL Injection
vlinks 2.0.3 - 'site.php id Parameter' SQL Injection
Blog Mod 0.1.9 - (index.php month Parameter) SQL Injection
Blog Mod 0.1.9 - 'index.php month Parameter' SQL Injection
MyBB Profile Albums Plugin 0.9 - (albums.php album Parameter) SQL Injection
MyBB Profile Albums Plugin 0.9 - 'albums.php album Parameter' SQL Injection
YeaLink IP Phone SIP-TxxP firmware 9.70.0.100 - Multiple Vulnerabilities
YeaLink IP Phone SIP-TxxP Firmware 9.70.0.100 - Multiple Vulnerabilities
Linksys WRT54GL (Firmware 4.30.15 build 2) - Multiple Vulnerabilities
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
NConf 1.3 - (detail.php detail_admin_items.php id Parameter) SQL Injection
NConf 1.3 - 'detail.php detail_admin_items.php id Parameter' SQL Injection
DataLife Engine 9.7 - (preview.php) PHP Code Injection
DataLife Engine 9.7 - 'preview.php' PHP Code Injection
AdaptCMS 2.0.4 - (config.php question Parameter) SQL Injection
AdaptCMS 2.0.4 - 'config.php question Parameter' SQL Injection
CubeCart 5.2.0 - (cubecart.class.php) PHP Object Injection
CubeCart 5.2.0 - 'cubecart.class.php' PHP Object Injection
Piwigo 2.4.6 - (install.php) Arbitrary File Read/Delete
Piwigo 2.4.6 - 'install.php' Arbitrary File Read/Delete
OpenEMR 4.1.1 - (ofc_upload_image.php) Arbitrary File Upload
OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload
PHPMyRecipes 1.2.2 - (viewrecipe.php r_id Parameter) SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id Parameter' SQL Injection
MTP Image Gallery 1.0 - (edit_photos.php title Parameter) Cross-Site Scripting
MTP Image Gallery 1.0 - 'edit_photos.php title Parameter' Cross-Site Scripting
WordPress Plugin Count Per Day 3.2.5 - (counter.php) Cross-Site Scripting
WordPress Plugin Count Per Day 3.2.5 - 'counter.php' Cross-Site Scripting
AWS Xms 2.5 - (importer.php what Parameter) Directory Traversal
Pollen CMS 0.6 - (index.php p Parameter) Local File Disclosure
AWS Xms 2.5 - 'importer.php what Parameter' Directory Traversal
Pollen CMS 0.6 - 'index.php p Parameter' Local File Disclosure
WHMCS Group Pay Plugin 1.5 - (grouppay.php hash Parameter) SQL Injection
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash Parameter' SQL Injection
WHMCS 4.x - (invoicefunctions.php id Parameter) SQL Injection
WHMCS 4.x - 'invoicefunctions.php id Parameter' SQL Injection
AVE.CMS 2.09 - (index.php module Parameter) Blind SQL Injection
AVE.CMS 2.09 - 'index.php module Parameter' Blind SQL Injection
RadioCMS 2.2 - (menager.php playlist_id Parameter) SQL Injection
RadioCMS 2.2 - 'menager.php playlist_id Parameter' SQL Injection
NEXTWEB - (i)Site 'login.asp' SQL Injection
NEXTWEB (i)Site - 'login.asp' SQL Injection
Ruubikcms 1.1.1 - (tinybrowser.php folder Parameter) Directory Traversal
Ruubikcms 1.1.1 - 'tinybrowser.php folder Parameter' Directory Traversal
Simple PHP Agenda 2.2.8 - (edit_event.php eventid Parameter) SQL Injection
Simple PHP Agenda 2.2.8 - 'edit_event.php eventid Parameter' SQL Injection
Top Games Script 1.2 - (play.php gid Parameter) SQL Injection
Top Games Script 1.2 - 'play.php gid Parameter' SQL Injection
Elemata CMS RC3.0 - (global.php id Parameter) SQL Injection
Elemata CMS RC3.0 - 'global.php id Parameter' SQL Injection
PHP-Charts 1.0 - (index.php type Parameter) Remote Code Execution
PHP-Charts 1.0 - 'index.php type Parameter' Remote Code Execution
PHPSlash 0.8.1 - article.php SQL Injection
PHPSlash 0.8.1 - 'article.php' SQL Injection
Telmanik CMS Press 1.01b - (pages.php page_name Parameter) SQL Injection
Telmanik CMS Press 1.01b - 'pages.php page_name Parameter' SQL Injection
glFusion 1.3.0 - (search.php cat_id Parameter) SQL Injection
glFusion 1.3.0 - 'search.php cat_id Parameter' SQL Injection
Vtiger CRM 5.4.0 - (index.php onlyforuser Parameter) SQL Injection
Vtiger CRM 5.4.0 - 'index.php onlyforuser Parameter' SQL Injection
XAMPP 1.8.1 - (lang.php WriteIntoLocalDisk method) Local Write Access
XAMPP 1.8.1 - 'lang.php WriteIntoLocalDisk method' Local Write Access
WHMCS 5.2.7 - SQL Injection
WHMCompleteSolution (WHMCS) 5.2.7 - SQL Injection
PHPList 2.10.2 - 'index.php' Cross-Site Scripting
phpList 2.10.2 - 'index.php' Cross-Site Scripting
Dolibarr ERP/CMS 3.4.0 - (exportcsv.php sondage Parameter) SQL Injection
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage Parameter' SQL Injection
WHMCS 5.2.8 - SQL Injection
WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection
Vanilla Forums 2.0 < 2.0.18.5 - (class.utilitycontroller.php) PHP Object Injection
Vanilla Forums 2.0 < 2.0.18.5 - 'class.utilitycontroller.php' PHP Object Injection
Project'Or RIA 3.4.0 - (objectDetail.php objectId Parameter) SQL Injection
Project'Or RIA 3.4.0 - 'objectDetail.php objectId Parameter' SQL Injection
Chamilo Lms 1.9.6 - (profile.php password0 Parameter) SQL Injection
Dokeos 2.2 RC2 - (index.php language Parameter) SQL Injection
Chamilo Lms 1.9.6 - 'profile.php password0 Parameter' SQL Injection
Dokeos 2.2 RC2 - 'index.php language Parameter' SQL Injection
WHMCS 4.x / 5.x - Multiple Web Vulnerabilities
WHMCompleteSolution (WHMCS) 4.x / 5.x - Multiple Web Vulnerabilities
SiteBar 3.3.8 - (translator.php) upd cmd Action edit Variable Arbitrary PHP Code Execution
SiteBar 3.3.8 - 'translator.php' upd cmd Action edit Variable Arbitrary PHP Code Execution
osCommerce 2.3.3.4 - (geo_zones.php zID Parameter) SQL Injection
osCommerce 2.3.3.4 - 'geo_zones.php zID Parameter' SQL Injection
Concrete5 5.6.2.1 - (index.php cID Parameter) SQL Injection
Concrete5 5.6.2.1 - 'index.php cID Parameter' SQL Injection
D-Link DIR-615 Hardware vE4 Firmware v5.10 - Cross-Site Request Forgery
D-Link DIR-615 Hardware vE4 Firmware 5.10 - Cross-Site Request Forgery
WordPress Plugin AdRotate 3.9.4 - (clicktracker.php track Parameter) SQL Injection
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php track Parameter' SQL Injection
Chipmunk Blog - members.php membername Parameter Cross-Site Scripting
Chipmunk Blog - comments.php membername Parameter Cross-Site Scripting
Chipmunk Blog - photos.php membername Parameter Cross-Site Scripting
Chipmunk Blog - archive.php membername Parameter Cross-Site Scripting
Chipmunk Blog - cat.php membername Parameter Cross-Site Scripting
Chipmunk Blog - 'members.php' Cross-Site Scripting
Chipmunk Blog - 'comments.php' Cross-Site Scripting
Chipmunk Blog - 'photos.php' Cross-Site Scripting
Chipmunk Blog - 'archive.php' Cross-Site Scripting
Chipmunk Blog - 'cat.php' Cross-Site Scripting
webERP 4.11.3 - (SalesInquiry.php SortBy Parameter) SQL Injection
webERP 4.11.3 - 'SalesInquiry.php SortBy Parameter' SQL Injection
ownCloud 4.0.x/4.5.x - (upload.php Filename Parameter) Remote Code Execution
ownCloud 4.0.x/4.5.x - 'upload.php Filename Parameter' Remote Code Execution
InterWorx Control Panel 5.0.13 build 574 - (xhr.php i Parameter) SQL Injection
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i Parameter' SQL Injection
kitForm CRM Extension 0.43 - (sorter.php sorter_value Parameter) SQL Injection
kitForm CRM Extension 0.43 - 'sorter.php sorter_value Parameter' SQL Injection
dompdf 0.6.0 - (dompdf.php read Parameter) Arbitrary File Read
dompdf 0.6.0 - 'dompdf.php read Parameter' Arbitrary File Read
ArticleFR 11.06.2014 - (data.php) Privilege Escalation
ArticleFR 11.06.2014 - 'data.php' Privilege Escalation
vBulletin 4.0.x < 4.1.2 - (search.php cat Parameter) SQL Injection
vBulletin 4.0.x < 4.1.2 - 'search.php cat Parameter' SQL Injection
Bacula-Web 5.2.10 - (joblogs.php jobid Parameter) SQL Injection
Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter' SQL Injection
net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion
net2ftp 0.98 (stable) - 'admin1.template.php' Local File Inclusion / Remote File Inclusion
Piwigo 2.6.0 - (picture.php rate Parameter) SQL Injection
Piwigo 2.6.0 - 'picture.php rate Parameter' SQL Injection
PHPMyRecipes 1.2.2 - (dosearch.php words_exact Parameter) SQL Injection
PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter' SQL Injection
Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection
Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection
PHPMyRecipes 1.2.2 - (browse.php category Parameter) SQL Injection
PHPMyRecipes 1.2.2 - 'browse.php category Parameter' SQL Injection
u5CMS 3.9.3 - (deletefile.php) Arbitrary File Deletion
u5CMS 3.9.3 - 'deletefile.php' Arbitrary File Deletion
WordPress Plugin Freshmail 1.5.8 - (shortcode.php) SQL Injection
WordPress Plugin Freshmail 1.5.8 - 'shortcode.php' SQL Injection
CreateVision CreateVision CMS - 'id' Parameter SQL Injection
CreateVision CMS - 'id' Parameter SQL Injection
PHPCollab 2.5 - (deletetopics.php) SQL Injection
PHPCollab 2.5 - 'deletetopics.php' SQL Injection
Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution
Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution
WHMCS - 'boleto_bb.php' SQL Injection
WHMCompleteSolution (WHMCS) - 'boleto_bb.php' SQL Injection
PHPList 2.10.9 - 'Sajax.php' PHP Code Injection
phpList 2.10.9 - 'Sajax.php' PHP Code Injection
WHMCompleteSolution - (WHMCS) 5.0 'KnowledgeBase.php' search Parameter Cross-Site Scripting
WHMCompleteSolution (WHMCS) 5.0 - 'KnowledgeBase.php' search Parameter Cross-Site Scripting
FCKEditor Core - (Editor 'spellchecker.php') Cross-Site Scripting
FCKEditor Core - 'Editor 'spellchecker.php'' Cross-Site Scripting
PHPList 2.10.18 - 'index.php' SQL Injection
phpList 2.10.18 - 'index.php' SQL Injection
WHMCS 4.5.2 - 'googlecheckout.php' SQL Injection
WHMCompleteSolution (WHMCS) 4.5.2 - 'googlecheckout.php' SQL Injection
SolarWinds Orion IP Address Manager - (IPAM) 'search.aspx' Cross-Site Scripting
SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting
PHP gettext 1.0.12 - (gettext.php) Unauthenticated Code Execution
PHP gettext 1.0.12 - 'gettext.php' Unauthenticated Code Execution
WHMCS Addon VMPanel 2.7.4 - SQL Injection
WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection
WD My Cloud Mirror 2.11.153 - Authentication Bypass / Remote Code Execution
MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution
2017-01-25 05:01:18 +00:00
Offensive Security
5c20fdffaa
DB: 2017-01-24
...
2 new exploits
MediaMonkey 3.2.4.1304 - (mp3) Buffer Overflow (PoC)
MediaMonkey 3.2.4.1304 - 'mp3' Buffer Overflow (PoC)
Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service
DiskSavvy Enterprise - GET Buffer Overflow (Metasploit)
OwnRS Blog 1.2 - (autor.php) SQL Injection
OwnRS Blog 1.2 - 'autor.php' SQL Injection
Mambo Component 'com_sim' 0.8 - Blind SQL Injection
Mambo Component com_sim 0.8 - Blind SQL Injection
Flax Article Manager 1.1 - 'cat_id' SQL Injection
OpenGoo 1.1 - (script_class) Local File Inclusion
EPOLL SYSTEM 3.1 - (Password.dat) Disclosure
Flax Article Manager 1.1 - 'cat_id' Parameter SQL Injection
OpenGoo 1.1 - Local File Inclusion
EPOLL SYSTEM 3.1 - 'Password.dat' Disclosure
ITLPoll 2.7 Stable2 - (index.php id) Blind SQL Injection
ITLPoll 2.7 Stable2 - Blind SQL Injection
Script Toko Online 5.01 - (shop_display_products.php) SQL Injection
Script Toko Online 5.01 - SQL Injection
Wazzum Dating Software - (userid) SQL Injection
Wazzum Dating Software - 'userid' Parameter SQL Injection
SiteXS 0.1.1 - (type) Local File Inclusion
SiteXS CMS 0.1.1 - Local File Inclusion
Joomla! Component com_flashmagazinedeluxe - (mag_id) SQL Injection
OpenX 2.6.3 - (MAX_type) Local File Inclusion
Joomla! Component ElearningForce Flash Magazine Deluxe - SQL Injection
OpenX 2.6.3 - 'MAX_type' Parameter Local File Inclusion
Community CMS 0.4 - (/index.php id) Blind SQL Injection
Community CMS 0.4 - 'id' Parameter Blind SQL Injection
2017-01-24 05:01:17 +00:00
Offensive Security
e96ad87c43
DB: 2017-01-23
...
4 new exploits
SunOS 5.11 ICMP - Denial of Service
Microsoft Power Point 2016 - Java Code Execution
NTOPNG 2.4 Web Interface - Cross-Site Request Forgery
PageKit 1.0.10 - Password Reset
2017-01-23 05:01:18 +00:00
Offensive Security
ef112ace5d
DB: 2017-01-19
...
27 new exploits
SentryHD 02.01.12e - Privilege Escalation
Linux/x86-64 - mkdir Shellcode (25 bytes)
ownrs blog beta3 - SQL Injection / Cross-Site Scripting
OwnRS blog beta3 - SQL Injection / Cross-Site Scripting
Dodo's Quiz Script 1.1 - (dodosquiz.php) Local File Inclusion
Dodo's Quiz Script 1.1 - Local File Inclusion
Mambo Component SOBI2 RC 2.8.2 - (bid) SQL Injection
Mambo Component SOBI2 RC 2.8.2 - SQL Injection
Joomla! Component com_pcchess - (game_id) Blind SQL Injection
Joomla! Component com_pcchess - Blind SQL Injection
Medical Clinic Website Script - SQL Injection
Fileserve Clone Script - Authentication Bypass
Auction Website Script - SQL Injection
Wetransfer Clone Script - Authentication Bypass
Finance Website Script - SQL Injection
Justdial Clone Script - Authentication Bypass
Business Directory Script - SQL Injection
Buy and Sell Market Place Software - SQL Injection
Dentist Website Script - SQL Injection
Manufacturer Website Design Script - SQL Injection
Micro Blog Script - SQL Injection
My Private Tutor Website Builder Script - SQL Injection
NGO Directory Script - SQL Injection
Yoga and Fitness Website Script - SQL Injection
NGO Website Script - SQL Injection
Questions and Answers Script 1.1.3 - SQL Injection
Online Mobile Recharge Script - SQL Injection
Clone of Oddee Script 1.1.3 - SQL Injection
Online Printing Business Clone Script - SQL Injection
Online Tshirt Design Script - SQL Injection
Shiksha Educational Website Script - SQL Injection
Study Abroad Educational Website Script - SQL Injection
Courier Management System - SQL Injection
Flippa Website Script - SQL Injection
B2B Script 4.27 - SQL Injection
2017-01-19 05:01:18 +00:00
Offensive Security
19000e5589
DB: 2017-01-18
...
4 new exploits
MkPortal 1.1.1 reviews / Gallery modules - SQL Injection
MKPortal 1.1.1 reviews / Gallery modules - SQL Injection
Joomla! Component GigCalendar 1.0 - SQL Injection
Joomla! Component gigCalendar 1.0 - SQL Injection
Joomla! Component RD-Autos 1.5.5 - 'id' SQL Injection
mkportal 1.2.1 - Multiple Vulnerabilities
Blue Eye CMS 1.0.0 - (clanek) Blind SQL Injection
Free Bible Search PHP Script - 'readbible.php' SQL Injection
Joomla! Component RD-Autos 1.5.5 - SQL Injection
MKPortal 1.2.1 - Multiple Vulnerabilities
Blue Eye CMS 1.0.0 - 'clanek' Parameter Blind SQL Injection
Free Bible Search PHP Script - SQL Injection
Simple PHP NewsLetter 1.5 - (olang) Local File Inclusion
Simple PHP NewsLetter 1.5 - Local File Inclusion
Joomla! Component Gigcal 1.x - 'id' SQL Injection
Joomla! Component Gigcal 1.x - 'id' Parameter SQL Injection
SCMS 1 - 'index.php p' Local File Inclusion
SCMS 1 - Local File Inclusion
Max.Blog 1.0.6 - (show_post.php) SQL Injection
Max.Blog 1.0.6 - 'show_post.php' SQL Injection
Max.Blog 1.0.6 - (submit_post.php) SQL Injection
Max.Blog 1.0.6 - (offline_auth.php) Offline Authentication Bypass
Max.Blog 1.0.6 - 'submit_post.php' SQL Injection
Max.Blog 1.0.6 - 'offline_auth.php' Offline Authentication Bypass
Joomla! Component com_simplefaq - 'catid' Blind SQL Injection
Joomla! Component com_simplefaq - 'catid' Parameter Blind SQL Injection
dirLIST - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
dirLIST 0.3.0 - Local File Inclusion
dirLIST 0.3.0 - Arbitrary File Upload
BoZoN 2.4 - Remote Code Execution
Check Box 2016 Q2 Survey - Multiple Vulnerabilities
Openexpert 0.5.17 - SQL Injection
2017-01-18 05:01:17 +00:00
Offensive Security
7c1c496c25
DB: 2017-01-17
...
11 new exploits
Nofeel FTP Server 3.6 - (CWD) Remote Memory Consumption Exploit
Nofeel FTP Server 3.6 - 'CWD' Command Remote Memory Consumption
Mozilla Firefox < 50.1.0 - Use After Free
Mozilla Firefox < 50.1.0 - Use-After-Free
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1)
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3)
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2)
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4)
Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4)
iSelect v1.4 - Local Buffer Overflow
Word Viewer OCX 3.2 - ActiveX (Save) Remote File Overwrite
Word Viewer OCX 3.2 ActiveX - (Save) Remote File Overwrite
WinaXe Plus 8.7 - Buffer Overflow
DiskBoss Enterprise - GET Buffer Overflow (Metasploit)
Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Photobase 1.2 - 'Language' Local File Inclusion
Joomla! Component Portfol - (vcatid) SQL Injection
Photobase 1.2 - 'Language' Parameter Local File Inclusion
Joomla! Component Portfol 1.2 - 'vcatid' Parameter SQL Injection
dMx READY (25 - Products) Remote Database Disclosure
dMx READY (25 - Products) - Remote Database Disclosure
Joomla! Component com_gigcal (gigcal_gigs_id) 1.0 - SQL Injection
Joomla! Component GigCalendar 1.0 - SQL Injection
HSPell 1.1 - (cilla.cgi) Remote Command Execution
HSPell 1.1 - 'cilla.cgi' Remote Command Execution
PHP Photo Album 0.8b - (index.php preview) Local File Inclusion
PHP Photo Album 0.8b - 'preview' Parameter Local File Inclusion
Huawei Flybox B660 - Cross-Site Request Forgery
Business Networking Script 8.11 - SQL Injection / Cross-Site Scripting
Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change
Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change
Image Sharing Script 4.13 - Multiple Vulnerabilities
Million Pixels 3 - Authentication Bypass
ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities
2017-01-17 05:01:17 +00:00
Offensive Security
08be47d8e2
DB: 2017-01-14
...
3 new exploits
Mozilla Firefox < 50.1.0 - Use After Free
Cisco Firepower Management Console 6.0 - Post Authentication UserAdd
QuoteBook - 'poll.inc' Remote Config File Disclosure
QuoteBook - Remote Config File Disclosure
PHP-Fusion Mod vArcade 1.8 - (comment_id) SQL Injection
Pizzis CMS 1.5.1 - (visualizza.php idvar) Blind SQL Injection
PHP-Fusion Mod vArcade 1.8 - 'comment_id' Parameter SQL Injection
Pizzis CMS 1.5.1 - Blind SQL Injection
Joomla! Component com_xevidmegahd - 'catid' SQL Injection
Joomla! Component com_xevidmegahd - SQL Injection
DZcms 3.1 - (products.php pcat) SQL Injection
DZcms 3.1 - SQL Injection
phpMDJ 1.0.3 - (id_animateur) Blind SQL Injection
XOOPS Module tadbook2 - 'open_book.php book_sn' SQL Injection
phpMDJ 1.0.3 - 'id_animateur' Parameter Blind SQL Injection
XOOPS Module tadbook2 - SQL Injection
PHP-Fusion Mod the_kroax - 'comment_id' Parameter SQL Injection
Social Engine - 'browse_classifieds.php s' SQL Injection
PHP-Fusion Mod the_kroax - SQL Injection
Social Engine - SQL Injection
Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution
2017-01-14 05:01:17 +00:00
Offensive Security
a0c8330781
DB: 2017-01-13
...
13 new exploits
SeaMonkey 1.1.14 - (marquee) Denial of Service
SeaMonkey 1.1.14 - Denial of Service
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (1)
SapLPD 7.40 - Denial of Service
CoolPlayer 2.19 - (PlaylistSkin) Buffer Overflow
CoolPlayer 2.19 - 'PlaylistSkin' Buffer Overflow
Rosoft media player 4.4.4 - Buffer Overflow (SEH) (2)
Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (2)
aSc Timetables 2017 - Buffer Overflow
Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation
Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation
Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout)
Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout)
PlaySMS 0.7 - SQL Injection
PlaySms 0.7 - SQL Injection
SAP SAPLPD 6.28 - Buffer Overflow (Metasploit)
SapLPD 6.28 - Buffer Overflow (Metasploit)
Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script (MS00-090)
phpMyFamily 1.4.0 - Authentication Bypass (SQL Injection)
phpMyFamily 1.4.0 - Authentication Bypass
ACNews 1.0 - Admin Authentication Bypass (SQL Injection)
ACNews 1.0 - Authentication Bypass
ASPThai.Net Guestbook 5.5 - (Authentication Bypass) SQL Injection
ASPThai.Net Guestbook 5.5 - Authentication Bypass
PNphpBB2 <= 1.2g - 'phpbb_root_path' Remote File Inclusion
PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion
cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion
CuteNews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion
WSN Guest 1.21 - (comments.php id) SQL Injection
WSN Guest 1.21 - 'id' Parameter SQL Injection
PNPHPBB2 <= 1.2 - (index.php c) SQL Injection
PNPHPBB2 <= 1.2 - 'index.php' SQL Injection
PNPHPBB2 <= 1.2i - viewforum.php SQL Injection
PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection
PNPHPBB2 <= 1.2i - (printview.php PHPEx) Local File Inclusion
PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion
webClassifieds 2005 - (Authentication Bypass) SQL Injection
webClassifieds 2005 - Authentication Bypass
webSPELL 4.01.02 - 'id' Remote Edit Topics
PNphpBB2 <= 12i - (ModName) Multiple Local File Inclusion
WSN Guest 1.23 - 'Search' SQL Injection
webSPELL 4.01.02 - 'id' Parameter Remote Edit Topics
PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion
WSN Guest 1.23 - 'Search' Parameter SQL Injection
Ayemsis Emlak Pro - (Authentication Bypass) SQL Injection
Ayemsis Emlak Pro - Authentication Bypass
Joomla! Component com_phocadocumentation - 'id' SQL Injection
phpauctionsystem - Cross-Site Scripting / SQL Injection
Joomla! Component com_phocadocumentation - 'id' Parameter SQL Injection
PHPAuctionSystem - Cross-Site Scripting / SQL Injection
RiotPix 0.61 - (forumid) Blind SQL Injection
RiotPix 0.61 - 'forumid' Parameter Blind SQL Injection
RiotPix 0.61 - (Authentication Bypass) SQL Injection
RiotPix 0.61 - Authentication Bypass
playSms 0.9.3 - Multiple Remote / Local File Inclusion
BlogHelper - 'common_db.inc' Remote Config File Disclosure
PollHelper - 'poll.inc' Remote Config File Disclosure
PlaySms 0.9.3 - Multiple Remote / Local File Inclusion
BlogHelper - Remote Config File Disclosure
PollHelper - Remote Config File Disclosure
Fast FAQs System - (Authentication Bypass) SQL Injection
Fast FAQs System - Authentication Bypass
Fast Guest Book - (Authentication Bypass) SQL Injection
Fast Guest Book - Authentication Bypass
BKWorks ProPHP 0.50b1 - (Authentication Bypass) SQL Injection
Weight Loss Recipe Book 3.1 - (Authentication Bypass) SQL Injection
BKWorks ProPHP 0.50b1 - Authentication Bypass
Weight Loss Recipe Book 3.1 - Authentication Bypass
Dark Age CMS 0.2c Beta - (Authentication Bypass) SQL Injection
Syzygy CMS 0.3 - (Authentication Bypass) SQL Injection
Dark Age CMS 0.2c Beta - Authentication Bypass
Syzygy CMS 0.3 - Authentication Bypass
eFAQ - (Authentication Bypass) SQL Injection
eReservations - (Authentication Bypass) SQL Injection
The Walking Club - (Authentication Bypass) SQL Injection
Ping IP - (Authentication Bypass) SQL Injection
eFAQ - Authentication Bypass
eReservations - Authentication Bypass
The Walking Club - Authentication Bypass
Ping IP - Authentication Bypass
ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection
ASP ActionCalendar 1.3 - Authentication Bypass
Click&Email - (Authentication Bypass) SQL Injection
Click&Email - Authentication Bypass
Web-Calendar Lite 1.0 - (Authentication Bypass) SQL Injection
Web-Calendar Lite 1.0 - Authentication Bypass
ClickAuction - (Authentication Bypass) SQL Injection
ClickAuction - Authentication Bypass
Netartmedia Car Portal 1.0 - (Authentication Bypass) SQL Injection
Netartmedia Car Portal 1.0 - Authentication Bypass
SalesCart - (Authentication Bypass) SQL Injection
SalesCart - Authentication Bypass
WholeHogSoftware Ware Support - (Authentication Bypass) SQL Injection
WholeHogSoftware Password Protect - (Authentication Bypass) SQL Injection
WholeHogSoftware Ware Support - Authentication Bypass
WholeHogSoftware Password Protect - Authentication Bypass
ClickCart 6.0 - (Authentication Bypass) SQL Injection
ClickCart 6.0 - Authentication Bypass
Online Grades 3.2.4 - (Authentication Bypass) SQL Injection
Online Grades 3.2.4 - Authentication Bypass
MyDesing Sayac 2.0 - (Authentication Bypass) SQL Injection
MyDesing Sayac 2.0 - Authentication Bypass
AuthPhp 1.0 - (Authentication Bypass) SQL Injection
Mynews 0_10 - (Authentication Bypass) SQL Injection
BlueBird Pre-Release - (Authentication Bypass) SQL Injection
AuthPhp 1.0 - Authentication Bypass
Mynews 0_10 - Authentication Bypass
BlueBird Pre-Release - Authentication Bypass
Grestul 1.x - Authentication Bypass (via Cookie SQL Injection)
Grestul 1.x - Authentication Bypass (Cookie SQL Injection)
XGuestBook 2.0 - (Authentication Bypass) SQL Injection
XGuestBook 2.0 - Authentication Bypass
PenPal 2.0 - (Authentication Bypass) SQL Injection
PenPal 2.0 - Authentication Bypass
BannerManager 0.81 - (Authentication Bypass) SQL Injection
BannerManager 0.81 - Authentication Bypass
Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection
Free PHP Petition Signing Script - Authentication Bypass
Simbas CMS 2.0 - (Authentication Bypass) SQL Injection
WebFileExplorer 3.1 - (Authentication Bypass) SQL Injection
Simbas CMS 2.0 - Authentication Bypass
WebFileExplorer 3.1 - Authentication Bypass
My Dealer CMS 2.0 - (Authentication Bypass) SQL Injection
My Dealer CMS 2.0 - Authentication Bypass
XEngineSoft PMS/MGS/NM/Ams 1.0 - (Authentication Bypass) SQL Injection
XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass
NetHoteles 2.0/3.0 - (Authentication Bypass) SQL Injection
NetHoteles 2.0/3.0 - Authentication Bypass
Tiny Blogr 1.0.0 rc4 - (Authentication Bypass) SQL Injection
Tiny Blogr 1.0.0 rc4 - Authentication Bypass
ClanTiger 1.1.1 - (Authentication Bypass) SQL Injection
ClanTiger 1.1.1 - Authentication Bypass
Hot Project 7.0 - (Authentication Bypass) SQL Injection
Hot Project 7.0 - Authentication Bypass
EZ Webitor - (Authentication Bypass) SQL Injection
EZ Webitor - Authentication Bypass
Creasito E-Commerce 1.3.16 - (Authentication Bypass) SQL Injection
Creasito E-Commerce 1.3.16 - Authentication Bypass
I-Rater Pro/Plantinum 4.0 - (Authentication Bypass) SQL Injection
I-Rater Pro/Plantinum 4.0 - Authentication Bypass
5 star Rating 1.2 - (Authentication Bypass) SQL Injection
5 star Rating 1.2 - Authentication Bypass
Tiger Dms - (Authentication Bypass) SQL Injection
Tiger Dms - Authentication Bypass
The Recipe Script 5 - (Authentication Bypass) SQL Injection / DB Backup
Realty Web-Base 1.0 - (Authentication Bypass) SQL Injection
Luxbum 0.5.5/stable - (Authentication Bypass) SQL Injection
The Recipe Script 5 - (Authentication Bypass) SQL Injection / Database Backup
Realty Web-Base 1.0 - Authentication Bypass
Luxbum 0.5.5/stable - Authentication Bypass
My Game Script 2.0 - (Authentication Bypass) SQL Injection
My Game Script 2.0 - Authentication Bypass
Submitter Script - (Authentication Bypass) SQL Injection
Submitter Script - Authentication Bypass
PHP Dir Submit - (Authentication Bypass) SQL Injection
PHP Dir Submit - Authentication Bypass
DM FileManager 3.9.2 - (Authentication Bypass) SQL Injection
DM FileManager 3.9.2 - Authentication Bypass
VICIDIAL 2.0.5-173 - (Authentication Bypass) SQL Injection
VICIDIAL 2.0.5-173 - Authentication Bypass
Article Directory - (Authentication Bypass) SQL Injection
Article Directory - Authentication Bypass
phpBugTracker 1.0.3 - (Authentication Bypass) SQL Injection
phpBugTracker 1.0.3 - Authentication Bypass
Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection
Zen Help Desk 2.1 - Authentication Bypass
EgyPlus 7ml 1.0.1 - (Authentication Bypass) SQL Injection
EgyPlus 7ml 1.0.1 - Authentication Bypass
Pixelactivo 3.0 - (Authentication Bypass) SQL Injection
Pixelactivo 3.0 - Authentication Bypass
MyCars Automotive - (Authentication Bypass) SQL Injection
MyCars Automotive - Authentication Bypass
Zip Store Chat 4.0/5.0 - (Authentication Bypass) SQL Injection
Zip Store Chat 4.0/5.0 - Authentication Bypass
AlumniServer 1.0.1 - (Authentication Bypass) SQL Injection
AlumniServer 1.0.1 - Authentication Bypass
ForumPal FE 1.1 - (Authentication Bypass) SQL Injection
ForumPal FE 1.1 - Authentication Bypass
Opial 1.0 - (Authentication Bypass) SQL Injection
Opial 1.0 - Authentication Bypass
webLeague 2.2.0 - (Authentication Bypass) SQL Injection
webLeague 2.2.0 - Authentication Bypass
AnotherPHPBook (APB) 1.3.0 - (Authentication Bypass) SQL Injection
AnotherPHPBook (APB) 1.3.0 - Authentication Bypass
SaphpLesson 4.0 - (Authentication Bypass) SQL Injection
SaphpLesson 4.0 - Authentication Bypass
Limny 1.01 - (Authentication Bypass) SQL Injection
Limny 1.01 - Authentication Bypass
Magician Blog 1.0 - (Authentication Bypass) SQL Injection
Magician Blog 1.0 - Authentication Bypass
AW BannerAd - (Authentication Bypass) SQL Injection
AW BannerAd - Authentication Bypass
Ajax Short URL Script - (Authentication Bypass) SQL Injection
Ajax Short URL Script - Authentication Bypass
TT Web Site Manager 0.5 - (Authentication Bypass) SQL Injection
SimpleLoginSys 0.5 - (Authentication Bypass) SQL Injection
TT Web Site Manager 0.5 - Authentication Bypass
SimpleLoginSys 0.5 - Authentication Bypass
Questions Answered 1.3 - (Authentication Bypass) SQL Injection
Questions Answered 1.3 - Authentication Bypass
Blink Blog System - (Authentication Bypass) SQL Injection
Blink Blog System - Authentication Bypass
MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection
MOC Designs PHP News 1.1 - Authentication Bypass
PHotoLa Gallery 1.0 - (Authentication Bypass) SQL Injection
PHotoLa Gallery 1.0 - Authentication Bypass
PHPCityPortal - (Authentication Bypass) SQL Injection
PHPCityPortal - Authentication Bypass
Logoshows BBS 2.0 - (Authentication Bypass) SQL Injection
Logoshows BBS 2.0 - Authentication Bypass
SmilieScript 1.0 - (Authentication Bypass) SQL Injection
SmilieScript 1.0 - Authentication Bypass
humanCMS - (Authentication Bypass) SQL Injection
humanCMS - Authentication Bypass
Three Pillars Help Desk 3.0 - (Authentication Bypass) SQL Injection
Three Pillars Help Desk 3.0 - Authentication Bypass
AdsDX 3.05 - (Authentication Bypass) SQL Injection
AdsDX 3.05 - Authentication Bypass
Nephp Publisher Enterprise 4.5 - (Authentication Bypass) SQL Injection
Nephp Publisher Enterprise 4.5 - Authentication Bypass
W3infotech - (Authentication Bypass) SQL Injection
W3infotech - Authentication Bypass
Real Estate Portal X.0 - (Authentication Bypass) SQL Injection
Real Estate Portal X.0 - Authentication Bypass
PHP Inventory 1.2 - Remote Authentication Bypass (SQL Injection)
PHP Inventory 1.2 - Authentication Bypass
SitePal 1.1 - (Authentication Bypass) SQL Injection
SitePal 1.1 - Authentication Bypass
JM CMS 1.0 <= 1.0 - (Authentication Bypass) SQL Injection
JM CMS 1.0 - Authentication Bypass
Pre Hospital Management System - (Authentication Bypass) SQL Injection
Pre Hospital Management System - Authentication Bypass
Digiappz Freekot - (Authentication Bypass) SQL Injection
Digiappz Freekot - Authentication Bypass
Omnistar Affiliate - (Authentication Bypass) SQL Injection
Omnistar Affiliate - Authentication Bypass
PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection
PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass
Advance Biz Limited 1.0 - (Authentication Bypass) SQL Injection
Advance Biz Limited 1.0 - Authentication Bypass
e-topbiz banner exchange PHP - (Authentication Bypass) SQL Injection
e-topbiz Slide Popups 1 PHP - (Authentication Bypass) SQL Injection
e-topbiz banner exchange PHP - Authentication Bypass
e-topbiz Slide Popups 1 PHP - Authentication Bypass
Freewebscript'z Games - (Authentication Bypass) SQL Injection
Freewebscript'z Games - Authentication Bypass
DZOIC Handshakes - Authentication Bypass (SQL Injection)
DZOIC Handshakes - Authentication Bypass
DZOIC ClipHouse - Authentication Bypass (SQL Injection)
DZOIC ClipHouse - Authentication Bypass
PHP Car Rental-Script - (Authentication Bypass) SQL Injection
PHP Car Rental-Script - Authentication Bypass
Zen Tracking 2.2 - (Authentication Bypass) SQL Injection
Baal Systems 3.8 - (Authentication Bypass) SQL Injection
Zen Tracking 2.2 - Authentication Bypass
Baal Systems 3.8 - Authentication Bypass
Killmonster 2.1 - (Authentication Bypass) SQL Injection
Killmonster 2.1 - Authentication Bypass
Rostermain 1.1 - (Authentication Bypass) SQL Injection
Rostermain 1.1 - Authentication Bypass
NewsLetter Tailor - (Authentication Bypass) SQL Injection
NewsLetter Tailor - Authentication Bypass
WSN Guest 1.02 - (orderlinks) SQL Injection
WSN Guest 1.02 - 'orderlinks' Parameter SQL Injection
Project Man 1.0 - (Authentication Bypass) SQL Injection
Project Man 1.0 - Authentication Bypass
Uiga Fan Club 1.0 - (Authentication Bypass) SQL Injection
Uiga Fan Club 1.0 - Authentication Bypass
HazelPress Lite 0.0.4 - (Authentication Bypass) SQL Injection
HazelPress Lite 0.0.4 - Authentication Bypass
Majoda CMS - (Authentication Bypass) SQL Injection
Majoda CMS - Authentication Bypass
4x CMS r26 - (Authentication Bypass) SQL Injection
4x CMS r26 - Authentication Bypass
Satellite-X 4.0 - (Authentication Bypass) SQL Injection
Huron CMS 8 11 2007 - (Authentication Bypass) SQL Injection
Satellite-X 4.0 - Authentication Bypass
Huron CMS 8 11 2007 - Authentication Bypass
Zyke CMS 1.1 - (Authentication Bypass) SQL Injection
Zyke CMS 1.1 - Authentication Bypass
Online University - (Authentication Bypass) SQL Injection
Online University - Authentication Bypass
Online Job Board - (Authentication Bypass) SQL Injection
Online Job Board - Authentication Bypass
JE CMS 1.0.0 - Authentication Bypass (via SQL Injection)
JE CMS 1.0.0 - Authentication Bypass
ExtCalendar2 - (Authentication Bypass/Cookie) SQL Injection
ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection
SN News 1.2 - '/admin/loger.php' Authentication Bypass (SQL Injection)
SN News 1.2 - '/admin/loger.php' Authentication Bypass
RTTucson Quotations Database Script - (Authentication Bypass) SQL Injection
RTTucson Quotations Database Script - Authentication Bypass
PlaySms - 'index.php' Cross-Site Scripting
PlaySms 0.8 - 'index.php' Cross-Site Scripting
Practico CMS 13.7 - Authentication Bypass (SQL Injection)
Practico CMS 13.7 - Authentication Bypass
Airbnb Clone Script - Arbitrary File Upload
Milw0rm Clone Script 1.0 - (Authentication Bypass) SQL Injection
Milw0rm Clone Script 1.0 - Authentication Bypass
PHPCollab CMS 2.5 - (emailusers.php) SQL Injection
PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection
My link trader 1.1 - 'id' Parameter SQL Injection
My Link Trader 1.1 - 'id' Parameter SQL Injection
b2evolution 6.8.2 - Arbitrary File Upload
Job Portal Script 9.11 - Authentication Bypass
Online Food Delivery 2.04 - Authentication Bypass
iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection
D-Link DIR-615 - Multiple Vulnerabilities
School Management Software 2.75 - SQL Injection
Penny Auction Script - Arbitrary File Upload
ECommerce-TIBSECART - Arbitrary File Upload
ECommerce-Multi-Vendor Software - Arbitrary File Upload
2017-01-13 05:01:18 +00:00
Offensive Security
3617e005f6
DB: 2017-01-12
...
16 new exploits
VMware 2.5.1 - (VMware-authd) Remote Denial of Service
VMware 2.5.1 - 'VMware-authd' Remote Denial of Service
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2)
Boxoft Wav 1.0 - Buffer Overflow
VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow
EleCard MPEG PLAYER - '.m3u' Local Stack Overflow
Elecard MPEG Player - '.m3u' Local Stack Overflow
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)
Boxoft WAV to MP3 Converter - convert Feature Buffer Overflow
Boxoft WAV to MP3 Converter - 'convert' Buffer Overflow
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)
Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout)
Firejail - Privilege Escalation
McAfee Virus Scan Enterprise for Linux - Remote Code Execution
McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
Ansible 2.1.4 / 2.2.1 - Command Execution
Eggblog < 3.07 - Remote SQL Injection / Privilege Escalation
EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation
PowerClan 1.14a - (footer.inc.php) Remote File Inclusion
PowerClan 1.14a - 'footer.inc.php' Remote File Inclusion
Eggblog 3.1.0 - Cookies SQL Injection
EggBlog 3.1.0 - Cookies SQL Injection
eggBlog 4.0 - SQL Injection
EggBlog 4.0 - SQL Injection
2Capsule - 'sticker.php id' SQL Injection
2Capsule - SQL Injection
ASPThai.Net WebBoard 6.0 - (bview.asp) SQL Injection
ASPThai.Net WebBoard 6.0 - SQL Injection
Memberkit 1.0 - Remote Arbitrary .PHP File Upload
phpScribe 0.9 - (user.cfg) Remote Config Disclosure
Memberkit 1.0 - Arbitrary File Upload
phpScribe 0.9 - 'user.cfg' Remote Config Disclosure
PowerClan 1.14a - (Authentication Bypass) SQL Injection
PowerClan 1.14a - Authentication Bypass
Webspell 4 - (Authentication Bypass) SQL Injection
webSPELL 4 - Authentication Bypass
eggBlog 4.1.1 - Local Directory Traversal
EggBlog 4.1.1 - Local Directory Traversal
Travel Portal Script Admin Password Change - Cross-Site Request Forgery
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)
eggBlog 4.1.2 - Arbitrary File Upload
EggBlog 4.1.2 - Arbitrary File Upload
Eggblog 2.0 - blog.php id Parameter SQL Injection
Eggblog 2.0 - topic.php message Parameter Cross-Site Scripting
EggBlog 2.0 - 'id' Parameter SQL Injection
EggBlog 2.0 - 'message' Parameter Cross-Site Scripting
PowerClan 1.14 - member.php SQL Injection
PowerClan 1.14 - 'member.php' SQL Injection
SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection
Dating Script 3.25 - SQL Injection
Starting Page 1.3 - SQL Injection
Starting Page 1.3 - 'linkid' Parameter SQL Injection
Starting Page 1.3 - 'category' Parameter SQL Injection
My link trader 1.1 - 'id' Parameter SQL Injection
Blackboard LMS 9.1 SP14 - Cross-Site Scripting
Huawei Flybox B660 - Cross-Site Request Forgery
Travel Portal Script 9.33 - SQL Injection
Movie Portal Script 7.35 - SQL Injection
2017-01-12 05:01:16 +00:00
Offensive Security
1b13c8a790
DB: 2017-01-11
...
6 new exploits
DiskBoss Enterprise 7.5.12 - 'POST' Buffer Overflow (SEH)
ClaSS 0.8.60 - (export.php ftype) Local File Inclusion
ClaSS 0.8.60 - 'export.php' Local File Inclusion
Miniweb 2.0 - SQL Injection (Authentication Bypass)
Miniweb 2.0 - Authentication Bypass
eDNews 2.0 - (lg) Local File Inclusion
eDContainer 2.22 - (lg) Local File Inclusion
eDNews 2.0 - Local File Inclusion
eDContainer 2.22 - Local File Inclusion
Ultimate PHP Board 2.2.1 - (log inj) Privilege Escalation
Sepcity Shopping Mall - 'shpdetails.asp ID' SQL Injection
Sepcity Lawyer Portal - 'deptdisplay.asp ID' SQL Injection
Ultimate PHP Board 2.2.1 - Privilege Escalation
Sepcity Shopping Mall - SQL Injection
Sepcity Lawyer Portal - SQL Injection
Sepcity Classified - 'classdis.asp ID' SQL Injection
FlexPHPDirectory 0.0.1 - (Authentication Bypass) SQL Injection
Flexphpsite 0.0.1 - (Authentication Bypass) SQL Injection
Flexphplink 0.0.x - (Authentication Bypass) SQL Injection
eDNews 2.0 - (eDNews_view.php newsid) SQL Injection
Sepcity Classified - 'ID' Parameter SQL Injection
FlexPHPDirectory 0.0.1 - Authentication Bypass
Flexphpsite 0.0.1 - Authentication Bypass
Flexphplink 0.0.x - Authentication Bypass
eDNews 2.0 - SQL Injection
PHPAlumni - 'Acomment.php id' SQL Injection
PHPAlumni - SQL Injection
Flexphpic 0.0.x - (Authentication Bypass) SQL Injection
Flexphpic 0.0.x - Authentication Bypass
Mole Group Vacation Estate Listing Script - (editid1) Blind SQL Injection
Mole Group Vacation Estate Listing Script - Blind SQL Injection
Friends in War Make or Break 1.3 - SQL Injection (Authentication Bypass)
Friends in War Make or Break 1.3 - Authentication Bypass
My Php Dating 2.0 - 'path' Parameter SQL Injection
My Php Dating 2.0 - 'id' Parameter SQL Injection
My PHP Dating 2.0 - 'path' Parameter SQL Injection
My PHP Dating 2.0 - 'id' Parameter SQL Injection
Friends in War Make or Break 1.7 - 'imgid' Parameter SQL Injection
Starting Page 1.3 - SQL Injection
Freepbx < 2.11.1.5 - Remote Code Execution
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation
FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)
2017-01-11 05:01:17 +00:00
Offensive Security
a1c336773a
DB: 2017-01-09
...
3 new exploits
Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing
Advanced Desktop Locker 6.0.0 - Lock Screen Bypass
DirectAdmin 1.28/1.29 - CMD_SHOW_RESELLER user Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_SHOW_USER user Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_TICKET_CREATE TYPE Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_EMAIL_FORWARDER_MODIFY user Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_TICKET type Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_EMAIL_VACATION_MODIFY user Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_EMAIL_LIST name Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_FTP_SHOW DOMAIN Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting
DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting
DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting
DirectAdmin 1.50.1 - Denial of Service
2017-01-09 05:01:15 +00:00
Offensive Security
127a1da37b
DB: 2017-01-06
...
1 new exploits
EvansFTP - (EvansFTP.ocx) Remote Buffer Overflow (PoC)
EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC)
Kaspersky 17.0.0 - Local CA root is Incorrectly Protected
Kaspersky 17.0.0 - Local CA root Incorrectly Protected
CoolPlayer 2.19 - (.Skin) Local Buffer Overflow (Python)
CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)
CUPS < 1.3.8-4 - Privilege Escalation
Evans FTP - 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution
Phpclanwebsite 1.23.1 - (par) SQL Injection
Phpclanwebsite 1.23.1 - SQL Injection
Nukedit CMS 4.9.6 - Unauthorized Admin Add
Nukedit 4.9.6 - Unauthorized Admin Add
iyzi Forum 1.0 Beta 3 - (uye_ayrinti.asp) SQL Injection
iyzi Forum 1.0 Beta 3 - SQL Injection
Liberum Help Desk 0.97.3 - (details.asp) SQL Injection
Liberum Help Desk 0.97.3 - SQL Injection
Pligg 9.9.0 - Remote Code Execution
Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
Pligg CMS 9.9.0 - Remote Code Execution
Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
CF_Auction - (forummessage) Blind SQL Injection
CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection
CF_Auction - Blind SQL Injection
CFMBLOG - 'categorynbr' Parameter Blind SQL Injection
phpAddEdit 1.3 - (editform) Local File Inclusion
phpAddEdit 1.3 - 'editform' Parameter Local File Inclusion
MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure
MyCal Personal Events Calendar - Database Disclosure
Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection
Ad Management Java - (Authentication Bypass) SQL Injection
Banner Exchange Java - (Authentication Bypass) SQL Injection
Affiliate Software Java 4.0 - Authentication Bypass
Ad Management Java - Authentication Bypass
Banner Exchange Java - Authentication Bypass
ASP-CMS 1.0 - (index.asp cha) SQL Injection
SUMON 0.7.0 - (chg.php host) Command Execution
Xpoze 4.10 - (home.html menu) Blind SQL Injection
Social Groupie - 'group_index.php id' SQL Injection
ASP-CMS 1.0 - 'cha' Parameter SQL Injection
SUMON 0.7.0 - Command Execution
Xpoze 4.10 - 'menu' Parameter Blind SQL Injection
Social Groupie - 'id' Parameter SQL Injection
Umer Inc Songs Portal Script - 'id' SQL Injection
Umer Inc Songs Portal Script - 'id' Parameter SQL Injection
ASPired2Quote - 'quote.mdb' Remote Database Disclosure
ASP-DEV Internal E-Mail System - (Authentication Bypass) SQL Injection
ASPired2Quote - Remote Database Disclosure
ASP-DEV Internal E-Mail System - Authentication Bypass
iyzi Forum 1.0b3 - (iyziforum.mdb) Database Disclosure
CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure
iyzi Forum 1.0b3 - Database Disclosure
CodeAvalanche FreeForum - Database Disclosure
FLDS 1.2a - (redir.php id) SQL Injection
FLDS 1.2a - 'redir.php' SQL Injection
Mediatheka 4.2 - (index.php lang) Local File Inclusion
Mediatheka 4.2 - 'lang' Parameter Local File Inclusion
Forest Blog 1.3.2 - (blog.mdb) Remote Database Disclosure
CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure
CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure
Forest Blog 1.3.2 - Remote Database Disclosure
CodeAvalanche Directory - Database Disclosure
CodeAvalanche FreeForAll - Database Disclosure
CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure
CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure
CodeAvalanche Articles - Database Disclosure
CodeAvalanche RateMySite - Database Disclosure
FLDS 1.2a - (lpro.php id) SQL Injection
BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit
FLDS 1.2a - 'lpro.php' SQL Injection
BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit
The Rat CMS Alpha 2 - (Authentication Bypass) SQL Injection
XOOPS Module Amevents - 'print.php id' SQL Injection
CadeNix - 'cid' SQL Injection
The Rat CMS Alpha 2 - Authentication Bypass
XOOPS Module Amevents - SQL Injection
CadeNix - SQL Injection
CFAGCMS 1 - 'right.php title' SQL Injection
CFAGCMS 1 - SQL Injection
FaScript FaUpload - 'download.php' SQL Injection
Web Wiz Guestbook 8.21 - (WWGGuestbook.mdb) DD
FLDS 1.2a - report.php (linkida) SQL Injection
FaScript FaUpload - SQL Injection
Web Wiz Guestbook 8.21 - Database Disclosure
FLDS 1.2a - 'report.php' SQL Injection
Gnews Publisher .NET - (authors.asp authorID) SQL Injection
Gnews Publisher .NET - SQL Injection
Joomla! Component Tech Article 1.x - (item) SQL Injection
TinyMCE 2.0.1 - (index.php menuID) SQL Injection
Joomla! Component Tech Article 1.x - SQL Injection
TinyMCE 2.0.1 - 'menuID' Parameter SQL Injection
QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure
QuickerSite Easy CMS - Database Disclosure
I-Rater Basic - 'messages.php' SQL Injection
I-Rater Basic - SQL Injection
Injader CMS 2.1.1 - 'id' SQL Injection
Injader CMS 2.1.1 - 'id' Parameter SQL Injection
MyPHPsite - 'index.php mod' Local File Inclusion
MyPBS - 'index.php seasonID' SQL Injection
MyPHPsite - Local File Inclusion
MyPBS - 'seasonID' Parameter SQL Injection
Extract Website - 'download.php Filename' File Disclosure
Extract Website - 'Filename' Parameter File Disclosure
FreeLyrics 1.0 - (source.php p) Remote File Disclosure
FreeLyrics 1.0 - Remote File Disclosure
Userlocator 3.0 - (y) Blind SQL Injection
Userlocator 3.0 - Blind SQL Injection
chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting
Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting
BLOG 1.55B - (image_upload.php) Arbitrary File Upload
BLOG 1.55B - 'image_upload.php' Arbitrary File Upload
RSS Simple News - 'news.php pid' SQL Injection
Text Lines Rearrange Script - 'Filename' File Disclosure
RSS Simple News - SQL Injection
Text Lines Rearrange Script - 'Filename' Parameter File Disclosure
Pligg 9.9.5b - (check_url.php url) Arbitrary File Upload / SQL Injection
Pligg 9.9.5b - Arbitrary File Upload / SQL Injection
Joomla! Component Volunteer 2.0 - (job_id) SQL Injection
Joomla! Component Volunteer 2.0 - SQL Injection
Calendar Script 1.1 - (Authentication Bypass) SQL Injection
REDPEACH CMS - (zv) SQL Injection
Calendar Script 1.1 - Authentication Bypass
REDPEACH CMS - SQL Injection
PHPLD 3.3 - (page.php name) Blind SQL Injection
PHPLD 3.3 - Blind SQL Injection
The Rat CMS Alpha 2 - 'viewarticle.php id' Blind SQL Injection
The Rat CMS Alpha 2 - Blind SQL Injection
Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
Flatnux 2009-01-27 - (Job fields) Cross-Site Scripting / Iframe Injection (PoC)
Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC)
flatnux 2009-01-27 - Remote File Inclusion
Flatnux 2009-01-27 - Remote File Inclusion
flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
Pligg 9.9.0 - (editlink.php id) Blind SQL Injection
Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection
CF Shopkart 5.3x - 'itemID' SQL Injection
CF Shopkart 5.3x - 'itemID' Parameter SQL Injection
worksimple_1.3.2 - Multiple Vulnerabilities
WorkSimple 1.3.2 - Multiple Vulnerabilities
Pligg 1.1.2 - Blind SQL Injection / Cross-Site Scripting
Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting
Constructr CMS 3.03 - MultipleRemote Vulnerabilities
Constructr CMS 3.03 - Multiple Remote Vulnerabilities
Pligg 1.1.4 - SQL Injection
Pligg CMS 1.1.4 - SQL Injection
phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1)
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)
phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2)
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2)
OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection
OneOrZero Helpdesk 1.4 - install.php Administrative Access
OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection
OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access
phpLDAPadmin 0.9.6/0.9.7 - welcome.php custom_welcome_page Variable Arbitrary File Inclusion
phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion
phpLDAPadmin 0.9.8 - compare_form.php dn Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - copy_form.php dn Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - rename_form.php dn Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - search.php scope Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - template_engine.php Multiple Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting
Pligg 9.5 - Reset Forgotten Password Security Bypass
Pligg CMS 9.5 - Reset Forgotten Password Security Bypass
Click&BaneX - Details.asp SQL Injection
Click&BaneX - 'Details.asp' SQL Injection
ChiCoMaS 2.0.4 - 'index.php' Cross-Site Scripting
Chicomas 2.0.4 - 'index.php' Cross-Site Scripting
Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass
Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass
Pligg 1.0.4 - 'search.php' Cross-Site Scripting
Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting
Pligg 2.0.1 - Multiple Vulnerabilities
Pligg CMS 2.0.1 - Multiple Vulnerabilities
Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php Multiple Function Traversal Arbitrary File Manipulation
Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation
FlatnuX CMS - controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access
FlatnuX CMS - Traversal Arbitrary File Access
Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting
Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting
2017-01-06 05:01:17 +00:00
Offensive Security
0d43a7fe09
DB: 2017-01-05
...
2 new exploits
Kaspersky 17.0.0 - Local CA root is Incorrectly Protected
XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities
XAMPP 1.7.4 - Cross-Site Scripting
phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting
phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
ASPPortal 3.1.1 - (downloadid) SQL Injection
ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection
ASPPortal 4.0.0 - (default1.asp) SQL Injection
ASPPortal 4.0.0 - 'default1.asp' SQL Injection
ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection)
ASPTicker 1.0 - Authentication Bypass
Active Photo Gallery - 'default.asp catid' SQL Injection
Active Photo Gallery - 'catid' Parameter SQL Injection
Active Trade 2 - 'default.asp catid' SQL Injection
Active Trade 2 - 'catid' Parameter SQL Injection
Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection
Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection
SailPlanner 0.3a - (Authentication Bypass) SQL Injection
Bluo CMS 1.2 - (index.php id) Blind SQL Injection
SailPlanner 0.3a - Authentication Bypass
Bluo CMS 1.2 - Blind SQL Injection
ReVou Twitter Clone - (Authentication Bypass) SQL Injection
Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection
Active Force Matrix 2 - (Authentication Bypass) SQL Injection
ASPReferral 5.3 - 'AccountID' Blind SQL Injection
ActiveVotes 2.2 - (Authentication Bypass) SQL Injection
Active Test 2.1 - (Authentication Bypass) SQL Injection
Active Websurvey 9.1 - (Authentication Bypass) SQL Injection
Active Membership 2 - (Authentication Bypass) SQL Injection
eWebquiz 8 - (Authentication Bypass) SQL Injection
Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection
Active Web Mail 4 - (Authentication Bypass) SQL Injection
Active Trade 2 - (Authentication Bypass) SQL Injection
Active Price Comparison 4 - (Authentication Bypass) SQL Injection
PHP TV Portal 2.0 - (index.php mid) SQL Injection
ReVou Twitter Clone - Authentication Bypass
Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection
Active Force Matrix 2 - Authentication Bypass
ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection
ActiveVotes 2.2 - Authentication Bypass
Active Test 2.1 - Authentication Bypass
Active Websurvey 9.1 - Authentication Bypass
Active Membership 2 - Authentication Bypass
eWebquiz 8 - Authentication Bypass
Active NewsLetter 4.3 - Authentication Bypass
Active Web Mail 4 - Authentication Bypass
Active Trade 2 - Authentication Bypass
Active Price Comparison 4 - Authentication Bypass
PHP TV Portal 2.0 - 'mid' Parameter SQL Injection
Active Price Comparison 4 - 'ProductID' Blind SQL Injection
Active Bids 3.5 - 'itemID' Blind SQL Injection
Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection
Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection
Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection
Lito Lite CMS - 'cate.php cid' SQL Injection
Active Test 2.1 - 'QuizID' Blind SQL Injection
Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection
Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection
Active Time Billing 3.2 - (Authentication Bypass) SQL Injection
Active Web Helpdesk 2 - Authentication Bypass
Lito Lite CMS - 'cid' Parameter SQL Injection
Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection
Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection
Active Photo Gallery 6.2 - Authentication Bypass
Active Time Billing 3.2 - Authentication Bypass
Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure
Quick Tree View .NET 3.1 - Database Disclosure
z1exchange 1.0 - (edit.php site) SQL Injection
z1exchange 1.0 - 'site' Parameter SQL Injection
E.Z. Poll 2 - (Authentication Bypass) SQL Injection
ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure
bcoos 1.0.13 - (viewcat.php cid) SQL Injection
PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure
E.Z. Poll 2 - Authentication Bypass
ASPPortal 3.2.5 - Database Disclosure
bcoos 1.0.13 - 'viewcat.php' SQL Injection
PacPoll 4.0 - Database Disclosure
SunByte e-Flower - 'id' SQL Injection
Rapid Classified 3.1 - (cldb.mdb) Database Disclosure
Codefixer MailingListPro (MailingList.mdb) - Database Disclosure
Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection
SunByte e-Flower - 'id' Parameter SQL Injection
Rapid Classified 3.1 - Database Disclosure
Codefixer MailingListPro - Database Disclosure
Gallery MX 2.0.0 - Blind SQL Injection
Check New 4.52 - 'findoffice.php search' SQL Injection
Joomla! Component com_jmovies 1.1 - 'id' SQL Injection
Check New 4.52 - SQL Injection
Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection
Rae Media Contact MS - (Authentication Bypass) SQL Injection
Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion
ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion
Rae Media Contact MS - Authentication Bypass
Multi SEO phpBB 1.1.0 - Remote File Inclusion
ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion
Easy News Content Management - 'News.mdb' Database Disclosure
Easy News Content Management - Database Disclosure
My Simple Forum 3.0 - (index.php action) Local File Inclusion
Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection
Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution
My Simple Forum 3.0 - Local File Inclusion
Joomla! Component mydyngallery 1.4.2 - SQL Injection
Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution
RankEm - 'rankup.asp siteID' SQL Injection
RankEm - (Authentication Bypass) SQL Injection
RankEm - 'siteID' Parameter SQL Injection
Rankem - Authentication Bypass
Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities
Cold BBS - 'cforum.mdb' Remote Database Disclosure
Tizag Countdown Creator .v.3 - Insecure Upload
Merlix Teamworx Server - File Disclosure/Bypass
Cold BBS - Remote Database Disclosure
Tizag Countdown Creator 3 - Insecure Upload
ASP PORTAL - Multiple SQL Injections
ASPTicker 1.0 - (news.mdb) Remote Database Disclosure
ASP Portal - Multiple SQL Injections
ASPTicker 1.0 - Remote Database Disclosure
ASP PORTAL - 'xportal.mdb' Remote Database Disclosure
phpPgAdmin 4.2.1 - (_language) Local File Inclusion
ASP PORTAL - Remote Database Disclosure
phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion
PayPal eStore - Admin Password Changing Exploit
Product Sale Framework 0.1b - (forum_topic_id) SQL Injection
PayPal eStore - Admin Password Change
Product Sale Framework 0.1b - SQL Injection
Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion
Mini-CMS 1.0.1 - 'index.php' Local File Inclusion
MG2 0.5.1 - 'Filename' Remote Code Execution
MG2 0.5.1 - 'filename' Parameter Remote Code Execution
dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection
Poll Pro 2.0 - (Authentication Bypass) SQL Injection
Professional Download Assistant 0.1 - Authentication Bypass
Poll Pro 2.0 - Authentication Bypass
Peel Shopping 3.1 - (index.php rubid) SQL Injection
Peel Shopping 3.1 - 'rubid' Parameter SQL Injection
ProQuiz 1.0 - (Authentication Bypass) SQL Injection
ProQuiz 1.0 - Authentication Bypass
PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion
PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion
HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution
eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation
WebMaster Marketplace - 'member.php u' SQL Injection
HTMPL 1.11 - Command Execution
EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation
WebMaster Marketplace - SQL Injection
eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)
EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)
eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation
EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation
ReVou Twitter Clone - Admin Password Changing Exploit
ReVou Twitter Clone - Admin Password Change
w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection
w3blabor CMS 3.3.0 - Authentication Bypass
rankem - File Disclosure / Cross-Site Scripting / Cookie
Rankem - File Disclosure / Cross-Site Scripting / Cookie
revou twitter clone - Cross-Site Scripting / SQL Injection
Revou Twitter Clone - Cross-Site Scripting / SQL Injection
My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution
My Simple Forum 7.1 - Remote Command Execution
Mini-CMS 1.0.1 - (page.php id) SQL Injection
Mini-CMS 1.0.1 - 'page.php' SQL Injection
Texas Rankem - 'player.asp player_id' SQL Injection
Texas Rankem - 'player_id' Parameter SQL Injection
Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection
Mini-CMS RibaFS 1.0 - Authentication Bypass
reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting
ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting
Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection
Andy's PHP KnowledgeBase 0.95.4 - SQL Injection
Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection
Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection
Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections
Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections
PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection
PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection
Texas Rankem - player.asp selPlayer Parameter SQL Injection
Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection
Texas Rankem - 'selPlayer' Parameter SQL Injection
Texas Rankem - 'tournament_id' Parameter SQL Injection
Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection
Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting
Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting
Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting
Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting
Rapid Classified 3.1 - 'viewad.asp' SQL Injection
Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting
WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection
WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection
phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting
phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting
Rapid Classified - AgencyCatResult.asp SQL Injection
Rapid Classified - 'AgencyCatResult.asp' SQL Injection
bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection
bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection
bcoos 1.0.10 - 'ratephoto.php' SQL Injection
bcoos 1.0.10 - 'ratelink.php' SQL Injection
bcoos 1.0.10 - adresses/ratefile.php SQL Injection
bcoos 1.0.10 - 'ratefile.php' SQL Injection
bcoos 1.0.13 - 'include/common.php' Remote File Inclusion
bcoos 1.0.13 - 'common.php' Remote File Inclusion
bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection
bcoos 1.0.13 - 'click.php' SQL Injection
Z1Exchange 1.0 - showads.php id Parameter SQL Injection
Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting
Z1Exchange 1.0 - 'id' Parameter SQL Injection
Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting
dotnetindex Professional Download Assistant 0.1 - SQL Injection
Professional Download Assistant 0.1 - SQL Injection
Active Bids - search.asp search Parameter Cross-Site Scripting
Active Bids - search.asp search Parameter SQL Injection
Active Bids - 'search' Parameter Cross-Site Scripting
Active Bids - 'search' Parameter SQL Injection
eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting
EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting
Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting
2017-01-05 05:01:17 +00:00
Offensive Security
bac881f89a
DB: 2017-01-03
...
3 new exploits
QNAP NAS Devices - Heap Overflow
Castle Rock Computing SNMPc 7.0.19 - Community String Stack Based Buffer Overflow
Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH)
PHPFanBase 2.x - (protection.php) Remote File Inclusion
PHPFanBase 2.x - 'protection.php' Remote File Inclusion
DigiAffiliate 1.4 - (visu_user.asp id) SQL Injection
DigiAffiliate 1.4 - 'id' Parameter SQL Injection
ExoPHPDesk 1.2.1 - (faq.php) SQL Injection
ExoPHPDesk 1.2.1 - 'faq.php' SQL Injection
MiniGal b13 - (image backdoor) Remote Code Execution
MiniGal b13 - Remote Code Execution
PHP Auto Listings - 'moreinfo.php pg' SQL Injection
Pre Simple CMS - SQL Injection (Authentication Bypass)
PHP Auto Listings - 'pg' Parameter SQL Injection
Pre Simple CMS - Authentication Bypass
Harlandscripts drinks - (recid) SQL Injection
Harlandscripts drinks - 'recid' Parameter SQL Injection
Mole Group Taxi Calc Dist Script - (Authentication Bypass) SQL Injection
Mole Group Taxi Calc Dist Script - Authentication Bypass
DevelopItEasy Membership System 1.3 - (Authentication Bypass) SQL Injection
DevelopItEasy Membership System 1.3 - Authentication Bypass
NICE FAQ Script - (Authentication Bypass) SQL Injection
NICE FAQ Script - Authentication Bypass
SoftComplex PHP Image Gallery 1.0 - (Authentication Bypass) SQL Injection
SoftComplex PHP Image Gallery 1.0 - Authentication Bypass
DELTAScripts PHP Classifieds 7.5 - (Authentication Bypass) SQL Injection
DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection
DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection
SoftComplex PHP Image Gallery - (ctg) SQL Injection
DELTAScripts PHP Classifieds 7.5 - Authentication Bypass
DELTAScripts PHP Links 1.3 - Authentication Bypass
DELTAScripts PHP Shop 1.0 - Authentication Bypass
SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection
TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection
Mole Group Pizza - (manufacturers_id) Script SQL Injection
TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection
Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection
E-topbiz Online Store 1 - (Authentication Bypass) SQL Injection
PHP Auto Listings Script - (Authentication Bypass) SQL Injection
Mole Group Rental Script - (Authentication Bypass) SQL Injection
MyioSoft Ajax Portal 3.0 - (Authentication Bypass) SQL Injection
MyioSoft EasyBookMarker - (Authentication Bypass) SQL Injection
MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection
E-topbiz Online Store 1 - Authentication Bypass
PHP Auto Listings Script - Authentication Bypass
Mole Group Rental Script - Authentication Bypass
MyioSoft Ajax Portal 3.0 - Authentication Bypass
MyioSoft EasyBookMarker 4.0 - Authentication Bypass
MyioSoft EasyCalendar - Authentication Bypass
E-topbiz Online Store 1 - 'cat_id' SQL Injection
E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection
Myiosoft EasyBookMarker 4 - (Parent) SQL Injection
Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection
Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion
V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection
Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion
V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass
DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection
Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection
DigiAffiliate 1.4 - Authentication Bypass
Mole Group Airline Ticket Script - Authentication Bypass
ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection
ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection
ExoPHPDesk 1.2 Final - Authentication Bypass
ZEEMATRI 3.0 - 'adid' Parameter SQL Injection
Joomla! Component com_books - (book_id) SQL Injection
Joomla! Component com_books - 'book_id' Parameter SQL Injection
Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection
Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection
PozScripts Business Directory Script - 'cid' SQL Injection
PozScripts Business Directory Script - 'cid' Parameter SQL Injection
Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection
Quick Poll Script - 'code.php id' SQL Injection
Alstrasoft Web Host Directory - Authentication Bypass
Quick Poll Script - 'id' Parameter SQL Injection
Bankoi Webhost Panel 1.20 - (Authentication Bypass) SQL Injection
Bankoi Webhost Panel 1.20 - Authentication Bypass
Minigal b13 - 'index.php list' Remote File Disclosure
yahoo answers - 'id' SQL Injection
Minigal b13 - Remote File Disclosure
yahoo answers - 'id' Parameter SQL Injection
PHPstore Wholesale - 'track.php?id' SQL Injection
PHPstore Wholesale - 'id' Parameter SQL Injection
E-topbiz ADManager 4 - (group) Blind SQL Injection
E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection
PHPfan 3.3.4 - (init.php includepath) Remote File Inclusion
Jadu Galaxies - 'categoryId' Blind SQL Injection
PHPfan 3.3.4 - 'init.php' Remote File Inclusion
Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection
MemHT Portal 4.0.1 - (avatar) Remote Code Execution
MemHT Portal 4.0.1 - Remote Code Execution
MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit
MemHT Portal 4.0.1 - Delete All Private Messages Exploit
MyioSoft Ajax Portal 3.0 - (page) SQL Injection
MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection
X10media Mp3 Search Engine < 1.6.2 Admin Access
X10media Mp3 Search Engine < 1.6.2 - Admin Access
Arab Portal 2.2 - (Authentication Bypass) SQL Injection
Arab Portal 2.2 - Authentication Bypass
Arab Portal 2.x - (forum.php qc) SQL Injection
Arab Portal 2.x - 'forum.php' SQL Injection
Arab Portal 2.2 - (mod.php module) Local File Inclusion
Arab Portal 2.2 - 'mod.php' Local File Inclusion
Collabtive - SQL Injection
Collabtive 0.65 - SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection
All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation
All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation
Collabtive 1.0 - (manageuser.php task Parameter) SQL Injection
Collabtive 1.0 - 'manageuser.php' SQL Injection
Arab Portal 2.0 - Link.php SQL Injection
Arab Portal 2.0 - 'Link.php' SQL Injection
Arab Portal System 2.0 - online.php title Parameter Cross-Site Scripting
Arab Portal System 2.0 - download.php title Parameter Cross-Site Scripting
Arab Portal 2.0 - 'online.php' Cross-Site Scripting
Arab Portal 2.0 - 'download.php' Cross-Site Scripting
ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion
ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion
Collabtive 1.1 - (managetimetracker.php id Parameter) SQL Injection
Collabtive 1.1 - 'managetimetracker.php' SQL Injection
Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution
2017-01-03 05:01:17 +00:00
Offensive Security
6a202bbb97
DB: 2016-12-27
...
4 new exploits
Serv-U FTP Server < 5.2 - Remote Denial of Service
RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service
Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service
RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service
Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service
RhinoSoft Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service
FTPShell Server 6.36 - '.csv' Local Denial of Service
Serv-U FTP Server 3.x < 5.x - Privilege Escalation
RhinoSoft Serv-U FTP Server 3.x < 5.x - Privilege Escalation
Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation
Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit
RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit
Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal
Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal
IndexScript 2.8 - (show_cat.php cat_id) SQL Injection
IndexScript 2.8 - 'cat_id' Parameter SQL Injection
GForge < 4.6b2 - (skill_delete) SQL Injection
GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection
torrenttrader classic 1.07 - Multiple Vulnerabilities
TorrentTrader Classic 1.07 - Multiple Vulnerabilities
Camera Life 2.6.2 - 'id' SQL Injection
Camera Life 2.6.2 - 'id' Parameter SQL Injection
Full PHP Emlak Script - 'arsaprint.php id' SQL Injection
Full PHP Emlak Script - 'arsaprint.php' SQL Injection
CCMS 3.1 - (skin) Multiple Local File Inclusion
CCMS 3.1 - 'skin' Parameter Local File Inclusion
JMweb - Multiple (src) Local File Inclusion
JMweb - 'src' Parameter Local File Inclusion
geccBBlite 2.0 - (leggi.php id) SQL Injection
geccBBlite 2.0 - 'id' Parameter SQL Injection
PHP-Fusion Mod raidtracker_panel - (INFO_RAID_ID) SQL Injection
PHP-Fusion Mod recept - (kat_id) SQL Injection
PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection
PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection
Yerba SACphp 6.3 - (mod) Local File Inclusion
Yerba SACphp 6.3 - Local File Inclusion
Joomla! Component com_hotspots - (w) SQL Injection
Joomla! Component com_hotspots - SQL Injection
PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection
PHP Auto Dealer 2.7 - (view_cat.php v_cat) SQL Injection
PHP Autos 2.9.1 - (searchresults.php catid) SQL Injection
Built2Go PHP Realestate 1.5 - (event_detail.php) SQL Injection
PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection
PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection
PHP Autos 2.9.1 - 'catid' Parameter SQL Injection
Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection
AdMan 1.1.20070907 - 'campaignId' SQL Injection
AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection
Gforge 4.5.19 - Multiple SQL Injections
Gforge 4.6 rc1 - (skill_edit) SQL Injection
GForge 4.5.19 - Multiple SQL Injections
Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection
camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting
Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting
IranMC Arad Center - 'news.php id' SQL Injection
IranMC Arad Center - SQL Injection
Ayco Okul Portali - (linkid) SQL Injection (tr)
Ayco Okul Portali - 'linkid' Parameter SQL Injection
Easynet4u faq Host - 'faq.php faq' SQL Injection
Easynet4u faq Host - 'faq.php' SQL Injection
MunzurSoft Wep Portal W3 - (kat) SQL Injection
Easynet4u Link Host - 'cat_id' SQL Injection
SlimCMS 1.0.0 - (redirect.php) Privilege Escalation
Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection
MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection
Easynet4u Link Host - 'cat_id' Parameter SQL Injection
SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation
Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection
Real Estate Scripts 2008 - 'index.php cat' SQL Injection
Real Estate Scripts 2008 - 'cat' Parameter SQL Injection
ParsBlogger - 'links.asp id' SQL Injection
IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection
ParsBlogger - 'links.asp' SQL Injection
IndexScript 3.0 - 'parent_id' Parameter SQL Injection
XOOPS Module xhresim - 'index.php no' SQL Injection
XOOPS Module xhresim - SQL Injection
SezHoo 0.1 - (IP) Remote File Inclusion
SezHoo 0.1 - Remote File Inclusion
torrenttrader classic 1.09 - Multiple Vulnerabilities
TorrentTrader Classic 1.09 - Multiple Vulnerabilities
AdaptCMS Lite 1.5 2009-07-07 - Exploit
AdaptCMS Lite 1.5 - Arbitrary Add Admin
Absolute Poll Manager XE 4.1 - xlaapmview.asp Cross-Site Scripting
Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting
GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting
GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting
OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting
OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - DomainConfig.do Operation Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting
Joomla! Component Blog Calendar - SQL Injection
PHPMailer 5.2.17 - Remote Code Execution
2016-12-27 05:01:16 +00:00
Offensive Security
af66bcd9e5
DB: 2016-12-26
...
1 new exploits
XAMPP Control Panel - Denial Of Service
2016-12-26 05:01:17 +00:00
Offensive Security
26b1e8b6ad
DB: 2016-12-23
...
10 new exploits
Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056)
Microsoft Internet Explorer 11 MSHTML - CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035)
Microsoft Internet Explorer 11 - MSHTML CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035)
macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution
macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free
macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free
macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement
macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement
IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation
Vesta Control Panel 0.9.8-16 - Local Privilege Escalation
macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free
macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation
PHP iCalendar 2.21 - (publish.ical.php) Remote Code Execution
PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution
CzarNews 1.14 - (tpath) Remote File Inclusion
CzarNews 1.14 - 'tpath' Parameter Remote File Inclusion
N/X WCMS 4.1 - (nxheader.inc.php) Remote File Inclusion
N/X WCMS 4.1 - 'nxheader.inc.php' Remote File Inclusion
Powies pForum 1.29a - (editpoll.php) SQL Injection
Powies pForum 1.29a - 'editpoll.php' SQL Injection
AssetMan 2.4a - (download_pdf.php) Remote File Disclosure
AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure
Orion-Blog 2.0 - (AdminBlogNewsEdit.asp) Remote Authentication Bypass
Orion-Blog 2.0 - Remote Authentication Bypass
Ol BookMarks Manager 0.7.4 - (root) Remote File Inclusion
Ol BookMarks Manager 0.7.4 - 'root' Parameter Remote File Inclusion
AdminBot 9.0.5 - (live_status.lib.php ROOT) Remote File Inclusion
AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion
WSN Links Basic Edition - (displaycat catid) SQL Injection
WSN Links Basic Edition - 'catid' Parameter SQL Injection
phpRealty 0.02 - (MGR) Multiple Remote File Inclusion
phpRealty 0.02 - 'MGR' Parameter Multiple Remote File Inclusion
jPORTAL 2 - mailer.php SQL Injection
jPORTAL 2.3.1 - articles.php SQL Injection
jPORTAL 2 - 'mailer.php' SQL Injection
jPORTAL 2.3.1 - 'articles.php' SQL Injection
AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection
AvailScript Jobs Portal Script - 'jid' Parameter SQL Injection
PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion
PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion
D-iscussion Board 3.01 - (topic) Local File Inclusion
D-iscussion Board 3.01 - 'topic' Parameter Local File Inclusion
PhpWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection
PhpWebGallery 1.3.4 - Blind SQL Injection
pForum 1.30 - (showprofil.php id) SQL Injection
WebPortal CMS 0.7.4 - (download.php aid) SQL Injection
iBoutique 4.0 - (cat) SQL Injection
SkaLinks 1.5 - (register.php) Arbitrary Add Editor
vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection
pForum 1.30 - 'showprofil.php' SQL Injection
WebPortal CMS 0.7.4 - 'download.php' SQL Injection
iBoutique 4.0 - 'cat' Parameter SQL Injection
SkaLinks 1.5 - 'register.php' Arbitrary Add Editor
vbLOGIX Tutorial Script 1.0 - 'cat_id' Parameter SQL Injection
pLink 2.07 - (linkto.php id) Blind SQL Injection
pLink 2.07 - 'linkto.php' Blind SQL Injection
FoT Video scripti 1.1b - (oyun) SQL Injection
FoT Video scripti 1.1b - 'oyun' Parameter SQL Injection
Pre Real Estate Listings - 'search.php c' SQL Injection
Pre Real Estate Listings - 'search.php' SQL Injection
iScripts EasyIndex - (produid) SQL Injection
iScripts EasyIndex - 'produid' Parameter SQL Injection
Hotel Reservation System - 'city.asp city' Blind SQL Injection
phpRealty 0.3 - (INC) Remote File Inclusion
PHP Crawler 0.8 - (footer) Remote File Inclusion
Technote 7 - (shop_this_skin_path) Remote File Inclusion
Hotel Reservation System - 'city.asp' Blind SQL Injection
phpRealty 0.3 - 'INC' Parameter Remote File Inclusion
PHP Crawler 0.8 - Remote File Inclusion
Technote 7 - 'shop_this_skin_path' Parameter Remote File Inclusion
E-PHP CMS - 'article.php es_id' SQL Injection
addalink 4 - 'category_id' SQL Injection
ProArcadeScript 1.3 - (random) SQL Injection
CYASK 3.x - (collect.php neturl) Local File Disclosure
Diesel Joke Site - 'picture_category.php id' SQL Injection
ProActive CMS - 'template' Local File Inclusion
E-PHP CMS - 'article.php' SQL Injection
addalink 4 - 'category_id' Parameter SQL Injection
ProArcadeScript 1.3 - 'random' Parameter SQL Injection
CYASK 3.x - 'neturl' Parameter Local File Disclosure
Diesel Joke Site - 'picture_category.php' SQL Injection
ProActive CMS - 'template' Parameter Local File Inclusion
Diesel Pay Script - (area) SQL Injection
Plaincart 1.1.2 - (p) SQL Injection
Oceandir 2.9 - (show_vote.php id) SQL Injection
jPORTAL 2 - 'humor.php id' SQL Injection
Diesel Pay Script - 'area' Parameter SQL Injection
Plaincart 1.1.2 - 'p' Parameter SQL Injection
Oceandir 2.9 - 'show_vote.php' SQL Injection
jPORTAL 2 - 'humor.php' SQL Injection
Diesel Job Site - (job_id) Blind SQL Injection
Diesel Job Site - 'job_id' Parameter Blind SQL Injection
e107 Plugin Image Gallery 0.9.6.2 - (image) SQL Injection
e107 Plugin Image Gallery 0.9.6.2 - SQL Injection
WSN Links 2.22/2.23 - (vote.php) SQL Injection
WSN Links 2.22/2.23 - 'vote.php' SQL Injection
BuzzyWall 1.3.1 - (search.php search) SQL Injection
WCMS 1.0b - (news_detail.asp id) SQL Injection
BuzzyWall 1.3.1 - 'search' Parameter SQL Injection
WCMS 1.0b - 'news_detail.asp' SQL Injection
OpenElec 3.01 - (form.php obj) Local File Inclusion
OpenElec 3.01 - 'obj' Parameter Local File Inclusion
basebuilder 2.0.1 - (main.inc.php) Remote File Inclusion
Fez 1.3/2.0 RC1 - (list.php) SQL Injection
basebuilder 2.0.1 - 'main.inc.php' Remote File Inclusion
Fez 1.3/2.0 RC1 - 'list.php' SQL Injection
OpenRat 0.8-beta4 - (tpl_dir) Remote File Inclusion
Sofi WebGui 0.6.3 PRE - (mod_dir) Remote File Inclusion
OpenRat 0.8-beta4 - 'tpl_dir' Parameter Remote File Inclusion
Sofi WebGui 0.6.3 PRE - 'mod_dir' Parameter Remote File Inclusion
JETIK-WEB Software - 'sayfa.php kat' SQL Injection
JETIK-WEB Software - 'kat' Parameter SQL Injection
WebPortal CMS 0.7.4 - (code) Remote Code Execution
HotScripts Clone - 'cid' SQL Injection
WebPortal CMS 0.7.4 - 'code' Parameter Remote Code Execution
HotScripts Clone - 'cid' Parameter SQL Injection
emergecolab 1.0 - (sitecode) Local File Inclusion
mailwatch 1.0.4 - (docs.php doc) Local File Inclusion
PHPcounter 1.3.2 - (defs.php l) Local File Inclusion
emergecolab 1.0 - 'sitecode' Parameter Local File Inclusion
mailwatch 1.0.4 - 'doc' Parameter Local File Inclusion
PHPcounter 1.3.2 - 'defs.php' Local File Inclusion
webcp 0.5.7 - (filelocation) Remote File Disclosure
webcp 0.5.7 - 'filelocation' Parameter Remote File Disclosure
LanSuite 3.3.2 - (design) Local File Inclusion
PHPOCS 0.1-beta3 - (index.php act) Local File Inclusion
Vikingboard 0.2 Beta - (task) Local File Inclusion
LanSuite 3.3.2 - 'design' Parameter Local File Inclusion
PHPOCS 0.1-beta3 - 'act' Parameter Local File Inclusion
Vikingboard 0.2 Beta - 'task' Parameter Local File Inclusion
barcodegen 2.0.0 - (class_dir) Remote File Inclusion
barcodegen 2.0.0 - 'class_dir' Parameter Remote File Inclusion
PHPcounter 1.3.2 - (index.php name) SQL Injection
PHPcounter 1.3.2 - 'index.php' SQL Injection
PhpWebGallery 1.7.2 - Session Hijacking / Code Execution
PHPWebGallery 1.7.2 - Session Hijacking / Code Execution
BuzzyWall 1.3.1 - (download id) Remote File Disclosure
BuzzyWall 1.3.1 - 'id' Parameter Remote File Disclosure
Pre Real Estate Listings - (Authentication Bypass) SQL Injection
Pre Real Estate Listings - Authentication Bypass
Netartmedia Real Estate Portal 1.2 - (ad_id) SQL Injection
Netartmedia Real Estate Portal 1.2 - 'ad_id' Parameter SQL Injection
SkaLinks 1.5 - (Authentication Bypass) SQL Injection
SkaLinks 1.5 - Authentication Bypass
diesel job site 1.4 - Multiple Vulnerabilities
Diesel Job Site 1.4 - Multiple Vulnerabilities
ProArcadeScript to Game - (game) SQL Injection
ProArcadeScript to Game - SQL Injection
Link Bid Script - 'links.php id' SQL Injection
Link Bid Script - 'links.php' SQL Injection
NetArt Media iBoutique 4.0 - (index.php key Parameter) SQL Injection
iBoutique 4.0 - 'key' Parameter SQL Injection
PHPForum 2.0 RC1 - Mainfile.php Remote File Inclusion
PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion
JPortal 2.2.1 - print.php SQL Injection
jPORTAL 2.2.1 - 'print.php' SQL Injection
CzarNews 1.13/1.14 - headlines.php Remote File Inclusion
CzarNews 1.13/1.14 - 'headlines.php' Remote File Inclusion
JPortal 2.3.1 - Banner.php SQL Injection
jPORTAL 2.3.1 - 'Banner.php' SQL Injection
CJ Ultra Plus 1.0.3/1.0.4 - OUT.php SQL Injection
CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection
JPortal 2.2.1/2.3.1 - download.php SQL Injection
jPORTAL 2.2.1/2.3.1 - 'download.php' SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - comment.php id Parameter SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - news.php id Parameter SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection
PHPWCMS 1.2.5 -DEV - random_image.php imgdir Parameter Traversal Arbitrary File Access
PHPWCMS 1.2.5 -DEV - 'imgdir' Parameter Traversal Arbitrary File Access
JPortal 2.2.1/2.3 Forum - forum.php SQL Injection
jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection
Diesel Joke Site - Category.php SQL Injection
Diesel Joke Site - 'Category.php' SQL Injection
TinyPHPForum 3.6 - error.php Information Disclosure
TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass
TinyPHPForum 3.6 - 'error.php' Information Disclosure
TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass
Vikingboard Viking board 0.1b - help.php act Parameter Cross-Site Scripting
Vikingboard Viking board 0.1b - report.php p Parameter Cross-Site Scripting
Vikingboard 0.1 - topic.php SQL Injection
Vikingboard 0.1b - 'help.php' Cross-Site Scripting
Vikingboard 0.1b - 'report.php' Cross-Site Scripting
Vikingboard 0.1 - 'topic.php' SQL Injection
PHP iCalendar 1.1/2.x - day.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - month.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - year.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - week.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - search.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - rss/index.php getdate Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - print.php getdate Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - preferences.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'day.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'month.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'year.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'week.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'search.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'getdate' Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'print.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'preferences.php' Cross-Site Scripting
Vikingboard Viking board 0.1.2 - cp.php Multiple Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - user.php u Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - post.php Multiple Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - topic.php s Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - forum.php debug Variable Information Disclosure
Vikingboard Viking board 0.1.2 - cp.php debug Variable Information Disclosure
Vikingboard 0.1.2 - 'cp.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'user.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'post.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'topic.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'forum.php' Information Disclosure
Vikingboard 0.1.2 - 'cp.php' Information Disclosure
PaysiteReviewCMS 1.1 - search.php q Parameter Cross-Site Scripting
PaysiteReviewCMS - image.php image Parameter Cross-Site Scripting
PaysiteReviewCMS 1.1 - 'search.php' Cross-Site Scripting
PaysiteReviewCMS - 'image.php' Cross-Site Scripting
BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure
BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure
2016-12-23 05:01:18 +00:00
Offensive Security
a099e58626
DB: 2016-12-22
...
3 new exploits
Android - getpidcon Usage binder Service Replacement Race Condition
Google Android - getpidcon Usage binder Service Replacement Race Condition
ADODB < 4.70 - (tmssql.php) Denial of Service
ADODB < 4.70 - 'tmssql.php' Denial of Service
FlashGet 3.x - IEHelper Remote Exec (PoC)
FlashGet 3.x - IEHelper Remote Execution (PoC)
SopCast SopCore Control ActiveX - Remote Exec (PoC)
UUSee ReliPlayer ActiveX - Remote Exec (PoC)
SPlayer XvidDecoder 3.3 - ActiveX Remote Exec (PoC)
SopCast SopCore Control ActiveX - Remote Execution (PoC)
UUSee ReliPlayer ActiveX - Remote Execution (PoC)
SPlayer XvidDecoder 3.3 - ActiveX Remote Execution (PoC)
Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Exec (PoC)
Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Execution (PoC)
EViews 7.0.0.1 - (aka 7.2) Multiple Vulnerabilities
EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities
Android Kernel 2.6 - Local Denial of Service Crash (PoC)
Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)
IBM solidDB 6.0.10 - (Format String and Denial of Service) Multiple Vulnerabilities
IBM solidDB 6.0.10 - Format String / Denial of Service
OpenLDAP 2.4.22 - ('modrdn' Request) Multiple Vulnerabilities
OpenLDAP 2.4.22 - 'modrdn' Request Multiple Vulnerabilities
Apple Mac OSX Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities
Apple Mac OSX Regex Engine (TRE) - Integer Signedness / Overflow
Android - ih264d_process_intra_mb Memory Corruption
Google Android - 'ih264d_process_intra_mb' Memory Corruption
Android - IOMX getConfig/getParameter Information Disclosure
Android - IMemory Native Interface is Insecure for IPC Use
Google Android - IOMX getConfig/getParameter Information Disclosure
Google Android - IMemory Native Interface is Insecure for IPC Use
Android Broadcom Wi-Fi Driver - Memory Corruption
Google Android Broadcom Wi-Fi Driver - Memory Corruption
Android - /system/bin/sdcard Stack Buffer Overflow
Google Android - '/system/bin/sdcard' Stack Buffer Overflow
Android - Insufficient Binder Message Verification Pointer Leak
Android - 'gpsOneXtra' Data Files Denial of Service
Google Android - Insufficient Binder Message Verification Pointer Leak
Google Android - 'gpsOneXtra' Data Files Denial of Service
Android - Binder Generic ASLR Leak
Google Android - Binder Generic ASLR Leak
Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Google Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Google Android - WifiNative::setHotlist Stack Overflow
Google Android - WifiNative::setHotlist Stack Overflow
Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145)
Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)
PHP 4.4.0 - (mysql_connect function) Local Buffer Overflow
PHP 4.4.0 - 'mysql_connect function' Local Buffer Overflow
Android 1.x/2.x - Privilege Escalation
Google Android 1.x/2.x - Privilege Escalation
Android - 'sensord' Privilege Escalation
Google Android - 'sensord' Privilege Escalation
tcpdump - ISAKMP Identification payload Integer Overflow
tcpdump - ISAKMP Identification Payload Integer Overflow
Smail 3.2.0.120 - Heap Overflow
Smail 3.2.0.120 - Heap Overflow
HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution Exploit
HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution
Motorola Wimax modem CPEi300 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting
navicopa WebServer 3.0.1 - (Buffer Overflow / Script Source Disclosure) Multiple Vulnerabilities
navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure
dwebpro 6.8.26 - (Directory Traversal/File Disclosure) Multiple Vulnerabilities
dwebpro 6.8.26 - Directory Traversal / File Disclosure
citrix xencenterweb - (Cross-Site Scripting / SQL Injection / Remote Code Execution) Multiple Vulnerabilities
citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Exec (PoC)
Trend Micro Web-Deployment ActiveX - Remote Exec (PoC)
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC)
Trend Micro Web-Deployment ActiveX - Remote Execution (PoC)
Apache OFBiz - SQL Remote Execution PoC Payload
Apache OFBiz - FULLADMIN Creator PoC Payload
Apache OFBiz - Remote Execution (via SQL Execution) (PoC)
Apache OFBiz - Admin Creator (PoC)
Android 2.0 < 2.1 - Reverse Shell Exploit
Google Android 2.0 < 2.1 - Reverse Shell Exploit
Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit
Google Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit
Android 2.0 / 2.1 /2.1.1 - WebKit Use-After-Free Exploit
Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Exploit
Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution
ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution
WinComLPD Total 3.0.2.623 - (Buffer Overflow and Authentication Bypass) Multiple Vulnerabilities
WinComLPD Total 3.0.2.623 - Buffer Overflow / Authentication Bypass
Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - (ePowner) Multiple Vulnerabilities
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
ServletExec - (Directory Traversal / Authentication Bypass) Multiple Vulnerabilities
ServletExec - Directory Traversal / Authentication Bypass
Android - 'Stagefright' Remote Code Execution
Google Android - 'Stagefright' Remote Code Execution
Android - libstagefright Integer Overflow Remote Code Execution
Google Android - libstagefright Integer Overflow Remote Code Execution
Android 2.3.5 - PowerVR SGX Driver Information Disclosure
Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure
Android ADB Debug Server - Remote Payload Execution (Metasploit)
Google Android ADB Debug Server - Remote Payload Execution (Metasploit)
Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)
Google Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)
Android - 'BadKernel' Remote Code Execution
Google Android - 'BadKernel' Remote Code Execution
Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
NETGEAR WNR2000v5 - Remote Code Execution
Linux/x86 - portbind payload Shellcode (Generator)
Windows XP SP1 - portbind payload Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
phpCOIN 1.2.2 - (phpcoinsessid) SQL Inj / Remote Code Execution
phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution
Aztek Forum 4.00 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities (PoC)
Aztek Forum 4.00 - Cross-Site Scripting / SQL Injection
Integramod Portal 2.x - (functions_portal.php) Remote File Inclusion
Integramod Portal 2.x - 'functions_portal.php' Remote File Inclusion
Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion
Integramod Portal 2.0 rc2 - 'phpbb_root_path' Parameter Remote File Inclusion
paBugs 2.0 Beta 3 - (class.mysql.php) Remote File Inclusion
paBugs 2.0 Beta 3 - 'class.mysql.php' Remote File Inclusion
Agora 1.4 RC1 - (MysqlfinderAdmin.php) Remote File Inclusion
Agora 1.4 RC1 - 'MysqlfinderAdmin.php' Remote File Inclusion
blogme 3.0 - (Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
blogme 3.0 - Cross-Site Scripting / Authentication Bypass
torrentflux 2.2 - (Arbitrary File Create/ Execute / Delete) Multiple Vulnerabilities
torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
BBS E-Market Professional - (Full Path Disclosure / File Inclusion) Multiple Vulnerabilities
BBS E-Market Professional - Full Path Disclosure / File Inclusion
myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Remote File Inclusion
myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Parameter Remote File Inclusion
ig shop 1.0 - (Code Execution / SQL Injection) Multiple Vulnerabilities
ig shop 1.0 - Code Execution / SQL Injection
QUOTE&ORDERING SYSTEM 1.0 - (ordernum) Multiple Vulnerabilities
QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities
vp-asp shopping cart 6.09 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
vp-asp shopping cart 6.09 - SQL Injection / Cross-Site Scripting
forum livre 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
forum livre 1.0 - SQL Injection / Cross-Site Scripting
otscms 2.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
otscms 2.1.5 - SQL Injection / Cross-Site Scripting
Connectix Boards 0.7 - (p_skin) Multiple Vulnerabilities
Connectix Boards 0.7 - 'p_skin' Multiple Vulnerabilities
wbblog - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
wbblog - Cross-Site Scripting / SQL Injection
PHP-Nuke Module Eve-Nuke 0.1 - (mysql.php) Remote File Inclusion
PHP-Nuke Module Eve-Nuke 0.1 - 'mysql.php' Remote File Inclusion
Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities
Quick and Dirty Blog (qdblog) 0.4 - SQL Injection / Local File Inclusion
PHP Coupon Script 3.0 - (index.php bus) SQL Injection
PHP Coupon Script 3.0 - 'bus' Parameter SQL Injection
runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities
runawaysoft haber portal 1.0 - 'tr' Multiple Vulnerabilities
NetClassifieds - (SQL Injection / Cross-Site Scripting / Full Path) Multiple Vulnerabilities
NetClassifieds - SQL Injection / Cross-Site Scripting / Full Path
bugmall shopping cart 2.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting
PHPVID 0.9.9 - (categories_type.php cat) SQL Injection
PHPVID 0.9.9 - 'categories_type.php' SQL Injection
bcoos 1.0.10 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
bcoos 1.0.10 - Local File Inclusion / SQL Injection
ftp Admin 0.1.0 - (Local File Inclusion / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
falcon CMS 1.4.3 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting
gf-3xplorer 2.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion
PortalApp 4.0 - (SQL Injection / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
PortalApp 4.0 - SQL Injection / Cross-Site Scripting / Authentication Bypass
netrisk 1.9.7 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
netrisk 1.9.7 - Cross-Site Scripting / SQL Injection
EasyClassifields 3.0 - (go) SQL Injection
CMSbright - (id_rub_page) SQL Injection
EasyClassifields 3.0 - 'go' Parameter SQL Injection
CMSbright - 'id_rub_page' Parameter SQL Injection
myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection
Coupon Script 4.0 - 'id' SQL Injection
Reciprocal Links Manager 1.1 - (site) SQL Injection
myPHPNuke < 1.8.8_8rc2 - 'artid' Parameter SQL Injection
Coupon Script 4.0 - 'id' Parameter SQL Injection
Reciprocal Links Manager 1.1 - 'site' Parameter SQL Injection
CS-Cart 1.3.5 - (Authentication Bypass) SQL Injection
Spice Classifieds - (cat_path) SQL Injection
CS-Cart 1.3.5 - Authentication Bypass
Spice Classifieds - 'cat_path' Parameter SQL Injection
aspwebalbum 3.2 - (Arbitrary File Upload / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
Living Local Website - 'listtest.php r' SQL Injection
ACG-PTP 1.0.6 - 'adid' SQL Injection
qwicsite pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ACG-ScriptShop - 'cid' SQL Injection
AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution
Living Local Website - 'listtest.php' SQL Injection
ACG-PTP 1.0.6 - 'adid' Parameter SQL Injection
qwicsite pro - SQL Injection / Cross-Site Scripting
ACG-ScriptShop - 'cid' Parameter SQL Injection
AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution
Vastal I-Tech Agent Zone - (ann_id) SQL Injection
Vastal I-Tech Visa Zone - (news_id) SQL Injection
Vastal I-Tech Toner Cart - 'id' SQL Injection
Vastal I-Tech Share Zone - 'id' SQL Injection
Vastal I-Tech DVD Zone - 'cat_id' SQL Injection
Vastal I-Tech Jobs Zone - (news_id) SQL Injection
Vastal I-Tech MMORPG Zone - (game_id) SQL Injection
Vastal I-Tech Mag Zone - 'cat_id' SQL Injection
Vastal I-Tech Freelance Zone - (coder_id) SQL Injection
Vastal I-Tech Cosmetics Zone - 'cat_id' SQL Injection
EsFaq 2.0 - (idcat) SQL Injection
Vastal I-Tech Shaadi Zone 1.0.9 - (tage) SQL Injection
Vastal I-Tech Dating Zone - (fage) SQL Injection
Vastal I-Tech Agent Zone - 'ann_id' Parameter SQL Injection
Vastal I-Tech Visa Zone - 'news_id' Parameter SQL Injection
Vastal I-Tech Toner Cart - 'id' Parameter SQL Injection
Vastal I-Tech Share Zone - 'id' Parameter SQL Injection
Vastal I-Tech DVD Zone - 'cat_id' Parameter SQL Injection
Vastal I-Tech Jobs Zone - 'news_id' Parameter SQL Injection
Vastal I-Tech MMORPG Zone - 'game_id' Parameter SQL Injection
Vastal I-Tech Mag Zone - 'cat_id' Parameter SQL Injection
Vastal I-Tech Freelance Zone - 'coder_id' Parameter SQL Injection
Vastal I-Tech Cosmetics Zone - 'cat_id' Parameter SQL Injection
EsFaq 2.0 - 'idcat' Parameter SQL Injection
Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' Parameter SQL Injection
Vastal I-Tech Dating Zone - 'fage' Parameter SQL Injection
Masir Camp E-Shop Module 3.0 - (ordercode) SQL Injection
Alstrasoft Forum - (cat) SQL Injection
Masir Camp E-Shop Module 3.0 - 'ordercode' Parameter SQL Injection
Alstrasoft Forum - 'cat' Parameter SQL Injection
Alstrasoft Forum - 'catid' SQL Injection
Alstrasoft Forum - 'catid' Parameter SQL Injection
Creator CMS 5.0 - (sideid) SQL Injection
Creator CMS 5.0 - 'sideid' Parameter SQL Injection
CMS Buzz - 'id' SQL Injection
CMS Buzz - 'id' Parameter SQL Injection
phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection
PhpWebGallery 1.3.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Autodealers CMS AutOnline - (pageid) SQL Injection
Sports Clubs Web Panel 0.0.1 - (p) Local File Inclusion
PHPVID 1.1 - Cross-Site Scripting / SQL Injection
Zanfi CMS lite / Jaw Portal free - 'page' Parameter SQL Injection
PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion
Autodealers CMS AutOnline - 'pageid' Parameter SQL Injection
Sports Clubs Web Panel 0.0.1 - 'p' Parameter Local File Inclusion
Autodealers CMS AutOnline - 'id' SQL Injection
Sports Clubs Web Panel 0.0.1 - 'id' SQL Injection
PhpWebGallery 1.3.4 - (cat) Blind SQL Injection
Autodealers CMS AutOnline - 'id' Parameter SQL Injection
Sports Clubs Web Panel 0.0.1 - 'id' Parameter SQL Injection
PhpWebGallery 1.3.4 - Blind SQL Injection
phpsmartcom 0.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
phpsmartcom 0.2 - Local File Inclusion / SQL Injection
AvailScript Article Script - 'view.php v' SQL Injection
AvailScript Article Script - 'view.php' SQL Injection
Fastpublish CMS 1.9999 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection
mini-pub 0.3 - (File Disclosure/Code Execution) Multiple Vulnerabilities
mini-pub 0.3 - File Disclosure / Code Execution
websvn 2.0 - (Cross-Site Scripting / File Handling/Code Execution) Multiple Vulnerabilities
websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution
phpdaily - (SQL Injection / Cross-Site Scripting / lfd) Multiple Vulnerabilities
phpdaily - SQL Injection / Cross-Site Scripting / Local File Download
questcms - (Cross-Site Scripting / Directory Traversal / SQL Injection) Multiple Vulnerabilities
questcms - Cross-Site Scripting / Directory Traversal / SQL Injection
MatPo Link 1.2b - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
MatPo Link 1.2b - Blind SQL Injection / Cross-Site Scripting
WEBBDOMAIN WebShop 1.02 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
WEBBDOMAIN WebShop 1.02 - SQL Injection / Cross-Site Scripting
Prozilla Software Directory - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Prozilla Software Directory - Cross-Site Scripting / SQL Injection
TurnkeyForms Local Classifieds - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
TurnkeyForms Local Classifieds - Cross-Site Scripting / SQL Injection
zeeproperty 1.0 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
zeeproperty 1.0 - Arbitrary File Upload / Cross-Site Scripting
Openfire Server 3.6.0a - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Collabtive 0.4.8 - (Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload) Multiple Vulnerabilities
Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting
Collabtive 0.4.8 - Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload
MODx CMS 0.9.6.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting
ftpzik - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
bandwebsite 1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ftpzik - Cross-Site Scripting / Local File Inclusion
bandwebsite 1.5 - SQL Injection / Cross-Site Scripting
nitrotech 0.0.3a - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities
nitrotech 0.0.3a - Remote File Inclusion / SQL Injection
chipmunk topsites - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
Clean CMS 1.5 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
chipmunk topsites - Authentication Bypass / Cross-Site Scripting
Clean CMS 1.5 - Blind SQL Injection / Cross-Site Scripting
Ocean12 Contact Manager Pro - (SQL Injection / Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities
Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure
comersus asp shopping cart - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting
minimal ablog 0.4 - (SQL Injection / Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities
minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass
wbstreet 1.0 - (SQL Injection / File Disclosure) Multiple Vulnerabilities
wbstreet 1.0 - SQL Injection / File Disclosure
template creature - (SQL Injection / File Disclosure) Multiple Vulnerabilities
template creature - SQL Injection / File Disclosure
merlix educate servert - (Authentication Bypass/File Disclosure) Multiple Vulnerabilities
merlix educate servert - Authentication Bypass / File Disclosure
nightfall personal diary 1.0 - (Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities
nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure
ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities
ASP AutoDealer - SQL Injection / File Disclosure
aspmanage banners - (Arbitrary File Upload / File Disclosure) Multiple Vulnerabilities
aspmanage banners - Arbitrary File Upload / File Disclosure
asp talk - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
asp talk - SQL Injection / Cross-Site Scripting
webcaf 1.4 - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
webcaf 1.4 - Local File Inclusion / Remote Code Execution
PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities
PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion
postecards - (SQL Injection / File Disclosure) Multiple Vulnerabilities
postecards - SQL Injection / File Disclosure
PHP Multiple Newsletters 2.7 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting
living Local 1.1 - (Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities
Pro Chat Rooms 3.0.2 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload
Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery
cf shopkart 5.2.2 - (SQL Injection / File Disclosure) Multiple Vulnerabilities
cf shopkart 5.2.2 - SQL Injection / File Disclosure
the net guys aspired2blog - (SQL Injection / File Disclosure) Multiple Vulnerabilities
the net guys aspired2blog - SQL Injection / File Disclosure
Joomla! Component live chat - (SQL Injection / Open Proxy) Multiple Vulnerabilities
Joomla! Component live chat - SQL Injection / Open Proxy
Simple Text-File Login script (SiTeFiLo) 1.0.6 - (File Disclosure / Remote File Inclusion) Multiple Vulnerabilities
Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion
autositephp 2.0.3 - (Local File Inclusion / Cross-Site Request Forgery / Edit File) Multiple Vulnerabilities
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
PHP weather 2.2.2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting
isweb CMS 3.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
isweb CMS 3.0 - SQL Injection / Cross-Site Scripting
clickandemail - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
clickandemail - SQL Injection / Cross-Site Scripting
Zelta E Store - (Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection) Multiple Vulnerabilities
Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection
chicomas 2.0.4 - (Database Backup/File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting
phpg 1.6 - (Cross-Site Scripting / Full Path Disclosure/Denial of Service) Multiple Vulnerabilities
phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service
doop CMS 1.4.0b - (Cross-Site Request Forgery / Arbitrary File Upload) Multiple Vulnerabilities
doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload
phpskelsite 1.4 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
ezpack 4.2b2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
ezpack 4.2b2 - Cross-Site Scripting / SQL Injection
Netvolution CMS 1.0 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Netvolution CMS 1.0 - Cross-Site Scripting / SQL Injection
rankem - (File Disclosure / Cross-Site Scripting / cm) Multiple Vulnerabilities
blogit! - (SQL Injection / File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
rankem - File Disclosure / Cross-Site Scripting / Cookie
blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
gamescript 4.6 - (Cross-Site Scripting / SQL Injection / Local File Inclusion) Multiple Vulnerabilities
gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion
revou twitter clone - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
revou twitter clone - Cross-Site Scripting / SQL Injection
bpautosales 1.0.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection
sma-db 0.3.12 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting
Android 'content://' URI - Multiple Information Disclosure Vulnerabilities
Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
Power System Of Article Management 3.0 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
team 1.x - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting
team 1.x - File Disclosure / Cross-Site Scripting
gr blog 1.1.4 - (Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities
gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass
Kipper 2.01 - (Cross-Site Scripting / Local File Inclusion / File Disclosure) Multiple Vulnerabilities
Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure
SilverNews 2.04 - (Authentication Bypass / Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
AdaptCMS Lite 1.4 - (Cross-Site Scripting / Remote File Inclusion) Multiple Vulnerabilities
SnippetMaster Webpage Editor 2.2.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion
SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting
dacio's CMS 1.08 - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
ideacart 0.02 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
ideacart 0.02 - Local File Inclusion / SQL Injection
CmsFaethon 2.2.0 - (info.php item) SQL Command Injection
CmsFaethon 2.2.0 - info.php item SQL Command Injection
powermovielist 0.14b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
powermovielist 0.14b - SQL Injection / Cross-Site Scripting
Graugon Forum 1 - 'id' SQL Command Injection
Graugon Forum 1 - 'id' Command Injection (via SQL Injection)
irokez blog 0.7.3.2 - (Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection) Multiple Vulnerabilities
irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection
ritsblog 0.4.2 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting
blindblog 1.3.1 - (SQL Injection / Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities
tghostscripter Amazon Shop - (Cross-Site Scripting / Directory Traversal / Remote File Inclusion) Multiple Vulnerabilities
blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
Wili-CMS 0.4.0 - (Remote File Inclusion / Local File Inclusion / Authentication Bypass) Multiple Vulnerabilities
Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass
PHP Director 0.21 - (sql into outfile) eval() Injection
PHP Director 0.21 - (SQL into outfile) eval() Injection
phpCommunity 2.1.8 - (SQL Injection / Directory Traversal / Cross-Site Scripting) Multiple Vulnerabilities
phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting
phpmysport 1.4 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpmysport 1.4 - Cross-Site Scripting / SQL Injection
Kim Websites 1.0 - (Authentication Bypass) SQL Injection
Kim Websites 1.0 - Authentication Bypass
Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities
Bloginator 1a - Cookie Bypass / SQL Injection
Pixie CMS - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Pixie CMS - Cross-Site Scripting / SQL Injection
Codice CMS 2 - SQL Command Execution
Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection
Codice CMS 2 - Command Execution (via SQL Injection)
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
acute control panel 1.0.0 - (SQL Injection / Remote File Inclusion) Multiple Vulnerabilities
acute control panel 1.0.0 - SQL Injection / Remote File Inclusion
Diskos CMS Manager - (SQL Injection / File Disclosure/Authentication Bypass) Multiple Vulnerabilities
Diskos CMS Manager - SQL Injection / File Disclosure / Authentication Bypass
ablespace 1.0 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
PHP-revista 1.1.2 - (Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection
PHP-revista 1.1.2 - Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting
flatnux 2009-03-27 - (Arbitrary File Upload / Information Disclosure) Multiple Vulnerabilities
flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
fungamez rc1 - (Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities
fungamez rc1 - Authentication Bypass / Local File Inclusion
pastelcms 0.8.0 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
pastelcms 0.8.0 - Local File Inclusion / SQL Injection
mixedcms 1.0b - (Local File Inclusion / Arbitrary File Upload / Authentication Bypass/File Disclosure) Multiple Vulnerabilities
mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosure
fowlcms 1.1 - (Authentication Bypass / Local File Inclusion / Arbitrary File Upload) Multiple Vulnerabilities
fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload
photo-rigma.biz 30 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting
Dew-NewPHPLinks 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting
Leap CMS 0.1.4 - (SQL Injection / Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities
Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting
PHP recommend 1.3 - (Authentication Bypass / Remote File Inclusion / Code Inject) Multiple Vulnerabilities
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject
my-colex 1.4.2 - (Authentication Bypass / Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
my-gesuad 0.9.14 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection
my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting
vidshare pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
vidshare pro - SQL Injection / Cross-Site Scripting
asp inline Corporate Calendar - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting
minitwitter 0.3-beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
minitwitter 0.3-beta - SQL Injection / Cross-Site Scripting
small pirate 2.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
amember 3.1.7 - (Cross-Site Scripting / SQL Injection / HTML Injection) Multiple Vulnerabilities
small pirate 2.1 - Cross-Site Scripting / SQL Injection
amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection
elitecms 1.01 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
elitecms 1.01 - SQL Injection / Cross-Site Scripting
flashlight free edition - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
flashlight free edition - Local File Inclusion / SQL Injection
propertymax pro free - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
propertymax pro free - SQL Injection / Cross-Site Scripting
virtue news - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
virtue news - SQL Injection / Cross-Site Scripting
mrcgiguy freeticket - (Cookie Handling / SQL Injection) Multiple Vulnerabilities
mrcgiguy freeticket - Cookie Handling / SQL Injection
yogurt 0.3 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
yogurt 0.3 - Cross-Site Scripting / SQL Injection
campus virtual-lms - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
campus virtual-lms - Cross-Site Scripting / SQL Injection
translucid 1.75 - Multiple Vulnerabilities
TransLucid 1.75 - Multiple Vulnerabilities
impleo music Collection 2.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
impleo music Collection 2.0 - SQL Injection / Cross-Site Scripting
adaptweb 0.9.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
adaptweb 0.9.2 - Local File Inclusion / SQL Injection
CMS buzz - (Cross-Site Scripting / Password Change/HTML Injection) Multiple Vulnerabilities
CMS buzz - Cross-Site Scripting / Password Change / HTML Injection
elgg - (Cross-Site Scripting / Cross-Site Request Forgery/Change Password) Multiple Vulnerabilities
elgg - Cross-Site Scripting / Cross-Site Request Forgery / Change Password
phpCollegeExchange 0.1.5c - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
Tribiq CMS 5.0.12c - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Tribiq CMS 5.0.12c - Cross-Site Scripting / Local File Inclusion
Virtue Online Test Generator - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Virtue Online Test Generator - Authentication Bypass / SQL Injection / Cross-Site Scripting
webasyst shop-script - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
webasyst shop-script - Blind SQL Injection / Cross-Site Scripting
ebay clone 2009 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
ebay clone 2009 - Cross-Site Scripting / Blind SQL Injection
censura 1.16.04 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
censura 1.16.04 - Blind SQL Injection / Cross-Site Scripting
good/bad vote - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
good/bad vote - Cross-Site Scripting / Local File Inclusion
mcshoutbox 1.1 - (SQL Injection / Cross-Site Scripting / shell) Multiple Vulnerabilities
mcshoutbox 1.1 - SQL Injection / Cross-Site Scripting / shell
Million-Dollar Pixel Ads Platinum - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting
almond Classifieds ads - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
skadate dating - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
garagesalesjunkie - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
almond Classifieds ads - Blind SQL Injection / Cross-Site Scripting
skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting
garagesalesjunkie - SQL Injection / Cross-Site Scripting
iwiccle 1.01 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
iwiccle 1.01 - Local File Inclusion / SQL Injection
Orbis CMS 1.0 - (File Delete/Download File / Arbitrary File Upload / SQL Injection) Multiple Vulnerabilities
Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection
cmsphp 0.21 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
d.net CMS - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
cmsphp 0.21 - Local File Inclusion / Cross-Site Scripting
d.net CMS - Local File Inclusion / SQL Injection
mobilelib gold 3.0 - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities
mobilelib gold 3.0 - Authentication Bypass / SQL Injection
elvin bts 1.2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting
shopmaker CMS 2.0 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities
shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion
mybackup 1.4.0 - (File Download / Remote File Inclusion) Multiple Vulnerabilities
tenrok 1.1.0 - (File Disclosure / Remote Code Execution) Multiple Vulnerabilities
mybackup 1.4.0 - File Download / Remote File Inclusion
tenrok 1.1.0 - File Disclosure / Remote Code Execution
AccessoriesMe PHP Affiliate Script 1.4 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
opennews 1.0 - (SQL Injection / Remote Code Execution) Multiple Vulnerabilities
AccessoriesMe PHP Affiliate Script 1.4 - Blind SQL Injection / Cross-Site Scripting
opennews 1.0 - SQL Injection / Remote Code Execution
PHP Script Forum Hoster - (Topic Delete / Cross-Site Scripting) Multiple Vulnerabilities
PHP Script Forum Hoster - Topic Delete / Cross-Site Scripting
LM Starmail 2.0 - (SQL Injection / File Inclusion) Multiple Vulnerabilities
LM Starmail 2.0 - SQL Injection / File Inclusion
logoshows bbs 2.0 - (File Disclosure / Insecure Cookie Handling) Multiple Vulnerabilities
logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling
tgs CMS 0.x - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities
tgs CMS 0.x - Cross-Site Scripting / SQL Injection / File Disclosure
Vtiger CRM 5.0.4 - (Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
totalcalendar 2.4 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities
totalcalendar 2.4 - Blind SQL Injection / Local File Inclusion
nullam blog 0.1.2 - (Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
nullam blog 0.1.2 - Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting
gyro 5.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
gyro 5.0 - SQL Injection / Cross-Site Scripting
Joomla! Component Hotel Booking System - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection
Micro CMS 3.5 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities
Micro CMS 3.5 - SQL Injection / Local File Inclusion
Ez Blog 1.0 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
Recipe Script 5.0 - (Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting
eUploader PRO 3.1.1 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
Pre Job Board 1.0 - SQL Bypass
Pre Job Board 1.0 - SQL Authentication Bypass
Pre Jobo .NET - SQL Bypass
Pre Jobo .NET - SQL Authentication Bypass
PHPDirector Game Edition 0.1 - (Local File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting
gridcc script 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
gridcc script 1.0 - SQL Injection / Cross-Site Scripting
Layout CMS 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Layout CMS 1.0 - SQL Injection / Cross-Site Scripting
KosmosBlog 0.9.3 - (SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
KosmosBlog 0.9.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
ZeusCMS 0.2 - (Database Backup Dump / Local File Inclusion) Multiple Vulnerabilities
ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion
Katalog Stron Hurricane 1.3.5 - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities
Katalog Stron Hurricane 1.3.5 - Remote File Inclusion / SQL Injection
Open Source Classifieds 1.1.0 - Alpha (OSClassi) Multiple Vulnerabilities
Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection / Cross-Site Scripting / Arbitrary Admin Change
phpMySite - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpMySite - Cross-Site Scripting / SQL Injection
quality point 1.0 newsfeed - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
quality point 1.0 newsfeed - SQL Injection / Cross-Site Scripting
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities
DynPG CMS 4.1.0 - popup.php / counter.php Multiple Vulnerabilities
jevoncms - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities
jevoncms - Local File Inclusion / Remote File Inclusion
SIESTTA 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities
JV2 Folder Gallery 3.1.1 - 'popup_slideshow.php' Multiple Vulnerabilities
parlic Design - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
parlic Design - SQL Injection / Cross-Site Scripting / HTML Injection
MileHigh Creative - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
MileHigh Creative - SQL Injection / Cross-Site Scripting / HTML Injection
QuickTalk 1.2 - (Source Code Disclosure) Multiple Vulnerabilities
QuickTalk 1.2 - Source Code Disclosure
K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
K-Search - SQL Injection / Cross-Site Scripting
Macs CMS 1.1.4 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
Macs CMS 1.1.4 - Cross-Site Scripting / Cross-Site Request Forgery
Guestbook Script PHP - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
Guestbook Script PHP - Cross-Site Scripting / HTML Injection
Max's Guestbook - (HTML Injection / Cross-Site Scripting) Multiple Vulnerabilities
Max's Guestbook - HTML Injection / Cross-Site Scripting
Allpc 2.5 osCommerce - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting
TradeMC E-Ticaret - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting
Cag CMS 0.2 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
Cag CMS 0.2 - Cross-Site Scripting / Blind SQL Injection
Tastydir 1.2 - (1216) Multiple Vulnerabilities
Tastydir 1.2 (1216) - Multiple Vulnerabilities
WordPress - 'do_trackbacks()' function SQL Injection
WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection
F3Site 2011 alfa 1 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery
PHP Coupon Script 6.0 - (bus) Blind SQL Injection
PHP Coupon Script 6.0 - 'bus' Parameter Blind SQL Injection
GAzie 5.10 - (Login Parameter) Multiple Vulnerabilities
GAzie 5.10 - Login Parameter Multiple Vulnerabilities
BST - BestShopPro (nowosci.php) Multiple Vulnerabilities
BST (BestShopPro) - 'nowosci.php' Multiple Vulnerabilities
Fork CMS 3.2.4 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
DFLabs PTK 1.0.5 - (Steal Authentication Credentials) Multiple Vulnerabilities
DFLabs PTK 1.0.5 - Steal Authentication Credentials
Wolfcms 0.75 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting
Axous 1.1.1 - (Cross-Site Request Forgery / Persistent Cross-Site Scripting) Multiple Vulnerabilities
Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
myPHPNuke 1.8.8 - links.php Cross-Site Scripting
myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting
Flying Dog Software Powerslave 4.3 Portalmanager - sql_id Information Disclosure
Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information Disclosure
PHPWebGallery 1.3.4/1.5.1 - comments.php Multiple Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - category.php search Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - picture.php image_id Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'comments.php' SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'category.php' SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'picture.php' SQL Injection
myPHPNuke 1.8.8 - reviews.php letter Parameter Cross-Site Scripting
myPHPNuke 1.8.8 - download.php dcategory Parameter Cross-Site Scripting
myPHPNuke 1.8.8 - 'reviews.php' Cross-Site Scripting
myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting
phpVID 1.2.3 - Multiple Vulnerabilities
PHPVID 1.2.3 - Multiple Vulnerabilities
PHPWebGallery 1.4.1 - category.php Multiple Parameter Cross-Site Scripting
PHPWebGallery 1.4.1 - picture.php Multiple Parameter Cross-Site Scripting
PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting
PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting
phpMyAdmin 2.7 - sql.php Cross-Site Scripting
phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting
ADOdb 4.6/4.7 - Tmssql.php Cross-Site Scripting
ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting
PHPWebGallery 1.x - comments.php Cross-Site Scripting
PHPWebGallery 1.x - 'comments.php' Cross-Site Scripting
MySQLDumper 1.21 - sql.php Cross-Site Scripting
MySQLDumper 1.21 - 'sql.php' Cross-Site Scripting
KikChat - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
KikChat - Local File Inclusion / Remote Code Execution
EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
EasyE-Cards 3.10 - SQL Injection / Cross-Site Scripting
LuxCal 3.2.2 - (Cross-Site Request Forgery/Blind SQL Injection) Multiple Vulnerabilities
LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection
Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter SQL Injection
Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter Cross-Site Scripting
Vastal I-Tech DVD Zone - 'view_mag.php' SQL Injection
Vastal I-Tech DVD Zone - 'view_mag.php' Cross-Site Scripting
Interspire Email Marketer - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities
Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (Execute SQL Query)
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)
ntop-ng 2.5.160805 - Username Enumeration
ntop-ng 2.5.160805 - Username Enumeration
2016-12-22 05:01:16 +00:00
Offensive Security
be57520c6f
DB: 2016-12-21
...
2 new exploits
FlashGet 1.9 - (FTP PWD Response) Remote Buffer Overflow (PoC)
FlashGet 1.9 - 'FTP PWD Response' Remote Buffer Overflow (PoC)
VMware Workstation - 'hcmon.sys 6.0.0.45731' Local Denial of Service
VMware Workstation 6.5.1 - 'hcmon.sys 6.0.0.45731' Local Denial of Service
Flashget 3.x - IEHelper Remote Exec (PoC)
FlashGet 3.x - IEHelper Remote Exec (PoC)
Rosoft media player 4.4.4 - Buffer Overflow (SEH) (PoC)
Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (PoC)
Google Android - WifiNative::setHotlist Stack Overflow
Microsoft Internet Explorer 11 MSHTML - CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035)
FlashGet 1.9.0.1012 - (FTP PWD Response) SEH STACK Overflow
FlashGet 1.9.0.1012 - (FTP PWD Response) Buffer Overflow (SafeSEH)
FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow
FlashGet 1.9.0.1012 - 'FTP PWD Response' Buffer Overflow (SafeSEH)
freeFTPd - Remote Authentication Bypass
freeFTPd 1.2.6 - Remote Authentication Bypass
freeFTPd 1.0.10 - 'PASS' SEH Overflow (Metasploit)
freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow (Metasploit)
freeFTPd - 'PASS' Buffer Overflow (Metasploit)
freeFTPd 1.0.10 - 'PASS' Buffer Overflow (Metasploit)
AlberT-EasySite 1.0a5 - (PSA_PATH) Remote File Inclusion
iziContents RC6 - GLOBALS[] Remote Code Execution
AlberT-EasySite 1.0a5 - 'PSA_PATH' Parameter Remote File Inclusion
iziContents RC6 - Remote Code Execution
SunShop Shopping Cart 3.5 - 'abs_path' Remote File Inclusion
SunShop Shopping Cart 3.5 - 'abs_path' Parameter Remote File Inclusion
SunShop 4.0 RC 6 - 'Search' Blind SQL Injection
SunShop Shopping Cart 4.0 RC 6 - 'Search' Blind SQL Injection
izicontents rc6 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities
iziContents rc6 - Remote File Inclusion / Local File Inclusion
gelato CMS 0.95 - (img) Remote File Disclosure
dotCMS 1.6 - 'id' Multiple Local File Inclusion
ZeeJobsite 2.0 - (adid) SQL Injection
gelato CMS 0.95 - 'img' Parameter Remote File Disclosure
dotCMS 1.6 - 'id' Parameter Local File Inclusion
Zeeways ZeeJobsite 2.0 - 'adid' Parameter SQL Injection
XNova 0.8 sp1 - (xnova_root_path) Remote File Inclusion
XNova 0.8 sp1 - 'xnova_root_path' Parameter Remote File Inclusion
PHPBasket - 'product.php pro_id' SQL Injection
PHPBasket - 'pro_id' Parameter SQL Injection
Ad Board - 'id' SQL Injection
SunShop 4.1.4 - 'id' SQL Injection
Banner Management Script - 'tr.php id' SQL Injection
Ad Board - 'id' Parameter SQL Injection
SunShop Shopping Cart 4.1.4 - 'id' Parameter SQL Injection
Banner Management Script - 'id' Parameter SQL Injection
phpBazar 2.0.2 - (adid) SQL Injection
webEdition CMS - (we_objectID) Blind SQL Injection
CustomCMS 4.0 - (CCMS) print.php SQL Injection
phpBazar 2.0.2 - 'adid' Parameter SQL Injection
webEdition CMS - 'we_objectID' Parameter Blind SQL Injection
CustomCMS 4.0 - 'print.php' SQL Injection
TinyCMS 1.1.2 - (templater.php) Local File Inclusion
TinyCMS 1.1.2 - 'templater.php' Local File Inclusion
onenews Beta 2 - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities
5 star review - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection
5 star review - Cross-Site Scripting / SQL Injection
Web Directory Script 2.0 - (name) SQL Injection
Web Directory Script 2.0 - 'name' Parameter SQL Injection
Crafty Syntax Live Help 2.14.6 - (department) SQL Injection
Crafty Syntax Live Help 2.14.6 - 'department' Parameter SQL Injection
k-rate - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
CMME 1.12 - (Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory) Multiple Vulnerabilities
Thickbox Gallery 2.0 - (Admins.php) Admin Data Disclosure
k-rate - SQL Injection / Cross-Site Scripting
CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory
Thickbox Gallery 2.0 - 'Admins.php' Admin Data Disclosure
phpMyRealty 1.0.9 - Multiple SQL Injections
PHPMyRealty 1.0.9 - Multiple SQL Injections
brim 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Web Directory Script 1.5.3 - (site) SQL Injection
Words tag script 1.2 - (word) SQL Injection
Brim 2.0.0 - SQL Injection / Cross-Site Scripting
Web Directory Script 1.5.3 - 'site' Parameter SQL Injection
Words tag script 1.2 - 'word' Parameter SQL Injection
WeBid 0.5.4 - (item.php id) SQL Injection
WeBid 0.5.4 - 'item.php' SQL Injection
ZeeJobsite 2.0 - Arbitrary File Upload
Zeeways ZeeJobsite 2.0 - Arbitrary File Upload
BandSite CMS 1.1.4 - (members.php memid) SQL Injection
BandSite CMS 1.1.4 - 'members.php' SQL Injection
Thickbox Gallery 2 - 'index.php ln' Local File Inclusion
Thickbox Gallery 2 - 'index.php' Local File Inclusion
Joomla! Component 'com_wmtpic' 1.0 - SQL Injection
Joomla! Component com_wmtpic 1.0 - SQL Injection
Joomla! Component 'com_redshop' 1.0 - Local File Inclusion
Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion
Joomla! Component redSHOP 1.0 - Local File Inclusion
Joomla! Component redTWITTER 1.0 - Local File Inclusion
Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion
Joomla! Component 'com_shoutbox' - Local File Inclusion
Joomla! Component SVMap 1.1.1 - Local File Inclusion
Joomla! Component Shoutbox Pro - Local File Inclusion
Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion
Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection
Joomla! Component XOBBIX 1.0 - 'prodid' Parameter SQL Injection
Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion
Joomla! Component VJDEO 1.0 - Local File Inclusion
Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion
Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion
Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection
Joomla! Component Real Estate Property 3.1.22-03 - 'aid' Parameter SQL Injection
Joomla! Component 'com_tweetla' - Local File Inclusion
Joomla! Component TweetLA 1.0.1 - Local File Inclusion
Joomla! Component 'com_preventive' - Local File Inclusion
Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection
Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
Joomla! Component RokModule 1.1 - 'moduleid' Parameter Blind SQL Injection
Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion
Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
Joomla! Component 'com_webtv' - Local File Inclusion
Joomla! Component Web TV 1.0 - Local File Inclusion
Joomla! Component 'com_onlineexam' - Local File Inclusion
Joomla! Component Online Exam 1.5.0 - Local File Inclusion
Joomla! Component 'com_sweetykeeper' - Local File Inclusion
Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
Joomla! Component 'com_sermonspeaker' - SQL Injection
Joomla! Component SermonSpeaker - SQL Injection
Joomla! Component 'com_QPersonel' - SQL Injection
Joomla! Component QPersonel 1.0.2 - SQL Injection
Joomla! Component 'com_photobattle' - Local File Inclusion
Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
Joomla! Component 'com_zimbcomment' - Local File Inclusion
Joomla! Component 'com_zimbcore' - Local File Inclusion
Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
Joomla! Component ZiMBCore 0.1 - Local File Inclusion
Joomla! Component 'com_wmi' - Local File Inclusion
Joomla! Component 'com_orgchart' - Local File Inclusion
Joomla! Component WMI 1.5.0 - Local File Inclusion
Joomla! Component OrgChart 1.0.0 - Local File Inclusion
Joomla! Component 'com_ultimateportfolio' - Local File Inclusion
Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
Joomla! Component 'com_smartsite' - Local File Inclusion
Joomla! Component SmartSite 1.0.0 - Local File Inclusion
Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion
Joomla! Component simpledownload 0.9.5 - Local File Inclusion
Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure
Joomla! Component simpledownload 0.9.5 - Local File Disclosure
Wordpress Plugin TinyBrowser - Arbitrary File Upload
WordPress Plugin TinyBrowser - Arbitrary File Upload
Joomla! Component 'com_qpersonel' 1.0 - SQL Injection
Joomla! Component Q-Personel 1.0 - SQL Injection
Joomla! Component 'com_searchlog' - SQL Injection
Joomla! Component Search Log 3.1.0 - SQL Injection
Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities
Joomla! Component Ozio Gallery 2 - Multiple Vulnerabilities
Joomla! Component 'com_picasa2gallery' - Local File Inclusion
Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
Joomla! Component 'jeeventcalendar' - SQL Injection
Joomla! Component JE Ajax Event Calendar 1.0.5 - SQL Injection
Joomla! Component 'com_realtyna' - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component 'jesubmit' - SQL Injection
Joomla! Component 'com_sef' - Remote File Inclusion
Joomla! Component jesubmit 1.4 - SQL Injection
Joomla! Component com_sef - Remote File Inclusion
Joomla! Component 'jesectionfinder' - Local File Inclusion
Joomla! Component jesectionfinder - Local File Inclusion
Joomla! Component 'Joomanager' - SQL Injection
Joomla! Component Joomanager - SQL Injection
Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting
Joomla! Component Techjoomla SocialAds - Persistent Cross-Site Scripting
Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection
Joomla! Component 'com_quickfaq' - Blind SQL Injection
Joomla! Component redSHOP 1.0 - 'pid' Parameter SQL Injection
Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection
Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection
Joomla! Component redSHOP 1.0.23.1 - Blind SQL Injection
Joomla! Component 'com_staticxt' - SQL Injection
Joomla! Component StaticXT - SQL Injection
Joomla! Component 'com_oziogallery' - SQL Injection
Joomla! Component Ozio Gallery - SQL Injection
Joomla! Component 'com_youtube' - SQL Injection
Joomla! Component YouTube 1.5 - SQL Injection
Joomla! Component 'com_ttvideo' 1.0 - SQL Injection
Joomla! Component TTVideo 1.0 - SQL Injection
Joomla! Component 'com_teams' - Multiple Blind SQL Injection
Joomla! Component Teams - Multiple Blind SQL Injection
Joomla! Component 'com_picsell' - Local File Disclosure
Joomla! Component PicSell 1.0 - Local File Disclosure
Joomla! Component 'com_restaurantguide' - Multiple Vulnerabilities
Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities
Joomla! Component 'com_timetrack' 1.2.4 - Multiple SQL Injection
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injection
Joomla! Component 'com_sponsorwall' - SQL Injection
Joomla! Component Sponsor Wall 1.1 - SQL Injection
Joomla! Component 'com_pro_desk' 1.5 - Local File Inclusion
Joomla! Component ProDesk 1.5 - Local File Inclusion
Joomla! Component 'mdigg' - SQL Injection
Joomla! Component mDigg 2.2.8 - SQL Injection
phpMyRealty 1.0.7 - SQL Injection
PHPMyRealty 1.0.7 - SQL Injection
Joomla! Component 'com_timereturns' 2.0 - SQL Injection
Joomla! Component Time Returns 2.0 - SQL Injection
Joomla! Component 'com_techfolio' 1.0 - SQL Injection
Joomla! Component Techfolio 1.0 - SQL Injection
Joomla! Component 'com_vikrealestate' 1.0 - Multiple Vulnerabilities
Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities
BRIM < 2.0.0 - SQL Injection
Brim < 2.0.0 - SQL Injection
Joomla! Component 'com_rokmodule' - 'module' Parameter Blind SQL Injection
Joomla! Component RokModule 1.1 - 'module' Parameter Blind SQL Injection
Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
webid 1.0.5 - Directory Traversal
weBid 1.0.5 - Directory Traversal
Wordpress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
Webid 1.0.6 - Multiple Vulnerabilities
WeBid 1.0.6 - Multiple Vulnerabilities
MyBulletinBoard RC4 - 'Username' Parameter SQL Injection
MyBulletinBoard RC4 - 'member.php' Multiple Parameter SQL Injection
MyBulletinBoard RC4 - 'polloptions' Parameter SQL Injection
MyBulletinBoard RC4 - 'action' Parameter SQL Injection
MyBulletinBoard (MyBB) RC4 - 'Username' Parameter SQL Injection
MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple Parameter SQL Injection
MyBulletinBoard (MyBB) RC4 - 'polloptions' Parameter SQL Injection
MyBulletinBoard (MyBB) RC4 - 'action' Parameter SQL Injection
MyBulletinBoard 1.0 - Multiple SQL Injections
MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections
MyBulletinBoard 1.0 - 'RateThread.php' SQL Injection
MyBulletinBoard (MyBB) 1.0 - 'RateThread.php' SQL Injection
MyBulletinBoard 1.0 - 'usercp.php' SQL Injection
MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection
Joomla! Component 'com_redshop' 1.2 - SQL Injection
Joomla! Component redSHOP 1.2 - SQL Injection
MyBulletinBoard 1.0.x/1.1.x - 'usercp.php' SQL Injection
MyBulletinBoard (MyBB) 1.0.x/1.1.x - 'usercp.php' SQL Injection
MyBulletinBoard 1.x - 'usercp.php' Directory Traversal
MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal
Grayscale BandSite CMS 1.1 - help_news.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - help_merch.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - help_mp3.php max_file_size_purdy Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - sendemail.php message_text Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - header.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - login_header.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - bio_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - gbook_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - interview_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - links_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - lyrics_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - member_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - merch_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - mp3_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - news_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - pastshows_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - photo_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - releases_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - reviews_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - shows_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - signgbook_content.php the_band Parameter Cross-Site Scripting
Grayscale BandSite CMS 1.1 - footer.php this_year Parameter Cross-Site Scripting
BandSite CMS 1.1 - 'help_news.php' Cross-Site Scripting
BandSite CMS 1.1 - 'help_merch.php' Cross-Site Scripting
BandSite CMS 1.1 - 'help_mp3.php' Cross-Site Scripting
BandSite CMS 1.1 - 'sendemail.php' Cross-Site Scripting
BandSite CMS 1.1 - 'header.php' Cross-Site Scripting
BandSite CMS 1.1 - 'login_header.php' Cross-Site Scripting
BandSite CMS 1.1 - 'bio_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'gbook_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'interview_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'links_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'lyrics_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'member_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'merch_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'mp3_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'news_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'pastshows_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'photo_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'releases_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'reviews_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'shows_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'signgbook_content.php' Cross-Site Scripting
BandSite CMS 1.1 - 'footer.php' Cross-Site Scripting
Wordpress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
Active PHP BookMarks 1.1.2 - APB_SETTINGS['apb_path' ] Multiple Remote File Inclusion
Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusion
Wordpress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting
WordPress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting
TurnkeyWebTools Sunshop 3.5/4.0 - Multiple Remote File Inclusion
SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusion
Active PHP BookMarks 1.0 - APB.php Remote File Inclusion
Active PHP BookMarks 1.0 - 'APB.php' Remote File Inclusion
TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection
TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting
SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection
SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting
Wordpress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery
WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery
DMCMS 0.7 - 'index.php' SQL Injection
deeemm CMS (dmcms) 0.7 - 'index.php' SQL Injection
EasySite 2.0 - browser.php EASYSITE_BASE Parameter Remote File Inclusion
EasySite 2.0 - image_editor.php EASYSITE_BASE Parameter Remote File Inclusion
EasySite 2.0 - skin_chooser.php EASYSITE_BASE Parameter Remote File Inclusion
EasySite 2.0 - 'browser.php' Remote File Inclusion
EasySite 2.0 - 'image_editor.php' Remote File Inclusion
EasySite 2.0 - 'skin_chooser.php' Remote File Inclusion
MatterDaddy Market 1.1 - 'admin/login.php' Cross-Site Scripting
MatterDaddy Market 1.1 - 'login.php' Cross-Site Scripting
Wordpress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component Percha Image Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component Percha Fields Attach 1.0 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component Percha Downloads Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access
Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Parameter Arbitrary File Access
Joomla! Component 'com_youtubegallery' - SQL Injection
Joomla! Component Youtube Gallery 4.1.7 - SQL Injection
Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection
Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection
Wordpress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component 'com_weblinks' - 'Itemid' Parameter SQL Injection
Joomla! Component Weblinks - 'Itemid' Parameter SQL Injection
Wordpress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload
WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload
Wordpress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting
WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting
Wordpress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal
WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal
Wordpress Plugin DukaPress 2.5.2 - Directory Traversal
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
Wordpress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection
WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection
Wordpress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting
WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting
Wordpress Plugin Duplicator 0.5.8 - Privilege Escalation
WordPress Plugin Duplicator 0.5.8 - Privilege Escalation
Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
Joomla! Component 'com_sanpham' - Multiple SQL Injections
Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections
Wordpress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
Joomla! Component 'mod_currencyconverter' - 'from' Parameter Cross-Site Scripting
Joomla! Component Currency Converter 1.0.0 - 'from' Parameter Cross-Site Scripting
Wordpress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting
WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting
Wordpress Plugin Paypal Currency Converter Basic For WooCommerce - File Read
WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read
Joomla! Component 'mod_ccnewsletter' 1.0.7 - 'id' Parameter SQL Injection
Joomla! Component CCNewsLetter 1.0.7 - 'id' Parameter SQL Injection
Wordpress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection
WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection
Wordpress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
Wordpress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting
Wordpress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting
WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting
WordPress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting
Wordpress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections
Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections
Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Wordpress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting
WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting
Wordpress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection
Joomla! Component Sexy polling 1.0.8 - 'answer_id' Parameter SQL Injection
Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload
Joomla! Component Projoom NovaSFH 3.0.2 - 'upload.php' Arbitrary File Upload
Wordpress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
Wordpress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting
WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting
Wordpress Plugin Job Script by Scubez - Remote Code Execution
WordPress Plugin Job Script by Scubez - Remote Code Execution
Wordpress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite
WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite
Wordpress Plugin Answer My Question 1.3 - SQL Injection
Wordpress Plugin Sirv 1.3.1 - SQL Injection
Wordpress Plugin BBS e-Franchise 1.1.1 - SQL Injection
Wordpress Plugin Product Catalog 8 1.2.0 - SQL Injection
WordPress Plugin Answer My Question 1.3 - SQL Injection
WordPress Plugin Sirv 1.3.1 - SQL Injection
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection
WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
Wordpress Plugin Olimometer 2.56 - SQL Injection
WordPress Plugin Olimometer 2.56 - SQL Injection
Wordpress Plugin WP Vault 0.8.6.6 - Local File Inclusion
WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion
Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
2016-12-21 05:01:18 +00:00
Offensive Security
18d8085c6d
DB: 2016-12-18
...
13 new exploits
Microsoft Internet Explorer 9 MSHTML - CMarkup::ReloadInCompatView Use-After-Free
Microsoft Internet Explorer 9 IEFRAME - CMarkup::RemovePointerPos Use-After-Free (MS13-055)
Orthanc DICOM Server 1.1.0 - Memory Corruption
Microsoft Internet Explorer 9 - MSHTML CMarkup::ReloadInCompatView Use-After-Free
Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055)
OsiriX DICOM Viewer 8.0.1 - Memory Corruption
ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow
DCMTK 3.6.0 storescp - Stack Buffer Overflow
Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service
Microsoft Internet Explorer 9 IEFRAME - CMarkupPointer::MoveToGap Use-After-Free
Microsoft Internet Explorer 9 IEFRAME - CView::EnsureSize Use-After-Free (MS13-021)
Nagios < 4.2.4 - Privilege Escalation
iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free
Alienvault OSSIM - SQL Injection / Remote Code Execution (Metasploit)
Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)
Alienvault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution
Alienvault Open Source SIEM (OSSIM) < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution
Alienvault OSSIM - av-centerd Command Injection (Metasploit)
Alienvault Open Source SIEM (OSSIM) - av-centerd Command Injection (Metasploit)
Horos 2.1.0 Web Portal - Directory Traversal
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
Alienvault OSSIM Open Source SIEM 3.1 - Multiple Security Vulnerabilities
Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Security Vulnerabilities
Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
Alienvault OSSIM 4.1.2 - Multiple SQL Injections
Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections
Alienvault OSSIM Open Source SIEM 4.1 - Multiple SQL Vulnerabilities
Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Vulnerabilities
Alienvault 4.3.1 - Unauthenticated SQL Injection
Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting
Alienvault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit)
Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit)
Alienvault OSSIM 4.3 - Cross-Site Request Forgery
Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery
WHMCS Addon VMPanel 2.7.4 - SQL Injection
WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery
2016-12-18 05:01:16 +00:00
Offensive Security
24bf161ca6
DB: 2016-12-16
...
5 new exploits
HydraIrc 0.3.164 - (last) Remote Denial of Service
Download Accelerator Plus - DAP 8.6 (AniGIF.ocx) Buffer Overflow (PoC)
HydraIrc 0.3.164 - Remote Denial of Service
Download Accelerator Plus DAP 8.6 - 'AniGIF.ocx' Buffer Overflow (PoC)
Microsoft Internet Explorer 9 MSHTML - CMarkup::ReloadInCompatView Use-After-Free
Microsoft Internet Explorer 9 IEFRAME - CMarkup::RemovePointerPos Use-After-Free (MS13-055)
Nidesoft MP3 Converter 2.6.18 - SEH Local Buffer Overflow
Nagios Core < 4.2.4 - Privilege Escalation
Nagios Core < 4.2.2 - Curl Command Injection / Remote Code Execution
Quicksilver Forums 1.2.1 - (set) Remote File Inclusion
Quicksilver Forums 1.2.1 - Remote File Inclusion
e-Vision CMS 2.0 - (all_users.php) SQL Injection
e-Vision CMS 2.0 - 'all_users.php' SQL Injection
LetterIt 2.0 - (inc/session.php) Remote File Inclusion
LetterIt 2.0 - 'session.php' Remote File Inclusion
e107 0.7.8 - (mailout.php) Access Escalation Exploit (Admin needed)
e107 0.7.8 - 'mailout.php' Access Escalation Exploit (Admin needed)
PHPMyRealty 1.0.x - (search.php type) SQL Injection
PHPMyRealty 1.0.x - 'search.php' SQL Injection
pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
LetterIt 2 - 'Language' Local File Inclusion
phpMyRealty - (location) SQL Injection
LetterIt 2 - 'Language' Parameter Local File Inclusion
phpMyRealty 2.0.0 - 'location' Parameter SQL Injection
ABG Blocking Script 1.0a - 'abg_path' Remote File Inclusion
E-topbiz Dating 3 PHP Script - (mail_id) SQL Injection
Scripts24 iTGP 1.0.4 - 'id' SQL Injection
Scripts24 iPost 1.0.1 - 'id' SQL Injection
eStoreAff 0.1 - 'cid' SQL Injection
GreenCart PHP Shopping Cart - 'id' SQL Injection
ABG Blocking Script 1.0a - 'abg_path' Parameter Remote File Inclusion
E-topbiz Dating 3 PHP Script - 'mail_id' Parameter SQL Injection
Scripts24 iTGP 1.0.4 - 'id' Parameter SQL Injection
Scripts24 iPost 1.0.1 - 'id' Parameter SQL Injection
eStoreAff 0.1 - 'cid' Parameter SQL Injection
GreenCart PHP Shopping Cart - 'id' Parameter SQL Injection
e-vision CMS 2.02 - (SQL Injection / Arbitrary File Upload / Information Gathering) Multiple Vulnerabilities
e-vision CMS 2.02 - SQL Injection / Arbitrary File Upload / Information Gathering
E-Store Kit-1 <= 2 PayPal Edition - 'pid' SQL Injection
E-Store Kit-1 <= 2 PayPal Edition - 'pid' Parameter SQL Injection
iges CMS 2.0 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
iges CMS 2.0 - Cross-Site Scripting / SQL Injection
Multiple Wsn Products - (Local File Inclusion) Code Execution
Multiple Wsn Products - Local File Inclusion / Code Execution
Discuz! 6.0.1 - (searchid) SQL Injection
pPIM 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities
Discuz! 6.0.1 - 'searchid' Parameter SQL Injection
pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting
Vacation Rental Script 3.0 - 'id' SQL Injection
Quicksilver Forums 1.4.1 - forums[] SQL Injection
txtSQL 2.2 Final - (startup.php) Remote File Inclusion
Vacation Rental Script 3.0 - 'id' Parameter SQL Injection
Quicksilver Forums 1.4.1 - SQL Injection
txtSQL 2.2 Final - 'startup.php' Remote File Inclusion
OpenImpro 1.1 - (image.php id) SQL Injection
ZeeBuddy 2.1 - (bannerclick.php adid) SQL Injection
pPIM 1.0 - (upload/change Password) Multiple Vulnerabilities
Ovidentia 6.6.5 - (item) SQL Injection
BBlog 0.7.6 - (mod) SQL Injection
OpenImpro 1.1 - 'image.php' SQL Injection
ZeeBuddy 2.1 - 'adid' Parameter SQL Injection
pPIM 1.0 - upload/change Password
Ovidentia 6.6.5 - 'item' Parameter SQL Injection
BBlog 0.7.6 - 'mod' Parameter SQL Injection
pPIM 1.01 - (notes.php id) Local File Inclusion
pPIM 1.01 - 'notes.php' Local File Inclusion
e107 plugin fm pro 1 - (File Disclosure / Arbitrary File Upload / Directory Traversal) Multiple Vulnerabilities
e107 plugin fm pro 1 - File Disclosure / Arbitrary File Upload / Directory Traversal
Coppermine Photo Gallery 1.4.19 - Remote Arbitrary .PHP File Upload
Coppermine Photo Gallery 1.4.19 - Remote File Upload
pPIM 1.01 - (notes.php id) Remote Command Execution
pPIM 1.01 - 'notes.php' Remote Command Execution
moziloCMS 1.11 - (Local File Inclusion / Full Path Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
Joomla! Component 'com_agenda' 1.0.1 - 'id' Parameter SQL Injection
Joomla! Component Agenda Address Book 1.0.1 - 'id' Parameter SQL Injection
Joomla! Component 'com_alphauserpoints' 1.5.5 - Local File Inclusion
Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
Joomla! Component 'com_arcadegames' - Local File Inclusion
Joomla! Component Arcade Games 1.0 - Local File Inclusion
Joomla! Component 'com_AddressBook' - Local File Inclusion
Joomla! Component 'com_advertising' - Local File Inclusion
Joomla! Component Address Book 1.5.0 - Local File Inclusion
Joomla! Component Advertising 0.25 - Local File Inclusion
Joomla! Component 'com_blogfactory' - Local File Inclusion
Joomla! Component 'com_beeheard' - Local File Inclusion
Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
Joomla! Component BeeHeard 1.0 - Local File Inclusion
Joomla! Component 'com_archeryscores' 1.0.6 - Local File Inclusion
Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
Joomla! Component 'com_abc' - SQL Injection
Joomla! Component ABC 1.1.7 - SQL Injection
Joomla! Component 'com_bfquiztrial' - SQL Injection (1)
Joomla! Component BF Quiz 1.3.0 - SQL Injection (1)
Joomla! Component 'com_bfquiztrial' - SQL Injection (2)
Joomla! Component BF Quiz 1.0 - SQL Injection (2)
e107 0.7.21 full - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
e107 0.7.21 full - Remote File Inclusion / Cross-Site Scripting
Joomla! Component 'com_awd_song' - Persistent Cross-Site Scripting
Joomla! Component JE Awd Song - Persistent Cross-Site Scripting
Joomla! Component 'com_addressbook' - Blind SQL Injection
Joomla! Component Address Book - Blind SQL Injection
Joomla! Component 'com_autartimonial' - SQL Injection
Joomla! Component AutarTimonial 1.0.8 - SQL Injection
Joomla! Component 'com_artforms' 2.1b7.2 rc2 - Multiple Vulnerabilities
Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
Joomla! Component 'com_camelcitydb2' 2.2 - SQL Injection
Joomla! Component CamelcityDB 2.2 - SQL Injection
Joomla! Component 'com_amblog' 1.0 - Multiple SQL Injections
Joomla! Component Amblog 1.0 - Multiple SQL Injections
Joomla! Component 'com_aardvertiser' 2.1 - Blind SQL Injection
Joomla! Component Aardvertiser 2.1 - Blind SQL Injection
Joomla! Component 'com_cbe' - Local File Inclusion / Remote Code Execution
Joomla! Component Community Builder Enhanced (CBE) 1.4.8/1.4.9/1.4.10 - Local File Inclusion / Remote Code Execution
Joomla! Component 'com_allcinevid' 1.0.0 - Blind SQL Injection
Joomla! Component allCineVid 1.0.0 - Blind SQL Injection
Joomla! Component 'com_alameda' 1.0 - SQL Injection
Joomla! Component Alameda 1.0 - SQL Injection
Free Hosting Manager 2.0 - (packages.php id Parameter) SQL Injection
Free Hosting Manager 2.0 - 'id' Parameter SQL Injection
Coppermine Photo Gallery 1.x - menu.inc.php CPG_URL Parameter Cross-Site Scripting
Coppermine Photo Gallery 1.x - modules.php startdir Parameter Traversal Arbitrary File Access
Coppermine Photo Gallery 1.x - init.inc.php Remote File Inclusion
Coppermine Photo Gallery 1.x - theme.php Multiple Parameter Remote File Inclusion
Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting
Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Parameter Traversal Arbitrary File Access
Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion
Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
BBlog 0.7.4 - PostID Parameter SQL Injection
BBlog 0.7.4 - 'PostID' Parameter SQL Injection
Coppermine Photo Gallery 1.x - Albmgr.php SQL Injection
Coppermine Photo Gallery 1.4.11 - SQL Injection
LoveCMS 1.4 - install/index.php step Parameter Remote File Inclusion
LoveCMS 1.4 - install/index.php step Parameter Traversal Arbitrary File Access
LoveCMS 1.4 - 'index.php' load Parameter Traversal Arbitrary File Access
LoveCMS 1.4 - 'index.php' id Parameter Cross-Site Scripting
LoveCMS 1.4 - 'step' Parameter Remote File Inclusion
LoveCMS 1.4 - 'step' Parameter Traversal Arbitrary File Access
LoveCMS 1.4 - 'load' Parameter Traversal Arbitrary File Access
LoveCMS 1.4 - 'id' Parameter Cross-Site Scripting
Coppermine Photo Gallery 1.4.x - mode.php referer Parameter Cross-Site Scripting
Coppermine Photo Gallery 1.4.x - viewlog.php log Parameter Local File Inclusion
Coppermine Photo Gallery 1.4.12 - 'referer' Parameter Cross-Site Scripting
Coppermine Photo Gallery 1.4.12 - 'log' Parameter Local File Inclusion
Joomla! / Mambo Component 'com_detail' - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_lms' - 'cat' Parameter SQL Injection
Joomla! / Mambo Component Showroom Joomlearn LMS - 'cat' Parameter SQL Injection
Blog Manager - inc_webblogmanager.asp ItemID Parameter SQL Injection
Blog Manager - inc_webblogmanager.asp categoryId Parameter Cross-Site Scripting
Blog Manager - 'ItemID' Parameter SQL Injection
Blog Manager - 'categoryId' Parameter Cross-Site Scripting
e107 0.7.x - (CAPTCHA Security Bypass / Cross-Site Scripting) Multiple Vulnerabilities
e107 0.7.x - CAPTCHA Security Bypass / Cross-Site Scripting
Joomla! Component 'com_canteen' 1.0 - Local File Inclusion
Joomla! Component Canteen 1.0 - Local File Inclusion
Coppermine Photo Gallery 1.5.10 - help.php Multiple Parameter Cross-Site Scripting
Coppermine Photo Gallery 1.5.10 - searchnew.php picfile_* Parameter Cross-Site Scripting
Coppermine Photo Gallery 1.5.10 - 'help.php' Cross-Site Scripting
Coppermine Photo Gallery 1.5.10 - 'searchnew.php' Cross-Site Scripting
2016-12-16 05:01:19 +00:00
Offensive Security
32e86030d5
DB: 2016-12-15
...
3 new exploits
minix 3.1.2a - tty panic Local Denial of Service
minix 3.1.2a - tty panic Remote Denial of Service
Minix 3.1.2a - tty panic Local Denial of Service
Minix 3.1.2a - tty panic Remote Denial of Service
Microsoft IIS 5.0 - WebDav Lock Method Memory Leak Denial of Service
Microsoft IIS 5.0 - WebDAV Lock Method Memory Leak Denial of Service
MINIX 3.3.0 - Local Denial of Service (PoC)
Minix 3.3.0 - Local Denial of Service (PoC)
MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service
Minix 3.3.0 - Remote TCP/IP Stack Denial of Service
Apache 2.4.23 (mod_http2) - Denial of Service
Adobe Animate 15.2.1.95 - Memory Corruption
CoolPlayer - m3u File Local Buffer Overflow
CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow
Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit)
Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDAV Privilege Escalation (MS16-016) (Metasploit)
Apache Tomcat (WebDAV) - Remote File Disclosure
Apache Tomcat - (WebDAV) Remote File Disclosure
Apache Tomcat (WebDAV) - Remote File Disclosure (SSL)
Apache Tomcat - (WebDAV) Remote File Disclosure (SSL)
APT - Repository Signing Bypass via Memory Allocation Failure
PHPFootball 1.6 - (show.php) Remote Database Disclosure
PHPFootball 1.6 - Remote Database Disclosure
Aprox CMS Engine 5 (1.0.4) - Local File Inclusion
Aprox CMS Engine 5.1.0.4 - Local File Inclusion
PHP Help Agent 1.1 - (content) Local File Inclusion
PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion
Alstrasoft Affiliate Network Pro - (pgm) SQL Injection
Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection
PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection
Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection
PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection
Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection
Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection
Siteframe - 'folder.php id' SQL Injection
PHPFootball 1.6 - (show.php) SQL Injection
DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection
HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection
Siteframe CMS 3.2.3 - 'folder.php' SQL Injection
PHPFootball 1.6 - SQL Injection
DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection
HRS Multi - 'key' Parameter Blind SQL Injection
MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection
MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection
MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection
EZWebAlbum (dlfilename) - Remote File Disclosure
Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection
ShopCartDx 4.30 - 'pid' SQL Injection
MojoPersonals - Blind SQL Injection
MojoJobs - Blind SQL Injection
MojoAuto - Blind SQL Injection
EZWebAlbum - Remote File Disclosure
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
ShopCartDx 4.30 - 'pid' Parameter SQL Injection
YouTube blog 0.1 - (Remote File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Pre Survey Poll - 'default.asp catid' SQL Injection
Atom Photoblog 1.1.5b1 - (photoId) SQL Injection
ibase 2.03 - 'download.php' Remote File Disclosure
YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting
Pre Survey Poll - 'catid' Parameter SQL Injection
Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection
ibase 2.03 - Remote File Disclosure
Live Music Plus 1.1.0 - 'id' SQL Injection
xrms 1.99.2 - (Remote File Inclusion / Cross-Site Scripting / Information Gathering) Multiple Vulnerabilities
Live Music Plus 1.1.0 - 'id' Parameter SQL Injection
XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering
FizzMedia 1.51.2 - (comment.php mid) SQL Injection
PHPTest 0.6.3 - (picture.php image_id) SQL Injection
FizzMedia 1.51.2 - SQL Injection
PHPTest 0.6.3 - SQL Injection
Mobius 1.4.4.1 - (browse.php id) SQL Injection
EPShop < 3.0 - 'pid' SQL Injection
Mobius 1.4.4.1 - SQL Injection
EPShop < 3.0 - 'pid' Parameter SQL Injection
TriO 2.1 - (browse.php id) SQL Injection
CMScout 2.05 - (common.php bit) Local File Inclusion
Getacoder clone - (sb_protype) SQL Injection
GC Auction Platinum - (cate_id) SQL Injection
SiteAdmin CMS - (art) SQL Injection
TriO 2.1 - 'browse.php' SQL Injection
CMScout 2.05 - 'bit' Parameter Local File Inclusion
Getacoder clone - 'sb_protype' Parameter SQL Injection
GC Auction Platinum - 'cate_id' Parameter SQL Injection
SiteAdmin CMS - 'art' Parameter SQL Injection
Youtuber Clone - 'ugroups.php UID' SQL Injection
Youtuber Clone - SQL Injection
PixelPost 1.7.1 - (language_full) Local File Inclusion
PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion
ViArt Shop 3.5 - (category_id) SQL Injection
Minishowcase 09b136 - 'lang' Local File Inclusion
ViArt Shop 3.5 - 'category_id' Parameter SQL Injection
Minishowcase 09b136 - 'lang' Parameter Local File Inclusion
Gregarius 0.5.4 - rsargs[] SQL Injection
PHP Hosting Directory 2.0 - (admin.php rd) Remote File Inclusion
HIOX Random Ad 1.3 - (hioxRandomAd.php hm) Remote File Inclusion
hiox browser Statistics 2.0 - Remote File Inclusion
Gregarius 0.5.4 - SQL Injection
PHP Hosting Directory 2.0 - Remote File Inclusion
HIOX Random Ad 1.3 - Remote File Inclusion
HIOX Browser Statistics 2.0 - Remote File Inclusion
nzFotolog 0.4.1 - (action_file) Local File Inclusion
ZeeReviews - 'comments.php ItemID' SQL Injection
nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion
ZeeReviews - SQL Injection
Article Friendly Pro/Standard - (Cat) SQL Injection
Article Friendly Pro/Standard - SQL Injection
PozScripts Classified Ads Script - 'cid' SQL Injection
TubeGuru Video Sharing Script - (UID) SQL Injection
PozScripts Classified Ads Script - 'cid' Parameter SQL Injection
TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection
pligg 9.9.0 - (Cross-Site Scripting / Local File Inclusion / SQL Injection) Multiple Vulnerabilities
pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
camera life 2.6.2b4 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting
Alstrasoft Article Manager Pro - (Authentication Bypass) SQL Injection
Alstrasoft Article Manager Pro 1.6 - Authentication Bypass
viart shopping cart 3.5 - Multiple Vulnerabilities
Viart shopping cart 3.5 - Multiple Vulnerabilities
PHPFootball 1.6 - (filter.php) Remote Hash Disclosure
PHPFootball 1.6 - Remote Hash Disclosure
talkback 2.3.14 - Multiple Vulnerabilities
Siteframe CMS 3.2.x - (SQL Injection / phpinfo()) Multiple Vulnerabilities
TalkBack 2.3.14 - Multiple Vulnerabilities
Siteframe CMS 3.2.x - SQL Injection / phpinfo()
CMScout - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
CMScout - Cross-Site Scripting / HTML Injection
ShopCartDx 4.30 - (products.php) Blind SQL Injection
ShopCartDx 4.30 - 'products.php' Blind SQL Injection
viart shop 4.0.5 - Multiple Vulnerabilities
ViArt Shop 4.0.5 - Multiple Vulnerabilities
Siteframe 3.2.3 - (user.php) SQL Injection
Siteframe CMS 3.2.3 - 'user.php' SQL Injection
viart shop 4.0.5 - Cross-Site Request Forgery
ViArt Shop 4.0.5 - Cross-Site Request Forgery
Siteframe 2.2.4 - search.php Cross-Site Scripting
Siteframe 2.2.4 - download.php Information Disclosure
Siteframe CMS 2.2.4 - 'download.php' Information Disclosure
phpx 3.2.3 - Multiple Vulnerabilities
PHPX 3.2.3 - Multiple Vulnerabilities
PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/news.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/user.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/images.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/forums.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution
Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion
Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion
Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - merchants/temp.php rowid Parameter Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php uploadProducts Action pgmid Parameter SQL Injection
Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection
PHPX 3.5.15/3.5.16 - print.php news_id Parameter SQL Injection
PHPX 3.5.15/3.5.16 - forums.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - users.php user_id Parameter SQL Injection
PHPX 3.5.15/3.5.16 - news.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - gallery.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'news.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'gallery.php' SQL Injection
XRms 1.99.2 - activities/some.php title Parameter Cross-Site Scripting
XRms 1.99.2 - companies/some.php company_name Parameter Cross-Site Scripting
XRms 1.99.2 - contacts/some.php last_name Parameter Cross-Site Scripting
XRms 1.99.2 - campaigns/some.php campaign_title Parameter Cross-Site Scripting
XRms 1.99.2 - opportunities/some.php opportunity_title Parameter Cross-Site Scripting
XRms 1.99.2 - cases/some.php case_title Parameter Cross-Site Scripting
XRms 1.99.2 - files/some.php file_id Parameter Cross-Site Scripting
XRms 1.99.2 - reports/custom/mileage.php starting Parameter Cross-Site Scripting
XRms 1.99.2 - 'title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting
XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting
XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting
XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting
Pligg 1.0.4 - 'install1.php' Cross-Site Scripting
Joomla! Component DT Register - 'cat' SQL Injection
Joomla! Component DT Register - 'cat' Parameter SQL Injection
2016-12-15 13:07:17 +00:00
Offensive Security
b080c70f8b
DB: 2016-12-14
...
7 new exploits
Microsoft Internet Explorer 9 IEFRAME - CSelectionInteractButtonBehavior::_UpdateButtonLocation Use-After-Free (MS13-047)
Xitami Web Server 5.0a0 - Denial of Service
OpenSSL 1.1.0a/1.1.0b - Denial of Service
Serva 3.0.0 HTTP Server - Denial of Service
iOS 10.1.x - Certificate File Memory Corruption
OpenBSD 4.0 - (vga) Privilege Escalation
OpenBSD 4.0 - 'vga' Privilege Escalation
10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow
MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections
MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections
AShop Deluxe 4.x - (catalogue.php cat) SQL Injection
AShop Deluxe 4.x - 'catalogue.php' SQL Injection
HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion
HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion
CAT2 - (spaw_root) Local File Inclusion
CAT2 - 'spaw_root' Parameter Local File Inclusion
MyBloggie 2.1.3 - search.php SQL Injection
MyBloggie 2.1.2/2.1.3 - upload.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcomment.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - deluser.php 'id' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - addcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - edituser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - adduser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - editcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - add.php trackback_url Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcat.php cat_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - del.php post_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting
MyBloggie 2.1.x - Multiple Remote File Inclusion
MyBloggie 2.1.x - MyBloggie_Root_Path Parameter Multiple Remote File Inclusion
MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion
AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/basket.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/search.php SearchString Parameter Cross-Site Scripting
AShop Deluxe 4.5 - shipping.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/editcatalogue.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/salesadmin.php resultpage Parameter Cross-Site Scripting
AShop Deluxe 4.5 - 'catalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'basket.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'search.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'shipping.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'salesadmin.php' Cross-Site Scripting
MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting
MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting
Smart Guard Network Manager 6.3.2 - SQL Injection
WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery
2016-12-14 05:01:23 +00:00
Offensive Security
96bd05d39d
DB: 2016-12-12
...
3 new exploits
BolinTech DreamFTP Server 1.0 - User Name Format String (1)
BolinTech DreamFTP Server 1.0 - User Name Format String
opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1)
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1)
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat (PoC)
EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation
Orca 2.0.2 - Cross-Site Scripting
Orca 2.0.2 - 'topic ' Cross-Site Scripting
Netgear R7000 - Cross-Site Scripting
ARG-W4 ADSL Router - Multiple Vulnerabilities
2016-12-12 20:31:23 +00:00
Offensive Security
9cad083b49
DB: 2016-12-11
...
5 new exploits
uTorrent 1.8.3 (Build 15772) - Create New Torrent Buffer Overflow (PoC)
uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)
F5 BIG-IP - Authentication Bypass (1)
F5 BIG-IP - Authentication Bypass (PoC)
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1)
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC
Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2)
Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1)
Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (2)
Microsoft Internet Explorer 9 MSHTML - CElement::HasFlag Memory Corruption
uTorrent - DLL Hijacking
uTorrent 2.0.3 - DLL Hijacking
F5 BIG-IP - Authentication Bypass (2)
F5 BIG-IP - Authentication Bypass
SePortal - SQL Injection / Remote Code Execution (Metasploit)
SePortal 2.5 - SQL Injection / Remote Code Execution (Metasploit)
MyPHP CMS 0.3 - (domain) Remote File Inclusion
MyPHP CMS 0.3 - 'domain' Parameter Remote File Inclusion
RSS-aggregator - 'display.php path' Remote File Inclusion
RSS-aggregator - 'path' Parameter Remote File Inclusion
HoMaP-CMS 0.1 - (plugin_admin.php) Remote File Inclusion
HomePH Design 2.10 RC2 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
HoMaP-CMS 0.1 - 'plugin_admin.php' Remote File Inclusion
HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
cmreams CMS 1.3.1.1 beta2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
cmreams CMS 1.3.1.1 beta2 - Local File Inclusion / Cross-Site Scripting
HoMaP-CMS 0.1 - (index.php go) SQL Injection
HoMaP-CMS 0.1 - 'go' Parameter SQL Injection
Ready2Edit - 'pages.php menuid' SQL Injection
ResearchGuide 0.5 - (guide.php id) SQL Injection
MVC-Web CMS 1.0/1.2 - (index.asp newsid) SQL Injection
Ready2Edit - 'menuid' Parameter SQL Injection
ResearchGuide 0.5 - 'id' Parameter SQL Injection
MVC-Web CMS 1.0/1.2 - 'newsid' Parameter SQL Injection
Demo4 CMS - 'index.php id' SQL Injection
Joomla! Component com_facileforms 1.4.4 - Remote File Inclusion
Dagger CMS 2008 - (dir_inc) Remote File Inclusion
TinxCMS 1.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
mm chat 1.5 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
ourvideo CMS 9.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
cmsWorks 2.2 RC4 - (mod_root) Remote File Inclusion
Demo4 CMS - 'id' Parameter SQL Injection
Joomla! Component FacileForms 1.4.4 - Remote File Inclusion
Dagger CMS 2008 - 'dir_inc' Parameter Remote File Inclusion
TinXCMS 1.1 - Local File Inclusion / Cross-Site Scripting
mm chat 1.5 - Local File Inclusion / Cross-Site Scripting
ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
cmsWorks 2.2 RC4 - 'mod_root' Parameter Remote File Inclusion
Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection
Relative Real Estate Systems 3.0 - 'listing_id' Parameter SQL Injection
DUcalendar 1.0 - (detail.asp iEve) SQL Injection
HiveMaker Directory - 'cid' Parameter SQL Injection
E-topbiz ViralDX 2.07 - (adclick.php bannerid) SQL Injection
Link ADS 1 - 'out.php linkid' SQL Injection
TOKOKITA - 'barang.php produk_id' SQL Injection
Webdevindo-CMS 0.1 - (index.php hal) SQL Injection
mUnky 0.0.1 - (index.php zone) Local File Inclusion
Jokes & Funny Pics Script - (sb_jokeid) SQL Injection
DUcalendar 1.0 - 'iEve' Parameter SQL Injection
HiveMaker Directory 1.0.2 - 'cid' Parameter SQL Injection
E-topbiz ViralDX 2.07 - 'bannerid' Parameter SQL Injection
Link ADS 1 - 'linkid' Parameter SQL Injection
TOKOKITA - 'produk_id' Parameter SQL Injection
Webdevindo-CMS 0.1 - 'hal' Parameter SQL Injection
mUnky 0.0.1 - 'zone' Parameter Local File Inclusion
Jokes & Funny Pics Script - 'sb_jokeid' Parameter SQL Injection
MyPHP CMS 0.3.1 - (page.php pid) SQL Injection
PHPmotion 2.0 - (update_profile.php) Arbitrary File Upload
MyPHP CMS 0.3.1 - 'pid' Parameter SQL Injection
PHPmotion 2.0 - 'update_profile.php' Arbitrary File Upload
polypager 1.0rc2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PHP-Fusion Mod Kroax 4.42 - (category) SQL Injection
polypager 1.0rc2 - SQL Injection / Cross-Site Scripting
PHP-Fusion Mod Kroax 4.42 - 'category' Parameter SQL Injection
Riddles Complete Website 1.2.1 - (riddleid) SQL Injection
Tips Complete Website 1.2.0 - (tipid) SQL Injection
Jokes Complete Website 2.1.3 - (jokeid) SQL Injection
Drinks Complete Website 2.1.0 - (drinkid) SQL Injection
Cheats Complete Website 1.1.1 - 'itemID' SQL Injection
Riddles Complete Website 1.2.1 - 'riddleid' Parameter SQL Injection
Tips Complete Website 1.2.0 - 'tipid' Parameter SQL Injection
Easysitenetwork Jokes Complete Website 2.1.3 - 'jokeid' Parameter SQL Injection
Drinks Complete Website 2.1.0 - 'drinkid' Parameter SQL Injection
Cheats Complete Website 1.1.1 - 'itemID' Parameter SQL Injection
Orca 2.0/2.0.2 - (Parameters.php) Remote File Inclusion
Orca 2.0/2.0.2 - 'Parameters.php' Remote File Inclusion
OTManager CMS 24a - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
OTManager CMS 24a - Local File Inclusion / Cross-Site Scripting
SePortal 2.4 - (poll.php poll_id) SQL Injection
SePortal 2.4 - 'poll_id' Parameter SQL Injection
poweraward 1.1.0 rc1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Joomla! Component jabode - 'id' SQL Injection
Online Booking Manager 2.2 - 'id' SQL Injection
poweraward 1.1.0 rc1 - Local File Inclusion / Cross-Site Scripting
Joomla! Component jabode - 'id' Parameter SQL Injection
Online Booking Manager 2.2 - 'id' Parameter SQL Injection
Joomla! Component Xe webtv - 'id' Blind SQL Injection
Joomla! Component Xe webtv - 'id' Parameter Blind SQL Injection
AcmlmBoard 1.A2 - 'pow' SQL Injection
eSHOP100 - (SUB) SQL Injection
AcmlmBoard 1.A2 - 'pow' Parameter SQL Injection
eSHOP100 - 'SUB' Parameter SQL Injection
OTManager CMS 2.4 - (Tipo) Remote File Inclusion
OTManager CMS 2.4 - 'Tipo' Parameter Remote File Inclusion
Orca 2.0.2 - (Topic) Cross-Site Scripting
Orca 2.0.2 - Cross-Site Scripting
Hedgehog-CMS 1.21 - (Local File Inclusion) Remote Command Execution
Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution
catviz 0.4.0b1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting
Joomla! Component com_facileforms - Cross-Site Scripting
Joomla! Component FacileForms - Cross-Site Scripting
PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload
PHPmotion 1.62 - 'FCKeditor' Arbitrary File Upload
Roundcube 1.2.2 - Remote Code Execution
Pivot 1.0 - Remote module_db.php File Inclusion
Pivot 1.0 - 'module_db.php' Remote File Inclusion
MyBloggie 2.1 - 'index.php' year Parameter Cross-Site Scripting
MyBloggie 2.1 - 'index.php' Cross-Site Scripting
E-topbiz Link ADS 1 - 'out.php' SQL Injection
PolyPager 0.9.51/1.0 - 'nr' Parameter Cross-Site Scripting
RSS-aggregator 1.0 - admin/fonctions/supprimer_flux.php IdFlux Parameter SQL Injection
RSS-aggregator 1.0 - admin/fonctions/supprimer_tag.php IdTag Parameter SQL Injection
RSS-aggregator 1.0 - 'admin/fonctions/' Direct Request Administrator Authentication Bypass
RSS-aggregator 1.0 - 'IdFlux' Parameter SQL Injection
RSS-aggregator 1.0 - 'IdTag' Parameter SQL Injection
RSS-aggregator 1.0 - Authentication Bypass
Jokes Complete Website - joke.php id Parameter Cross-Site Scripting
Jokes Complete Website - results.php searchingred Parameter Cross-Site Scripting
Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting
Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting
Splunk Enterprise 6.4.3 - Server-Side Request Forgery
2016-12-11 05:01:17 +00:00
Offensive Security
f88827eb1f
DB: 2016-12-10
...
4 new exploits
Free MP3 CD Ripper 2.6 - Exploit (1)
Free MP3 CD Ripper 2.6 - '.wav' PoC
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (1)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (1)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (2)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (3)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (2)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (3)
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (1)
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (PoC)
Ascend R 4.5 Ci12 - Denial of Service (1)
Ascend R 4.5 Ci12 - Denial of Service (2)
Ascend R 4.5 Ci12 - Denial of Service (C)
Ascend R 4.5 Ci12 - Denial of Service (Perl)
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (1)
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
thttpd 2.2x - defang Remote Buffer Overflow (1)
thttpd 2.2x - defang Remote Buffer Overflow (PoC)
PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (1)
PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1)
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) (1)
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC)
Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (3)
Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2)
Free MP3 CD Ripper 2.6 - (wav) Stack Buffer Overflow (PoC)
Free MP3 CD Ripper 2.6 - '.wav' Stack Buffer Overflow
Free MP3 CD Ripper 2.6 - Exploit (2)
Free MP3 CD Ripper 2.6 - '.wav' Exploit
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (2)
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1)
Free MP3 CD Ripper 2.6 - Local Buffer Overflow
Free MP3 CD Ripper 2.6 - '.wav' Local Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 '.wav' - SEH Based Buffer Overflow (Windows 7 DEP Bypass)
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass)
Alt-N SecurityGateway - 'Username' Buffer Overflow (Metasploit)
Alt-N SecurityGateway 1.0.1 - 'Username' Buffer Overflow (Metasploit)
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (2)
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow
thttpd 2.2x - defang Remote Buffer Overflow (2)
thttpd 2.2x - defang Remote Buffer Overflow
Windows x64 - Bind Shell TCP Shellcode (508 bytes)
CuteNews 1.4.1 - (function.php) Local File Inclusion
CuteNews 1.4.1 - 'function.php' Local File Inclusion
CoreNews 2.0.1 - (userid) SQL Injection
CoreNews 2.0.1 - 'userid' Parameter SQL Injection
phpAuction 2.1 - (phpAds_path) Remote File Inclusion
phpAuction 2.1 - 'phpAds_path' Parameter Remote File Inclusion
Freenews 1.1 - (moteur.php) Remote File Inclusion
Freenews 1.1 - 'moteur.php' Remote File Inclusion
SH-News 3.1 - (scriptpath) Multiple Remote File Inclusion
SH-News 3.1 - 'scriptpath' Parameter Remote File Inclusion
JaxUltraBB 2.0 - (delete.php) Remote Auto Deface Exploit
JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit
JaxUltraBB 2.0 - Topic Reply Command Execution
JaxUltraBB 2.0 - Command Execution
Oxygen 1.1.3 - (O2PHP Bulletin Board) SQL Injection
Oxygen 1.1.3 (O2PHP Bulletin Board) - SQL Injection
cutenews aj-fork 167f - (cutepath) Remote File Inclusion
cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion
SH-News 0.93 - (misc.php) Remote File Inclusion
SH-News 0.93 - 'misc.php' Remote File Inclusion
aspWebCalendar 4.5 - (calendar.asp eventid) SQL Injection
AspWebCalendar 4.5 - 'eventid' Parameter SQL Injection
SH-News 3.0 - (comments.php id) SQL Injection
SH-News 3.0 - 'comments.php' SQL Injection
ClipShare - 'uprofile.php UID' SQL Injection
ClipShare - 'UID' Parameter SQL Injection
Lasernet CMS 1.5 - SQL Injection (2)
LaserNet CMS 1.5 - SQL Injection (2)
Oxygen 2.0 - (repquote) SQL Injection
Oxygen 2.0 - 'repquote' Parameter SQL Injection
Open Azimyt CMS 0.22 - 'lang' Local File Inclusion
Open Azimyt CMS 0.22 - 'lang' Parameter Local File Inclusion
Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection
Joomla! Component Simple Shop Galore 3.x - 'catid' Parameter SQL Injection
Bizon-CMS 2.0 - (index.php Id) SQL Injection
Basic-CMS - 'index.php r' SQL Injection
Bizon-CMS 2.0 - 'Id' Parameter SQL Injection
Basic-CMS - 'index.php' SQL Injection
ClipShare < 3.0.1 - (tid) SQL Injection
easyTrade 2.x - (detail.php id) SQL Injection
ThaiQuickCart - (sLanguage) Local File Inclusion
ClipShare < 3.0.1 - 'tid' Parameter SQL Injection
easyTrade 2.x - 'id' Parameter SQL Injection
ThaiQuickCart 3 - 'sLanguage' Cookie Local File Inclusion
eroCMS 1.4 - (index.php site) SQL Injection
WebCalendar 1.0.4 - (includedir) Remote File Inclusion
traindepot 0.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
doITlive CMS 2.50 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
AspWebCalendar 2008 - Arbitrary File Upload
netBIOS - 'shownews.php newsid' SQL Injection
Maxtrade AIO 1.3.23 - (categori) SQL Injection
Mybizz-Classifieds - 'index.php cat' SQL Injection
Easy Webstore 1.2 - (index.php postid) SQL Injection
eroCMS 1.4 - 'site' Parameter SQL Injection
WebCalendar 1.0.4 - 'includedir' Parameter Remote File Inclusion
traindepot 0.1 - Local File Inclusion / Cross-Site Scripting
doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting
AspWebCalendar 2008 - Arbitrary File Upload
netBIOS - 'newsid' Parameter SQL Injection
Maxtrade AIO 1.3.23 - 'categori' Parameter SQL Injection
Mybizz-Classifieds - 'cat' Parameter SQL Injection
Easy Webstore 1.2 - SQL Injection
Carscripts Classifieds - 'index.php cat' SQL Injection
BoatScripts Classifieds - 'index.php type' SQL Injection
Carscripts Classifieds - 'cat' Parameter SQL Injection
BoatScripts Classifieds - 'type' Parameter SQL Injection
ownrs blog beta3 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities
samart-cms 2.0 - (contentsid) SQL Injection
CMS-BRD - (menuclick) SQL Injection
ownrs blog beta3 - SQL Injection / Cross-Site Scripting
Yektaweb Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities
samart-cms 2.0 - 'contentsid' Parameter SQL Injection
CMS-BRD - 'menuclick' Parameter SQL Injection
CaupoShop Classic 1.3 - (saArticle[ID]) SQL Injection
CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection
Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities
Lightweight news portal [lnp] 1.0b - Multiple Vulnerabilities
Lightweight news portal (LNP) 1.0b - Multiple Vulnerabilities
CiBlog 3.1 - (links-extern.php id) SQL Injection
CiBlog 3.1 - 'id' Parameter SQL Injection
jaxultrabb 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
emuCMS 0.3 - 'cat_id' SQL Injection
phpAuction - 'profile.php user_id' SQL Injection
SiteXS CMS 0.1.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
@CMS 2.1.1 - (readarticle.php article_id) SQL Injection
eNews 0.1 - (delete.php) Arbitrary Delete Post
PHP KnowledgeBase Script 2.4 - 'cat_id' SQL Injection
jaxultrabb 2.0 - Local File Inclusion / Cross-Site Scripting
emuCMS 0.3 - 'cat_id' Parameter SQL Injection
phpAuction - 'profile.php' SQL Injection
SiteXS CMS 0.1.1 - Arbitrary File Upload / Cross-Site Scripting
@CMS 2.1.1 - SQL Injection
eNews 0.1 - 'delete.php' Arbitrary Delete Post
PHP KnowledgeBase Script 2.4 - 'cat_id' Parameter SQL Injection
OFFL 0.2.6 - (teams.php fflteam) SQL Injection
Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection
phpAuction 3.2.1 - (item.php id) SQL Injection
Joomla! Component EXP Shop - 'catid' SQL Injection
DUdForum 3.0 - (forum.asp iFor) SQL Injection
shibby shop 2.2 - (SQL Injection / update) Multiple Vulnerabilities
phpAuction 3.2.1 - 'item.php' SQL Injection
Joomla! Component EXP Shop - 'catid' Parameter SQL Injection
DUdForum 3.0 - 'iFor' Parameter SQL Injection
shibby shop 2.2 - Multiple Vulnerabilities
LiteNews 0.1 - 'id' SQL Injection
LiteNews 0.1 - 'id' Parameter SQL Injection
ClipShare Pro 2006-2007 - (chid) SQL Injection
ClipShare Pro 2006-2007 - 'chid' Parameter SQL Injection
phpauctionsystem - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpauctionsystem - Cross-Site Scripting / SQL Injection
Jamroom - 'index.php t' Local File Inclusion
Jamroom 4.0.2 - 't' Parameter Local File Inclusion
Oxygen2PHP 1.1.3 - (member.php) SQL Injection
Oxygen2PHP 1.1.3 - 'member.php' SQL Injection
Oxygen2PHP 1.1.3 - (post.php) Blind SQL Injection
Oxygen2PHP 1.1.3 - (forumdisplay.php) Blind SQL Injection
Oxygen2PHP 1.1.3 - 'post.php' Blind SQL Injection
Oxygen2PHP 1.1.3 - 'forumdisplay.php' Blind SQL Injection
MyPhpAuction 2010 - 'id' SQL Injection
MyPhpAuction 2010 - 'id' Parameter SQL Injection
CuteNews - 'index.php?page' Local File Inclusion
CuteNews - 'page' Parameter Local File Inclusion
Lasernet CMS 1.5 - SQL Injection (1)
LaserNet CMS 1.5 - SQL Injection (1)
WebCalendar 1.2.4 - (install/index.php) Remote Code Execution
WebCalendar 1.2.4 - Remote Code Execution
MyMarket 1.71 - Form_Header.php Cross-Site Scripting
MyMarket 1.71 - 'Form_Header.php' Cross-Site Scripting
CuteNews 0.88 - shownews.php Remote File Inclusion
CuteNews 0.88 - search.php Remote File Inclusion
CuteNews 0.88 - comments.php Remote File Inclusion
CuteNews 0.88 - 'shownews.php' Remote File Inclusion
CuteNews 0.88 - 'search.php' Remote File Inclusion
CuteNews 0.88 - 'comments.php' Remote File Inclusion
WebCalendar 0.9.x - colors.php color Cross-Site Scripting
WebCalendar 0.9.x - week.php user Cross-Site Scripting
CuteNews 0.88/1.3 - example1.php id Parameter Cross-Site Scripting
CuteNews 0.88/1.3 - example2.php id Parameter Cross-Site Scripting
CuteNews 0.88/1.3 - show_archives.php id Parameter Cross-Site Scripting
CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting
CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting
CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting
CuteNews 1.3.1 - show_archives.php archive Parameter Cross-Site Scripting
CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting
ClipShare 4.1.1 - (gmembers.php gid Parameter) Blind SQL Injection
ClipShare 4.1.1 - 'gid' Parameter Blind SQL Injection
CutePHP CuteNews 1.3.6 - x-forwarded-for Script Injection
CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection
CuteNews 1.4.1 - show_archives.php template Parameter Traversal Arbitrary File Access
CuteNews 1.4.1 - show_news.php template Parameter Traversal Arbitrary File Access
CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access
CuteNews 1.4.1 - 'template' Parameter Traversal Arbitrary File Access
WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting
WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting
CuteNews 1.4.1 - show_news.php Cross-Site Scripting
CuteNews 1.4.1 - 'show_news.php' Cross-Site Scripting
O2PHP Oxygen 1.0/1.1 - post.php SQL Injection
O2PHP Oxygen 1.0/1.1 - 'post.php' SQL Injection
Freenews 1.1 - Aff_News.php Remote File Inclusion
Freenews 1.1 - 'Aff_News.php' Remote File Inclusion
ActiveNews Manager - activenews_view.asp articleId Parameter SQL Injection
ActiveNews Manager - 'articleId' Parameter SQL Injection
ActiveNews Manager - default.asp page Parameter SQL Injection
ActiveNews Manager - activenews_search.asp query Parameter Cross-Site Scripting
Active News Manager - activeNews_categories.asp catID Parameter SQL Injection
Active News Manager - activeNews_comments.asp articleId Parameter SQL Injection
ActiveNews Manager - 'page' Parameter SQL Injection
ActiveNews Manager - 'query' Parameter Cross-Site Scripting
Active News Manager - 'catID' Parameter SQL Injection
Active News Manager - 'articleId' Parameter SQL Injection
CuteNews 1.4.5 - show_news.php Query String Cross-Site Scripting
CuteNews 1.4.5 - rss.php rss_title Parameter Cross-Site Scripting
CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting
CuteNews 1.4.5 - 'rss_title' Parameter Cross-Site Scripting
CuteNews 1.3.6 - Result Parameter Cross-Site Scripting
CuteNews 1.3.6 - 'result' Parameter Cross-Site Scripting
ClipShare 1.5.3 - ADODB-Connection.Inc.php Remote File Inclusion
ClipShare 1.5.3 - 'ADODB-Connection.Inc.php' Remote File Inclusion
WebCalendar 1.1.6 - pref.php Query String Cross-Site Scripting
WebCalendar 1.1.6 - search.php adv Parameter Cross-Site Scripting
WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting
WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting
SiteXS CMS 0.0.1 - 'upload.php' Arbitrary File Upload
SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload
Basic-CMS - 'index.php' SQL Injection
Joomla! Component EXP Shop 1.0 'com_expshop' - SQL Injection
Joomla! Component EXP Shop 1.0 - SQL Injection
Jamroom 3.3.8 - (Cookie Authentication Bypass and Unspecified Security Issues) Multiple Vulnerabilities
Jamroom 3.3.8 - Cookie Authentication Bypass
CuteNews 1.4.6 - register.php result Parameter Cross-Site Scripting
CuteNews 1.4.6 - 'result' Parameter Cross-Site Scripting
CuteNews 1.4.6 - search.php from_date_day Parameter Full Path Disclosure
CuteNews 1.4.6 - 'from_date_day' Parameter Full Path Disclosure
ZeroCMS 1.0 - (zero_view_article.php article_id Parameter) SQL Injection
ZeroCMS 1.0 - 'zero_view_article.php' SQL Injection
ZeroCMS 1.0 - zero_transact_user.php Handling Privilege Escalation
ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation
ZeroCMS 1.0 - (zero_transact_article.php article_id POST Parameter) SQL Injection
ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection
WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (1)
WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (2)
Netgear R7000 - Command Injection
2016-12-10 05:01:16 +00:00
Offensive Security
0231ae9ba7
DB: 2016-12-09
...
5 new exploits
Dual DHCP DNS Server 7.29 - Denial of Service
TP-LINK TD-W8951ND - Denial of Service
OpenSSH 7.2 - Denial of Service
Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Advanced Webhost Billing System (AWBS) - cart2.php Remote File Inclusion
Advanced Webhost Billing System (AWBS) 2.4.0 - 'cart2.php' Remote File Inclusion
AWBS 2.7.1 - (news.php viewnews) SQL Injection
Anata CMS 1.0b5 - (change.php) Arbitrary Add Admin
Advanced Webhost Billing System (AWBS) 2.7.1 - 'news.php' SQL Injection
Anata CMS 1.0b5 - 'change.php' Arbitrary Add Admin
Simple Machines Forum 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Simple Machines Forum (SMF) 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Simple Machines Forum (SMF) - Multiple Security Vulnerabilities
Simple Machines Forum (SMF) 1.1.10/2.0 RC2 - Multiple Security Vulnerabilities
Advanced Webhost Billing System 2.2.2 - contact.php Multiple Cross-Site Scripting Vulnerabilities
Advanced Webhost Billing System 2.9.2 - 'oid' Parameter SQL Injection
Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' Parameter SQL Injection
Simple Machines Forum (SMF) 2.0.2 - 'index.php' scheduled Parameter Cross-Site Scripting
Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Parameter Cross-Site Scripting
Cisco Unified Communications Manager 7/8/9 - Directory Traversal
2016-12-09 05:01:19 +00:00
Offensive Security
fb1dd3709f
DB: 2016-12-08
...
12 new exploits
vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit
vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption
XChat - Heap Overflow Denial of Service
XChat 2.8.9 - Heap Overflow Denial of Service
Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (1)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1)
glibc - getaddrinfo Stack Based Buffer Overflow (1)
glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC)
Microsoft Edge - JSON.parse Info Leak
Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Microsoft Edge - CMarkup::EnsureDeleteCFState Use-After-Free (MS15-125)
Microsoft Internet Explorer 9 - CDoc::ExecuteScriptUri Use-After-Free (MS13-009)
Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068)
Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC)
Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1)
Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation (2)
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation
Microsoft PowerShell - XML External Entity Injection
XChat 2.8.7b - (URI Handler) Remote Code Execution (Internet Explorer 6/7'
XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
glibc - getaddrinfo Stack Based Buffer Overflow (2)
glibc - 'getaddrinfo' Stack Based Buffer Overflow
Microsoft Internet Explorer jscript9 - JavaScriptStackWalker Memory Corruption (MS15-056)
Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)
Gravity Board X 1.1 - (csscontent) Remote Code Execution
Gravity Board X 1.1 - 'csscontent' Parameter Remote Code Execution
Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion
Mambo Component ExtCalendar 2.0 - Remote File Inclusion
Mambo Component com_babackup 1.1 - File Inclusion
Mambo Component bigAPE-Backup 1.1 - File Inclusion
E-Smart Cart 1.0 - 'Product_ID' SQL Injection
E-Smart Cart 1.0 - 'Product_ID' Parameter SQL Injection
Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion
Joomla! / Mambo Component SWmenu 4.0 - Remote File Inclusion
Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion
Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion
Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion
Joomla! / Mambo Component New Article 1.1 - Remote File Inclusion
Cartweaver - 'Details.cfm ProdID' SQL Injection
Cartweaver 2.16.11 - 'ProdID' Parameter SQL Injection
Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection
Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' Parameter SQL Injection
xeCMS 1.x - (view.php list) Remote File Disclosure
xeCMS 1.x - 'view.php' Remote File Disclosure
Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection
Mambo Component Portfolio Manager 1.0 - 'categoryId' Parameter SQL Injection
Easy-Clanpage 2.2 - 'id' SQL Injection
Easy-Clanpage 2.2 - 'id' Parameter SQL Injection
JAMM CMS - 'id' Blind SQL Injection
Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
JAMM CMS - 'id' Parameter Blind SQL Injection
Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
GLLCTS2 <= 4.2.4 - (login.php detail) SQL Injection
Butterfly ORGanizer 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection
Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting
Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection
Mambo Component Galleries 1.0 - 'aid' Parameter SQL Injection
Easy-Clanpage 3.0b1 - (section) Local File Inclusion
WebChamado 1.1 - (tsk_id) SQL Injection
Pre News Manager 1.0 - (index.php id) SQL Injection
Pre Ads Portal 2.0 - SQL Injection
Easy-Clanpage 3.0b1 - 'section' Parameter Local File Inclusion
WebChamado 1.1 - 'tsk_id' Parameter SQL Injection
Pre News Manager 1.0 - 'id' Parameter SQL Injection
Pre ADS Portal 2.0 - SQL Injection
GLLCTS2 - 'listing.php sort' Blind SQL Injection
GLLCTS2 - 'sort' Parameter Blind SQL Injection
Contenido 4.8.4 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Contenido 4.8.4 - Remote File Inclusion / Cross-Site Scripting
PHPMyCart - 'shop.php cat' SQL Injection
SHOUTcast Admin Panel 2.0 - (page) Local File Inclusion
Cartweaver 3 - (prodId) Blind SQL Injection
DIY - (index_topic did) Blind SQL Injection
PHPMyCart 1.3 - 'cat' Parameter SQL Injection
SHOUTcast Admin Panel 2.0 - 'page' Parameter Local File Inclusion
Cartweaver 3 - 'prodId' Parameter Blind SQL Injection
DIY - 'did' Parameter Blind SQL Injection
ezcms 1.2 - (Blind SQL Injection / Authentication Bypass) Multiple Vulnerabilities
PHPEasyNews 1.13 RC2 - (POST) SQL Injection
ezcms 1.2 - Blind SQL Injection / Authentication Bypass
PHPEasyNews 1.13 RC2 - 'POST' Parameter SQL Injection
Devalcms 1.4a - (currentfile) Local File Inclusion
Devalcms 1.4a - 'currentfile' Parameter Local File Inclusion
IPTBB 0.5.6 - (index.php act) Local File Inclusion
IPTBB 0.5.6 - 'act' Parameter Local File Inclusion
Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection
Mambo Component Articles - 'artid' Parameter Blind SQL Injection
Mambo Component 'com_n-gallery' - Multiple SQL Injections
Mambo Component N-Gallery - Multiple SQL Injections
devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
PHP JOBWEBSITE PRO - (Authentication Bypass) SQL Injection
PHP JOBWEBSITE PRO - Authentication Bypass
Pre ADS Portal 2.0 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
Pre ADS Portal 2.0 - Authentication Bypass / Cross-Site Scripting
Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection
Mambo Component n-form - 'form_id' Parameter Blind SQL Injection
Pre Job Board - (Authentication Bypass) SQL Injection
Pre Job Board - Authentication Bypass
Butterfly ORGanizer 2.0.1 - (view.php id) SQL Injection
Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection
facil-cms 0.1rc2 - Multiple Vulnerabilities
Facil-CMS 0.1RC2 - Multiple Vulnerabilities
Family Connections CMS 1.9 - (member) SQL Injection
Family Connections CMS 1.9 - SQL Injection
Mambo Component 'com_hestar' - SQL Injection
Mambo Component Hestar - SQL Injection
Joomla! / Mambo Component 'com_tupinambis' - SQL Injection
Joomla! / Mambo Component Tupinambis - SQL Injection
Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion
Joomla! / Mambo Component D4J eZine 2.1 - Remote File Inclusion
Mambo Component 'com_materialsuche' 1.0 - SQL Injection
Mambo Component Material Suche 1.0 - SQL Injection
Pre ADS Portal - 'cid' SQL Injection
Pre ADS Portal - 'cid' Parameter SQL Injection
Pre News Manager - (nid) SQL Injection
Pre News Manager - 'nid' Parameter SQL Injection
Mambo Component 'com_akogallery' - SQL Injection
Mambo Component AkoGallery - SQL Injection
Mambo Component 'com_mambads' - SQL Injection
Mambo Component MambAds - SQL Injection
Facil-CMS - (Local File Inclusion / Remote File Inclusion)
Facil-CMS 0.1RC2 - Local / Remote File Inclusion
AskMe Pro 2.1 - (que_id) SQL Injection
Alstrasoft AskMe Pro 2.1 - 'que_id' Parameter SQL Injection
Pre Job Board Pro - SQL Injection Authentication Bypass
Pre Job Board Pro - Authentication Bypass
DiY-CMS 1.0 - Multiple Remote File Inclusion
DIY-CMS 1.0 - Multiple Remote File Inclusion
Alstrasoft AskMe Pro 2.1 - (forum_answer.php?que_id) SQL Injection
Alstrasoft AskMe Pro 2.1 - (profile.php?id) SQL Injection
Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection
Pre Ads Portal - SQL Bypass
Pre ADS Portal - Authentication Bypass
Family Connections CMS 2.3.2 - (POST) Persistent Cross-Site Scripting / XML Injection
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection
Family Connections CMS 2.5.0 / 2.7.1 - (less.php) Remote Command Execution
Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution
Family Connections CMS - 'less.php' Remote Command Execution (Metasploit)
Family Connections CMS 2.7.1 - 'less.php' Remote Command Execution (Metasploit)
Gravity Board X 1.1 - DeleteThread.php Cross-Site Scripting
Clever Copy 3.0 - Connect.INC Information Disclosure
Clever Copy 3.0 - 'Connect.INC' Information Disclosure
Cartweaver 2.16.11 - Results.cfm category Parameter SQL Injection
Cartweaver 2.16.11 - Details.cfm ProdID Parameter SQL Injection
Cartweaver 2.16.11 - 'Results.cfm' SQL Injection
Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion
Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion
Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusion
Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion
Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion
Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Parameter Remote File Inclusion
Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion
Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion
Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection
Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection
Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection
Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection
Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection
Joomla! / Mambo Component Filebase - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection
Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection
Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection
Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection
PHP JOBWEBSITE PRO - siteadmin/forgot.php adname Parameter SQL Injection
PHP JOBWEBSITE PRO - siteadmin/forgot.php Multiple Parameter Cross-Site Scripting
PHP JOBWEBSITE PRO - 'adname' Parameter SQL Injection
PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting
Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection
Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
Conkurent PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass
PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass
Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection
Mambo Component Docman 1.3.0 - Multiple SQL Injection
Mambo Component 'com_n-skyrslur' - Cross-Site Scripting
Mambo Component N-Skyrslur - Cross-Site Scripting
Mambo Component 'com_n-gallery' - SQL Injection
Mambo Component N-Gallery - SQL Injection
Mambo Component 'com_n-press' - SQL Injection
Mambo Component N-Press - SQL Injection
Mambo Component 'com_n-frettir' - SQL Injection
Mambo Component 'com_n-myndir' - SQL Injection
Mambo Component N-Frettir - SQL Injection
Mambo Component N-Myndir - SQL Injection
AbanteCart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
Edge SkateShop - Authentication bypass
AbanteCart 1.2.7 - Cross-Site Scripting
2016-12-08 05:01:21 +00:00
Offensive Security
855e59f932
DB: 2016-12-07
...
9 new exploits
MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)
Asterisk - (SIP channel driver / in pedantic mode) Remote Crash
Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)
Asterisk 1.2.x - (SIP channel driver / in pedantic mode) Remote Crash
F5 BIG-IP - Remote Root Authentication Bypass (1)
F5 BIG-IP - Authentication Bypass (1)
Ntpd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow
NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow
NetCat 0.7.1 - Denial of Service
Microsoft Event Viewer 1.0 - XML External Entity Injection
Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection
Apache CouchDB 2.0.0 - Local Privilege Escalation
Samba 2.2.8 - Remote Root Exploit
Samba 2.2.8 - Remote Code Execution
Microsoft Windows - WebDAV Remote Root Exploit (2)
Microsoft Windows - WebDAV Remote Code Execution (2)
Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav)
Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav)
miniSQL (mSQL) 1.3 - Remote GID Root Exploit
miniSQL (mSQL) 1.3 - GID Remote Code Execution
Real Server 7/8/9 (Windows / Linux) - Remote Root Exploit
GtkFtpd 1.0.4 - Remote Root Buffer Overflow
Real Server 7/8/9 (Windows / Linux) - Remote Code Execution
GtkFtpd 1.0.4 - Buffer Overflow
Solaris Sadmind - Default Configuration Remote Root Exploit
Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit
Solaris Sadmind - Default Configuration Remote Code Execution
Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution
ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit
ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / Brute Force Exploit
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force
Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit
Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution
Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Remote Root Exploit
Ethereal 0.10.0 < 0.10.2 - IGAP Overflow
Monit 4.1 - Remote Root Buffer Overflow
Monit 4.2 - Remote Root Buffer Overflow
Monit 4.1 - Buffer Overflow
Monit 4.2 - Buffer Overflow
INND/NNRP < 1.6.x - Remote Root Overflow
INND/NNRP < 1.6.x - Overflow Exploit
LPRng (RedHat 7.0) - lpd Remote Root Format String
LPRng (RedHat 7.0) - 'lpd' Format String
BeroFTPD 1.3.4(1) (Linux/x86) - Remote Root Exploit
BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (1)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (2)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (3)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (4)
BIND 8.2.x - (TSIG) Stack Overflow (1)
BIND 8.2.x - (TSIG) Stack Overflow (2)
BIND 8.2.x - (TSIG) Stack Overflow (3)
BIND 8.2.x - (TSIG) Stack Overflow (4)
HP Web JetAdmin 6.5 - (connectedNodes.ovpl) Remote Root Exploit
HP Web JetAdmin 6.5 - 'connectedNodes.ovpl' Remote Code Execution
CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Root Exploit
CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow
Solaris /bin/login (SPARC/x86) - Remote Root Exploit
Solaris /bin/login (SPARC/x86) - Remote Code Execution
Drcat 0.5.0-beta - (drcatd) Remote Root Exploit
Drcat 0.5.0-beta - 'drcatd' Remote Code Execution
Dropbear SSH 0.34 - Remote Root Exploit
Dropbear SSH 0.34 - Remote Code Execution
Apple Mac OSX 10.3.3 - AppleFileServer Remote Root Overflow
Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution
Monit 4.2 - Basic Authentication Remote Root Exploit
Monit 4.2 - Basic Authentication Remote Code Execution
WvTFTPd 0.9 - Remote Root Heap Overflow
WvTFTPd 0.9 - Heap Overflow
Qwik SMTP 0.3 - Remote Root Format String
Qwik SMTP 0.3 - Format String
Citadel/UX 6.27 - Remote Root Format String
Citadel/UX 6.27 - Format String
Knox Arkeia Server Backup 5.3.x - Remote Root Exploit
Knox Arkeia Server Backup 5.3.x - Remote Code Execution
Smail 3.2.0.120 - Remote Root Heap Overflow
mtftpd 0.0.3 - Remote Root Exploit
Smail 3.2.0.120 - Heap Overflow
mtftpd 0.0.3 - Remote Code Execution
dSMTP Mail Server 3.1b - Linux Remote Root Format String
dSMTP Mail Server 3.1b (Linux) - Format String Exploit
IPSwitch IMail Server 8.15 - IMAPD Remote Root Exploit
IPSwitch IMail Server 8.15 - IMAPD Remote Code Execution
linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit
linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution
MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow
Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow
GNU InetUtils ftpd 1.4.2 - (ld.so.preload) Remote Root Exploit
GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution
ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution
dproxy-nexgen (Linux/x86) - Remote Root Buffer Overflow
dproxy-nexgen (Linux/x86) - Buffer Overflow
Kerberos 1.5.1 - Kadmind Remote Root Buffer Overflow
Kerberos 1.5.1 - Kadmind Buffer Overflow
webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield)
webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution
VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit
VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution
MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow
Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow
Sun Solaris 10 - rpc.ypupdated Remote Root Exploit
Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution
ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit
ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution
Sun Solaris 10 - rpc.ypupdated Remote Root Exploit (Metasploit)
Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit)
Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python)
Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python)
Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit
Solaris 9 (UltraSPARC) - sadmind Remote Code Execution
Apache SpamAssassin Milter Plugin 0.3.1 - Remote Root Command Execution
Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution
Microworld eScan AntiVirus < 3.x - Remote Root Command Execution
Microworld eScan AntiVirus < 3.x - Remote Code Execution
AIX5l with FTP-Server - Remote Root Hash Disclosure
AIX5l with FTP-Server - Hash Disclosure
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Root Remote Code Execution)
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution)
ProFTPd 1.3.3c - Compromised Source Remote Root Trojan
ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution
Comtrend ADSL Router CT-5367 C01_R12 - Remote Root Exploit
Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution
MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)
Alt-N MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)
ACTi ASOC 2200 Web Configurator 2.6 - Remote Root Command Execution
ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution
DreamBox DM800 1.5rc1 - Remote Root File Disclosure
DreamBox DM800 1.5rc1 - File Disclosure
TelnetD encrypt_keyid - Remote Root Function Pointer Overwrite
TelnetD encrypt_keyid - Function Pointer Overwrite
F5 BIG-IP - Remote Root Authentication Bypass (2)
MySQL - Remote Root Authentication Bypass
F5 BIG-IP - Authentication Bypass (2)
MySQL - Authentication Bypass
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection
ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection
WIDZ 1.0/1.5 - Remote Root Compromise
WIDZ 1.0/1.5 - Remote Code Execution
Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities
Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH)
DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow
proManager 0.73 - (note.php) SQL Injection
ProManager 0.73 - 'note.php' SQL Injection
pNews 1.1.0 - (nbs) Remote File Inclusion
pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion
Power Phlogger 2.0.9 - (config.inc.php3) File Inclusion
Power Phlogger 2.0.9 - 'config.inc.php3' File Inclusion
eFiction 3.1.1 - (path_to_smf) Remote File Inclusion
eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion
FlexPHPNews 0.0.5 - (news.php newsid) SQL Injection
FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection
Achievo 1.1.0 - (atk.inc config_atkroot) Remote File Inclusion
Achievo 1.1.0 - 'config_atkroot' Parameter Remote File Inclusion
SimpNews 2.40.01 - (print.php newnr) SQL Injection
SimpNews 2.40.01 - 'newnr' Parameter SQL Injection
PHPNews 0.93 - (format_menue) Remote File Inclusion
PHPNews 0.93 - 'format_menue' Parameter Remote File Inclusion
meBiblio 0.4.5 - (index.php action) Remote File Inclusion
meBiblio 0.4.5 - 'action' Parameter Remote File Inclusion
Joomla! Component rapidrecipe 1.6.5 - SQL Injection
Joomla! Component Rapid Recipe 1.6.5 - SQL Injection
mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting
pLog - 'albumID' SQL Injection
smeweb 1.4b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PLog 1.0.6 - 'albumID' Parameter SQL Injection
smeweb 1.4b - SQL Injection / Cross-Site Scripting
Joomla! Component joomradio 1.0 - 'id' SQL Injection
Joomla! Component JoomRadio 1.0 - 'id' Parameter SQL Injection
Battle Blog 1.25 - (comment.asp) SQL Injection
Battle Blog 1.25 - 'comment.asp' SQL Injection
1Book Guestbook Script - Code Execution
1Book Guestbook Script 1.0.1 - Code Execution
PHP-Address Book 3.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Joomla! Component EasyBook 1.1 - (gbid) SQL Injection
427bb 2.3.1 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
Joomla! Component EasyBook 1.1 - 'gbid' Parameter SQL Injection
427bb 2.3.1 - SQL Injection / Cross-Site Scripting
Power Phlogger 2.2.5 - (css_str) SQL Injection
pSys 0.7.0.a - (shownews) SQL Injection
Joomla! Component JoomlaDate - (user) SQL Injection
Power Phlogger 2.2.5 - 'css_str' Parameter SQL Injection
pSys 0.7.0.a - 'shownews' Parameter SQL Injection
Joomla! Component JoomlaDate 1.2 - 'user' Parameter SQL Injection
JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection
phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Joomla! Component yvcomment 1.16 - Blind SQL Injection
JiRo's FAQ Manager eXperience 1.0 - 'fID' Parameter SQL Injection
phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting
Joomla! Component yvComment 1.16 - Blind SQL Injection
BrowserCRM 5.002.00 - (clients.php) Remote File Inclusion
BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion
Joomla! Component rapidrecipe - SQL Injection
Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection
Joomla! Component iJoomla! News Portal - 'itemID' SQL Injection
Joomla! Component iJoomla News Portal 1.0 - 'itemID' Parameter SQL Injection
real estate Web site 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
telephone directory 2008 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ASPilot Pilot Cart 7.3 - (article) SQL Injection
real estate Web site 1.0 - SQL Injection / Cross-Site Scripting
Telephone Directory 2008 - SQL Injection / Cross-Site Scripting
ASPilot Pilot Cart 7.3 - 'article' Parameter SQL Injection
Flux CMS 1.5.0 - (loadsave.php) Arbitrary File Overwrite
pNews 2.08 - (shownews) SQL Injection
Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite
pNews 2.08 - 'shownews' Parameter SQL Injection
ErfurtWiki R1.02b - (css) Local File Inclusion
DCFM Blog 0.9.4 - (comments) SQL Injection
yblog 0.2.2.2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Insanely Simple Blog 0.5 - (index) SQL Injection
ASPPortal Free Version - 'Topic_Id' SQL Injection
Experts 1.0.0 - (answer.php) SQL Injection
SyndeoCMS 2.6.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
ErfurtWiki R1.02b - Local File Inclusion
DCFM Blog 0.9.4 - SQL Injection
Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection
Insanely Simple Blog 0.5 - SQL Injection
ASPPortal Free Version - 'Topic_Id' Parameter SQL Injection
Experts 1.0.0 - 'answer.php' SQL Injection
SyndeoCMS 2.6.0 - Local File Inclusion / Cross-Site Scripting
Yuhhu 2008 SuperStar - 'board' SQL Injection
Yuhhu 2008 SuperStar - 'board' Parameter SQL Injection
eFiction 3.0 - (toplists.php list) SQL Injection
eFiction 3.0 - 'toplists.php' SQL Injection
pSys 0.7.0 Alpha - (chatbox.php) SQL Injection
pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection
pNews 2.03 - (newsid) SQL Injection
pNews 2.03 - 'newsid' Parameter SQL Injection
Joomla! Component JooBlog 0.1.1 - (PostID) SQL Injection
Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection
FlexPHPNews 0.0.6 & PRO - (Authentication Bypass) SQL Injection
FlexPHPNews 0.0.6 & PRO - Authentication Bypass
E-ShopSystem - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities
E-ShopSystem - Authentication Bypass / SQL Injection
Battle Blog 1.25 - (uploadform.asp) Arbitrary File Upload
Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload
427BB Fourtwosevenbb 2.3.2 - SQL Injection
427BB 2.3.2 - SQL Injection
Joomla! Component 'com_joomradio' - SQL Injection
Joomla! Component JoomRadio 1.0 - SQL Injection
Joomla! Component 'com_elite_experts' - SQL Injection
Joomla! Component Elite Experts - SQL Injection
ASPilot Pilot Cart 7.3 - newsroom.asp SQL Injection
ASPilot Pilot Cart 7.3 - 'newsroom.asp' SQL Injection
Contrexx ShopSystem 2.2 SP3 (catId) - Blind SQL Injection
Contrexx ShopSystem 2.2 SP3 - 'catId' Parameter Blind SQL Injection
Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit
Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit
alt-n mdaemon free 12.5.4 - Persistent Cross-Site Scripting
Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting
SimpNews 2.0.1/2.13 - PATH_SIMPNEWS Remote File Inclusion
SimpNews 2.0.1/2.13 - 'path_simpnews' Parameter Remote File Inclusion
PHPNews 1.2.3/1.2.4 - auth.php Remote File Inclusion
PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion
PHPSysInfo 2.0/2.3 - 'index.php' sensor_program Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - system_footer.php Multiple Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - 'sensor_program' Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting
Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure
Seowonintech Routers fw: 2.3.9 - File Disclosure
PHPNews 1.2.x - auth.php SQL Injection
PHPNews 1.2.x - 'auth.php' SQL Injection
efiction 1.0/1.1/2.0 - titles.php let Parameter Cross-Site Scripting
efiction 1.0/1.1/2.0 - titles.php let Parameter SQL Injection
efiction 1.0/1.1/2.0 - viewstory.php sid Parameter SQL Injection
efiction 1.0/1.1/2.0 - viewuser.php uid Parameter SQL Injection
efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting
efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection
efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injection
efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injection
427BB 2.2 - showthread.php SQL Injection
427BB 2.2 - 'showthread.php' SQL Injection
BrowserCRM - results.php Cross-Site Scripting
Simpnews 2.x - Wap_short_news.php Remote File Inclusion
Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion
ZYXEL Prestige 660H-61 ADSL Router - RPSysAdmin.HTML Cross-Site Scripting
ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting
Yblog - funk.php id Parameter Cross-Site Scripting
Yblog - tem.php action Parameter Cross-Site Scripting
Yblog - uss.php action Parameter Cross-Site Scripting
Yblog - 'funk.php' Cross-Site Scripting
Yblog - 'tem.php' Cross-Site Scripting
Yblog - 'uss.php' Cross-Site Scripting
Simpnews 2.x - admin/index.php Unspecified Cross-Site Scripting
Simpnews 2.x - admin/pwlost.php Unspecified Cross-Site Scripting
Simpnews 2.x - 'index.php' Cross-Site Scripting
Simpnews 2.x - 'pwlost.php' Cross-Site Scripting
PHPNews 1.3 - Link_Temp.php Multiple Cross-Site Scripting Vulnerabilities
PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting
Insanely Simple Blog 0.4/0.5 - 'index.php' current_subsection Parameter SQL Injection
Insanely Simple Blog 0.4/0.5 - Blog Anonymous Blog Entry Cross-Site Scripting
Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection
Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting
SimpNews 2.41.3 - admin/layout2b.php l_username Parameter Cross-Site Scripting
SimpNews 2.41.3 - comment.php backurl Parameter Cross-Site Scripting
SimpNews 2.41.3 - 'l_username' Parameter Cross-Site Scripting
SimpNews 2.41.3 - 'backurl' Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - modules/Documents/version_list.php parent_id Parameter SQL Injection
BrowserCRM 5.100.1 - modules/Documents/index.php contact_id Parameter SQL Injection
BrowserCRM 5.100.1 - Multiple Script URI Cross-Site Scripting
BrowserCRM 5.100.1 - license/index.php framed Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - licence/view.php framed Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - pub/clients.php login[] Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - 'index.php' login[] Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - 'parent_id' Parameter SQL Injection
BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection
BrowserCRM 5.100.1 - URI Cross-Site Scripting
BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting
Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection
BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting
BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting
2016-12-07 05:01:17 +00:00
Offensive Security
5dc941e36b
DB: 2016-12-06
...
5 new exploits
Foxit Reader 4.1.1 - Stack Overflow (Egghunter Mod)
Foxit Reader 4.1.1 - Stack Overflow (Egghunter)
iSQL 1.0 - Shell Command Injection
iSQL 1.0 - Command Injection
Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection
Microsoft Excel Starter 2010 - XML External Entity Injection
Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection
Samba 2.2.x - Remote Root Buffer Overflow
Samba 2.2.x - Buffer Overflow
PoPToP PPTP 1.1.4-b3 - Remote Root Exploit
Snort 1.9.1 - 'p7snort191.sh' Remote Root Exploit
PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit
PoPToP PPTP 1.1.4-b3 - Remote Command Execution
Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution
PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution
Sendmail 8.12.8 - Prescan() BSD Remote Root Exploit
Sendmail 8.12.8 - Prescan() BSD Remote Command Execution
WsMp3d 0.x - Remote Root Heap Overflow
WsMp3d 0.x - Heap Overflow
Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit
Atftpd 0.6 - 'atftpdx.c' Remote Command Execution
Samba 2.2.8 - (Brute Force Method) Remote Root Exploit
Samba 2.2.8 - (Brute Force Method) Remote Command Execution
WU-FTPD 2.6.2 - Off-by-One Remote Root Exploit
WU-FTPD 2.6.2 - Off-by-One Remote Command Execution
WU-FTPD 2.6.2 - Remote Root Exploit
WU-FTPD 2.6.2 - Remote Command Execution
WU-FTPD 2.6.0 - Remote Root Exploit
WU-FTPD 2.6.0 - Remote Command Execution
LPRng 3.6.22/23/24 - Remote Root Exploit
LPRng 3.6.22/23/24 - Remote Command Execution
LPRng 3.6.24-1 - Remote Root Exploit
LPRng 3.6.24-1 - Remote Command Execution
WU-FTPD 2.6.1 - Remote Root Exploit
SSH (x2) - Remote Root Exploit
WU-FTPD 2.6.1 - Remote Command Execution
SSH (x2) - Remote Command Execution
BSD TelnetD - Remote Root Exploit (1)
BSD TelnetD - Remote Command Execution (1)
Sendmail with clamav-milter < 0.91.2 - Remote Root Exploit
Sendmail with clamav-milter < 0.91.2 - Remote Command Execution
ProFTPd IAC 1.3.x - Remote Root Exploit
ProFTPd IAC 1.3.x - Remote Command Execution
Exim 4.63 - Remote Root Exploit
Exim 4.63 - Remote Command Execution
Splunk - Remote Root Exploit
Splunk - Remote Command Execution
FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
FreeBSD OpenSSH 3.5p1 - Remote Command Execution
HP Data Protector (Linux) - Remote Root Shell
HP Data Protector (Linux) - Remote Command Execution
FreeBSD ftpd and ProFTPd on FreeBSD - Remote Root Exploit
FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Root Remote Code Execution)
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution)
BSD TelnetD - Remote Root Exploit (2)
BSD TelnetD - Remote Command Execution (2)
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Root Remote Code Execution)
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution)
Sendmail 8.6.9 IDENT - Remote Root Exploit
Sendmail 8.6.9 IDENT - Remote Command Execution
Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Shell
Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Exploit
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/root SQL Injection
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection
H-Sphere Webshell 2.4 - Remote Root Exploit
H-Sphere Webshell 2.4 - Remote Command Execution
MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit
MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution
Ubiquiti AirOS 5.5.2 - Remote Authenticated Root Command Execution
Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution
Allied Telesis AT-MCF2000M 3.0.2 - Gaining Root Shell Access
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution
Novell NCP - Unauthenticated Remote Root Exploit
Novell NCP - Unauthenticated Remote Command Execution
Seowonintech Devices - Remote Root Exploit
Seowonintech Devices - Remote Command Execution
ASUS RT-AC66U - acsd Parameter Remote Root Shell
ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution
ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)
ASUS RT-N56U - Remote Buffer Overflow (ROP)
NovaSTOR NovaNET 12.0 - Remote Root Exploit
NovaSTOR NovaNET 12.0 - Remote Command Execution
ALCASAR 2.8 - Remote Root Code Execution
ALCASAR 2.8 - Remote Code Execution
F5 iControl - Remote Root Command Execution (Metasploit)
F5 iControl - Remote Command Execution (Metasploit)
Barracuda Firmware 5.0.0.012 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit)
Seagate Central 2014.0410.0026-F - Remote Root Exploit
Seagate Central 2014.0410.0026-F - Remote Command Execution
Proxmox VE 3/4 - Insecure Hostname Checking Remote Root Exploit
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit)
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution
Alcatel Lucent Omnivista 8770 - Remote Code Execution
Windows x86 - Password Protected TCP Bind Shell (637 bytes)
Windows x86 - Password Protected TCP Bind Shellcode (637 bytes)
Windows x86 - URLDownloadToFileA() + SetFileAttributesA() + WinExec() + ExitProcess() Shellcode (394 bytes)
Windows x86 - URLDownloadToFileA() / SetFileAttributesA() / WinExec() / ExitProcess() Shellcode (394 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes)
Linux/x86 - NetCat Bind Shell with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)
Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Root Exploit
Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Command Execution
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Root/SYSTEM Exploit
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution
D-Link DSR Router Series - Remote Root Shell
D-Link DSR Router Series - Remote Command Execution
Alacate-Lucent OmniVista 4760 - Multiple Cross-Site Scripting Vulnerabilities
Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities
ALCASAR 2.8.1 - Remote Root Code Execution
ALCASAR 2.8.1 - Remote Code Execution
SevOne NMS 5.3.6.0 - Remote Root Exploit
SevOne NMS 5.3.6.0 - Remote Command Execution
Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution
Iris ID IrisAccess ICU 7000-2 - Remote Command Execution
NUUO NVRmini 2 3.0.8 - Remote Root Exploit
NUUO NVRmini 2 3.0.8 - Remote Code Execution
EyeLock nano NXT 3.5 - Remote Root Exploit
EyeLock nano NXT 3.5 - Remote Code Execution
InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution
InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution
2016-12-06 05:01:19 +00:00
Offensive Security
0a2e79b884
DB: 2016-12-04
...
2 new exploits
FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)
FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)
FreeSSHd 1.2.4 - Denial of Service
freeSSHd 1.2.4 - Denial of Service
FreeSSHd - Denial of Service (PoC)
freeSSHd - Denial of Service (PoC)
onehttpd 0.7 - Denial of Service
OneHTTPD 0.7 - Denial of Service
FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service
freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service
FreeSSHd 1.3.1 - Denial of Service
freeSSHd 1.3.1 - Denial of Service
Microsoft Internet Explorer 9 < 11 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 9/10/11 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 8 / 9 / 10 / 11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)
Microsoft Internet Explorer 8/9/10/11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)
Microsoft Windows 8.0 < 8.1 (x64) - 'TrackPopupMenu' Privilege Escalation (MS14-058)
Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Privilege Escalation (MS14-058)
FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow
freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow
FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow
freeSSHd 1.2.1 - Authenticated Remote SEH Overflow
FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)
freeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)
FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
FreeSSHd 2.1.3 - Remote Authentication Bypass
freeSSHd 2.1.3 - Remote Authentication Bypass
FreeSSHd 1.2.6 - Authentication Bypass (Metasploit)
freeSSHd 1.2.6 - Authentication Bypass (Metasploit)
Microsoft Internet Explorer 8<11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution
Joomla! Component com_mycontent 1.1.13 - Blind SQL Injection
Joomla! Component MyContent 1.1.13 - Blind SQL Injection
Xfinity Gateway - Remote Code Execution
2016-12-04 05:01:23 +00:00
Offensive Security
4b3da08aa9
DB: 2016-12-03
...
1 new exploits
PHP - wddx_deserialize() String Append Crash
PHP 5 - wddx_deserialize() String Append Crash
PHP - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)
PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)
Samba 3.0.27a - send_mailslot() Remote Buffer Overflow
Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow
PHP 5.2.6 - sleep() Local Memory Exhaust Exploit
CA Internet Security Suite 2008 - SaveToFile()File Corruption (PoC)
PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit
CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
Samba (client) - receive_smb_raw() Buffer Overflow (PoC)
FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)
freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC
FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC
FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)
FreeSSHD 1.2.4 - Remote Buffer Overflow Denial of Service
FreeSSHd 1.2.4 - Denial of Service
Samba - Multiple Denial of Service Vulnerabilities
Samba 3.4.7/3.5.1 - Denial of Service
FreeSSHd - Crash (PoC)
FreeSSHd - Denial of Service (PoC)
PHP - Hashtables Denial of Service
PHP 5.3.8 - Hashtables Denial of Service
freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service
FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service
freeSSHd 1.3.1 - Denial of Service
FreeSSHd 1.3.1 - Denial of Service
PHP - SplDoublyLinkedList Unserialize() Use-After-Free
PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free
PHP - SplObjectStorage Unserialize() Use-After-Free
PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free
PHP - Unserialize() Use-After-Free Vulnerabilities
PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities
PHP - 'ini_restore()' Memory Information Disclosure
PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure
Linux Kernel < 3.4.5 (ARM Android 4.2.2 / 4.4) - Privilege Escalation
Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation
Linux Kernel 3.13 - Privilege Escalation PoC (gid)
Linux Kernel 3.13 - Privilege Escalation PoC (SGID)
freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow
FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow
freeSSHd 1.2.1 - Authenticated Remote SEH Overflow
FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow
FreeSSHd 1.2.1 - (rename) Remote Buffer Overflow (SEH)
FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)
Samba (Solaris) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (Solaris SPARC) - trans2open Overflow (Metasploit)
Samba 3.0.24 (Solaris) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit)
freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
Samba (Linux) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (Linux/x86) - chain_reply Memory Corruption (Metasploit)
Samba (Linux x86) - trans2open Overflow (Metasploit)
Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba (OSX) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (OSX/PPC) - trans2open Overflow (Metasploit)
Samba 3.0.10 (OSX) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit)
Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit)
Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
PHP - CGI Argument Injection (Metasploit)
PHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit)
PHP - apache_request_headers Function Buffer Overflow (Metasploit)
PHP 5.4.3 - apache_request_headers Function Buffer Overflow (Metasploit)
Samba - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)
Samba 3.4.16/3.5.14/3.6.4 - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)
FreeSSHD 2.1.3 - Remote Authentication Bypass
FreeSSHd 2.1.3 - Remote Authentication Bypass
FreeSSHD - Authentication Bypass (Metasploit)
FreeSSHd 1.2.6 - Authentication Bypass (Metasploit)
HP LoadRunner - magentproc.exe Overflow (Metasploit)
HP LoadRunner - 'magentproc.exe' Overflow (Metasploit)
PHP - 'header()' HTTP Header Injection
PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection
VX Search Enterprise 9.0.26 - Buffer Overflow
Sync Breeze Enterprise 8.9.24 - Buffer Overflow
Dup Scout Enterprise 9.0.28 - Buffer Overflow
Disk Sorter Enterprise 9.0.24 - Buffer Overflow
Disk Savvy Enterprise 9.0.32 - Buffer Overflow
VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow
Sync Breeze Enterprise 8.9.24 - 'Login' Buffer Overflow
Dup Scout Enterprise 9.0.28 - 'Login' Buffer Overflow
Disk Sorter Enterprise 9.0.24 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.0.32 - 'Login' Buffer Overflow
VX Search Enterprise 9.1.12 - Buffer Overflow
Sync Breeze Enterprise 9.1.16 - Buffer Overflow
Disk Sorter Enterprise 9.1.12 - Buffer Overflow
Dup Scout Enterprise 9.1.14 - Buffer Overflow
Disk Savvy Enterprise 9.1.14 - Buffer Overflow
Disk Pulse Enterprise 9.1.16 - Buffer Overflow
VX Search Enterprise 9.1.12 - 'Login' Buffer Overflow
Sync Breeze Enterprise 9.1.16 - 'Login' Buffer Overflow
Disk Sorter Enterprise 9.1.12 - 'Login' Buffer Overflow
Dup Scout Enterprise 9.1.14 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow
Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow
PHP - (php-exec-dir) Patch Command Access Restriction Bypass
PHP 4.3.7 - (php-exec-dir) Patch Command Access Restriction Bypass
phNNTP 1.3 - (article-raw.php) Remote File Inclusion
phNNTP 1.3 - 'article-raw.php' Remote File Inclusion
Travelsized CMS 0.4 - (FrontPage.php) Remote File Inclusion
Travelsized CMS 0.4 - 'FrontPage.php' Remote File Inclusion
Uberghey 0.3.1 - (FrontPage.php) Remote File Inclusion
Uberghey 0.3.1 - 'FrontPage.php' Remote File Inclusion
BP Blog 7.0 - (default.asp layout) SQL Injection
BP Blog 7.0 - 'layout' Parameter SQL Injection
Joomla! Component Artist (idgalery) - SQL Injection
FlashBlog - (articulo_id) SQL Injection
Joomla! Component Artist - 'idgalery' Parameter SQL Injection
FlashBlog - 'articulo_id' Parameter SQL Injection
AirvaeCommerce 3.0 - 'pid' SQL Injection
AirvaeCommerce 3.0 - 'pid' Parameter SQL Injection
CMS from Scratch 1.1.3 - (image.php) Directory Traversal
CMS from Scratch 1.1.3 - 'image.php' Directory Traversal
HiveMaker Professional 1.0.2 - 'cid' SQL Injection
HiveMaker Professional 1.0.2 - 'cid' Parameter SQL Injection
Social Site Generator - (sgc_id) SQL Injection
Social Site Generator 2.0 - 'sgc_id' Parameter SQL Injection
PHP Visit Counter 0.4 - (datespan) SQL Injection
PassWiki 0.9.16 RC3 - (site_id) Local File Inclusion
BP Blog 6.0 - 'id' Blind SQL Injection
EasyWay CMS - 'index.php mid' SQL Injection
Social Site Generator - (path) Remote File Inclusion
Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection
Joomla! Component com_biblestudy 1.5.0 - 'id' SQL Injection
PHP Visit Counter 0.4 - 'datespan' Parameter SQL Injection
PassWiki 0.9.16 RC3 - 'site_id' Parameter Local File Inclusion
BP Blog 6.0 - 'id' Parameter Blind SQL Injection
EasyWay CMS - 'mid' Parameter SQL Injection
Social Site Generator 2.0 - 'path' Parameter Remote File Inclusion
Joomla! Component prayercenter 1.4.9 - 'id' Parameter SQL Injection
Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection
HiveMaker Directory - 'index.php cid' SQL Injection
HiveMaker Directory - 'cid' Parameter SQL Injection
Goople 1.8.2 - (FrontPage.php) Blind SQL Injection
Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection
PsychoStats 3.2.2b - (awards.php id Parameter) Blind SQL Injection
PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection
PsychoStats 2.x - Login Parameter Cross-Site Scripting
PsychoStats 2.3 - Server.php Full Path Disclosure
PsychoStats 2.3 - 'Server.php' Full Path Disclosure
PsychoStats 3.0.6b - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
PHP - cgimode fpm writeprocmemfile Bypass disable function demo
PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function
CMSimple - /2author/index.php color Parameter Remote Code Execution
CMSimple 4.4.4 - 'color' Parameter Remote Code Execution
2016-12-03 05:01:19 +00:00
Offensive Security
a5cd225af0
DB: 2016-12-01
...
7 new exploits
Xitami Web Server 5.0a0 - Denial of Service
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition PoC (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition PoC (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd)
WinPower 4.9.0.4 - Privilege Escalation
Internet PhotoShow (page) - Remote File Inclusion
Internet PhotoShow 1.3 - 'page' Parameter Remote File Inclusion
EQdkp 1.3.0 - (dbal.php) Remote File Inclusion
EQdkp 1.3.0 - 'dbal.php' Remote File Inclusion
CaLogic Calendars 1.2.2 - (CLPath) Remote File Inclusion
CaLogic Calendars 1.2.2 - 'CLPath' Remote File Inclusion
MercuryBoard 1.1.4 - (User-Agent) SQL Injection
MercuryBoard 1.1.4 - 'User-Agent' SQL Injection
EQdkp 1.3.1 - (Referer Spoof) Remote Database Backup
EQdkp 1.3.1 - 'Referer Spoof' Remote Database Backup
Web Slider 0.6 - (path) Remote File Inclusion
Web Slider 0.6 - 'path' Parameter Remote File Inclusion
Zomplog 3.8 - (mp3playlist.php speler) SQL Injection
Zomplog 3.8 - 'mp3playlist.php' SQL Injection
EQdkp 1.3.2 - (listmembers.php rank) SQL Injection
EQdkp 1.3.2 - 'listmembers.php' SQL Injection
CKGold Shopping Cart 2.0 - (category.php) Blind SQL Injection
CKGold Shopping Cart 2.0 - 'category.php' Blind SQL Injection
ActiveKB KnowledgeBase 2.x - 'catId' SQL Injection
ActiveKB KnowledgeBase 2.x - 'catId' Parameter SQL Injection
Zomplog 3.8.1 - upload_files.php Arbitrary File Upload
Zomplog 3.8.1 - Arbitrary File Upload
CMS Made Simple 1.2.2 - (TinyMCE module) SQL Injection
CMS Made Simple 1.2.2 Module TinyMCE - SQL Injection
Mega File Hosting Script 1.2 - (fid) SQL Injection
Mega File Hosting Script 1.2 - 'fid' Parameter SQL Injection
CMS Made Simple 1.2.4 - (FileManager module) Arbitrary File Upload
CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload
AJ HYIP ACME - 'topic_detail.php id' SQL Injection
EQDKP 1.3.2f - (user_id) Authentication Bypass (PoC)
e107 Plugin BLOG Engine 2.2 - (rid) Blind SQL Injection
AJ HYIP ACME - 'topic_detail.php' SQL Injection
EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC)
e107 Plugin BLOG Engine 2.2 - 'rid' Parameter Blind SQL Injection
CaLogic Calendars 1.2.2 - (langsel) SQL Injection
CaLogic Calendars 1.2.2 - 'langsel' Parameter SQL Injection
EMO Realty Manager - 'news.php ida' SQL Injection
The Real Estate Script - 'dpage.php docID' SQL Injection
Linkspile - 'link.php cat_id' SQL Injection
Freelance Auction Script 1.0 - (browseproject.php) SQL Injection
EMO Realty Manager - 'ida' Parameter SQL Injection
The Real Estate Script - 'docID' Parameter SQL Injection
Linkspile - 'cat_id' Parameter SQL Injection
Freelance Auction Script 1.0 - 'browseproject.php' SQL Injection
rgboard 3.0.12 - (Remote File Inclusioni / Cross-Site Scripting) Multiple Vulnerabilities
Kostenloses Linkmanagementscript - (page_to_include) Remote File Inclusion
rgboard 3.0.12 - Remote File Inclusioni / Cross-Site Scripting
Kostenloses Linkmanagementscript - Remote File Inclusion
newsmanager 2.0 - (Remote File Inclusion / File Disclosure / SQL Injection / pb) Multiple Vulnerabilities
68 Classifieds 4.0 - (category.php cat) SQL Injection
newsmanager 2.0 - Remote File Inclusion / File Disclosure / SQL Injection
68 Classifieds 4.0 - 'category.php' SQL Injection
StanWeb.CMS - (default.asp id) SQL Injection
StanWeb.CMS - SQL Injection
Archangel Weblog 0.90.02 - (post_id) SQL Injection
Archangel Weblog 0.90.02 - 'post_id' Parameter SQL Injection
WR-Meeting 1.0 - (msnum) Local File Disclosure
WR-Meeting 1.0 - 'msnum' Parameter Local File Disclosure
FicHive 1.0 - (category) Blind SQL Injection
Smeego 1.0 - (Cookie lang) Local File Inclusion
FicHive 1.0 - 'category' Parameter Blind SQL Injection
Smeego 1.0 - 'Cookie lang' Local File Inclusion
TAGWORX.CMS - Multiple SQL Injections
TAGWORX.CMS 3.00.02 - Multiple SQL Injections
lulieblog 1.2 - Multiple Vulnerabilities
AlkalinePHP 0.77.35 - (adduser.php) Arbitrary Add Admin
easycms 0.4.2 - Multiple Vulnerabilities
Lulieblog 1.2 - Multiple Vulnerabilities
AlkalinePHP 0.77.35 - 'adduser.php' Arbitrary Add Admin
Easycms 0.4.2 - Multiple Vulnerabilities
AlkalinePHP 0.80.00 Beta - (thread.php id) SQL Injection
AlkalinePHP 0.80.00 Beta - 'thread.php' SQL Injection
EntertainmentScript - 'play.php id' SQL Injection
EntertainmentScript 1.4.0 - 'play.php' SQL Injection
ecms 0.4.2 - (SQL Injection / Security Bypass) Multiple Vulnerabilities
Mantis Bug Tracker 1.1.1 - (Code Execution / Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
ComicShout 2.5 - (index.php comic_id) SQL Injection
eCMS 0.4.2 - SQL Injection / Security Bypass
Mantis Bug Tracker 1.1.1 - Code Execution / Cross-Site Scripting / Cross-Site Request Forgery
ComicShout 2.5 - 'comic_id' Parameter SQL Injection
PHP Jokesite 2.0 - 'cat_id' SQL Injection
Netious CMS 0.4 - (index.php pageid) SQL Injection
PHP Jokesite 2.0 - 'cat_id' Parameter SQL Injection
Netious CMS 0.4 - 'pageid' Parameter SQL Injection
6rbScript - 'news.php newsid' SQL Injection
webl?sninger 4 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
6rbScript - 'news.php' SQL Injection
Weblosninger 4 - Cross-Site Scripting / SQL Injection
e107 Plugin BLOG Engine 2.2 - 'uid' Blind SQL Injection
Quate CMS 0.3.4 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting / dt) Multiple Vulnerabilities
e107 Plugin BLOG Engine 2.2 - 'uid' Parameter Blind SQL Injection
Quate CMS 0.3.4 - Multiple Vulnerabilities
RoomPHPlanning 1.5 - (idresa) SQL Injection
PHPRaider 1.0.7 - (PHPbb3.functions.php) Remote File Inclusion
RoomPHPlanning 1.5 - 'idresa' Parameter SQL Injection
PHPRaider 1.0.7 - 'PHPbb3.functions.php' Remote File Inclusion
CMS MAXSITE 1.10 - (category) SQL Injection
CMS MAXSITE 1.10 - 'category' Parameter SQL Injection
CKGold Shopping Cart 2.5 - (category_id) SQL Injection
CKGold Shopping Cart 2.5 - 'category_id' Parameter SQL Injection
ComicShout 2.8 - (news.php news_id) SQL Injection
ComicShout 2.8 - 'news_id' Parameter SQL Injection
AJ HYIP ACME - 'news.php id' SQL Injection
AJ HYIP ACME - 'news.php' SQL Injection
Quate CMS 0.3.4 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Quate CMS 0.3.4 - Local File Inclusion / Cross-Site Scripting
e107 Plugin BLOG Engine 2.2 - 'uid' SQL Injection
e107 Plugin BLOG Engine 2.2 - 'uid' Parameter SQL Injection
AJ HYIP ACME - 'comment.php artid' SQL Injection
AJ HYIP ACME - 'readarticle.php artid' SQL Injection
AJ HYIP ACME - 'comment.php' SQL Injection
AJ HYIP ACME - 'readarticle.php' SQL Injection
6rbScript 3.3 - 'singerid' SQL Injection
6rbScript 3.3 - 'singerid' Parameter SQL Injection
6rbScript 3.3 - (section.php name) Local File Inclusion
6rbScript 3.3 - 'section.php' Local File Inclusion
RoomPHPlanning 1.6 - (userform.php) Create Admin User Exploit
RoomPHPlanning 1.6 - 'userform.php' Create Admin User
Mega File Hosting Script 1.2 - (cross.php url) Remote File Inclusion
Mega File Hosting Script 1.2 - 'url' Parameter Remote File Inclusion
Advanced Image Hosting (AIH) 2.3 - (gal) Blind SQL Injection
Advanced Image Hosting (AIH) 2.3 - 'gal' Parameter Blind SQL Injection
ActiveKB KnowledgeBase - 'loadpanel.php Panel' Local File Inclusion
ActiveKB KnowledgeBase - 'Panel' Parameter Local File Inclusion
Quate CMS 0.3.5 - (Remote File Inclusioni / Local File Inclusion) Multiple Vulnerabilities
Quate CMS 0.3.5 - Remote File Inclusion / Local File Inclusion
Zomplog CMS 3.9 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
Zomplog 3.9 - Cross-Site Scripting / Cross-Site Request Forgery
YABSoft Advanced Image Hosting Script - SQL Injection
Advanced Image Hosting Script - SQL Injection
MercuryBoard 1.1 - index.php SQL Injection
MercuryBoard 1.1 - 'index.php' SQL Injection
CMS Made Simple 0.10 - Lang.php Remote File Inclusion
CMS Made Simple 0.10 - 'Lang.php' Remote File Inclusion
Zomplog 3.3/3.4 - detail.php HTML Injection
Zomplog 3.3/3.4 - 'detail.php' HTML Injection
CMS Made Simple 1.0.2 - SearchInput Cross-Site Scripting
CMS Made Simple 1.0.2 - 'SearchInput' Parameter Cross-Site Scripting
EQDKP 1.3.1 - Show Variable Cross-Site Scripting
EQdkp 1.3.1 - Cross-Site Scripting
CMS Made Simple 105 - Stylesheet.php SQL Injection
CMS Made Simple 1.0.5 - 'Stylesheet.php' SQL Injection
Internet PhotoShow - 'login_admin' Parameter Unauthorized Access
68 Classifieds 4.1 - 'login.php' goto Parameter Cross-Site Scripting
68 Classifieds 4.1 - 'login.php' Cross-Site Scripting
68 Classifieds 4.1 - category.php cat Parameter Cross-Site Scripting
68 Classifieds 4.1 - 'category.php' Cross-Site Scripting
68 Classifieds 4.1 - searchresults.php page Parameter Cross-Site Scripting
68 Classifieds 4.1 - toplistings.php page Parameter Cross-Site Scripting
68 Classifieds 4.1 - viewlisting.php view Parameter Cross-Site Scripting
68 Classifieds 4.1 - viewmember.php member Parameter Cross-Site Scripting
68 Classifieds 4.1 - 'searchresults.php' Cross-Site Scripting
68 Classifieds 4.1 - 'toplistings.php' Cross-Site Scripting
68 Classifieds 4.1 - 'viewlisting.php' Cross-Site Scripting
68 Classifieds 4.1 - 'viewmember.php' Cross-Site Scripting
YABSoft Advanced Image Hosting Script 2.x - 'search.php' Cross-Site Scripting
Advanced Image Hosting Script 2.x - 'search.php' Cross-Site Scripting
CMS Made Simple Download Manager 1.4.1 Module - Arbitrary File Upload
CMS Made Simple Module Download Manager 1.4.1 - Arbitrary File Upload
CMS Made Simple Antz Toolkit 1.02 Module - Arbitrary File Upload
CMS Made Simple Module Antz Toolkit 1.02 - Arbitrary File Upload
Zomplog 3.9 - 'message' Parameter Multiple Cross-Site Scripting Vulnerabilities
Zomplog 3.9 - 'message' Parameter Cross-Site Scripting
YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting
Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting
Wordpress Plugin WP Vault 0.8.6.6 - Local File Inclusion
Joomla! Component Catalog 1.0.7 - SQL Injection
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection
Xfinity Gateway - Cross-Site Request Forgery
2016-12-01 07:48:18 +00:00
Offensive Security
91b12c469e
DB: 2016-11-29
...
16 new exploits
rdesktop 1.5.0 - iso_recv_msg() Integer Underflow (PoC)
rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC)
rdesktop 1.5.0 - 'iso_recv_msg()' Integer Underflow (PoC)
rdesktop 1.5.0 - 'process_redirect_pdu()' BSS Overflow (PoC)
NTP 4.2.8p3 - Denial of Service
Microsoft Internet Explorer 8 MSHTML - 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009)
Microsoft Internet Explorer 11 MSHTML - 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion
Microsoft Internet Explorer 10 MSHTML - 'CEditAdorner::Detach' Use-After-Free (MS13-047)
Microsoft Internet Explorer 8 / 9 / 10 / 11 MSHTML - 'DOMImplementation' Type Confusion (MS16-009)
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation
Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Privilege Escalation
Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Privilege Escalation (2)
Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation
TFTP Server 1.4 - Buffer Overflow Remote Exploit (2)
TFTP Server 1.4 - Remote Buffer Overflow (2)
TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit)
TFTP Server 1.4 - ST WRQ Buffer Overflow (Metasploit)
Android - 'BadKernel' Remote Code Execution
VX Search Enterprise 9.1.12 - Buffer Overflow
Sync Breeze Enterprise 9.1.16 - Buffer Overflow
Disk Sorter Enterprise 9.1.12 - Buffer Overflow
Dup Scout Enterprise 9.1.14 - Buffer Overflow
Disk Savvy Enterprise 9.1.14 - Buffer Overflow
Disk Pulse Enterprise 9.1.16 - Buffer Overflow
Linux/x86 - Egg-hunter Shellcode (25 bytes)
Linux/x86 - Egg-hunter Shellcode (31 bytes)
RunCMS 1.2 - (class.forumposts.php) Arbitrary Remote File Inclusion
RunCMS 1.2 - 'class.forumposts.php' Arbitrary Remote File Inclusion
CMS Faethon 1.3.2 - (mainpath) Remote File Inclusion
CMS Faethon 1.3.2 - 'mainpath' Parameter Remote File Inclusion
CMS Faethon 2.0 - (mainpath) Remote File Inclusion
CMS Faethon 2.0 - 'mainpath' Parameter Remote File Inclusion
SazCart 1.5 - (cart.php) Remote File Inclusion
SazCart 1.5 - 'cart.php' Remote File Inclusion
Cyberfolio 2.0 RC1 - (av) Remote File Inclusion
Cyberfolio 2.0 RC1 - 'av' Parameter Remote File Inclusion
FipsCMS 4.5 - (index.asp) SQL Injection
FipsCMS 4.5 - 'index.asp' SQL Injection
AJ Classifieds 1.0 - (postingdetails.php) SQL Injection
AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection
RunCMS 1.5.2 - (debug_show.php) SQL Injection
RunCMS 1.5.2 - 'debug_show.php' SQL Injection
OneCMS 2.4 - (userreviews.php abc) SQL Injection
OneCMS 2.4 - 'abc' Parameter SQL Injection
RunCMS 1.6 - disclaimer.php Remote File Overwrite
RunCMS 1.6 - 'disclaimer.php' Remote File Overwrite
PHPEasyData 1.5.4 - 'cat_id' SQL Injection
FipsCMS - 'print.asp lg' SQL Injection
Galleristic 1.0 - (index.php cat) SQL Injection
gameCMS Lite 1.0 - (index.php systemId) SQL Injection
PHPEasyData 1.5.4 - 'cat_id' Parameter SQL Injection
FipsCMS 2.1 - 'print.asp' SQL Injection
Galleristic 1.0 - 'cat' Parameter SQL Injection
GameCMS Lite 1.0 - 'systemId' Parameter SQL Injection
CMS Faethon 2.2 Ultimate - (Remote File Inclusion / Cross-Site Scripting) Multiple Remote Vulnerabilities
CMS Faethon 2.2 Ultimate - Remote File Inclusion / Cross-Site Scripting
MusicBox 2.3.7 - (artistId) SQL Injection
RunCMS 1.6.1 - (msg_image) SQL Injection
MusicBox 2.3.7 - 'artistId' Parameter SQL Injection
RunCMS 1.6.1 - 'msg_image' Parameter SQL Injection
vShare YouTube Clone 2.6 - (tid) SQL Injection
vShare YouTube Clone 2.6 - 'tid' Parameter SQL Injection
Cyberfolio 7.12 - (rep) Remote File Inclusion
miniBloggie 1.0 - (del.php) Arbitrary Delete Post
Cyberfolio 7.12 - 'rep' Parameter Remote File Inclusion
miniBloggie 1.0 - 'del.php' Arbitrary Delete Post
SazCart 1.5.1 - (prodid) SQL Injection
SazCart 1.5.1 - 'prodid' Parameter SQL Injection
Phoenix View CMS Pre Alpha2 - (SQL Injection / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Phoenix View CMS Pre Alpha2 - SQL Injection / Local File Inclusion / Cross-Site Scripting
Ktools Photostore 3.5.1 - (gallery.php gid) SQL Injection
Ktools Photostore 3.5.1 - 'gid' Parameter SQL Injection
Joomla! Component com_datsogallery 1.6 - Blind SQL Injection
Joomla! Component Datsogallery 1.6 - Blind SQL Injection
Vortex CMS - 'index.php pageid' Blind SQL Injection
AJ Article 1.0 - (featured_article.php) SQL Injection
AJ Auction 6.2.1 - (classifide_ad.php) SQL Injection
Vortex CMS - 'pageid' Parameter Blind SQL Injection
AJ Article 1.0 - 'featured_article.php' SQL Injection
AJ Auction 6.2.1 - 'classifide_ad.php' SQL Injection
clanlite 2.x - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ClanLite 2.x - SQL Injection / Cross-Site Scripting
OneCMS 2.5 - (install_mod.php) Local File Inclusion
OneCMS 2.5 - 'install_mod.php' Local File Inclusion
AJ Auction Web 2.0 - (cate_id) SQL Injection
AJ Auction 1.0 - 'id' SQL Injection
AJ Auction Web 2.0 - 'cate_id' Parameter SQL Injection
AJ Auction 1.0 - 'id' Parameter SQL Injection
FipsCMS Light 2.1 - (r) SQL Injection
FipsCMS Light 2.1 - 'r' Parameter SQL Injection
AJ Auction Pro Platinum Skin - 'detail.php item_id' SQL Injection
AJ Auction Pro Platinum Skin - 'item_id' Parameter SQL Injection
AJ Auction Pro Platinum - (seller_id) SQL Injection
AJ Auction Pro Platinum - 'seller_id' Parameter SQL Injection
miniBloggie 1.0 - (del.php) Blind SQL Injection
miniBloggie 1.0 - 'del.php' Blind SQL Injection
AJ Article - 'featured_article.php mode' SQL Injection
AJ ARTICLE - (Authentication Bypass) SQL Injection
AJ Article 1.0 - Authentication Bypass
Cyberfolio 7.12.2 - (css.php theme) Local File Inclusion
Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion
AJ ARTICLE - Remote Authentication Bypass
AJ Article 1.0 - Remote Authentication Bypass
MusicBox 2.3.8 - (viewalbums.php artistId) SQL Injection
MusicBox 2.3.8 - 'viewalbums.php' SQL Injection
AJ Auction Pro OOPD 2.3 - 'id' SQL Injection
AJ Auction Pro OOPD 2.3 - 'id' Parameter SQL Injection
BigACE CMS 2.5 - 'Username' SQL Injection
BigACE 2.5 - SQL Injection
ZeusCart 2.3 - 'maincatid' SQL Injection
ZeusCart 2.3 - 'maincatid' Parameter SQL Injection
BigACE CMS 2.6 - (cmd) Local File Inclusion
BigACE 2.6 - 'cmd' Parameter Local File Inclusion
RunCMS 1.6.3 - (double ext) Remote Shell Injection
RunCMS 1.6.3 - Remote Shell Injection
AJ Auction Pro OOPD 2.x - (store.php id) SQL Injection
AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection
RunCMS 2m1 - store() SQL Injection
RunCMS 2ma - post.php SQL Injection
RunCMS 2m1 - 'store()' SQL Injection
RunCMS 2ma - 'post.php' SQL Injection
AJ Article - Persistent Cross-Site Scripting
AJ Article 3.0 - Cross-Site Scripting
admidio 2.3.5 - Multiple Vulnerabilities
Admidio 2.3.5 - Multiple Vulnerabilities
RunCMS 1.1/1.2 Newbb_plus and Messages Modules - Multiple SQL Injections
RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection
MusicBox 2.3 - Type Parameter SQL Injection
MusicBox 2.3 - 'type' Parameter SQL Injection
RunCMS 1.x - Bigshow.php Cross-Site Scripting
RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting
RunCMS 1.2/1.3 - PMLite.php SQL Injection
RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
RunCMS 1.x - Ratefile.php Cross-Site Scripting
RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting
BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin)
BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)
MusicBox 2.3 - 'index.php' Multiple Parameter SQL Injection
MusicBox 2.3 - 'index.php' Multiple Parameter Cross-Site Scripting
MusicBox 2.3 - cart.php Multiple Parameter Cross-Site Scripting
MusicBox 2.3 - 'index.php' SQL Injection
MusicBox 2.3 - 'index.php' Cross-Site Scripting
MusicBox 2.3 - 'cart.php' Cross-Site Scripting
MusicBox 2.3.4 - Page Parameter SQL Injection
MusicBox 2.3.4 - 'page' Parameter SQL Injection
MyWebland miniBloggie 1.0 - Fname Remote File Inclusion
miniBloggie 1.0 - 'Fname' Remote File Inclusion
BigACE 1.8.2 - item_main.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - upload_form.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - download.cmd.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - admin.cmd.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - 'item_main.php' Remote File Inclusion
BigACE 1.8.2 - 'upload_form.php' Remote File Inclusion
BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion
BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion
ClanLite - Config-PHP.php Remote File Inclusion
ClanLite - 'conf-php.php' Remote File Inclusion
FipsCMS 2.1 - PID Parameter SQL Injection
FipsCMS 2.1 - 'pid' Parameter SQL Injection
RunCMS 1.6.1 - votepolls.php bbPath[path] Parameter Remote File Inclusion
RunCMS 1.6.1 - config.php bbPath[root_theme] Parameter Remote File Inclusion
RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion
RunCMS 1.6.1 - 'bbPath[root_theme]' Parameter Remote File Inclusion
FipsCMS 2.1 - 'forum/neu.asp' SQL Injection
FipsCMS 2.1 - 'neu.asp' SQL Injection
OneCMS 2.6.1 - admin/admin.php cat Parameter Cross-Site Scripting
OneCMS 2.6.1 - search.php search Parameter SQL Injection
OneCMS 2.6.1 - admin/admin.php Short1 Parameter Cross-Site Scripting
OneCMS 2.6.1 - 'cat' Parameter Cross-Site Scripting
OneCMS 2.6.1 - 'search' Parameter SQL Injection
OneCMS 2.6.1 - 'short1' Parameter Cross-Site Scripting
RunCMS 'partners' Module - 'id' Parameter SQL Injection
RunCMS Module Partners - 'id' Parameter SQL Injection
Zeuscart v.4 - Multiple Vulnerabilities
Zeuscart 4.0 - Multiple Vulnerabilities
BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal
BigACE 2.7.5 - 'LANGUAGE' Parameter Directory Traversal
Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting
Red Hat JBoss EAP - Deserialization of Untrusted Data
2016-11-29 05:01:20 +00:00
Offensive Security
b1cbed79e4
DB: 2016-11-28
...
1 new exploits
Core FTP LE 2.2 - 'SSH/SFTP' Remote Buffer Overflow (PoC)
2016-11-28 05:01:17 +00:00
Offensive Security
b3a7c78388
DB: 2016-11-25
...
4 new exploits
Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC)
Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)
Remote Utilities Host 6.3 - Denial of Service
Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)
GNU Wget < 1.18 - Access List Bypass / Race Condition
miniBB - 'user' Input Validation Hole
MiniBB 1.7f - 'user' Parameter SQL Injection
TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion
TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion
PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion
PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion
miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion
MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion
miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion
MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion
W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection
W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection
miniBB 2.1 - (table) SQL Injection
MiniBB 2.1 - 'table' Parameter SQL Injection
Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure
Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure
Apartment Search Script - 'listtest.php r' SQL Injection
XOOPS Module Recipe - 'detail.php id' SQL Injection
Aterr 0.9.1 - (class) Local File Inclusion (PHP5)
W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection
Apartment Search Script - 'listtest.php' SQL Injection
XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection
Aterr 0.9.1 - Local File Inclusion (PHP5)
W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
KubeLance 1.6.4 - (ipn.php i) Local File Inclusion
acidcat CMS 3.4.1 - Multiple Vulnerabilities
BlogWorx 1.0 - (view.asp id) SQL Injection
Crazy Goomba 1.2.1 - 'id' SQL Injection
RedDot CMS 7.5 - (LngId) SQL Injection
TR News 2.1 - (nb) SQL Injection
KubeLance 1.6.4 - 'ipn.php' Local File Inclusion
Acidcat CMS 3.4.1 - Multiple Vulnerabilities
BlogWorx 1.0 - 'id' Parameter SQL Injection
Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection
RedDot CMS 7.5 - 'LngId' Parameter SQL Injection
TR News 2.1 - 'nb' Parameter SQL Injection
E RESERV 2.1 - (index.php ID_loc) SQL Injection
Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection
E RESERV 2.1 - 'index.php' SQL Injection
Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection
minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities
PostNuke Module PostSchedule - (eid) SQL Injection
MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure
PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection
Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting
PHP Forge 3 Beta 2 - 'id' SQL Injection
PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection
megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Jokes Site Script - 'jokes.php?catagorie' SQL Injection
FluentCMS - 'view.php sid' SQL Injection
megabbs forum 2.2 - SQL Injection / Cross-Site Scripting
Jokes Site Script - 'jokes.php' SQL Injection
FluentCMS - 'view.php' SQL Injection
Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection
Softbiz Web Host Directory Script (host_id) - SQL Injection
Joovili 3.1 - (browse.videos.php category) SQL Injection
Prozilla Hosting Index - 'cat_id' Parameter SQL Injection
Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection
Joovili 3.1 - 'browse.videos.php' SQL Injection
w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting
apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting
Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting
Prozilla Hosting Index - 'id' SQL Injection
Prozilla Hosting Index - 'id' Parameter SQL Injection
web Calendar system 3.12/3.30 - Multiple Vulnerabilities
Web Calendar System 3.12/3.30 - Multiple Vulnerabilities
Web Calendar 4.1 - (Authentication Bypass) SQL Injection
Web Calendar 4.1 - Authentication Bypass
web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection
KubeLance - 'profile.php?id' SQL Injection
KubeLance 1.7.6 - 'profile.php' SQL Injection
Clever Copy 2.0 - calendar.php Cross-Site Scripting
Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting
Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting
Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting
Clever Copy 2.0 - 'results.php' Cross-Site Scripting
Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting
Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection
Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure
Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection
Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure
ODFaq 2.1 - faq.php SQL Injection
ODFaq 2.1 - 'faq.php' SQL Injection
MiniBB 1.5 - news.php Remote File Inclusion
MiniBB 1.5 - 'news.php' Remote File Inclusion
W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting
W1L3D4 philboard 0.3 - Cross-Site Scripting
Proverbs Web Calendar 1.1 - Password Parameter SQL Injection
Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection
Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion
miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting
miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion
MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion
DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting
eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection
miniBB 3.1 - Blind SQL Injection
MiniBB 3.1 - Blind SQL Injection
Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
2016-11-25 05:01:20 +00:00
Offensive Security