JULY 2011
Seo Panel 3.0.0 multiple vulnerabilities
MAY 2011
vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability
Tugux CMS 1.2 Multiple Remote Vulnerabilities
SQL Injection MySchool Version 7.02
APRIL 2011
LiveCart Shopping Cart multiple vulnerabilities
BIGACE CMS multiple vulnerabilities HPP , XSS
WordPress WP Custom Pages Plugin 0.5.0.1 LFI Vulnerability
OpenEMR 4.0.0 Multiple Vulnerabilities
Planet FPS-1101 Cross-site Scripting Vulnerability
FEBRUARY 2011
SnapProof (page.php) Sql Injection Vulnerability
DO-CMS Multiple Sql Injection Vulnerability
jQuery Mega Menu 1.0 Wordpress Plugin Local File Inclusion
JANUARY 2011
Fortune 3 Ecommerce software multiple XSS
PHP auctions (viewfaqs.php) Blind SQL Injection Vulnerability
Phpcms 2008 SQL Injection Vulnerability
PHP Lowbids viewfaqs.php Blind SQL Injection Vulnerability
3DCart Shopping Cart Software multiple XSS vulnerabilities
ozCart software multiple XSS vulnerabilities
Tevs tube script multiple XSS vulnerabilities
DECEMBER 2010
MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability
PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification
Pulse CMS Basic Local File Inclusion Vulnerability (CVE-2010-4330)
Ecommercemax Solutions Digital good seller Sql Injection Vulnerablity
NOVEMBER 2010
ViArt SHOP multiple vulnerabilities
ASPilot Pilot Cart 7.3 multiple vulnerabilities
OCTOBER 2010
Simpli Easy (AFC Simple) Newsletter <= 4.2 XSS/Information Leakage
Zoopeer 0.1 & 0.2 (fckeditor) Zoopeer Shell Upload Vulnerability
RoSPORA <= 1.5.0 Remote PHP Code Injection Exploit
UGAL CMS multiple vulnerabilities
WEGO CMS multiple vulnerabilities
Adult Website PRO multiple XSS
BaconMap v1.0 SQL Injection Vulnerability
BaconMap v1.0 Local File Disclosure Vulnerability
AdaptCMS 2.0.1 Beta Release Remote File Inclusion Vulnerability (msf)
Awiz FHG Manager multiple vulnerabilities
Aprox CMS Engine V6 Multiple Vulnerabilities
TinyMCE MCFileManager 2.1.2 Arbitrary File Upload Vulnerability
TradeMC E-Ticaret SQL and XSS Multiple Vulnerabilities
SmarterMail 7.x (7.2.3925) LDAP Injection Vulnerability
iGaming CMS <= 1.5 Blind SQL Injection
SEPTEMBER 2010
Multiple vulnerabilities in SHOP A LA CART
AUGUST 2010
Web-ideas web shop standard SQL Injection Vulnerability
CStore 3.0 multiple vulnerabilities (XSS,Iframe injections, unencrypted Login Requests)
LINK CMS SQL Injection Vulnerability
AneCMS SQL Injection Vulnerability in /registre/next
Open-Realty 2.5.7 Local File Disclosure Vulnerability
Free Simple Software v1.0 Remote File Inclusion Vulnerability
CCBILL.COM Internet billing service multiple vulnerabilities
CMSQLite <= 1.2 & CMySQLite <= 1.3.1 Remote Code Execution Exploit
Zomplog CMS 3.9 Multiple XSS/CSRF Vulnerabilities
GuestBook Script PHP (XSS/HTML Injection) Multiple Vulnerabilities
SnoGrafx (cat.php?cat) SQL Injection Vulnerability
Concept E-commerce SQL Injection Vulnerability
Whizzy CMS 10.02 Local File Inclusion
JULY 2010
WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities
CMS Ignition SQL Injection Exploit
Ballettin Forum SQL Injection Vulnerability
XAOS CMS SQL Injection Vulnerability
I-net Enquiry management Script SQL Injection Vulnerability
Koobi CMS (index.php) SQL Injection Vulnerability
Grafik CMS 1.1.2 Multiple CSRF Vulnerabilities
bPress 1.0.2 [CSRF ] change admin password
Sandbox v2.0.2 Local FIle Inclusion Vulnerability
Esoftpro Online Contact Manager Multiple Vulnerabilities
Esoftpro Online Photo Pro Multiple Vulnerabilities
TCW PHP Album Multiple Vulnerabilities
iLister Listing Software LFI Vulnerability
Cpanel v11.25 CSRF Add FTP Account Exploit
JUNE 2010
CMSQlite & CMySQLite CSRF Vulnerability
i-net Multi User Email Script SQLi Vulnerability
Placeto CMS Auth. Bypass Vulnerability
GREEZLE - Global Real Estate Agent Site Auth SQL Injection
HauntmAx CMS Haunted House Directory Listing SQL Injection
eLMS Pro SQLi and XSS Vulnerability
PGAUTOPro SQLi and XSS Vulnerability
Phreebooks v2.0 Local File Inclusion
MAY 2010
WmsCMS SQL Injection Vulnerability
Oscommerce Online Merchant v2.2 - Remote File Upload
Symphony CMS Local File Inclusion Vulnerability
JE CMS version 1.1 SQL Injection Vulnerability
MyNews v1.0 CMS - Sql Injection, local file inclusion and XSS Vulnerabilities
PHP-Fusion v4.01 SQL Injection Vulnerability
PHP Gamepage SQL Injection Vulnerability
XSS, SQL injection vulnerability in I-Vision CMS
Tainos Multiple Vulnerabilities
EgO v0.7b (fckeditor) Remote File Upload
LinPHA <== 1.3.2 ( rotate.php ) Remote Command Execution Vulnerability
The iceberg 'Content Management System' SQL Injection Vulnerability
Cybertek CMS Local File Include Vulnerability
CompactCMS 1.4.0 (tiny_mce) Remote File Upload
Heaven Soft CMS v 4.7 SQL Injection Vulnerability
Marinet cms SQL/XSS/HTML Injection Vulnerability
Woodall Creative SQL Injection Vulnerability
Free Advertisment cms (user_info.php) SQL Injection Vulnerability
724CMS Enterprise Version 4.59 (section.php) LFI Vulnerability
Aqar Script V.1 Remote By pass Exploit
e-webtech SQL Injection Vulnerability
Tadbir CMS (fckeditor) Remote Arbitrary File Upload Exploit Vulnerability
phpscripte24 Live Shopping Multi Portal System SQL Injection Vulnerability Exploit
Alibaba Clone Diamond Version SQL Injection Vulnerability Exploit
phpscripte24 Shop System SQL Injection Vulnerability Exploit
Erotik Job Agentur SQL Injection Vulnerability
AV Arcade Search Field XSS/HTML Injection
OCS Inventory NG Server <= 1.3.1 (login) Remote Authentication Bypass # EDB-ID: 12520
WeBProdZ CMS SQL Injection Vulnerability
Slooze PHP Web Photo Album v0.2.7 Command Execution Vulnerability
PHP-NUKE v5.0 viewslink Remote SQL Injection
Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35
Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit
thEngine v0.1 LFI Vulnerability
GuppY v4.5.18 Blind SQL/XPath injection Vulnerability
CF Image Host v1.1 Remote File Inclusion Vulnerability
APRIL 2010
EC21 Clone 3.0 (id) SQL Injection Vulnerability
B2B Gold Script (id) SQL Injection Vulnerability
Multiple Vulnerability in New-CMS
MSSQLi Vulnerability in AutoDealer Ver.1 and Ver.2
TR Forum 1.5 Mullti Vulnerability
Zyke CMS V1.0 Remote File Upload Vulnerability
gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit
OpenCominterne 1.01 Local File Include Vulnerability
2daybiz Advanced Poll Script XSS and Authentication Bypass
Opencourrier 2.03beta (RFI/LFI) Multiple File Include Vulnerability
Uiga Personal Portal index.php (view) SQL Injection
Kasseler CMS 2.0.5 => By Pass / Download Backup Vulnerability
CMScout 2.08 SQL Injection Vulnerability
CMS Firebrand Tec Local File Inclusion Vulnerability
phpegasus (fckeditor) Remote Arbitrary File Upload Exploit
AskMe Pro 2.1 (que_id) SQL Injection Vulnerability
EPay Enterprise v4.13 (cid) SQL Injection Vulnerability
MusicBox v 3.3 SQL Injection Exploit
Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability
Flex File Manager Shell Upload Vulnerability
N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability
CMS Ariadna 2009 SQL Injection
Alegro 1.2.1 SQL Injection Vulnerability
Asset Manager 1.0 Shell Upload Vulnerability
GarageSales Remote Upload Vulnerability
Viennabux Beta Forum <= SQL injection Vulnerability & SQL injection Exploit
Kubeit CMS Remote SQL Injection Vulnerability
Free Image & File Hosting Upload Vulnerability
Plume CMS 1.2.4 Multiple Local File Inclusion Vulnerabilities
Espinas CMS SQL Injection Vulnerability
XSS Vulnerability in NextGEN Gallery Wordpress Plugin
MARCH 2010
Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability
Powie's PSCRIPT Gästebuch <= 2.09 SQL Injection Vulnerability
Multi Auktions Komplett System V2 <= Blind SQL Injection Exploit
Devana SQL Injection vulnerability
TSOKA:CMS v1.1 , v1.9 AND v2.0 SQL Injection & XSS Vulnerability
68kb Knowledge Base Script v1.0.0rc2 Search SQL Injection
Date & Sex Vor und Rückwärts Auktions System <= v2 Blind SQL Injection Exploit
MyOWNspace_v8.2 multi local file include
Open Web Analytics 1.2.3 multi file include
68kb multi remote file include
Simple Machines Forum <= 1.1.8 (avatar) Remote PHP File Execute PoC
Uebimiau Webmail <= 2.7.2 Multiple Vulnerabilities
Flirt Matching SMS System <= SQL Injection Exploit
post Card ( catid ) Remote SQL Injection Vulnerability
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability
leaftec cms multiple vulnerabilities
cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability
CyberCMS Remote SQL Injection Vuln.
BPTutors Tutoring site script - [ CSRF ] Create Administrator Account
Kasseler CMS 1.4.x lite (Module Jokes) SQL-Injection Exploit
Interactivefx.ie CMS SQL Injection Vulnerability
Easy-Clanpage <= v2.01 SQL Injection Exploit
justVisual 2.0 LFI Vulnerability
SiteX CMS 0.7.4 beta SQL-Injection exploit
Direct News 4.10.2 Multiple Remote File Include Vulnerability
WebSiteBaker 2.8.1 DataBase Backup Disclosure
Easy-Clanpage v2.0 Blind SQL Injection Exploit
CMS By SoftnSolv SQL Injection Vulnerable
E-php CMS SQL Injection Vulnerability
Joomla component com_universal Remote File Inclusion Vulnerability exploit
Vbulletin Blog 4.0.2 Title XSS Vulnerability
Uiga Business Portal SQL Injection Vulnerability
Insky CMS v006-0111 Multiple Remote File Include Vulnerability
Zephyrus CMS (index.php) SQL Injection Vulnerability
Xataface Admin Auth Bypass Vulnerability
jewelry Cart Software (product.php) SQL Injection Vulnerability
Adult Video Site Script Multiple Vulnerabilities
Woltlab Burning Board Teamsite Hack <= v3.0 ts_other.php SQL Injection Exploit
Trouble Ticket Software ttx.cgi Remote File Download
joomla component Gift Exchange com_giftexchange (pkg) Remote Sql Injection
Pay Per Watch & Bid Auktions System BLIND SQL Injection auktion.php (id_auk)
hpscripte24 Preisschlacht Liveshop System SQL Injection (seite&aid) index.php
Quality Point 1.0 NewsFeed (SQL/XSS) Multiple Remote Vulnerabilities
islamic voice Remote SQL Injection Vulnerability
Multi CSRF vulnerability in DirectAdmin (1.34.4)
joomla component & plugin JE Tooltip Local File Inclusion
Manage Engine Service Desk Plus 7.6 woID SQL Injection
Shutter 0.1.4 Blind SQL Injection
SiteDone Custom Edition 2.0 SQL Injection & XSS Vulnerability
phpAuthent 0.2.1 SQL Injection Vulnerability
philboard v1.02 sql injection Vulnerability
Nensor CMS 2.01 Multiple Remote Vulnerabilities
PHP Classifieds v7.5 Blind SQL Injection Vulnerability
Ninja RSS Syndicator v1.0.8 Local File Include
Trouble Ticket Express <= 3.01 Remote Code Execution/Directory Traversal
PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability
Front Door v0.4b SQL Injection Vulnerability
DesktopOnNet 3 Beta9 Local File Include Vulnerability
RogioBiz_PHP_file_manager_V1.2 bypass admin exploit
Php-Nuke - Local File Include Vulnerability
phppool media Domain Verkaufs und Auktions Portal index.php SQL Injection
deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability
PhpMyLogon v2 SQL Injection Vulnerability
Azeno CMS SQL Injection Vulnerability
systemsoftware Community Black index.php SQL Injection
Xbtit v2.0.0 SQL Injection Vulnerability
Mambo Component com_mambads SQL Injection Vulnerability
GeekHelps ADMP v1.01 Multiple Vulnerabilities
Ad Board Script v1.01 Local File Inclusion
Invision Power Board Currency Mod(edit) SQL injection
Softbiz Jobs and Recruitment Script (search_result.php) SQL Injection Vulnerability
Anantasoft Gazelle CMS CSRF Vulnerability
ispCP Omega <= 1.0.4 Remote File Include Vulnerability
PhpCityPortal Multiple Vulnerabilities
60cycleCMS Persistent XSS Vulnerability
Campsite v3.3.5 CSRF Vulnerability
Friendly-Tech FriendlyTR69 CPE Remote Management v2.8.9 SQL Injection Vulnerability
PHP File Sharing System v1.5.1 Multiple Vulnerabilities
Subdreamer 2.4.3 and 3.0.1 XSS
Uebimiau Webmail v3.2.0-2.0 | Email Disclosure
mhproducts kleinanzeigenmarkt search.php SQL Injection
PHP File Uploader Upload Vulnerability
NUs Newssystem v1.02 (id) SQL Injection Vulnerability
DZ Auktionshaus "V4.rgo" (id) news.php SQL Injection Vulnerability
TRIBISUR <= 2.0 Local File Include Vulnerability
Chaton <= 1.5.2 Local File Include Vulnerability
vulnerabilities in Hydra Engine
Employee Timeclock Software SQL Injection Vulnerabilities
SQL injection vulnerability in Wild CMS
SQL injection vulnerability in Flick CMS
BigForum Version: 4.5 SQL INJECTION
phpCOIN 1.2.1 (mod.php) LFI Vulnerability
dev4u CMS (Personenseiten) go_target.php SQL Injection
E-topbiz Link ADS 1 PHP script (linkid) Blind SQL Injection Vulnerability
Cross Site Scripting Vulnerability in Discuz! 'uid' Parameter
1024CMS Blind SQL Injection Vulnerability
Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability
Dosya Yukle Scrtipi v1.0 Shell Upload Vulnerabili
Gnat-TGP <= 1.2.20 Remote File Include Vulnerability
martplugs 1.3 SQL Injection showplugs.php
MiNBank 1.5.0 Remote Command Execution Exploit
Al Sat Scripti Database Download Vulnerability
osCSS v1.2.1 Database Backups Disclosure
PHP Advanced Transfer Manager v1.10 Shell Upload Vulnerability
Uploadify Sample Collection Shell Upload Vulnerability
My Little Forum contact.php SQL Injection
Uiga Church Portal index.php SQL Injection
phptroubleticket (id) SQL Injection Vulnerability
CMS by MyWorks Multiple Vulnerabilities
FEBRUARY 2010
ARISg5 (version 5.0) cross site scripting vulnerability
SQL injection vulnerability in WebAdministrator Lite CMS
Uiga Personal Portal index.php SQL Injection Vulnerability
Uiga Fan Club index.php SQL Injection Vulnerability
HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability
Joomla Component com_yanc SQL Injection Vulnerability
Baykus Yemek Tarifleri <= 2.1 SQL Injection Vulnerability
Majoda CMS (Auth Bypass) SQL Injection Vulnerability
DZ Erotik Auktionshaus v.4.rgo news.php SQL Injection Vulnerability
Gravity Board X v2.0 BETA (Public Release 3) SQL Injection Vulnerability
Project Man <= 1.0 (Auth Bypass) SQL Injection Vulnerability
phpCDB <= 1.0 Local File Include Vulnerability
phpRAINCHECK <= 1.0.1 SQL Injection Vulnerability
ProMan <= 0.1.1 Multiple File Include Vulnerability
phpMySite (XSS/SQLi) Multiple Vulnerabilities
Pre Classified Listings SQL Injection Vulnerability
Scripts Feed Business Directory SQL Injection Vulnerability
Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability
Joomla Component com_paxgallery Blind Injection Vulnerability
Slaed CMS v4 Multiple Vulnerabilities
GameScript v3.0 SQL Injection Vulnerability
EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability
Max's Photo Album Shell Upload Vulnerability
MySmartBB v1.0.0 Cross Site Scripting Vulnerability
Article Friendly CSRF Vulnerability
WikyBlog v1.7.3rc2 Multiple Vulnerabilities
ShortCMS v1.11F(B) (con) SQL Injection Vulnerability
phpCOIN v1.2.1 (mod.php) SQL Injection Vulnerability
Softbiz Jobs CSRF Vulnerability
Softbiz Jobs Multiple SQL Injection Vulnerabilities
Php Auktion Pro SQL (news.php) SQL Injection Vulnerability
Top Auktion (news.php) SQL Injection Vulnerability
worksimple_1.3.2 Multiple Remote Vulnerabilities
Tinypug v0.9.5 CSRF Password Change
QuickDev 4 Php Database Disclosure Vulnerability
SphereCMS Blind SQL Injection Vulnerability
Kusaba X <= 0.9 XSS/CSRF vulnerabilities
Pixel Portal Sql Injection Vulnerability
Netzbrett Database Disclosure Vulnerability
FlatFile Login System Remote Password Disclosure Vulnerability
TimeClock CSRF Remote Add Admin Exploit
phpAutoVideo CSRF Vulnerability
Litespeed Web Server v4.0.12 (Add Admin) CSRF and XSS Vulnerabilities
SQL injection vulnerability in Amelia CMS
WSC CMS (Bypass) SQL Injection Vulnerability
Trixbox PhonecDirectory.php SQL Injection
Phpkit v1.6.1 Multiple SQL Injection Vulnerabilities
CubeCart (index.php) SQL Injection Vulnerability
intuitive (form.php) Sql Injection Vulnerability
Nabernet (articles.php) Sql Injection Vulnerability
uGround <= 1.0b SQL Injection Vulnerability
Multiple File Attachments Mail Form Pro v2 - WebShell upload
PHPIDS 0.4 - Remote File Inclusion Vulnerability
Auktionshaus v.4 news.php SQL Injection Vulnerability
Auktionshaus Gelb v.3 news.php SQL Injection Vulnerability
Erotik Auktionshaus news.php SQL Injection Vulnerability
PunBBAnnuaire <=0.4 Blind SQL Injection Vulnerability
Mambo Component com_acnews [id] SQL Injection Vulnerability
SongForever.com Clone Shell Upload Vulnerability
Limny v2.0 Create Admin User CSRF Exploit
Pogodny CMS SQL injection vulnerability
OpenOffice.org Word Document Handling Heap Overflow Vulnerabilities
cmsmadesimple Multiple Security Issues : XSS+ LFI
PEAR v.1.9.0 Multiple Remote File Inclusion Vulnerability
Calendarix v0.8.20071118 SQL Injection
ShortCMS SQLi 1.2.0 (Last Version of 11/02/2010) and ALL < version
JTL-Shop 2 (druckansicht.php) SQL Injection Vulnerability
Mambo com_akogallery Remote Sql Injection Vulnerability
CodeIgniter v1.0 Remote File Inclusion Vulnerability
File Upload Manager v1.3 exploit
Katalog Stron Hurricane Multiple Vulnerability RFI / SQL
Saskia's Shopsystem <= beta1 Local File Include Exploit
StatCounteX 3.1 Multiple Vulnerabilities
Vito CMS SQL Injection Vulnerability
southburn Web (products.php) Sql Injection Vulnerability
MRW PHP Upload Remote file upload Vulnerability
WSN Guest 1.02 (orderlinks) SQL Injection Vulnerability
InterTech Co 1.0 SQL Injection
WordPress >= 2.9 Failure to Restrict URL Access
SQL injection vulnerability in apemCMS
Omnidocs SQL injection Vulnerability
vBulletin v3.5.2 XSS Vulnerabilities
vBulletin 3.0.0 XSS Vulnerability
PHP Captcha Security Images DoS Vulnerability
GameRoom Script Admin Bypass and File Upload Vulnerability
myPHP Guestbook <= 2.0.4 Database Backup Dump Vulnerability
CD Rentals Script SQL injection Vulnerability
Books/eBooks Rental Software SQL injection Vulnerability
Cisco Collaboration Server 5 XSS, Source Code Disclosure
X-Cart Pro v4.0.13 SQL Injection Proof of Concept
J.A.G (Just Another Guestbook) Database Disclosure Vulnerability
Video Games Rentals Script SQL Injection Vulnerability
Vacation Rental Script SQL Injection Vulnerability
Trade Manager Script SQL injection Vulnerability
eSmile Script (index.php) SQL Injection Vulnerability
HASHE! Solutions Multiple SQL Injection Vulnerabilities
ULoki Community Forum v2.1 (usercp.php) XSS Vulnerability
fipsForum v2.6 Remote Database Disclosure Vulnerability
CPA Site Solutions Remote File Upload Vulnerability
Newsletter Tailor Database Backup Dump Vulnerability
Newsletter Tailor (Auth Bypass) SQL Injection Vulnerability
es Solutions - Webapp SQL Injection
MOJO's IWMS <= 7 SQL Injection & Cross Site Scripting
Limny v1.01 Remote File Upload Vulnerability
Zomorrod Cms Sql Injection Vulnerability
osTicket v1.6 RC5 Multiple Vulnerabilities
Belkatalog CMS SQL Injection Vulnerability
Huski retail mulitple SQL injection vulnerabilities
WSN Guest Database Disclosure Vulnerability
Zen Tracking <= 2.2 (Auth Bypass) SQL Injection Vulnerability
odlican.net cms v.1.5 Remote File Upload Vulnerability
Baal Systems <= 3.8 (Auth Bypass) SQL Injection Vulnerability
DA Mailing List System V2 Multiple Vulnerabilities
Exponent CMS 0.96.3 (articlemodule) Sql Injection Vulnerability
Croogo v1.2.1 Multiple CSRF Vulnerabilities
Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability
EncapsCMS <= 0.3.6 (config[path]) Remote File Include Vulnerability
Rostermain <= 1.1 (Auth Bypass) SQL Injection Vulnerability
Uiga Business Portal SQL/ XSS Vulnerability
TinyMCE WYSIWYG Editor Multiple Vulnerabilities
Open Bulletin Board Multiple Blind Sql Injection Vulnerability
Arab Network Tech. (ANT) CMS SQL Injection
ShopEx <= Single V4.5.1 Multiple Vulnerabilities
Audistats 1.3 SQL injection vulnerability
MASA2EL Music City v1.0 Remote Sql Injection Vulnerability
ManageEngine OpUtils 5 "Login.DO" SQL Injection Vulnerability
KubeLance 1.7.6 (Add Admin) CSRF Vulnerability
PHP Car Rental-Script (Auth Bypass) SQL Injection
Hipergate v4.0.12 Multiple Vulnerabilities
Tinypug Multiple Vulnerabilities
GCP 2.0 datasets provided as BioCASE web services
Dlili Script SQL Injection Vulnerability
MYRE Classified (cat) SQL Injection Vulnerability
MobPartner Chat Multiple Sql Injection Vulnerabilities
Evernew Free Joke Script (viewjokes.php) SQL Injection
ShoutCMS (content.php) Blind Sql Injection Vulnerability
Joomla (Yelp Component) SQL Injection Vulnerability
Snif v1.5.2 - Any Filetype Download Exploit
RaakCMS Multiple Vulnerabilities
JANUARY 2010
crownweb (page.cfm) Sql Injection Vulnerability
Creative SplashWorks-SplashSite (page.php) Blind Sql Injection Vulnerability
Maian Greetings v2.1 Shell Upload Vulnerability
Saman Portal Sql Injection Vulnerability
phpunity.newsmanager LFI Vulnerability
dotProject 2.1.3 XSS and Improper Permissions
ThinkAdmin (page.php) Sql Injection Vulnerability
IPB (nv2) Awards > 1.1.0 SQL Injection PoC
PHP Product Catalog CSRF Change Administrator Password
eWebeditor ASP Version Multiple Vulnerabilities
NovaBoard v1.1.2 SQL Injection Vulnerability
Kayako SupportSuite Multiple Persistent Cross Site Scripting
IdeaCMS v1.0 (fck) Remote Arbitrary File Upload
eWebeditor Directory Traversal Vulnerability
Joomla (com_casino) SQL Injection Vulnerabilities
Joomla (JBDiary) BLIND SQL Injection Vulnerabilities
Joomla (com_jbpublishdownfp) SQL Injection Vulnerability
magic-portal v2.1 SQL Injection Vulnerability
Joomla Component com_ContentBlogList SQL Injection Vulnerability
OpenDb 1.5.0.4 Multiple LFI Vulnerability
Joomla Component com_gameserver SQL Injection Vulnerability
Joomla (com_avosbillets) SQL injection Vulnerability
KosmosBlog v0.9.3 (SQLi/XSS/CSRF) Multiple Vulnerabilities
Joomla Component com_gurujibook SQL injection Vulnerability
Joomla Component com_biographies SQL injection Vulnerability
cPanel HTTP Response Splitting Vulnerability
Blog System 1.x (note) SQL Injection Vuln
jQuery uploadify v2.1.0 Remote File Upload
vBulletin nulled (validator.php) files/directories disclosure
Multiple Vulnerabilities in XOOPS 2.4.3 and earlier
Blaze Apps Multiple Vulnerabilities
ezContents CMS Multiple Vulnerabilities
Joomla Component com_bookflip SQL Injection Vulnerability
al3jeb script Remote Login Bypass Exploit
Multiple directory Traversal Vulnerabilites in Testlink TestManagement and Execution System
Sogou input method to obtain system privileges
Soft Direct v1.05 Multiple Vulnerabilities
Permanent Cross-Site Scripting (XSS) in FreePBX 2.5.x – 2.6.0
QvodPlayer ColorFilter Codec ActiveX Remote Exec
al3jeb script Remote Change Password Exploit
SQL injection in FreePBX 2.5.1
Information disclosure in FreePBX 2.5.x
Fatwiki (fwiki) Remote FiLe include RFI
Joomla Component com_pc LFI Vulnerability
Uploader by CeleronDude 5.3.0 - Upload Vulnerability
Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS)
HP-UX Running sendmail, Remote Denial of Service (DoS)
Ebay Clone from clone2009 SQL Injection Vulnerabilities
Adobe Acrobat and Reader U3D Integer Overflow Vulnerability
Major security risk in the unlock pattern for Android devices
CLONEBID B2B Marketplace Multiple Vulnerabilities
ITechSctipts Alibaba Clone Multiple Vulnerabilities
DasForum (layout) Local File Inclusion Exploit
RoseOnlineCMS <= 3 B1 Remote Login Bypass Exploit
Transload Script Upload Vulnerability
PHP-RESIDENCE <= 0.7.2 Multiple LFI Vulnerability
MoME CMS <= 0.8.5 Remote Login Bypass Exploit
PonVFTP Bypass and Shell Upload Vulnerability
Max's File Uploader Shell Upload Vulnerability
TRIBISUR CMS [xss] Cross Site Scripting Vulnerability
StivaSoft 1.0 (XSS) Remote Vulnerabilities
Espace de réflexion [xss] Cross Site Scripting Vulnerability
Public Media Manager SQLi vulns
Asp VevoCart Control System Version 3.0.4 DB Download Vulnerability
Populum 2.3 SQL injection vulnerability
CiviCRM 3.1 < Beta 5 Multiple XSS Vulnerabilities
Calendar Express 2 XSS Vulnerability
Simple PHP Blog v5.11 XSS Vulnerability
PhPepperShop Webshop 2.5 XSS Vulnerability
LayoutCMS 1.0 (SQL/XSS) Multiple Vulnerabilities
Docmint CMS v1.0 XSS Vulnerability
SBD Directory 4.0 XSS Vulnerability
XSS Vulnerability in Active Calendar 1.2.0
XSS vulnerabilities in 34 millions flash files
Cross-Site Scripting vulnerability in JVClouds3D for Joomla
Alwjeez Script Database Backup Exploit
tincan ltd (section) SQL Injection Vulnerability
FAQEngine 4.24.00 - Remote File Inclusion vulnerability
Image Hosting Script Remote shell upload Vulnerability
Glitter Central Script XSS Vulnerability
Gridcc Script 1.0 (SQL/XSS) Multiple Remote Vulnerabilities
Alex Guestbook Multi Vulnerability
Simple PHP Guestbook Suffering From XSS Vulnerability
Smart PHP Statistics 1.0 suffer from XSS Vulnerability
PPVChat Mulitiple Vulnerabilities
ProfitCode Shopping Cart Multiple LFI/RFI Vulnerabilities
DeltaScripts PHP Links XSS Vulnerability
Jamit Job Board v3 XSS Vulnerability
BlogWorx Blog v1.0 XSS Vulnerability
Drupal <= 6.15 Multiple Permanent XSS
Read Excel Script v1.1 Shell Upload Vulnerability
SearchFit PowerSearch XSS Vulnerability
CopyWrite CMS 1.0 XSS Vulnerability
Match Agency BiZ XSS Vulnerability
Joomla Component Regional Booking (id) Blind SQL Injection Vulnerability
AutoIndex PHP Script (index.php) Directory Traversal Vulnerability
Zeeways Technology (product_desc.php) SQL Injection Vulnerability
Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability
Sniggabo CMS v2.21 XSS Vulnerability
New transmission packages fix directory traversal
New horde3 packages fix cross-site scripting
New phpldapadmin packages fix remote file inclusion
Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2
ASp fot video siciripti v1.1 DB Download Vulnerability
ASp Cnr Hikaye Scripti DB Download Vulnerability
ImagoScripts Deviant Art Clone SQL Injection Vulnerability
KMSoft Guestbook v 1.0 Database Disclosure Vulnerability
YP Portal MS-Pro Surumu 1.0 DB Download Vulnerability
Myteknoloji Hosting SCripti Database Disclosure Vulnerability
LightOpen CMS Remote File Inclusion (smarty.php)
Multiple vulnerabilities in LineWeb 1.0.5
Novell Netware CIFS And AFP Remote Memory Consumption DoS
httpdx webserver v1.5 Remote Source Disclosure
HLstatsX Community Edition 1.6.5 Cross Site Scripting Vulnerability
DZOIC ClipHouse suffer from auth bypass remote sql injection
Joomla Component com_avosbillets Blind SQL Injection Vulnerability
Mini-NUKE v2.3 Freehost Multiple Vulnerabilities
BlaB! 2.1b2 Backup files Vulnerability
XlentCMS V1.0.4 (downloads.php?cat) SQL Injection Vulnerability
DECEMBER 2009
FreeWebshop.org: multiple vulnerabilities
AproxEngine Multiple Vulnerabilities
InterN0T] LiveZilla - XSS Vulnerability
DBHCMS Web Content Management System v1.1.4 RFI Vulnerability
Sheedravi CMS SQL Injection Vulnerability
4images 1.7.1 Remote SQL Injection Vulnerability
phUploader Remote File Upload Vulnerability
Ignition 1.2 Multiple Local File Inclusion Vulnerabilities
Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability
QuiXplorer <=2.4.1beta Remote Code Execution vulnerability
PRE HOTELS&RESORTS MANAGEMENT SYSTEM(Auth Bypass) Remote SQL Injection
Title: Smart ASPad(campaignEdit.asp CCam) Blind SQL Injection
Winamp PNG and JPEG Data Integer Overflow Vulnerabilities
Authentication bypass and file manipulation in Sitecore Staging Module
VideoCache 1.9.2 vccleaner root vulnerability
File Access Vulnerability in Easy File Sharing Web Server
Family Connections <= 2.1.3 Multiple Remote Vulnerabilities
WP-Forum <= 2.3 SQL Injection vulnerabilities
PasswordManager Pro 6.1 Script Injection Vulnerability
Multiple Vulnerabilities in PyForum
WSCreator 1.1 Blind SQL Injection
APC Switched Rack PDU XSS Vulnerability
Monkey HTTPd improper input validation vulnerability
Cross-Site Scripting vulnerabilities in Invision Power Board
WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities
E-Store SQL Injection Vulnerability
