A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security b77b178de0 DB: 2017-10-11
4 new exploits

Hasbani-WindWeb/2.0 - HTTP GET Remote Denial of Service
Hasbani-WindWeb/2.0 - GET Remote Denial of Service

KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC)
KingSoft - 'UpdateOcx2.dll SetUninstallName()' Heap Overflow (PoC)

Konqueror 3.5.9 - (color/bgcolor) Multiple Remote Crash Vulnerabilities
Konqueror 3.5.9 - 'color'/'bgcolor' Multiple Remote Crash Vulnerabilities
WinFTP Server 2.3.0 - (PASV mode) Remote Denial of Service
Konqueror 3.5.9 - (load) Remote Crash
WinFTP Server 2.3.0 - 'PASV Mode' Remote Denial of Service
Konqueror 3.5.9 - 'load' Remote Crash

Nokia Mini Map Browser - (array sort) Silent Crash
Nokia Mini Map Browser - 'Array Sort' Silent Crash

vBulletin Cyb - Advanced Forum Statistics - 'misc.php' Denial of Service
vBulletin Cyb - Advanced Forum Statistics 'misc.php' Denial of Service

VideoLAN VLC Media Player < 1.1.4 - '.xspf' 'smb://' URI Handling Remote Stack Overflow (PoC)
VideoLAN VLC Media Player < 1.1.4 - '.xspf smb://' URI Handling Remote Stack Overflow (PoC)

HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe execvp_nc' Remote Code Execution

RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC)
RarCrack 0.2 - 'Filename init() .bss' (PoC)

VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption
VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Memory Corruption

PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service

GNU glibc < 2.12.2 - 'fnmatch()' Function Stack Corruption
GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption

PyPAM - Python bindings for PAM - Double-Free Corruption
PyPAM Python bindings for PAM - Double-Free Corruption

Tiny Server 1.1.9 - HTTP HEAD Denial of Service
Tiny Server 1.1.9 - HEAD Denial of Service

Symantec End Point Protection 11.x - & Symantec Network Access Control 11.x - LCE (PoC)
Symantec End Point Protection 11.x / Symantec Network Access Control 11.x - Local Code Execution (PoC)

MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service
MAILsweeper SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service

FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC)
FL Studio 10 Producer Edition - Buffer Overflow (SEH) (PoC)

Intellicom 1.3 - 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow
Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow
MyServer 0.4.3 - HTTP GET Argument Buffer Overflow
MyServer 0.5 - HTTP GET Argument Buffer Overflow
MyServer 0.4.3 - GET Argument Buffer Overflow
MyServer 0.5 - GET Argument Buffer Overflow

Cisco Aironet AP1x00 - Malformed HTTP GET Denial of Service
Cisco Aironet AP1x00 - GET Denial of Service

McAfee ePolicy Orchestrator 1.x/2.x/3.0 - Agent HTTP POST Buffer Mismanagement
McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent - POST Buffer Mismanagement
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (1)
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (2)
Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (3)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (1)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (2)
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (3)

Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service)
Gattaca Server 2003 - 'web.tmpl Language' Parameter CPU Consumption (Denial of Service)

Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service
Microsoft Windows XP - 'explorer.exe .tiff' Image Denial of Service

PHPMailer 1.7 - 'Data()' Function Remote Denial of Service
PHPMailer 1.7 - 'Data()' Remote Denial of Service

Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow
Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow

MailEnable 2.x - SMTP NTLM Authentication - Multiple Vulnerabilities
MailEnable 2.x - SMTP NTLM Authentication Multiple Vulnerabilities

Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service
Microsoft Windows Explorer - 'explorer.exe .WMV' File Handling Denial of Service

MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow
MW6 Technologies Aztec - ActiveX 'Data' Parameter Buffer Overflow

Multiple BSD Distributions - 'strfmon()' Function Integer Overflow
Multiple BSD Distributions - 'strfmon()' Integer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'StartApp' ActiveX Control Insecure Method
HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'RegistryString' Buffer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll StartApp' ActiveX Control Insecure Method
HP Instant Support 1.0.22 - 'HPISDataManager.dll RegistryString' Buffer Overflow

Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Function Remote Denial of Service
Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service

KDE Konqueror 3.5.9 - JavaScript 'load' Function Denial of Service
KDE Konqueror 3.5.9 - JavaScript 'load' Denial of Service

GNU glibc 2.x - 'strfmon()' Function Integer Overflow
GNU glibc 2.x - 'strfmon()' Integer Overflow

Sun Java System Web Server 6.1/7.0 - HTTP 'TRACE' Heap Buffer Overflow
Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow

PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot
PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot

Microsoft Windows XP/Vista - '.ani' 'tagBITMAPINFOHEADER' Denial of Service
Microsoft Windows XP/Vista - '.ani tagBITMAPINFOHEADER' Denial of Service

PHP 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service
PHP 5.3.2 - 'zend_strtod()' Floating-Point Value Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Function Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Denial of Service
PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey - Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC)

CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service
CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table

Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to - Malformed CFF Table
Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to Malformed CFF Table

Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access
Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access

BT Home Hub - 'uuid' field Buffer Overflow
BT Home Hub - 'uuid' Buffer Overflow

Squid - 'httpMakeVaryMark()' Function Remote Denial of Service
Squid - 'httpMakeVaryMark()' Remote Denial of Service

Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read
Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read

Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117)
Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) Pool Buffer Overflow (MS15-117)

Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame
Broadcom Wi-Fi SoC - Heap Overflow 'wlc_tdls_cal_mic_chk' Due to Large RSN IE in TDLS Setup Confirm Frame

Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)

IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)

ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit
ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit

CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation
CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

SGI IRIX 6.5.28 - (runpriv) Design Error
SGI IRIX 6.5.28 - 'runpriv' Design Error

PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution
PHP < 4.4.5/5.2.1 - 'shmop' Local Code Execution

PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit
PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit
FreeBSD 6.4 - pipeclose()/knlist_cleardel() Race Condition
FreeBSD 7.2 VFS/devfs - Race Condition
FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition
FreeBSD 7.2 - VFS/devfs Race Condition

Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking
Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking

Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC)
Oracle 10/11g - 'exp.exe file' Parameter Local Buffer Overflow (PoC)

Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit)
Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028) (Metasploit)

ACDSee FotoSlate - '.PLP' File id Parameter Overflow (Metasploit)
ACDSee FotoSlate - '.PLP' File 'id' Parameter Overflow (Metasploit)

Netscape iCal 2.1 Patch2 iPlanet iCal - 'iplncal.sh' Permissions
Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions

PLIB 1.8.5 - ssg/ssgParser.cxx Buffer Overflow
PLIB 1.8.5 - 'ssg/ssgParser.cxx' Buffer Overflow

Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation
Linux PAM 0.77 - Pam_Wheel Module 'getlogin() Username' Spoofing Privilege Escalation

Microsoft ListBox/ComboBox Control - 'User32.dll' Function Buffer Overrun
Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun

PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass
PHP 4.x/5.0/5.1 - 'mb_send_mail()' Parameter Restriction Bypass

Microsoft Windows - 'ndproxy.sys' - Privilege Escalation (Metasploit)
Microsoft Windows - 'ndproxy.sys'  Privilege Escalation (Metasploit)

Microsoft Windows - SeImpersonatePrivilege - Privilege Escalation
Microsoft Windows - 'SeImpersonatePrivilege' Privilege Escalation

Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)

Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure
Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure

MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)
MASM321 11 Quick Editor '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)

CompuSource Systems - Real Time Home Banking - Privilege Escalation
CompuSource Systems Real Time Home Banking - Privilege Escalation

Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)

Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation
Linux Kernel - 'offset2lib' 'Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation
OpenBSD - 'at Stack Clash' Local Privilege Escalation
Linux Kernel - 'offset2lib Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation

Microsoft Windows - LNK Shortcut File Code Execution (Metasploit)
Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)

Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)
Xine-Lib 1.1 - (media player library) Remote Format String
CA iTechnology iGateway - (debug mode) Remote Buffer Overflow
Xine-Lib 1.1 - 'Media Player Library' Remote Format String
CA iTechnology iGateway - 'Debug Mode' Remote Buffer Overflow

Microsoft Windows - NetpManageIPCConnect - Stack Overflow (MS06-070) (Python)
Microsoft Windows - 'NetpManageIPCConnect' Stack Overflow (MS06-070) (Python)

Microsoft Windows - DNS RPC - Remote Buffer Overflow (2)
Microsoft Windows - DNS RPC Remote Buffer Overflow (2)
3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow
3proxy 0.5.3g (Linux) - 'proxy.c logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow
3proxy 0.5.3g - (exec-shield) 'proxy.c logurl()' Remote Overflow

NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method
NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method

CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method
CHILKAT ASP String - 'CkString.dll 1.1 SaveToFile()' Insecure Method

GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow
GlobalLink 2.7.0.8 - 'glItemCom.dll SetInfo()' Heap Overflow
GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method
GlobalLink 2.7.0.8 - 'glitemflat.dll SetClientInfo()' Heap Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0 SaveToFile()' Insecure Method

Microsoft Visual FoxPro 6.0 - FPOLE.OCX Arbitrary Command Execution
Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution

WebKit - 'Document()' Function Remote Information Disclosure
WebKit - 'Document()' Remote Information Disclosure

Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution

Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow

Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow
Bigant Messenger 2.52 - 'AntCore.dll RegisterCom()' Remote Heap Overflow

Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
Oracle JRE - java.net.URLConnection class Same-of-Origin (SOP) Policy Bypass

httpdx - 'tolog()' Function Format String (Metasploit) (1)
httpdx - 'tolog()' Format String (Metasploit) (1)

httpdx - 'tolog()' Function Format String (Metasploit) (2)
httpdx - 'tolog()' Format String (Metasploit) (2)

httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit)
httpdx - 'h_handlepeer()' Buffer Overflow (Metasploit)

hplip - hpssd.py From Address Arbitrary Command Execution (Metasploit)
hplip - 'hpssd.py' From Address Arbitrary Command Execution (Metasploit)

Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit)
Apple Mac OSX EvoCam Web Server - GET Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Buffer Overflow (Metasploit)
HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Buffer Overflow (Metasploit)

HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe ICount' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit)

ZyWALL USG - Appliance - Multiple Vulnerabilities
ZyWALL USG Appliance - Multiple Vulnerabilities

ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2)
ScriptFTP 3.3 - LIST Remote Buffer Overflow (Metasploit) (2)

Opera Browser 10/11/12 - (SVG layout) Memory Corruption (Metasploit)
Opera Browser 10/11/12 - 'SVG Layout' Memory Corruption (Metasploit)

Adobe Flash Player - '.mp4' 'cprt' Overflow (Metasploit)
Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit)

UoW Pine 4.0.4/4.10/4.21 - 'From:' Field Buffer Overflow
UoW Pine 4.0.4/4.10/4.21 - 'From:' Buffer Overflow

Technote 2000/2001 - 'board' Function File Disclosure
Technote 2000/2001 - 'board' File Disclosure

IPSwitch IMail 6.x/7.0/7.1 - Web Messaging HTTP Get Buffer Overflow
IPSwitch IMail 6.x/7.0/7.1 - Web Messaging GET Buffer Overflow

Novell NetWare 5.1/6.0 - HTTP Post Arbitrary Perl Code Execution
Novell NetWare 5.1/6.0 - POST Arbitrary Perl Code Execution

Webmin 0.x - 'RPC' Function Privilege Escalation
Webmin 0.x - 'RPC' Privilege Escalation

Avaya IP Office Customer Call Reporter - ImageUpload.ashx Remote Command Execution (Metasploit)
Avaya IP Office Customer Call Reporter - 'ImageUpload.ashx' Remote Command Execution (Metasploit)

ghttpd 1.4.x - 'Log()' Function Buffer Overflow
ghttpd 1.4.x - 'Log()' Buffer Overflow
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Cross-Site Scripting
M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Cross-Site Scripting

Dune 0.6.7 - HTTP Get Remote Buffer Overrun
Dune 0.6.7 - GET Remote Buffer Overrun

InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit)
InduSoft Web Studio - 'ISSymbol.ocx InternationalSeparator()' Heap Overflow (Metasploit)

GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow
GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow

Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities
Rlpr 2.0 - 'msg()' Multiple Vulnerabilities

Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting
Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept p_t02' Parameter Cross-Site Scripting
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp fullName' Parameter Arbitrary File Disclosure
SAP Business Connector 4.6/4.7 - 'deleteSingle fullName' Parameter Arbitrary File Deletion
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp url' Parameter Arbitrary Site Redirect
PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit
PHP 4.x - 'tempnam() open_basedir' Restriction Bypass
PHP 4.x - 'copy() Safe_Mode' Bypass Exploit

Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak
Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak

aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing
aBitWhizzy - 'whizzypic.php d' ParameterTraversal Arbitrary Directory Listing

PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow
PHP 5.1.6 - 'Chunk_Split()' Integer Overflow

PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow
PHP 5.1.6 - 'Imap_Mail_Compose()' Buffer Overflow

Cisco IOS 12.3 - LPD Remote Buffer Overflow
Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow

Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow
Ghostscript 8.0.1/8.15 - 'zseticcspace()' Buffer Overflow

HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'ExtractCab' ActiveX Control Buffer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php css_exceptions' Parameter Cross-Site Scripting
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php sql_matchscope' Parameter Cross-Site Scripting

Audio File Library 0.2.6 - libaudiofile 'msadpcm.c' '.WAV' File Processing Buffer Overflow
Audio File Library 0.2.6 - libaudiofile 'msadpcm.c .WAV' File Processing Buffer Overflow

ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection
ProFTPd 1.3 - 'mod_sql Username' SQL Injection

Microsoft Windows Vista - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution
Microsoft Windows Vista - 'lpksetup.exe oci.dll' DLL Loading Arbitrary Code Execution

PHP 5.3.x - 'mb_strcut()' Function Information Disclosure
PHP 5.3.x - 'mb_strcut()' Information Disclosure

Perl 5.x - 'lc()' and 'uc()' functions TAINT Mode Protection Security Bypass
Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf jdeowpBackButtonProtect' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService e1.namespace' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService RENDER_MAFLET' Parameter Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget' Parameter Cross-Site Scripting

NetBSD 5.1 - Multiple 'libc/net' functions Stack Buffer Overflow
NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflow

Skype 5.3 - 'Mobile Phone' Field HTML Injection
Skype 5.3 - 'Mobile Phone' HTML Injection

IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Function Remote Stack Buffer Overflow
IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Remote Stack Buffer Overflow
GoAhead Web Server 2.18 - 'addgroup.asp' 'group' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addlimit.asp' 'url' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addgroup.asp group' Parameter Cross-Site Scripting
GoAhead Web Server 2.18 - 'addlimit.asp url' Parameter Cross-Site Scripting

Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Function Information Disclosure
Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution
VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Function Stack Buffer Overflow
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi ping_ipaddr' Parameter Remote Code Execution
VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Stack Buffer Overflow

NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
NETGEAR D6300B - '/diag.cgi IPAddr4' Parameter Remote Command Execution

lxml - 'clean_html' Function Security Bypass
lxml - 'clean_html' Security Bypass
Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery
Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery
Alfresco - '/proxy endpoint' Parameter Server-Side Request Forgery
Alfresco - '/cmisbrowser url' Parameter Server-Side Request Forgery

Laravel - 'Hash::make()' Function Password Truncation Security
Laravel - 'Hash::make()' Password Truncation Security

OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit)
OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)

Windows - (DCOM RPC2) Universal Shellcode
Windows - DCOM RPC2 Universal Shellcode

Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)

Cyphor 0.19 - (board takeover) SQL Injection
Cyphor 0.19 - Board Takeover SQL Injection

PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection
PHPay 2.02 - 'nu_mail.inc.php mail()' Remote Injection

PHPMyNews 1.4 - (cfg_include_dir) Remote File Inclusion
PHPMyNews 1.4 - 'cfg_include_dir' Remote File Inclusion

Flatnuke 2.5.8 - (userlang) Local Inclusion / Delete All Users Exploit
Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Exploit

Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion
Yrch 1.0 - 'plug.inc.phppath' Parameter Remote File Inclusion

Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection
Cacti 0.8.6i - 'cmd.php popen()' Remote Injection

Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection
Vizayn Haber - 'haberdetay.asp id' Parameter SQL Injection

iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection
iG Calendar 1.0 - 'user.php id' Parameter SQL Injection

MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection
MGB 0.5.4.5 - 'email.php id' Parameter SQL Injection

Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion
Original 0.11 - 'config.inc.php x[1]' Remote File Inclusion

Picturesolution 2.1 - 'config.php' 'path' Remote File Inclusion
Picturesolution 2.1 - 'config.php path' Remote File Inclusion

PHP Homepage M 1.0 - galerie.php SQL Injection
PHP Homepage M 1.0 - 'galerie.php' SQL Injection

cpDynaLinks 1.02 - category.php SQL Injection
cpDynaLinks 1.02 - 'category.php' SQL Injection

DFF PHP Framework API (Data Feed File) - Remote File Inclusion
DFF PHP Framework API - 'Data Feed File' Remote File Inclusion

WebBiscuits Modules Controller 1.1 - Remote File Inclusion / RFD
WebBiscuits Modules Controller 1.1 - Remote File Inclusion / Remote File Disclosure

dMx READY (25 - Products) - Remote Database Disclosure
dMx READ - Remote Database Disclosure

Access2asp - imageLibrary - Arbitrary File Upload
Access2asp - 'imageLibrar' Arbitrary File Upload

Auktionshaus 3.0.0.1 - 'news.php' 'id' SQL Injection
Auktionshaus 3.0.0.1 - 'news.php id' SQL Injection

Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection
Bild Flirt System 2.0 - 'index.php id' SQL Injection

Fast Free Media 1.3 - Adult Site - Arbitrary File Upload
Fast Free Media 1.3 Adult Site - Arbitrary File Upload

goffgrafix - Design's - SQL Injection
goffgrafix Design's - SQL Injection

Bilder Upload Script - Datei Upload 1.09 - Arbitrary File Upload
Bilder Upload Script Datei Upload 1.09 - Arbitrary File Upload
Allomani - E-Store 1.0 - Cross-Site Request Forgery (Add Admin)
Allomani - Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin)
Allomani Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)

E-Xoopport - Samsara 3.1 (Sections Module) - Blind SQL Injection
E-Xoopport Samsara 3.1 (Sections Module) - Blind SQL Injection

E-Xoopport - Samsara 3.1 (eCal Module) - Blind SQL Injection
E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection

WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection
WordPress 3.0.1 - 'do_trackbacks()' SQL Injection

Oracle WebLogic - Session Fixation Via HTTP POST
Oracle WebLogic - POST Session Fixation

spidaNews 1.0 - 'news.php' 'id' SQL Injection
spidaNews 1.0 - 'news.php id' SQL Injection

Catalog Builder - eCommerce Software - Blind SQL Injection
Catalog Builder eCommerce Software - Blind SQL Injection

FileBox - File Hosting & Sharing Script 1.5 - SQL Injection
FileBox File Hosting & Sharing Script 1.5 - SQL Injection

Snortreport - nmap.php and nbtscan.php Remote Command Execution (Metasploit)
Snortreport - 'nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit)

jbShop - e107 7 CMS Plugin - SQL Injection
jbShop e107 7 CMS Plugin - SQL Injection

Tine 2.0 - Maischa - Multiple Cross-Site Scripting Vulnerabilities
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities

4Images - Image Gallery Management System - Cross-Site Request Forgery
4Images Image Gallery Management System - Cross-Site Request Forgery

PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection
PHP Ticket System Beta 1 - 'index.php p' Parameter SQL Injection

X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting
X-Cart Gold 4.5 - 'products_map.php symb' Parameter Cross-Site Scripting

Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.2 - 'blocked.php id' Parameter Blind SQL Injection

Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection
Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid' Parameter Blind SQL Injection

YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection
YourArcadeScript 2.4 - 'index.php id' Parameter SQL Injection

AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection
AV Arcade Free Edition - 'add_rating.php id' Parameter Blind SQL Injection

PhpTax - pfilez Parameter Exec Remote Code Injection (Metasploit)
PhpTax - 'pfilez' Parameter Exec Remote Code Injection (Metasploit)

phpMyAdmin 3.5.2.2 - server_sync.php Backdoor (Metasploit)
phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor (Metasploit)

Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection
Blog Mod 0.1.9 - 'index.php month' Parameter SQL Injection

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting
SurfControl SuperScout Email Filter 3.5 - 'MsgError.asp' Cross-Site Scripting

PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting
PHPReactor 1.2.7 pl1 - 'browse.php' Cross-Site Scripting

PHPRank 1.8 - add.php Cross-Site Scripting
PHPRank 1.8 - 'add.php' Cross-Site Scripting

MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection
MyBB Profile Albums Plugin 0.9 - 'albums.php album' Parameter SQL Injection
M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Remote File Inclusion
M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Remote File Inclusion

friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection
friendsinwar FAQ Manager - 'view_faq.php question' Parameter SQL Injection

SmartCMS - 'index.php' 'idx' Parameter SQL Injection
SmartCMS - 'index.php idx' Parameter SQL Injection

SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting
SmartCMS - 'index.php menuitem' Parameter SQL Injection / Cross-Site Scripting

PHP-Nuke 6.6 - admin.php SQL Injection
PHP-Nuke 6.6 - 'admin.php' SQL Injection

MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection
MyBB AwayList Plugin - 'index.php id' Parameter SQL Injection

WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion
WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php basepath' Parameter Remote File Inclusion

PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure
PHP-Nuke Error Manager Module 2.1 - 'error.php language' Parameter Full Path Disclosure

phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass
phpHeaven phpMyChat 0.14.5 - 'edituser.php3 do_not_login' Parameter Authentication Bypass

NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection
NConf 1.3 - 'detail.php detail_admin_items.php id' Parameter SQL Injection

AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection
AdaptCMS 2.0.4 - 'config.php question' Parameter SQL Injection

Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection
Scripts Genie Domain Trader - 'catalog.php id' Parameter SQL Injection

Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection
Scripts Genie Games Site Script - 'index.php id' Parameter SQL Injection

Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection
Scripts Genie Top Sites - 'out.php id' Parameter SQL Injection

Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection
Scripts Genie Hot Scripts Clone - 'showcategory.php cid' Parameter SQL Injection

PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id' Parameter SQL Injection

MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting
MTP Image Gallery 1.0 - 'edit_photos.php title' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'announcement.php cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'news.php cid' Parameter Cross-Site Scripting
DCP-Portal 3.7/4.x/5.x - 'contents.php cid' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php Cat' Parameter Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php Cat' Parameter Cross-Site Scripting

PHPGedView 2.5/2.6 - 'login.php' 'Username' Parameter Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php Username' Parameter Cross-Site Scripting

Rebus:list - 'list.php' 'list_id' Parameter SQL Injection
Rebus:list - 'list.php list_id' Parameter SQL Injection

SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection
SynConnect Pms - 'index.php loginid' Parameter SQL Injection
AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal
Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure
AWS Xms 2.5 - 'importer.php what' Parameter Directory Traversal
Pollen CMS 0.6 - 'index.php p' Paramete' Local File Disclosure

WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash' Parameter SQL Injection
CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'tellafriend.php product' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php add' Parameter Full Path Disclosure
CubeCart 2.0.x - 'view_product.php product' Parameter Full Path Disclosure

WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection
WHMCS 4.x - 'invoicefunctions.php id' Parameter SQL Injection

AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection
AVE.CMS 2.09 - 'index.php module' Parameter Blind SQL Injection

RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection
RadioCMS 2.2 - 'menager.php playlist_id' Parameter SQL Injection

SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation
SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation

FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure
FlatNuke 2.5.x - 'index.php where' Parameter Full Path Disclosure

UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php message' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php main' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php Number' Parameter SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php posted' Parameter SQL Injection

osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion
osTicket 1.2/1.3 - 'view.php inc' Parameter Arbitrary Local File Inclusion
Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal
DS3 - Authentication Server - Multiple Vulnerabilities
Ruubikcms 1.1.1 - 'tinybrowser.php folder' Parameter Directory Traversal
DS3 Authentication Server - Multiple Vulnerabilities

Kayako LiveResponse 2.0 - 'index.php' 'Username' Parameter Cross-Site Scripting
Kayako LiveResponse 2.0 - 'index.php Username' Parameter Cross-Site Scripting

Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting
Utopia News Pro 1.1.3 - 'header.php sitetitle' Parameter Cross-Site Scripting

Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection
Simple PHP Agenda 2.2.8 - 'edit_event.php eventid' Parameter SQL Injection
Aenovo - '/Password/default.asp' Password Field SQL Injection
Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection
Aenovo - '/Password/default.asp Password' SQL Injection
Aenovo - '/incs/searchdisplay.asp strSQL' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php usertitleid' Parameter SQL Injection
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php ids' Parameter SQL Injection

vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php group' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php email' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php goto' Parameter Cross-Site Scripting
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php orderby' Parameter Cross-Site Scripting
Cyphor 0.19 - lostpwd.php nick Field SQL Injection
Cyphor 0.19 - 'newmsg.php' fid Parameter SQL Injection
Cyphor 0.19 - footer.php t_login Parameter Cross-Site Scripting
Cyphor 0.19 - 'lostpwd.php nick' SQL Injection
Cyphor 0.19 - 'newmsg.php fid' Parameter SQL Injection
Cyphor 0.19 - 'footer.php t_login' Parameter Cross-Site Scripting
MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Socket.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mail.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php PEAR_PATH' Remote File Inclusion

Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection
Top Games Script 1.2 - 'play.php gid' Parameter SQL Injection

Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection
Elemata CMS RC3.0 - 'global.php id' Parameter SQL Injection

PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution
PHP-Charts 1.0 - 'index.php type' Parameter Remote Code Execution
PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/admin.php id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php id' Parameter SQL Injection
PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/configure.php id' Parameter Cross-Site Scripting
PHPList Mailing List Manager 2.x - '/admin/users.php find' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection
Walla TeleSite 3.0 - 'ts.exe tsurl' Parameter Arbitrary Article Access
Walla TeleSite 3.0 - 'ts.exe sug' Parameter Cross-Site Scripting
Walla TeleSite 3.0 - 'ts.exe sug' Parameter SQL Injection

GLPI 0.83.9 - 'Unserialize()' Function Remote Code Execution
GLPI 0.83.9 - 'Unserialize()' Remote Code Execution

Binary Board System 0.2.5 - 'toc.pl' 'board' Parameter Cross-Site Scripting
Binary Board System 0.2.5 - 'toc.pl board' Parameter Cross-Site Scripting

Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection
Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php _load_article_details' SQL Injection
IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion
IceWarp Universal WebMail - '/dir/include.html lang' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/settings.html Language' Parameter Local File Inclusion
IceWarp Universal WebMail - '/mail/index.html lang_settings' Parameter Remote File Inclusion
OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection
OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection
OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection
OnePlug CMS - '/press/details.asp Press_Release_ID' Parameter SQL Injection
OnePlug CMS - '/services/details.asp Service_ID' Parameter SQL Injection
OnePlug CMS - '/products/details.asp Product_ID' Parameter SQL Injection

aoblogger 2.3 - 'login.php' 'Username' Field SQL Injection
aoblogger 2.3 - 'login.php Username' SQL Injection
HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'addressbook.update.php contactgroupid' Parameter Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php folderid' Parameter Arbitrary PHP Command Execution

ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing
ImageVue 0.16.1 - 'readfolder.php path' Parameter Arbitrary Directory Listing

Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass
Virtual Hosting Control System 2.2/2.4 - 'login.php check_login()' Authentication Bypass
dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/db_connect.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/includes/session.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/gantt2.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/projects/vw_files.php dPconfig[root_dir]' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/admin/vw_usr_roles.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/calendar.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/public/date_format.php baseDir' Parameter Remote File Inclusion
dotProject 2.0 - '/modules/tasks/gantt.php baseDir' Parameter Remote File Inclusion

Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection
Ginkgo CMS - 'index.php rang' Parameter SQL Injection

Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection
Telmanik CMS Press 1.01b - 'pages.php page_name' Parameter SQL Injection

sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting
sBlog 0.7.2 - 'search.php keyword' Parameter POST Method Cross-Site Scripting

MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection
MLMAuction Script - 'gallery.php id' Parameter SQL Injection

PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection
PHPMyForum 4.0 - 'index.php type' Parameter CRLF Injection

321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing
321soft PHP-Gallery 0.9 - 'index.php path' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'index.php pfad' Parameter Arbitrary Directory Listing
timobraun Dynamic Galerie 1.0 - 'galerie.php pfad' Parameter Arbitrary Directory Listing

Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing
Gphotos 1.4/1.5 - 'index.php rep' Parameter Traversal Arbitrary Directory Listing

Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection
Woltlab Burning Board FLVideo Addon - 'video.php value' Parameter SQL Injection

ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting
ATutor 1.5.x - 'admin/fix_content.php submit' Parameter Cross-Site Scripting

glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection
glFusion 1.3.0 - 'search.php cat_id' Parameter SQL Injection

Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection
Geodesic Solutions Multiple Products - 'index.php b' Parameter SQL Injection

RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite
RadScripts - 'a_editpage.php Filename' Parameter Arbitrary File Overwrite

WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion
WoW Roster 1.5 - 'hsList.php subdir' Parameter Remote File Inclusion

Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion
Zen Cart Web Shopping Cart 1.x - 'autoload_func.php autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion

vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.4.0 - 'index.php onlyforuser' Parameter SQL Injection
osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/orders_status.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php page' Parameter Cross-Site Scripting

DCP-Portal 6.0 - 'login.php' 'Username' Parameter SQL Injection
DCP-Portal 6.0 - 'login.php Username' Parameter SQL Injection

CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/print_order.php order_id' Parameter Cross-Site Scripting

CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/admin/image.php image' Parameter Cross-Site Scripting

CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting
CubeCart 3.0.x - '/footer.inc.php la_pow_by' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php page' Parameter Cross-Site Scripting

ISearch 2.16 - ISEARCH_PATH Parameter Remote File Inclusion
ISearch 2.16 - 'ISEARCH_PATH' Parameter Remote File Inclusion

Evandor Easy notesManager 0.0.1 - 'login.php' 'Username' Parameter SQL Injection
Evandor Easy notesManager 0.0.1 - 'login.php Username' Parameter SQL Injection

Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection
Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage' Parameter SQL Injection
BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/admincore.php msg' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/comments.php month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/entries.php month' Parameter Cross-Site Scripting
BirdBlog 1.4 - '/admin/logs.php page' Parameter Cross-Site Scripting

Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting
Cilem Haber Free Edition - 'hata.asp hata' Parameter Cross-Site Scripting

ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.cgi file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag.pl file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.cgi file' Parameter Arbitrary File Disclosure
EditTag 1.2 - 'edittag_mp.pl file' Parameter Arbitrary File Disclosure

Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection
Project'Or RIA 3.4.0 - 'objectDetail.php objectId' Parameter SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection
WordPress 2.1.1 - 'wp-includes/theme.php iz' Parameter Arbitrary Command Execution
Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php s' Parameter SQL Injection

aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzylink.php d' Parameter Traversal Arbitrary Directory Listing

PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting
PHPLive! 3.2.2 - 'super/info.php BASE_URL' Parameter Parameter Cross-Site Scripting
DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting
DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting
DotClear 1.2.x - '/ecrire/trackback.php post_id' Parameter Cross-Site Scripting
DotClear 1.2.x - '/tools/thememng/index.php tool_url' Parameter Cross-Site Scripting

ToendaCMS 1.5.3 - HTTP Get And Post Forms HTML Injection
ToendaCMS 1.5.3 - GET / POST Forms HTML Injection

Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing
Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php icodir' Parameter Traversal Arbitrary Directory Listing

Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure
Phorum 5.1.20 - 'admin.php module[]' Parameter Full Path Disclosure
DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'includes_handler.php base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php base_path' Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion
Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection
Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection
Campsite 2.6.1 - 'LocalizerConfig.php g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php g_documentRoot' Parameter Remote File Inclusion
Chamilo Lms 1.9.6 - 'profile.php password0 Parameter SQL Injection
Dokeos 2.2 RC2 - 'index.php language' Parameter SQL Injection
NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/applicationList.jsp alpha' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/appConfig.jsp task' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/selectDevice.jsp rtype' Parameter Cross-Site Scripting
NetFlow Analyzer 5 - '/jspui/customReport.jsp rtype' Parameter Cross-Site Scripting
geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion
geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion
geoBlog MOD_1.0 - 'deletecomment.php id' Parameter Arbitrary Comment Deletion
geoBlog MOD_1.0 - 'deleteblog.php id' Parameter Arbitrary Blog Deletion
Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'feed.php config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php config[root_ordner]' Parameter Remote File Inclusion

WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure
WebBatch - 'webbatch.exe dumpinputdata' Parameter Remote Information Disclosure

AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting
AfterLogic MailBee WebMail Pro 3.x - 'default.asp mode2' Parameter Cross-Site Scripting

phpMyAdmin 2.11.1 - setup.php Cross-Site Scripting
phpMyAdmin 2.11.1 - 'setup.php' Cross-Site Scripting
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php level' Parameter Remote File Inclusion

Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access
Absolute News Manager .NET 5.1 - 'pages/default.aspx template' Parameter Remote File Access

MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion
MyBlog 1.x - 'Games.php ID' Remote File Inclusion
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp resultsForm' Parameter Cross-Site Scripting
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp helpUrl' Parameter Remote Frame Injection
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp activeControl' Parameter Cross-Site Scripting
WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc camnum' Parameter Arbitrary Memory Disclosure
WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic id' Parameter Arbitrary Memory Disclosure

CiMe - Citas Médicas - Multiple Vulnerabilities
CiMe Citas Médicas - Multiple Vulnerabilities

Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing
Elastic Path 4.1 - 'manager/FileManager.jsp dir' Parameter Traversal Arbitrary Directory Listing

osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection
osCommerce 2.3.3.4 - 'geo_zones.php zID' Parameter SQL Injection

Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 CMS 5.6.2.1 - 'index.php cID' Parameter SQL Injection

WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection
WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph track' Parameter SQL Injection

PHPEasyData 1.5.4 - admin/login.php 'Username' Field SQL Injection
PHPEasyData 1.5.4 - 'admin/login.php Username' SQL Injection

PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection
PHP Ticket System Beta 1 - 'get_all_created_by_user.php id' Parameter SQL Injection

webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection
webERP 4.11.3 - 'SalesInquiry.php SortBy' Parameter SQL Injection

Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect
Claroline 1.8.9 - 'claroline/redirector.php url' Parameter Arbitrary Site Redirect

XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion
XOOPS 2.0.18 - 'modules/system/admin.php fct' Parameter Traversal Local File Inclusion

ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution
ownCloud 4.0.x/4.5.x - 'upload.php Filename' Parameter Remote Code Execution

InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection
InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i' Parameter SQL Injection

MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting
MKPortal 1.2.1 - '/modules/rss/handler_image.php i' Parameter Cross-Site Scripting

glFusion 1.1 - Anonymous Comment 'Username' Field HTML Injection
glFusion 1.1 - Anonymous Comment 'Username' HTML Injection

IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Function Cross-Site Scripting
IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Cross-Site Scripting

kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection
kitForm CRM Extension 0.43 - 'sorter.ph sorter_value' Parameter SQL Injection

dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read
dompdf 0.6.0 - 'dompdf.php read' Parameter Arbitrary File Read

WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
WordPress Plugin TYPO3 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_settings setting[site_title]' Parameter Cross-Site Scripting
DiamondList - '/user/main/update_category category[description]' Parameter Cross-Site Scripting

vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection
vBulletin 4.0.x < 4.1.2 - 'search.php cat' Parameter SQL Injection

MybbCentral TagCloud 2.0 - 'Topic' Field HTML Injection
MybbCentral TagCloud 2.0 - 'Topic' HTML Injection

Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting
Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php' Filter Parameter Cross-Site Scripting

Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download
Mulitple WordPress Themes - 'admin-ajax.php img' Parameter Arbitrary File Download

Free Arcade Script 1.0 - 'search' Field Cross-Site Scripting
Free Arcade Script 1.0 - 'search' Cross-Site Scripting

Micro CMS 1.0 - 'name' Field HTML Injection
Micro CMS 1.0 - 'name' HTML Injection

MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion
MODx manager - '/controllers/default/resource/tvs.php class_key' Parameter Traversal Local File Inclusion

Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection
Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter SQL Injection
PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting
PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection
PHP Scripts Now Riddles - '/riddles/results.php searchQuery' Parameter Cross-Site Scripting
PHP Scripts Now Riddles - '/riddles/list.php catid' Parameter SQL Injection

W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion
W-Agora 4.2.1 - 'search.php3 bn' Parameter Traversal Local File Inclusion

Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection
Piwigo 2.6.0 - 'picture.php rate' Parameter SQL Injection

PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter SQL Injection

PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection
PHPMyRecipes 1.2.2 - 'browse.php category' Parameter SQL Injection
Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection
Dolibarr ERP/CRM - '/user/info.php id' Parameter SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php rowid' Parameter SQL Injection

PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting
PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition' Parameter Cross-Site Scripting
Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_blocks.php Filename' Parameter Traversal Arbitrary File Access
Manx 1.0.1 - '/admin/admin_pages.php Filename' Parameter Traversal Arbitrary File Access

UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting
UBBCentral UBB.Threads 7.5.6 - 'Username' Cross-Site Scripting

OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting
OSClass 2.3.3 - 'index.php getParam()' Multiple Parameter Cross-Site Scripting
11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'index.php class' Parameter Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'admin/index.php class' Parameter Traversal Local File Inclusion
Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/auth.php login_data' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/blogs.php nb' Parameter Cross-Site Scripting

Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting
Dotclear 2.4.1.2 - '/admin/plugin.php page' Parameter Cross-Site Scripting

Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting
Fork CMS 3.x - 'backend/modules/error/actions/index.php parse()' Multiple Parameter Error Display Cross-Site Scripting
11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/comments topicID' Parameter SQL Injection
11in1 CMS 1.2.1 - 'admin/tps id' Parameter SQL Injection
SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/help/helpredir.aspx guide' Parameter Cross-Site Scripting
SAP Business Objects InfoView System - '/webi/webi_modify.aspx id' Parameter Cross-Site Scripting

Wikidforum 2.10 - Advanced Search - Multiple Field SQL Injection
Wikidforum 2.10 - Advanced Search Multiple Field SQL Injection

Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml()' Method Cross-Site Scripting

TeamPass 2.1.5 - 'login' Field HTML Injection
TeamPass 2.1.5 - 'login' HTML Injection

XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting
XOOPS 2.5.4 - '/modules/pm/pmlite.php to_userid' Parameter Cross-Site Scripting

Kajona - 'getAllPassedParams()' Function Multiple Cross-Site Scripting Vulnerabilities
Kajona - 'getAllPassedParams()' Multiple Cross-Site Scripting Vulnerabilities

PolarisCMS - 'WebForm_OnSubmit()' Function Cross-Site Scripting
PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting

TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection
TCExam 11.2.x - '/admin/code/tce_edit_question.php subject_module_id' Parameter SQL Injection

jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting
jCore - '/admin/index.php path' Parameter Cross-Site Scripting

Cyberoam Firewall CR500iNG-XP - 10.6.2 MR-1 - Blind SQL Injection
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection

WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext' Parameter Cross-Site Scripting

cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html acct' Parameter Cross-Site Scripting
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php  reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID' Parameter SQL Injection
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID' Parameter SQL Injection
Kallithea 0.2.9 - (came_from) HTTP Response Splitting
PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection
Kallithea 0.2.9 - 'came_from' HTTP Response Splitting
PHP Address Book - '/addressbook/register/delete_user.php id' Parameter SQL Injection
PHP Address Book - '/addressbook/register/edit_user.php id' Parameter SQL Injection

PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection
PHP Address Book - '/addressbook/register/linktick.php site' Parameter SQL Injection
PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection
PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection
PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection
PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection
PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection
PHP Address Book - '/addressbook/register/router.php BasicLogin' Cookie Parameter SQL Injection
PHP Address Book - '/addressbook/register/traffic.php var' Parameter SQL Injection
PHP Address Book - '/addressbook/register/user_add_save.php email' Parameter SQL Injection
PHP Address Book - '/addressbook/register/checklogin.php Username' Parameter SQL Injection
PHP Address Book - '/addressbook/register/admin_index.php q' Parameter SQL Injection
Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting
Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting
Hero Framework - '/users/login Username' Parameter Cross-Site Scripting
Hero Framework - '/users/forgot_password error' Parameter Cross-Site Scripting

Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting
Jahia xCM - '/engines/manager.jsp site' Parameter Cross-Site Scripting

NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution
NeoBill - '/modules/nullregistrar/PHPwhois/example.php query' Parameter Remote Code Execution

C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection
C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp pa' Parameter SQL Injection
Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_grades.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_terms.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_years.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_generations.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_relations.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_titles.php id' Parameter SQL Injection
Command School Student Management System - '/sw/health_allergies.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_school_names.php id' Parameter SQL Injection
Command School Student Management System - '/sw/admin_subjects.php id' Parameter SQL Injection

Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection
Dredge School Administration System - '/DSM/loader.php Id' Parameter SQL Injection

UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection
UAEPD Shopping Script - '/news.php id' Parameter SQL Injection
BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/index.php Username' Parameter SQL Injection
BloofoxCMS - '/bloofox/admin/index.php Username' Parameter SQL Injection

Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal
Xangati - '/servlet/Installer file' Parameter Directory Traversal
Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection
Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection
Caldera - '/costview2/jobs.php tr' Parameter SQL Injection
Caldera - '/costview2/printers.php tr' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_signup.php a_country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php affiliate_banner_id' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/create_account.php country' Parameter SQL Injection
OL-Commerce - '/OL-Commerce/admin/create_account.php entry_country_id' Parameter SQL Injection

Disc ORGanizer - DORG - Multiple Vulnerabilities
Disc ORGanizer (DORG) - Multiple Vulnerabilities

Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak
Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
ClipShare 7.0 - SQL Injection
Complain Management System - Hard-Coded Credentials / Blind SQL injection
2017-10-11 05:01:35 +00:00
platforms DB: 2017-10-11 2017-10-11 05:01:35 +00:00
files.csv DB: 2017-10-11 2017-10-11 05:01:35 +00:00
README.md Add "--exclude" to remove values from results 2017-06-14 15:58:54 +01:00
searchsploit Fix #101 - Git update issue & echo standard. 2017-09-18 18:22:53 +01:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                                Use "-v" (verbose) to try even more combinations
       --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
 Exploit Title                                                                          |  Path
                                                                                        | (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                         | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)                     | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)        | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)                   | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)          | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)                     | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).