![]() 4 new exploits Hasbani-WindWeb/2.0 - HTTP GET Remote Denial of Service Hasbani-WindWeb/2.0 - GET Remote Denial of Service KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC) KingSoft - 'UpdateOcx2.dll SetUninstallName()' Heap Overflow (PoC) Konqueror 3.5.9 - (color/bgcolor) Multiple Remote Crash Vulnerabilities Konqueror 3.5.9 - 'color'/'bgcolor' Multiple Remote Crash Vulnerabilities WinFTP Server 2.3.0 - (PASV mode) Remote Denial of Service Konqueror 3.5.9 - (load) Remote Crash WinFTP Server 2.3.0 - 'PASV Mode' Remote Denial of Service Konqueror 3.5.9 - 'load' Remote Crash Nokia Mini Map Browser - (array sort) Silent Crash Nokia Mini Map Browser - 'Array Sort' Silent Crash vBulletin Cyb - Advanced Forum Statistics - 'misc.php' Denial of Service vBulletin Cyb - Advanced Forum Statistics 'misc.php' Denial of Service VideoLAN VLC Media Player < 1.1.4 - '.xspf' 'smb://' URI Handling Remote Stack Overflow (PoC) VideoLAN VLC Media Player < 1.1.4 - '.xspf smb://' URI Handling Remote Stack Overflow (PoC) HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe execvp_nc' Remote Code Execution RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC) RarCrack 0.2 - 'Filename init() .bss' (PoC) VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Memory Corruption PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service GNU glibc < 2.12.2 - 'fnmatch()' Function Stack Corruption GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption PyPAM - Python bindings for PAM - Double-Free Corruption PyPAM Python bindings for PAM - Double-Free Corruption Tiny Server 1.1.9 - HTTP HEAD Denial of Service Tiny Server 1.1.9 - HEAD Denial of Service Symantec End Point Protection 11.x - & Symantec Network Access Control 11.x - LCE (PoC) Symantec End Point Protection 11.x / Symantec Network Access Control 11.x - Local Code Execution (PoC) MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service MAILsweeper SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC) FL Studio 10 Producer Edition - Buffer Overflow (SEH) (PoC) Intellicom 1.3 - 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow MyServer 0.4.3 - HTTP GET Argument Buffer Overflow MyServer 0.5 - HTTP GET Argument Buffer Overflow MyServer 0.4.3 - GET Argument Buffer Overflow MyServer 0.5 - GET Argument Buffer Overflow Cisco Aironet AP1x00 - Malformed HTTP GET Denial of Service Cisco Aironet AP1x00 - GET Denial of Service McAfee ePolicy Orchestrator 1.x/2.x/3.0 - Agent HTTP POST Buffer Mismanagement McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent - POST Buffer Mismanagement Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (1) Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (2) Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (3) Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (1) Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (2) Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (3) Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service) Gattaca Server 2003 - 'web.tmpl Language' Parameter CPU Consumption (Denial of Service) Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service Microsoft Windows XP - 'explorer.exe .tiff' Image Denial of Service PHPMailer 1.7 - 'Data()' Function Remote Denial of Service PHPMailer 1.7 - 'Data()' Remote Denial of Service Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow MailEnable 2.x - SMTP NTLM Authentication - Multiple Vulnerabilities MailEnable 2.x - SMTP NTLM Authentication Multiple Vulnerabilities Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service Microsoft Windows Explorer - 'explorer.exe .WMV' File Handling Denial of Service MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data' Parameter Buffer Overflow Multiple BSD Distributions - 'strfmon()' Function Integer Overflow Multiple BSD Distributions - 'strfmon()' Integer Overflow HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'StartApp' ActiveX Control Insecure Method HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'RegistryString' Buffer Overflow HP Instant Support 1.0.22 - 'HPISDataManager.dll StartApp' ActiveX Control Insecure Method HP Instant Support 1.0.22 - 'HPISDataManager.dll RegistryString' Buffer Overflow Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Function Remote Denial of Service Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service KDE Konqueror 3.5.9 - JavaScript 'load' Function Denial of Service KDE Konqueror 3.5.9 - JavaScript 'load' Denial of Service GNU glibc 2.x - 'strfmon()' Function Integer Overflow GNU glibc 2.x - 'strfmon()' Integer Overflow Sun Java System Web Server 6.1/7.0 - HTTP 'TRACE' Heap Buffer Overflow Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot Microsoft Windows XP/Vista - '.ani' 'tagBITMAPINFOHEADER' Denial of Service Microsoft Windows XP/Vista - '.ani tagBITMAPINFOHEADER' Denial of Service PHP 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service PHP 5.3.2 - 'zend_strtod()' Floating-Point Value Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Function Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Denial of Service PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Denial of Service PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection - Crash (PoC) Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName - Crash (PoC) Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW - Crash (PoC) Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey - Crash (PoC) Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC) Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC) Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC) Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC) CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to - Malformed CFF Table Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to Malformed CFF Table Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access BT Home Hub - 'uuid' field Buffer Overflow BT Home Hub - 'uuid' Buffer Overflow Squid - 'httpMakeVaryMark()' Function Remote Denial of Service Squid - 'httpMakeVaryMark()' Remote Denial of Service Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117) Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) Pool Buffer Overflow (MS15-117) Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame Broadcom Wi-Fi SoC - Heap Overflow 'wlc_tdls_cal_mic_chk' Due to Large RSN IE in TDLS Setup Confirm Frame Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit) ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation SGI IRIX 6.5.28 - (runpriv) Design Error SGI IRIX 6.5.28 - 'runpriv' Design Error PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution PHP < 4.4.5/5.2.1 - 'shmop' Local Code Execution PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit FreeBSD 6.4 - pipeclose()/knlist_cleardel() Race Condition FreeBSD 7.2 VFS/devfs - Race Condition FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition FreeBSD 7.2 - VFS/devfs Race Condition Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe file' Parameter Local Buffer Overflow (PoC) Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit) Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028) (Metasploit) ACDSee FotoSlate - '.PLP' File id Parameter Overflow (Metasploit) ACDSee FotoSlate - '.PLP' File 'id' Parameter Overflow (Metasploit) Netscape iCal 2.1 Patch2 iPlanet iCal - 'iplncal.sh' Permissions Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions PLIB 1.8.5 - ssg/ssgParser.cxx Buffer Overflow PLIB 1.8.5 - 'ssg/ssgParser.cxx' Buffer Overflow Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation Linux PAM 0.77 - Pam_Wheel Module 'getlogin() Username' Spoofing Privilege Escalation Microsoft ListBox/ComboBox Control - 'User32.dll' Function Buffer Overrun Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass PHP 4.x/5.0/5.1 - 'mb_send_mail()' Parameter Restriction Bypass Microsoft Windows - 'ndproxy.sys' - Privilege Escalation (Metasploit) Microsoft Windows - 'ndproxy.sys' Privilege Escalation (Metasploit) Microsoft Windows - SeImpersonatePrivilege - Privilege Escalation Microsoft Windows - 'SeImpersonatePrivilege' Privilege Escalation Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1) Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1) Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass) MASM321 11 Quick Editor '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass) CompuSource Systems - Real Time Home Banking - Privilege Escalation CompuSource Systems Real Time Home Banking - Privilege Escalation Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method) Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation Linux Kernel - 'offset2lib' 'Stack Clash' Exploit Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation OpenBSD - 'at Stack Clash' Local Privilege Escalation Linux Kernel - 'offset2lib Stack Clash' Exploit Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Microsoft Windows - LNK Shortcut File Code Execution (Metasploit) Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit) Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass) Xine-Lib 1.1 - (media player library) Remote Format String CA iTechnology iGateway - (debug mode) Remote Buffer Overflow Xine-Lib 1.1 - 'Media Player Library' Remote Format String CA iTechnology iGateway - 'Debug Mode' Remote Buffer Overflow Microsoft Windows - NetpManageIPCConnect - Stack Overflow (MS06-070) (Python) Microsoft Windows - 'NetpManageIPCConnect' Stack Overflow (MS06-070) (Python) Microsoft Windows - DNS RPC - Remote Buffer Overflow (2) Microsoft Windows - DNS RPC Remote Buffer Overflow (2) 3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow 3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow 3proxy 0.5.3g (Linux) - 'proxy.c logurl()' Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow 3proxy 0.5.3g - (exec-shield) 'proxy.c logurl()' Remote Overflow NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method CHILKAT ASP String - 'CkString.dll 1.1 SaveToFile()' Insecure Method GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow GlobalLink 2.7.0.8 - 'glItemCom.dll SetInfo()' Heap Overflow GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method GlobalLink 2.7.0.8 - 'glitemflat.dll SetClientInfo()' Heap Overflow Ultra Crypto Component - 'CryptoX.dll 2.0 SaveToFile()' Insecure Method Microsoft Visual FoxPro 6.0 - FPOLE.OCX Arbitrary Command Execution Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution WebKit - 'Document()' Function Remote Information Disclosure WebKit - 'Document()' Remote Information Disclosure Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow Bigant Messenger 2.52 - 'AntCore.dll RegisterCom()' Remote Heap Overflow Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Oracle JRE - java.net.URLConnection class Same-of-Origin (SOP) Policy Bypass httpdx - 'tolog()' Function Format String (Metasploit) (1) httpdx - 'tolog()' Format String (Metasploit) (1) httpdx - 'tolog()' Function Format String (Metasploit) (2) httpdx - 'tolog()' Format String (Metasploit) (2) httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit) httpdx - 'h_handlepeer()' Buffer Overflow (Metasploit) hplip - hpssd.py From Address Arbitrary Command Execution (Metasploit) hplip - 'hpssd.py' From Address Arbitrary Command Execution (Metasploit) Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit) Apple Mac OSX EvoCam Web Server - GET Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe ICount' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit) ZyWALL USG - Appliance - Multiple Vulnerabilities ZyWALL USG Appliance - Multiple Vulnerabilities ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2) ScriptFTP 3.3 - LIST Remote Buffer Overflow (Metasploit) (2) Opera Browser 10/11/12 - (SVG layout) Memory Corruption (Metasploit) Opera Browser 10/11/12 - 'SVG Layout' Memory Corruption (Metasploit) Adobe Flash Player - '.mp4' 'cprt' Overflow (Metasploit) Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit) UoW Pine 4.0.4/4.10/4.21 - 'From:' Field Buffer Overflow UoW Pine 4.0.4/4.10/4.21 - 'From:' Buffer Overflow Technote 2000/2001 - 'board' Function File Disclosure Technote 2000/2001 - 'board' File Disclosure IPSwitch IMail 6.x/7.0/7.1 - Web Messaging HTTP Get Buffer Overflow IPSwitch IMail 6.x/7.0/7.1 - Web Messaging GET Buffer Overflow Novell NetWare 5.1/6.0 - HTTP Post Arbitrary Perl Code Execution Novell NetWare 5.1/6.0 - POST Arbitrary Perl Code Execution Webmin 0.x - 'RPC' Function Privilege Escalation Webmin 0.x - 'RPC' Privilege Escalation Avaya IP Office Customer Call Reporter - ImageUpload.ashx Remote Command Execution (Metasploit) Avaya IP Office Customer Call Reporter - 'ImageUpload.ashx' Remote Command Execution (Metasploit) ghttpd 1.4.x - 'Log()' Function Buffer Overflow ghttpd 1.4.x - 'Log()' Buffer Overflow M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Cross-Site Scripting Dune 0.6.7 - HTTP Get Remote Buffer Overrun Dune 0.6.7 - GET Remote Buffer Overrun InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit) InduSoft Web Studio - 'ISSymbol.ocx InternationalSeparator()' Heap Overflow (Metasploit) GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities Rlpr 2.0 - 'msg()' Multiple Vulnerabilities Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept p_t02' Parameter Cross-Site Scripting SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp fullName' Parameter Arbitrary File Disclosure SAP Business Connector 4.6/4.7 - 'deleteSingle fullName' Parameter Arbitrary File Deletion SAP Business Connector 4.6/4.7 - 'adapter-index.dsp url' Parameter Arbitrary Site Redirect PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit PHP 4.x - 'tempnam() open_basedir' Restriction Bypass PHP 4.x - 'copy() Safe_Mode' Bypass Exploit Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing aBitWhizzy - 'whizzypic.php d' ParameterTraversal Arbitrary Directory Listing PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow PHP 5.1.6 - 'Chunk_Split()' Integer Overflow PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow PHP 5.1.6 - 'Imap_Mail_Compose()' Buffer Overflow Cisco IOS 12.3 - LPD Remote Buffer Overflow Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow Ghostscript 8.0.1/8.15 - 'zseticcspace()' Buffer Overflow HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'ExtractCab' ActiveX Control Buffer Overflow HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php css_exceptions' Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php sql_matchscope' Parameter Cross-Site Scripting Audio File Library 0.2.6 - libaudiofile 'msadpcm.c' '.WAV' File Processing Buffer Overflow Audio File Library 0.2.6 - libaudiofile 'msadpcm.c .WAV' File Processing Buffer Overflow ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection ProFTPd 1.3 - 'mod_sql Username' SQL Injection Microsoft Windows Vista - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution Microsoft Windows Vista - 'lpksetup.exe oci.dll' DLL Loading Arbitrary Code Execution PHP 5.3.x - 'mb_strcut()' Function Information Disclosure PHP 5.3.x - 'mb_strcut()' Information Disclosure Perl 5.x - 'lc()' and 'uc()' functions TAINT Mode Protection Security Bypass Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf jdeowpBackButtonProtect' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService RENDER_MAFLET' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget' Parameter Cross-Site Scripting NetBSD 5.1 - Multiple 'libc/net' functions Stack Buffer Overflow NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflow Skype 5.3 - 'Mobile Phone' Field HTML Injection Skype 5.3 - 'Mobile Phone' HTML Injection IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Function Remote Stack Buffer Overflow IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Remote Stack Buffer Overflow GoAhead Web Server 2.18 - 'addgroup.asp' 'group' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addlimit.asp' 'url' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addgroup.asp group' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addlimit.asp url' Parameter Cross-Site Scripting Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Function Information Disclosure Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Function Stack Buffer Overflow Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi ping_ipaddr' Parameter Remote Code Execution VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Stack Buffer Overflow NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution NETGEAR D6300B - '/diag.cgi IPAddr4' Parameter Remote Command Execution lxml - 'clean_html' Function Security Bypass lxml - 'clean_html' Security Bypass Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery Alfresco - '/proxy endpoint' Parameter Server-Side Request Forgery Alfresco - '/cmisbrowser url' Parameter Server-Side Request Forgery Laravel - 'Hash::make()' Function Password Truncation Security Laravel - 'Hash::make()' Password Truncation Security OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit) OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit) Windows - (DCOM RPC2) Universal Shellcode Windows - DCOM RPC2 Universal Shellcode Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Cyphor 0.19 - (board takeover) SQL Injection Cyphor 0.19 - Board Takeover SQL Injection PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection PHPay 2.02 - 'nu_mail.inc.php mail()' Remote Injection PHPMyNews 1.4 - (cfg_include_dir) Remote File Inclusion PHPMyNews 1.4 - 'cfg_include_dir' Remote File Inclusion Flatnuke 2.5.8 - (userlang) Local Inclusion / Delete All Users Exploit Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Exploit Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion Yrch 1.0 - 'plug.inc.phppath' Parameter Remote File Inclusion Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection Cacti 0.8.6i - 'cmd.php popen()' Remote Injection Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection Vizayn Haber - 'haberdetay.asp id' Parameter SQL Injection iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection iG Calendar 1.0 - 'user.php id' Parameter SQL Injection MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection MGB 0.5.4.5 - 'email.php id' Parameter SQL Injection Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion Original 0.11 - 'config.inc.php x[1]' Remote File Inclusion Picturesolution 2.1 - 'config.php' 'path' Remote File Inclusion Picturesolution 2.1 - 'config.php path' Remote File Inclusion PHP Homepage M 1.0 - galerie.php SQL Injection PHP Homepage M 1.0 - 'galerie.php' SQL Injection cpDynaLinks 1.02 - category.php SQL Injection cpDynaLinks 1.02 - 'category.php' SQL Injection DFF PHP Framework API (Data Feed File) - Remote File Inclusion DFF PHP Framework API - 'Data Feed File' Remote File Inclusion WebBiscuits Modules Controller 1.1 - Remote File Inclusion / RFD WebBiscuits Modules Controller 1.1 - Remote File Inclusion / Remote File Disclosure dMx READY (25 - Products) - Remote Database Disclosure dMx READ - Remote Database Disclosure Access2asp - imageLibrary - Arbitrary File Upload Access2asp - 'imageLibrar' Arbitrary File Upload Auktionshaus 3.0.0.1 - 'news.php' 'id' SQL Injection Auktionshaus 3.0.0.1 - 'news.php id' SQL Injection Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection Bild Flirt System 2.0 - 'index.php id' SQL Injection Fast Free Media 1.3 - Adult Site - Arbitrary File Upload Fast Free Media 1.3 Adult Site - Arbitrary File Upload goffgrafix - Design's - SQL Injection goffgrafix Design's - SQL Injection Bilder Upload Script - Datei Upload 1.09 - Arbitrary File Upload Bilder Upload Script Datei Upload 1.09 - Arbitrary File Upload Allomani - E-Store 1.0 - Cross-Site Request Forgery (Add Admin) Allomani - Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin) Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) Allomani Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin) E-Xoopport - Samsara 3.1 (Sections Module) - Blind SQL Injection E-Xoopport Samsara 3.1 (Sections Module) - Blind SQL Injection E-Xoopport - Samsara 3.1 (eCal Module) - Blind SQL Injection E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection WordPress 3.0.1 - 'do_trackbacks()' SQL Injection Oracle WebLogic - Session Fixation Via HTTP POST Oracle WebLogic - POST Session Fixation spidaNews 1.0 - 'news.php' 'id' SQL Injection spidaNews 1.0 - 'news.php id' SQL Injection Catalog Builder - eCommerce Software - Blind SQL Injection Catalog Builder eCommerce Software - Blind SQL Injection FileBox - File Hosting & Sharing Script 1.5 - SQL Injection FileBox File Hosting & Sharing Script 1.5 - SQL Injection Snortreport - nmap.php and nbtscan.php Remote Command Execution (Metasploit) Snortreport - 'nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit) jbShop - e107 7 CMS Plugin - SQL Injection jbShop e107 7 CMS Plugin - SQL Injection Tine 2.0 - Maischa - Multiple Cross-Site Scripting Vulnerabilities Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities 4Images - Image Gallery Management System - Cross-Site Request Forgery 4Images Image Gallery Management System - Cross-Site Request Forgery PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection PHP Ticket System Beta 1 - 'index.php p' Parameter SQL Injection X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting X-Cart Gold 4.5 - 'products_map.php symb' Parameter Cross-Site Scripting Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection Symantec Web Gateway 5.0.2 - 'blocked.php id' Parameter Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid' Parameter Blind SQL Injection YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection YourArcadeScript 2.4 - 'index.php id' Parameter SQL Injection AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection AV Arcade Free Edition - 'add_rating.php id' Parameter Blind SQL Injection PhpTax - pfilez Parameter Exec Remote Code Injection (Metasploit) PhpTax - 'pfilez' Parameter Exec Remote Code Injection (Metasploit) phpMyAdmin 3.5.2.2 - server_sync.php Backdoor (Metasploit) phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor (Metasploit) Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection Blog Mod 0.1.9 - 'index.php month' Parameter SQL Injection SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting SurfControl SuperScout Email Filter 3.5 - 'MsgError.asp' Cross-Site Scripting PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting PHPReactor 1.2.7 pl1 - 'browse.php' Cross-Site Scripting PHPRank 1.8 - add.php Cross-Site Scripting PHPRank 1.8 - 'add.php' Cross-Site Scripting MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection MyBB Profile Albums Plugin 0.9 - 'albums.php album' Parameter SQL Injection M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Remote File Inclusion friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection friendsinwar FAQ Manager - 'view_faq.php question' Parameter SQL Injection SmartCMS - 'index.php' 'idx' Parameter SQL Injection SmartCMS - 'index.php idx' Parameter SQL Injection SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting SmartCMS - 'index.php menuitem' Parameter SQL Injection / Cross-Site Scripting PHP-Nuke 6.6 - admin.php SQL Injection PHP-Nuke 6.6 - 'admin.php' SQL Injection MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection MyBB AwayList Plugin - 'index.php id' Parameter SQL Injection WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php basepath' Parameter Remote File Inclusion PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure PHP-Nuke Error Manager Module 2.1 - 'error.php language' Parameter Full Path Disclosure phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass phpHeaven phpMyChat 0.14.5 - 'edituser.php3 do_not_login' Parameter Authentication Bypass NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection NConf 1.3 - 'detail.php detail_admin_items.php id' Parameter SQL Injection AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection AdaptCMS 2.0.4 - 'config.php question' Parameter SQL Injection Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection Scripts Genie Domain Trader - 'catalog.php id' Parameter SQL Injection Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection Scripts Genie Games Site Script - 'index.php id' Parameter SQL Injection Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection Scripts Genie Top Sites - 'out.php id' Parameter SQL Injection Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection Scripts Genie Hot Scripts Clone - 'showcategory.php cid' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id' Parameter SQL Injection MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting MTP Image Gallery 1.0 - 'edit_photos.php title' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'announcement.php cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'news.php cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'contents.php cid' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php Cat' Parameter Cross-Site Scripting PHPGedView 2.5/2.6 - 'login.php' 'Username' Parameter Cross-Site Scripting PHPGedView 2.5/2.6 - 'login.php Username' Parameter Cross-Site Scripting Rebus:list - 'list.php' 'list_id' Parameter SQL Injection Rebus:list - 'list.php list_id' Parameter SQL Injection SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection SynConnect Pms - 'index.php loginid' Parameter SQL Injection AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure AWS Xms 2.5 - 'importer.php what' Parameter Directory Traversal Pollen CMS 0.6 - 'index.php p' Paramete' Local File Disclosure WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash' Parameter SQL Injection CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure CubeCart 2.0.x - 'tellafriend.php product' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_cart.php add' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_product.php product' Parameter Full Path Disclosure WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection WHMCS 4.x - 'invoicefunctions.php id' Parameter SQL Injection AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection AVE.CMS 2.09 - 'index.php module' Parameter Blind SQL Injection RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection RadioCMS 2.2 - 'menager.php playlist_id' Parameter SQL Injection SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure FlatNuke 2.5.x - 'index.php where' Parameter Full Path Disclosure UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php message' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php main' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php posted' Parameter SQL Injection osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion osTicket 1.2/1.3 - 'view.php inc' Parameter Arbitrary Local File Inclusion Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal DS3 - Authentication Server - Multiple Vulnerabilities Ruubikcms 1.1.1 - 'tinybrowser.php folder' Parameter Directory Traversal DS3 Authentication Server - Multiple Vulnerabilities Kayako LiveResponse 2.0 - 'index.php' 'Username' Parameter Cross-Site Scripting Kayako LiveResponse 2.0 - 'index.php Username' Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - 'header.php sitetitle' Parameter Cross-Site Scripting Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection Simple PHP Agenda 2.2.8 - 'edit_event.php eventid' Parameter SQL Injection Aenovo - '/Password/default.asp' Password Field SQL Injection Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection Aenovo - '/Password/default.asp Password' SQL Injection Aenovo - '/incs/searchdisplay.asp strSQL' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php usertitleid' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php ids' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php group' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php email' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php goto' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php orderby' Parameter Cross-Site Scripting Cyphor 0.19 - lostpwd.php nick Field SQL Injection Cyphor 0.19 - 'newmsg.php' fid Parameter SQL Injection Cyphor 0.19 - footer.php t_login Parameter Cross-Site Scripting Cyphor 0.19 - 'lostpwd.php nick' SQL Injection Cyphor 0.19 - 'newmsg.php fid' Parameter SQL Injection Cyphor 0.19 - 'footer.php t_login' Parameter Cross-Site Scripting MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Socket.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Request.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mail.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Date.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Span.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mimeDecode.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mime.php PEAR_PATH' Remote File Inclusion Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection Top Games Script 1.2 - 'play.php gid' Parameter SQL Injection Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection Elemata CMS RC3.0 - 'global.php id' Parameter SQL Injection PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution PHP-Charts 1.0 - 'index.php type' Parameter Remote Code Execution PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/admin.php id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/editattributes.php id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/configure.php id' Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/users.php find' Parameter Cross-Site Scripting Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection Walla TeleSite 3.0 - 'ts.exe tsurl' Parameter Arbitrary Article Access Walla TeleSite 3.0 - 'ts.exe sug' Parameter Cross-Site Scripting Walla TeleSite 3.0 - 'ts.exe sug' Parameter SQL Injection GLPI 0.83.9 - 'Unserialize()' Function Remote Code Execution GLPI 0.83.9 - 'Unserialize()' Remote Code Execution Binary Board System 0.2.5 - 'toc.pl' 'board' Parameter Cross-Site Scripting Binary Board System 0.2.5 - 'toc.pl board' Parameter Cross-Site Scripting Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php _load_article_details' SQL Injection IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion IceWarp Universal WebMail - '/dir/include.html lang' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/settings.html Language' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/index.html lang_settings' Parameter Remote File Inclusion OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection OnePlug CMS - '/press/details.asp Press_Release_ID' Parameter SQL Injection OnePlug CMS - '/services/details.asp Service_ID' Parameter SQL Injection OnePlug CMS - '/products/details.asp Product_ID' Parameter SQL Injection aoblogger 2.3 - 'login.php' 'Username' Field SQL Injection aoblogger 2.3 - 'login.php Username' SQL Injection HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'addressbook.update.php contactgroupid' Parameter Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'folders.update.php folderid' Parameter Arbitrary PHP Command Execution ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing ImageVue 0.16.1 - 'readfolder.php path' Parameter Arbitrary Directory Listing Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass Virtual Hosting Control System 2.2/2.4 - 'login.php check_login()' Authentication Bypass dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt.php dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/includes/db_connect.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/includes/session.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt2.php dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/vw_files.php dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/admin/vw_usr_roles.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/calendar.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/date_format.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/tasks/gantt.php baseDir' Parameter Remote File Inclusion Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection Ginkgo CMS - 'index.php rang' Parameter SQL Injection Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection Telmanik CMS Press 1.01b - 'pages.php page_name' Parameter SQL Injection sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting sBlog 0.7.2 - 'search.php keyword' Parameter POST Method Cross-Site Scripting MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection MLMAuction Script - 'gallery.php id' Parameter SQL Injection PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection PHPMyForum 4.0 - 'index.php type' Parameter CRLF Injection 321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing 321soft PHP-Gallery 0.9 - 'index.php path' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'index.php pfad' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'galerie.php pfad' Parameter Arbitrary Directory Listing Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing Gphotos 1.4/1.5 - 'index.php rep' Parameter Traversal Arbitrary Directory Listing Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection Woltlab Burning Board FLVideo Addon - 'video.php value' Parameter SQL Injection ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting ATutor 1.5.x - 'admin/fix_content.php submit' Parameter Cross-Site Scripting glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection glFusion 1.3.0 - 'search.php cat_id' Parameter SQL Injection Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection Geodesic Solutions Multiple Products - 'index.php b' Parameter SQL Injection RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite RadScripts - 'a_editpage.php Filename' Parameter Arbitrary File Overwrite WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion WoW Roster 1.5 - 'hsList.php subdir' Parameter Remote File Inclusion Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion Zen Cart Web Shopping Cart 1.x - 'autoload_func.php autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection vTiger CRM 5.4.0 - 'index.php onlyforuser' Parameter SQL Injection osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/orders_status.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_attributes.php page' Parameter Cross-Site Scripting DCP-Portal 6.0 - 'login.php' 'Username' Parameter SQL Injection DCP-Portal 6.0 - 'login.php Username' Parameter SQL Injection CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/print_order.php order_id' Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/image.php image' Parameter Cross-Site Scripting CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting CubeCart 3.0.x - '/footer.inc.php la_pow_by' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_manager.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_statistics.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/countries.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/currencies.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/languages.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/manufacturers.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_expected.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/reviews.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/specials.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_purchased.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_viewed.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_classes.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_rates.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/zones.php page' Parameter Cross-Site Scripting ISearch 2.16 - ISEARCH_PATH Parameter Remote File Inclusion ISearch 2.16 - 'ISEARCH_PATH' Parameter Remote File Inclusion Evandor Easy notesManager 0.0.1 - 'login.php' 'Username' Parameter SQL Injection Evandor Easy notesManager 0.0.1 - 'login.php Username' Parameter SQL Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage' Parameter SQL Injection BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/admincore.php msg' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/comments.php month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/entries.php month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/logs.php page' Parameter Cross-Site Scripting Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting Cilem Haber Free Edition - 'hata.asp hata' Parameter Cross-Site Scripting ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution ImpressPages CMS 3.6 - 'manage()' Remote Code Execution EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag.cgi file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag.pl file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.cgi file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.pl file' Parameter Arbitrary File Disclosure Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection Project'Or RIA 3.4.0 - 'objectDetail.php objectId' Parameter SQL Injection WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection WordPress 2.1.1 - 'wp-includes/theme.php iz' Parameter Arbitrary Command Execution Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php s' Parameter SQL Injection aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing aBitWhizzy - 'whizzylink.php d' Parameter Traversal Arbitrary Directory Listing PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting PHPLive! 3.2.2 - 'super/info.php BASE_URL' Parameter Parameter Cross-Site Scripting DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting DotClear 1.2.x - '/ecrire/trackback.php post_id' Parameter Cross-Site Scripting DotClear 1.2.x - '/tools/thememng/index.php tool_url' Parameter Cross-Site Scripting ToendaCMS 1.5.3 - HTTP Get And Post Forms HTML Injection ToendaCMS 1.5.3 - GET / POST Forms HTML Injection Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php icodir' Parameter Traversal Arbitrary Directory Listing Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure Phorum 5.1.20 - 'admin.php module[]' Parameter Full Path Disclosure DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion DynaTracker 1.5.1 - 'includes_handler.php base_path' Remote File Inclusion DynaTracker 1.5.1 - 'action.php base_path' Remote File Inclusion Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection Campsite 2.6.1 - 'LocalizerConfig.php g_documentRoot' Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerLanguage.php g_documentRoot' Parameter Remote File Inclusion Chamilo Lms 1.9.6 - 'profile.php password0 Parameter SQL Injection Dokeos 2.2 RC2 - 'index.php language' Parameter SQL Injection NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/applicationList.jsp alpha' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/appConfig.jsp task' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/selectDevice.jsp rtype' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/customReport.jsp rtype' Parameter Cross-Site Scripting geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion geoBlog MOD_1.0 - 'deletecomment.php id' Parameter Arbitrary Comment Deletion geoBlog MOD_1.0 - 'deleteblog.php id' Parameter Arbitrary Blog Deletion Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion Web News 1.1 - 'feed.php config[root_ordner]' Parameter Remote File Inclusion Web News 1.1 - 'news.php config[root_ordner]' Parameter Remote File Inclusion WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure WebBatch - 'webbatch.exe dumpinputdata' Parameter Remote Information Disclosure AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting AfterLogic MailBee WebMail Pro 3.x - 'default.asp mode2' Parameter Cross-Site Scripting phpMyAdmin 2.11.1 - setup.php Cross-Site Scripting phpMyAdmin 2.11.1 - 'setup.php' Cross-Site Scripting Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php level' Parameter Remote File Inclusion Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access Absolute News Manager .NET 5.1 - 'pages/default.aspx template' Parameter Remote File Access MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion MyBlog 1.x - 'Games.php ID' Remote File Inclusion Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp resultsForm' Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp helpUrl' Parameter Remote Frame Injection Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp activeControl' Parameter Cross-Site Scripting WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc camnum' Parameter Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic id' Parameter Arbitrary Memory Disclosure CiMe - Citas Médicas - Multiple Vulnerabilities CiMe Citas Médicas - Multiple Vulnerabilities Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing Elastic Path 4.1 - 'manager/FileManager.jsp dir' Parameter Traversal Arbitrary Directory Listing osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection osCommerce 2.3.3.4 - 'geo_zones.php zID' Parameter SQL Injection Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection Concrete5 CMS 5.6.2.1 - 'index.php cID' Parameter SQL Injection WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph track' Parameter SQL Injection PHPEasyData 1.5.4 - admin/login.php 'Username' Field SQL Injection PHPEasyData 1.5.4 - 'admin/login.php Username' SQL Injection PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection PHP Ticket System Beta 1 - 'get_all_created_by_user.php id' Parameter SQL Injection webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection webERP 4.11.3 - 'SalesInquiry.php SortBy' Parameter SQL Injection Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect Claroline 1.8.9 - 'claroline/redirector.php url' Parameter Arbitrary Site Redirect XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion XOOPS 2.0.18 - 'modules/system/admin.php fct' Parameter Traversal Local File Inclusion ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution ownCloud 4.0.x/4.5.x - 'upload.php Filename' Parameter Remote Code Execution InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i' Parameter SQL Injection MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting MKPortal 1.2.1 - '/modules/rss/handler_image.php i' Parameter Cross-Site Scripting glFusion 1.1 - Anonymous Comment 'Username' Field HTML Injection glFusion 1.1 - Anonymous Comment 'Username' HTML Injection IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Function Cross-Site Scripting IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Cross-Site Scripting kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection kitForm CRM Extension 0.43 - 'sorter.ph sorter_value' Parameter SQL Injection dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read dompdf 0.6.0 - 'dompdf.php read' Parameter Arbitrary File Read WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting WordPress Plugin TYPO3 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting DiamondList - '/user/main/update_settings setting[site_title]' Parameter Cross-Site Scripting DiamondList - '/user/main/update_category category[description]' Parameter Cross-Site Scripting vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection vBulletin 4.0.x < 4.1.2 - 'search.php cat' Parameter SQL Injection MybbCentral TagCloud 2.0 - 'Topic' Field HTML Injection MybbCentral TagCloud 2.0 - 'Topic' HTML Injection Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php' Filter Parameter Cross-Site Scripting Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download Mulitple WordPress Themes - 'admin-ajax.php img' Parameter Arbitrary File Download Free Arcade Script 1.0 - 'search' Field Cross-Site Scripting Free Arcade Script 1.0 - 'search' Cross-Site Scripting Micro CMS 1.0 - 'name' Field HTML Injection Micro CMS 1.0 - 'name' HTML Injection MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion MODx manager - '/controllers/default/resource/tvs.php class_key' Parameter Traversal Local File Inclusion Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter SQL Injection PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection PHP Scripts Now Riddles - '/riddles/results.php searchQuery' Parameter Cross-Site Scripting PHP Scripts Now Riddles - '/riddles/list.php catid' Parameter SQL Injection W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion W-Agora 4.2.1 - 'search.php3 bn' Parameter Traversal Local File Inclusion Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection Piwigo 2.6.0 - 'picture.php rate' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter SQL Injection PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'browse.php category' Parameter SQL Injection Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection Dolibarr ERP/CRM - '/user/info.php id' Parameter SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php rowid' Parameter SQL Injection PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition' Parameter Cross-Site Scripting Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_blocks.php Filename' Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_pages.php Filename' Parameter Traversal Arbitrary File Access UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting UBBCentral UBB.Threads 7.5.6 - 'Username' Cross-Site Scripting OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting OSClass 2.3.3 - 'index.php getParam()' Multiple Parameter Cross-Site Scripting 11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'index.php class' Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'admin/index.php class' Parameter Traversal Local File Inclusion Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/auth.php login_data' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/blogs.php nb' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/plugin.php page' Parameter Cross-Site Scripting Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting Fork CMS 3.x - 'backend/modules/error/actions/index.php parse()' Multiple Parameter Error Display Cross-Site Scripting 11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/comments topicID' Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/tps id' Parameter SQL Injection SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/help/helpredir.aspx guide' Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/webi/webi_modify.aspx id' Parameter Cross-Site Scripting Wikidforum 2.10 - Advanced Search - Multiple Field SQL Injection Wikidforum 2.10 - Advanced Search Multiple Field SQL Injection Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml()' Method Cross-Site Scripting TeamPass 2.1.5 - 'login' Field HTML Injection TeamPass 2.1.5 - 'login' HTML Injection XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting XOOPS 2.5.4 - '/modules/pm/pmlite.php to_userid' Parameter Cross-Site Scripting Kajona - 'getAllPassedParams()' Function Multiple Cross-Site Scripting Vulnerabilities Kajona - 'getAllPassedParams()' Multiple Cross-Site Scripting Vulnerabilities PolarisCMS - 'WebForm_OnSubmit()' Function Cross-Site Scripting PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection TCExam 11.2.x - '/admin/code/tce_edit_question.php subject_module_id' Parameter SQL Injection jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting jCore - '/admin/index.php path' Parameter Cross-Site Scripting Cyberoam Firewall CR500iNG-XP - 10.6.2 MR-1 - Blind SQL Injection Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext' Parameter Cross-Site Scripting cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html acct' Parameter Cross-Site Scripting WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID' Parameter SQL Injection Kallithea 0.2.9 - (came_from) HTTP Response Splitting PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection Kallithea 0.2.9 - 'came_from' HTTP Response Splitting PHP Address Book - '/addressbook/register/delete_user.php id' Parameter SQL Injection PHP Address Book - '/addressbook/register/edit_user.php id' Parameter SQL Injection PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection PHP Address Book - '/addressbook/register/linktick.php site' Parameter SQL Injection PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection PHP Address Book - '/addressbook/register/router.php BasicLogin' Cookie Parameter SQL Injection PHP Address Book - '/addressbook/register/traffic.php var' Parameter SQL Injection PHP Address Book - '/addressbook/register/user_add_save.php email' Parameter SQL Injection PHP Address Book - '/addressbook/register/checklogin.php Username' Parameter SQL Injection PHP Address Book - '/addressbook/register/admin_index.php q' Parameter SQL Injection Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting Hero Framework - '/users/login Username' Parameter Cross-Site Scripting Hero Framework - '/users/forgot_password error' Parameter Cross-Site Scripting Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting Jahia xCM - '/engines/manager.jsp site' Parameter Cross-Site Scripting NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution NeoBill - '/modules/nullregistrar/PHPwhois/example.php query' Parameter Remote Code Execution C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp pa' Parameter SQL Injection Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_grades.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_terms.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_years.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_sgrades.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_media_codes_1.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_infraction_codes.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_generations.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_relations.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_titles.php id' Parameter SQL Injection Command School Student Management System - '/sw/health_allergies.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_names.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_subjects.php id' Parameter SQL Injection Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection Dredge School Administration System - '/DSM/loader.php Id' Parameter SQL Injection UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection UAEPD Shopping Script - '/news.php id' Parameter SQL Injection BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection BloofoxCMS - '/bloofox/index.php Username' Parameter SQL Injection BloofoxCMS - '/bloofox/admin/index.php Username' Parameter SQL Injection Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal Xangati - '/servlet/Installer file' Parameter Directory Traversal Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection Caldera - '/costview2/jobs.php tr' Parameter SQL Injection Caldera - '/costview2/printers.php tr' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_signup.php a_country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_show_banner.php affiliate_banner_id' Parameter SQL Injection OL-Commerce - '/OL-Commerce/create_account.php country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/admin/create_account.php entry_country_id' Parameter SQL Injection Disc ORGanizer - DORG - Multiple Vulnerabilities Disc ORGanizer (DORG) - Multiple Vulnerabilities Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak ClipShare 7.0 - SQL Injection Complain Management System - Hard-Coded Credentials / Blind SQL injection |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).