ESET Nod32 Antivirus | Antispyware | Console d administration
Chercher :
Newsletter :  
Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs



Abonnez vous � Nessus Professional Feed !

Sponsors :

Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires

Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs

Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Communiques

Secumail :
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS/XML :
- Articles
- Brèves
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS SecuObs :
- sécurité
- exploit
- windows
- microsoft
- attaque
- réseau

RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network

RSS Videos :
- security
- vmware
- virus
- biometric
- metasploit
- windows

RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco

RSS Comments :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Communiques

RSS OPML :
- Français
- International

Abonnez vous � Nessus Professional Feed !


Revue de presse francophone :
- tutorial exploitation format string
- level8 wargame NDH2010 - format strings
- tutoriel exploitation format strings
- CERTA-2010-ACT-030 Bulletin d'actualité numéro 030 de l'année 2010 30 juillet 2010
- CERTA-2010-AVI-345 Vulnérabilité dans la bibliothèque libmspack 30 juillet 2010
- CERTA-2010-AVI-346 Vulnérabilités dans MediaWiki 30 juillet 2010
- CERTA-2010-AVI-347 Multiples vulnérabilités dans TYPO3 30 juillet 2010
- CERTA-2010-AVI-348 Multiples vulnérabilités dans Wireshark 30 juillet 2010
- CCSK Une certification sécurité pour les professionnels du cloud
- CERT-XMCO des détails de 100 millions de profils Facebook disponibles sur le réseau BitTorrent
- CERT-XMCO une application suspecte disponible sur l'Android Market
- Cloutage Suivi des incidents de sécurité cloud
- HADOPI Toonux est candidat à l étude des solutions de sécurisation dans un but d interopérabilité
- Portail juridique européenn E-justice
- Une appli Android extorque des données

Dernier articles de SecuObs :
- How to install USBsploit v0.1b through SVN, the tar.gz, the .run or to work with original Metasploit
- Video: usbploit.rb and the original MSF to get all the remote USB files by extensions through Meterpreter
- Video: usbsploit.rb and the original MSF to get all the remote USB files through Meterpreter
- Video: USBsploit gets all the remote USB files by extensions through Meterpreter and a modified MSF
- Video: USBsploit gets all the remote USB files through Meterpreter and a modified MSF
- Le projet OsmocomBB, implémentation libre de la norme GSM
- Interpolique un outil visant à dé-responsabiliser en partie les développeurs sur des problématiques comme les XSS et les SQLi
- La DGSE va recruter 100 ingénieurs par an
- HoneyBot automatise les attaques par ingénierie sociale à l'encontre des services de messageries instantanées
- POET automatise l'exploitation d'une vulnérabilité de la plateforme de développement JavaServer Faces

Revue de presse internationale :
- Microsoft Prepares Out Of Band Patch For Globe Trotting LNK File Issue
- Defcon Exploiting WebSphere Application Server s JSP Engine
- Traces of reading, writing, and thinking for 2010-07-30
- Time-lapse video of an ant colony inside of a scanner
- Be the Match at DEF CON
- Justice Department Joins Fraud Lawsuit Against Oracle
- Microsoft rushes fix for Windows shortcut hole
- The Insider Threat and SharePoint
- Quicktime and Malware no pinch of Salt necessary
- Microsoft to Issue Emergency Patch for Critical Windows Bug
- Microsoft to release fix for Windows Shortcut flaw on Monday
- System Administrator Appreciation Day Linux Integration Services v2.1 Emergency Windows patch for Monday
- Two computer thefts at Montefiore Medical Center put sensitive data at risk
- TX Child support fraud sweep nets two more
- NY Medical and doctors records scattered all over North Tonawanda

Annuaire des videos
- NetWitness Visualize Demo Black Hat 2010
- Reto IronGeek Campus Party 2010
- Derek McAuley Virtualization in Network Appliances on Vimeo
- Bypassing NSFW filters and Android Packet Sniffing Hak5
- Bypassing NSFW filters and Android Packet Sniffing Hak5
- ENHACKE LINUXWEEK 2010
- Redtagtrendmicro Coupons RedTagdeals
- NetWitness Visualize Demo at BlackHat
- NetWitness Visualize presentation
- HNNCast New Episodes Every Sunday
- Learn The Best Way To Change Forgoten Windows Password
- Forgoten Your Admin Passsowrd THIS WILL HELP
- install snort and base on openbsd 4 7 on Vimeo
- Application Security Exploit SQL Injection
- Hacking Wireless Networks Made Easy FrugalTech

Revue Twitter
- Malicious apps and Linux flaws are two of the vulnerabilities in Google's mobile OS
- Defcon - 30 U.S. companies targeted as hackers in social engineering contest attempt to trick employees into revealing not-so-sensitive data
- in #defcon track1, caesar cerrudo showing you can grab SYSTEM from IIS with only a simple file upload
- @shawnhorton Large. Intel, IBM, Apple, etc. According to that article, for every one US job in PC/CPU/etc mfg, there are ten in China.
- myth? turning the apple mighty mouse over and clicking it twice makes it connect via bluetooth faster.
- @vrybdpkt Haha. I remember you talking about different projects last year at Defcon. That's funny..
- @bsweichsel So secret government operations and big rig truck work? No wonder IBM brings in so much moolah. :)
- BJJ Defcon smackdown happening tonight at TapOut training center 7:30-9pm open mat (no-gi). $20. DM me or @beaker if you want in.
- RT @slashdot: DefCon Contest Rattles FBI's Nerves
- Kindle looks interesting, but $240 more for the DX? really Amazon? really?

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse
Annuaires des videos : security, vmware, virus, biometric, metasploit, windows, lockpicking, password, botnet, tutorial, attack, network, linux

+ de mots clés pour les videos
Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter



Top bi-hebdo des articles de SecuObs
- How to install USBsploit v0.1b through SVN, the tar.gz, the .run or to work with original Metasploit
- La DGSE va recruter 100 ingénieurs par an
- Comment changer un mot de passe perdu pour un compte WINDOWS
- La sécurité des clés USB mise à mal par USBDUMPER
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Ophcrack, un cracker de mot de passe Windows basé sur des rainbow tables
- Le projet OsmocomBB, implémentation libre de la norme GSM
- Video: usbploit.rb and the original MSF to get all the remote USB files by extensions through Meterpreter
- Video: USBsploit gets all the remote USB files through Meterpreter and a modified MSF
- Stoned Bootkit v 2.0 disponible pour contourner le chiffrement TrueCrypt

Top bi-hebdo de la revue de presse
- FREE Kaspersky Internet Security 2010 Activation Code Valid for 6 Months
- La Sacem Britannique Pas d Hadopi, un chèque
- Nouveau dictionnaire WPA Livebox
- Windows zero-day exploit USB storage .lnk files file explorer FAIL
- Antivir Solution Pro
- Vulnerability in Vbulletin 3.8.6
- Grosse faille à  venir sur WPA2
- Wifi ROBIN une nouvelle quiche derrière le crà¢ne d HADOPI
- Le DSI, animateur de l intelligence économique
- HADOPI attention chérie, ça va spammer ou pas

Top bi-hebdo de l'annuaire des videos
- [SecurityTube] Airprobe: Monitoring GSM traffic with USRP at HAR 2009
- Passwords and Credit Card Numbers Hacked SQL Injection Explained
- **Jew, scrojin** msf payloads and automated scraper scripts
- Introduction To Using Nessus 4 2
- Sickness Meterpreter HashDump
- Social Engineer Toolkit Aurora Attack credits Rel1k
- USBsploit dumps all USB files through Meterpreter and a modified Metasploit
- Steve Herrod VMware s CTO Introduces VMware vSphere 4 1
- Blind SQL Injection en MySQL con bsqlbf
- Virtual Private Networks using your Google account and chipset woes Hak5

Top bi-hebdo de la revue Twitter
- Here is the ms-shllink pdf that Microsoft removed from their TechNet site today. Have fun with it. #infosec #microsoft
- BackTrack 4 R1 BlackHat Edition Many new tools added !!!
- New 'Kraken' GSM-cracking software is released
- Update on the Stuxnet rootkit LNK vulnerability: from F-Secure Weblog
- Windows LNK 0day exploit released
- RT @iagox86: I downloaded every name on Facebook. Awesome bruteforce info, big privacy issue:
- WPA2 Hole 196 vulnerability can be exploited by authorized network users to perform MITM attacks.
- #KeyLogger2: [megapanzer.com] #Tool_name : Keylogger2 Description : Keylogger is a simpel and straightforward piece...
- RT @asintsov: Fast egg-hunter JIT shellcode generator for Flash 10.0.x. Work time ~ 5-7 sec. (from #HITB2010AMS). ...
- Black Hat: Researchers poke holes in HTTPS, SSL Web browser security

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- GreenSQL un proxy MySQL pour filtrer les requêtes SQL et contrer les injections
- Microsoft Gazelle, mini-OS virtuel basé sur MashupOS pour une navigation Web sécurisée par isolation

Les derniers commentaires publiés sur SecuObs (1-5):
- ESRT @DidierStevens - Hackin9 August issue Securing The Cloud
- Microsoft LNK vulnerability fix coming on Monday
- Script Video evilDEB.sh v0.1 - Metasploit
- ESRT @WebSecurityNews - Black Hat: Researchers poke holes in HTTPS, SSL Web browser security
- ESRT @edsmiley @jeremiahg - My BlackHat slides posted, Breaking Browsers: Hacking Auto-Complete
Détail du test :
ID
15516
Nom
cPanel Backup File Local Disclosure
Auteurs
This script is Copyright (C) 2004-2009 Tenable Network Security, Inc.
Catégorie
CGI abuses
Action
infos
Résumé
Checks for the version of cpanel
Description
The remote host is running a version of cpanel which is older or as old as version 9.4.1. The remote version of this software is vulnerable to a file disclosure flaw in the Remote Backup module which may allow a local attacker to read arbitrary files on the remote system. Solution : Upgrade to the newest version of cPanel or disable this service Risk factor : Medium


Cliquer pour le detail - Liste des tests :
Stoc'an Shopping Cart shop.plx Path Disclosure
LimeSurvey sUser Variable SQL Injection
EZsite Forum Discloses Passwords to Remote Users
Netquery <= 3.11 nquser.php host Variable Arbitrary Command Execution
Microsoft IIS/PWS %2e Request ASP Source Disclosure
WebSPIRS webspirs.cgi Traversal Arbitrary File Access
Mantis < 0.19.3 Multiple Vulnerabilities
LinPHA <= 1.0 Multiple Vulnerabilities
Cacti index.php/sql.php Login Action login_username Variable SQL Injection
JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID)
NOCC <= 1.0 Multiple Vulnerabilities
Webman I-Mall i-mall.cgi Arbitrary Command Execution
Thyme event_view.php eid Parameter SQL Injection
RunCMS <= 1.2 Multiple Vulnerabilities
ZABBIX Web Interface extlang[] Parameter Remote Code Execution
Mambo Site Server Multiple Vulnerabilities
toendaCMS < 0.6.2.1 Multiple Vulnerabilities
Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more)
Philboard /database/philboard.mdb Direct Request Database Disclosure
Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities
Apache Tomcat source.jsp Arbitrary Directory Listing
Goscript go.cgi Arbitrary Command Execution
Squid cachemgr.cgi Proxied Port Scanning
sBLOG search.php keyword Parameter SQL Injection
Horde Software Detection
Advanced Guestbook index.php entry Parameter SQL Injection
MODx config.js.php Information Disclosure
Stronghold swish Search Script Information Disclosure
phpList Detection
WebsitePro Remote Request Overflow
WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities
Zen Cart products_id[] Array SQL Injection
Atlassian JIRA < 3.12.1 Multiple Vulnerabilities
Microsoft Outlook Web Access (OWA) Version Detection
Coppermine Photo Gallery include/functions.inc.php _data Cookie lang Variable Traversal Local File Inclusion
Stoc'an Shopping Cart shop.plx page Parameter Arbitrary Command Execution
OraMon config/oramon.ini Information Disclosure
Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cookie SQL Injection
P-News p-news.php Name Field Privilege Escalation
Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing
ActualAnalyzer Lite style Variable Traversal Local File Inclusion
Moodle < 1.5.3 Multiple SQL Injection Vulnerabilities
UBB.threads Detection
CVSTrac Detection
TYPO3 jumpUrl Mechanism Information Disclosure
ActivePerl findtar Sample Script Remote Command Execution
MyBB ratethread.php rating Parameter SQL Injection
TikiWiki jhot.php Arbitrary File Upload
Drupal Software Detection
TWiki rev Parameter Arbitrary Command Execution
PHPWebAdmin for hMailServer Multiple File Inclusions
WordPress index.php cat Parameter Local File Inclusion
PHPWind Board faq.php skin Parameter Remote File Inclusion
Adobe Breeze Directory Traversal Arbitrary File Access
Sympa src/queue.c queue Utility Local Overflow
Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution
MyBB global.php Global Variable Overwrite
ViewCVS < 1.0.0 Multiple Vulnerabilities
Lucent VitalNet VsSetCookie.exe Unauthorized Access
Ingo Foldername Arbitrary Command Execution
Home Free search.cgi Traversal Arbitrary File Access
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure
Web Site Malicious Javascript Link Detection
Invision Power Board Software Detection
OrangeHRM login.php txtUserName Parameter SQL Injection
CuteNews Detection
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
WebCalendar includes/functions.php noSet Variable Overwrite
Sambar Server Multiple CGI Remote Overflow
Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)
Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities
K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution
ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS)
Invision Community Blog Module eid Parameter SQL Injection
Openfire < 3.6.3 Multiple Vulnerabilities
nBill component for Joomla! index.php cid Parameter SQL Injection
Site@School slideshow_full.php album_name Parameter SQL Injection
Metertek pagelog.cgi Traversal Arbitrary File Access
PHP TopSites setup.php Administration Authentication Bypass
Land Down Under <= 801 Multiple Vulnerabilities
CitrusDB Static id_hash Admin Authentication Bypass
BBS E-Market Professional index.php filename Variable Traversal Arbitrary File Access
miniBB bb_func_txt.php pathToFiles Variable Remote File Inclusion
MailEnable NetWebAdmin Unauthorized Access (ME-10019)
Zen Cart password_forgotten.php Admin Access Bypass
Horde IMP mailbox.php3 Multiple Variable SQL Injection
WordPress fGallery fim_rss.php album Parameter SQL Injection
phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)
PHP < 5.2.10 Multiple Vulnerabilities
getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities
Goollery < 0.04b Multiple Vulnerabilities
PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access
Coppermine Photo Gallery displayimage.php SQL injection
Packeteer Web Management Interface Authentication
phpBB < 2.0.9 Multiple Vulnerabilities
PostNuke Glossary Module page Parameter SQL Injection
Master Index search.cgi Traversal Arbitrary File/Directory Access
Ultimate PHP Board users.dat Multiple Vulnerabilities
Poster version.two index.php Account Manipulation Privilege Escalation
Ikonboard ikonboard.cgi Multiple Parameter SQL Injection
Invision Gallery < 1.3.1 Multiple SQL Injections
phpWebSite index.php Search Module SQL Injection
Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)
sawmill allows the reading of the first line of any file
Woltlab Burning Board Detection
IceWarp Web Mail Multiple Flaws (4)
Trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion
BEA WebLogic FileServlet Source Code Disclosure
vTiger < 4.5a2 Multiple Vulnerabilities
Site Documentation Module for Drupal Database Tables Access Content Permission Information Disclosure
Namazu < 2.0.14 Multiple Vulnerabilities
WordPress < 1.5.1 Multiple Vulnerabilities
ViewVC Direct Request CVSROOT Information Disclosure
zml.cgi Directory Traversal
ROADS search.pl form Parameter Traversal Arbitrary File Access
DevoyBB Multiple Remote Vulnerabilities (SQLi, XSS)
PHP-Fusion <= 6.00.106 Multiple Vulnerabilities
RunCMS Detection
PSCS VPOP3 messagelist.html msglistlen Parameter DoS
Community Link Pro login.cgi file Parameter Arbitrary Command Execution
RealServer /admin/Docs/default.cfg Information Disclosure
Turbo Seek tseekdir.cgi location Parameter Arbitrary File Access
CubeCart index.php cat_id Parameter SQL Injection
PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access
MailEnable HTTPMail Service Authorization Header Handling Remote DoS
Gallery HTTP Global Variables File Inclusion
Zenphoto rss.php albumnr Parameter SQL Injection
Forum51/Board51/News51 Users Disclosure
Mensajeitor Tag Board Admin Bypass
Bugzilla Multiple Remote Command Execution
Nukestyles.com viewpage.php Addon for PHP-Nuke File Variable Traversal Arbitrary File Access
GNU Mailman Multiple Unspecified Remote Vulnerabilities
CubeCart Detection
Drupal Unspecified Privilege Escalation
PHPFM Arbitrary File Upload
PNphpBB2 index.php c Parameter SQL Injection
MediaWiki JSON Callback Crafted API Request Information Disclosure
Jinzora Multiple Script include_path Parameter Remote File Inclusion (2)
Moodle filter/tex/texed.php pathname Parameter Remote Command Execution
WebAPP Detection
Emumail WebMail Multiple Remote Vulnerabilities (XSS, Disc)
Plain Old Webserver URI Traversal Arbitrary File Access
XOOPS Jobs Module index.php cid Parameter SQL Injection
phpMyBackupPro < 1.0.0 Unspecified Input Validation Issues
Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access
WihPhoto sendphoto.php Traversal Arbitrary File Access
Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution
Blazix Trailing Character JSP Source Disclosure
Cuyahoga FCKEditor Misconfiguration Unrestricted File Upload
CGI Generic Remote File Inclusion Vulnerability
Kerio WebMail < 5.7.7 Multiple Vulnerabilities
PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read
Movable Type mt-load.cgi Privilege Escalation
e107 class2.php e107language_e107cookie Cookie Traversal Local File Inclusion
Spiceworks Accept Request Header Overflow
paNews Detection
Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution
Webcart Default Install Configuration Disclosure
Stadtaus Gaestebuch-Script index.php include_files Variable Remote File Inclusion
TWiki ImageGalleryPlugin Shell Command Injection
XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal
Pixelpost < 1.5 RC1 Multiple Vulnerabilities
PunBB profile.php id Parameter SQL Injection
IRCXPro Default Admin Password
RiSearch show.pl Open Proxy Relay
PD9 MegaBBS Multiple Vulnerabilities
Profense Web Application Firewall Default Credentials
TextPortal Default Passwords
Sambar Server search.pl results.stm Overflow DoS
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection
pMachine lib.inc.php pm_path Parameter Remote File Inclusion
Snitz Forums 2000 3.4.03 Multiple Vulnerabilities
Basic Analysis and Security Engine Authentication Check
Hosting Controller Multiple Script Arbitrary Directory Browsing
PHPLinks Multiple Input Validation Vulnerabilities
MyDMS < 1.4.3 Multiple Vulnerabilities
Trend Micro IMSS Console Management Detection
eFiction < 2.0.2 Multiple Remote Vulnerabilities (SQLi, XSS, Disc)
phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities
osCommerce Unprotected Admin Directory
DUware Multiple Products type.asp iType Parameter SQL Injection
Plesk Multiple Script locale_id Parameter Traversal Arbitrary File Access
MyBB member.php uid Parameter SQL Injection
Bugzilla < 2.16.7 / 2.18.0rc3 Multiple Information Disclosures
Icecast MP3 Client HTTP GET Request Remote Overflow
AWStats migrate Parameter Arbitrary Command Execution
Coppermine Photo Gallery Detection
paFileDB auth.php pafiledbcookie Cookie SQL Injection
ASG-Sentry CGI Default Credentials
Moodle moodledata/sessions/ Session Files Remote Information Disclosure
ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure
XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)
PPA functions.inc.php ppa_root_path Variable File Inclusion
SWAT Unauthenticated Access (Demo Mode)
PHP-Ping index.php pingto Parameter Arbitrary Code Execution
Calendar Express Multiple Vulnerabilities (SQLi, XSS)
Coppermine Photo Gallery index.php file Parameter Local File Inclusion
CGI Generic Command Execution Vulnerability
PHProjekt <= 5.1 Multiple Remote File Inclusions
IlohaMail Attachment Arbitrary File Create/Overwrite
Tripwire for Webpages Installation Disclosure
NETFile Default Credentials
osTicket <= 1.3.1 Multiple Vulnerabilities
Coppermine Photo Gallery Voting Restriction Bypass
Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation
Polar HelpDesk Authentication Bypass
Mambo < 4.6.5 mos_user_template Local File Inclusion
Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure
Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities
MPM Guestbook Pro top.php Traversal Arbitrary File Access
RWCards Component for Joomla! index.php category_id Parameter SQL Injection
Browsable Web Directories
Sybase EAServer WebConsole jaqadmin Default Password
VChat Multiple Remote Vulnerabilities
Netscape Enterprise Default Administrative Password
Simple PHP Blog install05.php blog_language Parameter Local File Inclusion
HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access
Open WebMail Detection
Gallery index.php GALLERY_BASEDIR Variable Remote File Inclusion
IBM Lotus Domino Web Server $defaultNav Information Disclosure
phpFormGenerator Arbitrary File Upload
Adcycle build.cgi Remote Password Disclosure
WP-Syntax apply_filters function Command Execution
ListManager Error Message Information Disclosure
RoundCube Webmail bin/html2text.php Post Request Remote PHP Code Execution
X7 Chat index.php day Parameter SQL Injection
IBM WebSphere Application Server %20 Request Source Disclosure
Calendarix Basic cal_cat.php catview Variable SQL Injection
TWiki configure Script Arbitrary Command Execution
ViRobot Linux Server filescan Authentication Bypass
Cacti < 0.8.6f Multiple Vulnerabilities (Priv Esc, Cmd Exe)
CGI Generic SQL Injection Vulnerability
Novell GroupWise WebAccess Error Handler Authentication Bypass
Serendipity Detection
XOOPS Multiple Modules spaw_control.class.php spaw_root Parameter Remote File Inclusion
Calendarix Multiple Vulnerabilties (SQLi, XSS)
Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval
Apache mod_jk Long URL Worker Map Stack Overflow
Sympa wwsympa do_search_list Overflow DoS
Roxen Web Server Counter Module Crafted Request Saturation DoS
phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities
DokuWiki fetch.php Multiple Variable imconvert Function Arbitrary Command Execution
Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation
Moodle Detection
Web Site Cross-Domain Policy File Detection
OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access
Emulive Server4 Authentication Bypass
Zen Cart password_forgotten.php admin_email Parameter SQL Injection
ezPublish settings/site.ini Configuration Disclosure
Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion
Netquery <= 3.1 Multiple Vulnerabilities
Horde Help Viewer Arbitrary Code Execution
Claroline claro_init_local.inc.php extAuthSource[newUser] Variable Remote File Inclusion
PHP < 4.4.8 Multiple Vulnerabilities
Woltlab Burning Board Multiple SQL Injections
Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion
BF Survey Pro Component for Joomla! table Parameter SQL Injection
Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion
Docebo GLOBALS Variable Overwrite Remote File Inclusion
Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow
Serendipity Multiple Script HTTP Response Splitting
Coppermine Photo Gallery showdoc.php f Variable Local File Inclusion
PunBB search.php old_searches Parameter SQL Injection
Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion
Horde Admin Account Default Password
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection
Novell Teaming Login User Account Enumeration Weakness
CMS Made Simple url Parameter Arbitrary File Access
PostNuke < 0.762 Multiple Vulnerabilities
Bugzilla < 2.18.1 Multiple Information Disclosures
Claroline ldap.inc.php clarolineRepositorySys Variable Remote File Inclusion
IlohaMail Configuration Scripts Remote Disclosure
MyReview Admin.php email Parameter SQL Injection
phpGroupWare Detection
Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD)
Psunami.CGI Command Execution
phpLDAPadmin custom_welcome_page Parameter File Include Vulnerability
phpMyAdmin Installation Not Password Protected
CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access
ListManager < 8.9b Multiple Vulnerabilities
/doc/packages Directory Browsable
Savant Web Server cgitest.exe Overflow
Adobe RoboHelp Server Security Bypass (APSA09-05 / unsafe check)
Cerberus Support Center Multiple Remote Vulnerabilities (SQLi, XSS)
OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities
Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities
Sysinfo name Parameter Arbitrary Code Execution
US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure
Apache Tomcat Directory Listing and File disclosure
phpMyAgenda rootagenda Parameter File Include Vulnerability
Contenido contenido/classes/class.inuse.php Multiple Variable Remote File Inclusion
ProductCart Multiple Vulnerabilities
SquirrelMail S/MIME Plug-in Remote Command Execution
Exponent CMS Multiple Cross-Site Scripting Vulnerabilities
Big Brother bb-hostsvc.sh HOSTSVC Parameter Traversal Arbitrary File Access
Windmail.exe Shell Metacharacter Arbitrary Command Execution
WordPress < 1.2.2 Multiple Vulnerabilities
Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass
phpMyFAQ < 1.6.10 Multiple Script Arbitrary File Upload
CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion
XOOPS 1.0 RC1 Multiple Vulnerabilities
ClearSpace Detection
e107 < 7.0 Multiple Vulnerabilities
phpBB Cash_Mod admin_cash.php Arbitrary Command Execution
DCP-Portal lib.php root Parameter Remote File Inclusion
CuteNews Multiple Script Traversal Privilege Escalation
WebSpeed Messenger Administration Utility Unauthenticed Access
WebGais websendmail CGI Arbitrary Command Execution
XMB Forum < 1.9.2 Multiple Vulnerabilities
osTicket <= 1.2.7 Multiple Vulnerabilities
Multiple Vendor jj CGI Arbitrary Command Execution
EATON MGE Network Shutdown Module < 3.20 Authentication Bypass / Command Execution
ATutor Password Reminder SQL Injection
Woppoware PostMaster <= 4.2.2 Multiple Vulnerabilities
phpList index.php database_module Parameter Local File Inclusion
dotProject docs/ Directory Multiple Script Information Disclosure
NETFile FTP/Web Server Directory Traversal Arbitrary File Access
ELOG Remote Buffer Overflow Vulnerabilities
ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe)
Web Application Potentially Sensitive CGI Parameter Detection
Tektronix PhaserLink Printer Web Server Direct Request Administrator Access
Moodle lib/kses.php kses_bad_protocol_once Function Arbitrary PHP Code Execution
BASE Authentication Redirect Authentication Bypass
Ultimate PHP Board add.php Direct Request Information Disclosure
FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
Free Articles Directory index.php page Parameter Remote File Inclusion
TrailScout Module For Drupal Session Cookie SQL Injection
vCard define.inc.php match Parameter Remote File Inclusion
Zanfi CMS Lite index.php inc Parameter Remote File Inclusion
phpMyFAQ index.php action Variable Local File Inclusion
aspWebCalendar calendar.asp SQL Injection
Dragonfly CMS install.php newlang Variable Local File Inclusion
SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion
JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure
Merak Webmail / IceWarp Web Mail 5.2.8 Multiple Vulnerabilties
WebCalendar assistant_edit.php Unauthorized Access
Kietu index.php Remote File Inclusion
icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access
Microsoft FrontPage htimage.exe CGI Remote Overflow
Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution
TIPS MailPost Multiple Remote Vulnerabilities
HP System Management Homepage < 3.0.1.73 Multiple Flaws
JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Traversal Arbitrary File Manipulation
PHP iCalendar Multiple Script Remote File Inclusion
Leif Wright ad.cgi file Parameter Arbitrary Command Execution
OpenWebMail < 1.90 Multiple Vulnerabilities
PHPCatalog id Parameter SQL Injection
Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval
phpBB <= 2.0.14 Multiple Vulnerabilities
Monkey HTTP Daemon (monkeyd) < 0.9.1 Multiple Vulnerabilities
DotNetNuke Upgrade Process validationkey Generation Weakness Privilege Escalation
DUclassmate Multiple Scripts SQL Injection
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure
AWStats Referrer Arbitrary Command Execution Vulnerability
XAMPP < 1.4.14 Multiple Vulnerabilities
CVS (Web Based) Entries File Information Disclosure
PBLang BBS <= 4.65 Multiple Vulnerabilities
YaBB SE < 1.5.2 Multiple Vulnerabilities
A1Stats Multiple Script Traversal Arbitrary File Access
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
SimpleChat Information Disclosure
PHPNews news.php prevnext Parameter SQL Injection
Phorum common.php ForumLang Parameter Traversal Arbitrary File Access
Zmanda Recovery Manager for MySQL socket-server.pl MYSQL_BINPATH Variable Command Execution
Apache Tomcat Snoop Servlet Remote Information Disclosure
PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection
PhpWebGallery comments.php sort_by Parameter SQL Injection
PHP/FI php.cgi Traversal Arbitrary File Access
SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow
Oracle Secure Backup Administration Server Authentication Bypass
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow
phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)
MyServer 0.8 Multiple Vulnerabilities
Guestbook CGI Arbitrary Command Execution
CVSTrac cgi.c Multiple Overflows
OpenCart route Parameter Local File Inclusion
ITA Forum Multiple Scripts SQL Injection
Webmin miniserv.pl username Parameter Format String
MaxWebPortal <= 1.35 Multiple Vulnerabilities
PhpDig config.php relative_script_path Parameter Remote File Inclusion
Mambo Site Server MD5 Hash Session ID Privilege Escalation
PHPX admin/index.php username Parameter SQL Injection
Microsoft ASP.NET Application Tracing trace.axd Information Disclosure
vBulletin Email Field XSS
Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay
PHPSurveyor Multiple SQL Injections
Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion
Apache Tomcat RequestDispatcher Directory Traversal Vulnerability
Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS
X-News Password MD5 Hash Authentication Bypass
yappa-ng index.php album Parameter Local File Inclusion
MyBB misc.php fid Parameter SQL Injection
Sambar Server pagecount CGI Traversal Arbitrary File Overwrite
Bugzilla Multiple Vulnerabilities (SQLi, ID)
CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval
myGallery mygallerybrowser.php myPath Parameter Remote File Inclusion
VideoDB < 2.0.2 Multiple Vulnerabilities
phpMyAdmin sql.php Traversal Arbitrary File Access
PHP Easy Download admin/save.php moreinfo Parameter Code Injection
i-Gallery <= 3.3 Multiple Vulnerabilities
popper_mod PHP Administration Script Authentication Bypass
Netwin WebNews Webnews.exe Remote Overflow
PostNuke Sections Module Information Disclosure
Sun Java System ASP < 4.0.3 Multiple Vulnerabilities
MaxWebPortal memKey Parameter SQL Injection
e107 resetcore.php user Field SQL Injection
Centreon fileOreonConf Parameter File Include Vulnerabilities
PHP-Fusion extract() Global Variable Overwriting
IRIX handler CGI Arbitrary Command Execution
FlexCast Server Terminal Authentication Unspecified Remote Issue
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
PHP Surveyor Multiple Vulnerabilities
phpScheduleIt Detection
phpBB viewtopic.php highlight Parameter SQL Injection
Webhosting Component for Joomla catid Parameter SQL Injection
Flyspeck lang Parameter Local File Inclusion
Dream4 Koobi CMS index.php area Parameter SQL Injection
MapServer Multiple Remote Vulnerabilities
Sun ONE Application Server Upper Case Request JSP Source Disclosure
IlohaMail index.php init_lang Variable Arbitrary File Access
WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution
IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure
Snitz Forums 2000 <= 3.4.07 register.asp Email Parameter SQL Injection Vulnerability
@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion
phpLDAPadmin Anonymous Bind Security Bypass Vulnerability
Joomla! components/com_user/models/reset.php Reset Token Validation Forgery
IlohaMail Software Detection
MyBB index.php referrer Parameter SQL Injection
MDPro index.php topicid Parameter SQL Injection
Multiple Vendor test-cgi Arbitrary File Access
PHP-Fusion Detection
Simplicity oF Upload download.php language Parameter Local File Inclusion
Apache Tomcat TroubleShooter Servlet Information Disclosure
csSearch csSearch.cgi setup Parameter Arbitrary Command Execution
spin_client.cgi Remote Overflow
phpBB Knowledge Base Module kb.php cat Parameter SQL Injection
EGroupWare Multiple Vulnerabilities (SQLi, ID)
Seditio plug.php pag_sub Parameter SQL Injection
Drupal Comment Function Arbitrary Code Execution
Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc)
CVS (Web Based) Directory Spider
Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)
Ipswitch WhatsUp Professional Login.asp Multiple Field SQL Injection
TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion
HP OpenView Network Node Manager Multiple CGI Remote Overflows
CGI Generic Path Traversal Vulnerability
phpPgAdmin index.php _language Parameter Local File Inclusion
Drupal XML-RPC for PHP Remote Code Injection
Calendarix Multiple Script id Parameter SQL Injection
GNUMP3d < 2.9.6 Multiple Remote Vulnerabilities (XSS, Traversal)
CGI::Session File Driver CGISESSID Cookie Traversal Authentication Bypass
GForge top/topusers.php offset Parameter SQL Injection
eXtropia Web Store web_store.cgi Traversal Arbitrary File Access
Gallery stepOrder Parameter Local File Inclusion
FCKeditor.Java Connector Servlet CurrentFolder Infinite Loop DoS Vulnerability
Informix webdriver CGI Unauthenticated Database Access
Xaraya Software/Version Detection
ProductCart Multiple Input Validation Vulnerabilities
vBulletin <= 3.0.9 Multiple Vulnerabilities
Mobius DocumentDirect ddicgi.exe Long GET Request Overflow
JBoss JMX Console Unrestricted Access
osCommerce Customer Testimonials customer_testimonials.php testimonial_id Parameter SQL Injection
wwwcount Count.cgi Remote Overflow
BulletScript MailList bsml.pl Information Disclosure
CGI Generic Tests Timeout
VICIDIAL Call Center Suite admin.php SQL Injection
Open WebMail Shell Escape Arbitrary Command Execution
iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read
PunBB Search Dropdown Private Forum Disclosure
Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure
PHP < 4.4.9 Multiple Vulnerabilities
WordPress AdServe adclick.php id Parameter SQL Injection
PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion
WoltLab Burning Board search.php Multiple Variable SQL Injection
MPC SoftWeb Guestbook Multiple Vulnerabilities
EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion
Limbo Contact Component (com_contact) contact.html.php contact_attach Unrestricted File Upload
HP OpenView Network Node Manager Multiple Scripts Remote Command Execution
XOOPS WF-Section Module print.php articleid Parameter SQL Injection
SquirrelMail decodeHeader HTML injection vulnerability
phpMyWebHosting Authentication SQL Injection
PHP-Nuke sql_debug Information Disclosure
Sambar Server /sysadmin Default Accounts
E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion
WebCalendar login.php webcalendar_session Cookie SQL Injection
PHP Support Tickets index.php Multiple Parameter SQL Injection
FireStats < 1.6.2 Multiple Vulnerabilities
ht://Dig htsearch Multiple Vulnerabilities
HappyMall Multiple Script Arbitrary Command Execution
AppServ appserv/main.php appserv_root Variable Remote File Inclusion
Gallery Zipcart Module Arbitrary File Disclosure
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution
Symantec Web Security (SWS) Multiple Vulnerabilities
Websense Reporting Console Detection
Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion
Simple Machines Forum Search.php SQL Injection
Alibaba tst.bat Arbitrary Command Execution
Mailman Utils.py Spoofed Log Entry Injection
AWStats rawlog.pm logfile Parameter Arbitrary Command Execution
Jaws language Parameter Multiple Local File Includes
phpMyAdmin < 2.5.2 Multiple Vulnerabilities
Mambo / Joomla! Multiple Components mosConfig_live_site Parameter Remote File Inclusion
Webmin / Usermin miniserv.pl Arbitrary File Disclosure
ServerView Servername Parameter Arbitrary Command Execution
Claroline inc/lib/language.lib.php language Variable Traversal Local File Inclusion
PHP-Nuke Detection
Symantec Web Security Detection
Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection
phpWebThings Multiple Scripts SQL Injection
Simple Form Subject Tags Arbitrary Mail Relay
Web Wiz Site News / Compulsive Media CNU5 news.mdb Direct Request Database Disclosure
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)
Bugzilla Software Detection
X7 Chat help/index.php help_file Parameter Local File Inclusion
Inktomi Search MS-DOS Device Name Request Path Disclosure
ExoPHPDesk faq.php id Variable SQL Injection
Coppermine Photo Gallery keysToSkip Variable Overwrite
CGI Generic Header Injection Vulnerability
Web Site sitemap.xml File and Directory Disclosure
phpMyAdmin setup.php save Action Arbitrary PHP Code Injection
Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval
AsteriDex callboth.php Multiple Variable CRLF Injection Arbitrary Command Execution
vBulletin calendar.php eventid Variable SQL Injection
iBill ibillpm.pl Password Generation Weakness
webadmin.php show Parameter Arbitrary File Access
Gallery main.php g2_itemId Variable Traversal Arbitrary File Access
WordPress Trackback wp-trackback.php tb_id Parameter SQL Injection
pluck < 4.5.3 Multiple Local File Include Vulnerabilities
Matt Wright guestbook.pl Arbitrary Command Execution
XAMPP ADOdb mssql_connect Remote Buffer Overflow
Netbilling nbmember.cgi cmd Parameter Information Disclosure
Owl browse.php Authentication Bypass
BasiliX Application Installation Detection
JRun Web Server (JWS) GET Request Traversal Arbitrary File Access
Etomite CMS index.php id Paramater SQL Injection
Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure
Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
Trend Micro Emanager Detection
Microsoft IIS Multiple Vulnerabilities (MS02-018)
Sitecore CMS < 5.3.2 rev. 090212 Web Service Security Database Information Disclosure
phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification
Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
XEROX MicroServer Web Server Multiple Vulnerabilities (XRX05-008)
Symantec Mail Security for SMTP Admin Center Default Credentials
McAfee Common Management Agent Traversal Arbitrary File Write
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
phpSecurePages cfgProgDir Variable File Include Vulnerabilities
Vignette Application Portal Diagnostic Utility Information Disclosure
GTcatalog password.inc Direct Request Password Disclosure
Ocean12 ASP Calendar Administrative Access
Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution
ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities
WebMatic Unspecified Login Function Access Vulnerability
ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal)
SquirrelMail strings.php base_uri Parameter Information Disclosure
FlatNuke index.php id Variable Traversal Arbitrary File Access
IlohaMail Unspecified Vulnerability
CuteNews Debug Info Disclosure
Openads Delivery Engine OA_Delivery_Cache_store() Function name Argument Arbitrary PHP Code Execution
ASP PortalApp Multiple SQL Injection
PHP-Blogger pref.db Database Information Disclosure
Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities
PJ CGI Neo PJreview_Neo.cgi p Parameter Traversal Arbitrary File Access
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution
phpBB Detection
Webmin / Usermin Null Byte Filtering Vulnerabilities
RCBlog index.php post Parameter Traversal Arbitrary File Access
Joomla! index.php mosConfig_absolute_path Parameter Remote File Inclusion
Dune Web Server GET Request Remote Overflow
Les Visiteurs Multiple Remote File Inclusion
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
zFeeder admin.php Direct Request Admin Authentication Bypass
Moodle LaTeX Information Disclosure
WebGais webgais CGI Arbitrary Command Execution
phpCOIN <= 1.2.1b Multiple Vulnerabilities
Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities
RaidenHTTPD workspace.php ulang Parameter Local File Inclusion
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
Movable Type Detection
Macallan Mail Solution Web Interface Multiple Vulnerabilities (Auth Bypass, DoS)
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access
Pligg evb/check_url.php url Parameter SQL Injection
Serendipity XML-RPC for PHP Remote Code Injection
YaBB SE Cookie Authentication Bypass
phpGroupWare Unspecified Remote File Inclusion
Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure
Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass
Chipmunk Forum Multiple SQL Injections
JCE Admin Component for Joomla! jce.php Multiple Vulnerabilities (LFI, XSS)
IRIX webdist.cgi Arbitrary Command Execution
phpWebSite Detection
PlusMail plusmail CGI Arbitrary Command Execution
iWebNegar Multiple Scripts SQL Injection
OneOrZero Helpdesk tinfo.php Arbitrary File Upload
my_gallery Plugin for e107 dload.php file Parameter Arbitrary File PHP Source Disclosure
AWStats is Openly Accessible
WordPress 2.1.1 Multiple Script Backdoor
phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions
Horde Imp Webmail status.php3 message Parameter XSS
SalesLogix eViewer slxweb.dll Request Remote DoS
SHOUTcast Server Filename Handling Format String
OpenX ac.php bannerid Parameter SQL Injection
ShopCartCGI Multiple Script Traversal Arbitrary File Access
WebWho+ whois.pl time Parameter Arbitrary Command Execution
Coppermine Photo Gallery < 1.3.2 Multiple SQL Injections
Flyspray install-0.9.7.php adodbpath Variable Remote File Inclusion
Enterasys Dragon Enterprise Reporting Detection
PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion
Ipswitch WhatsUp Gold <= 8.04 Multiple Vulnerabilities
Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)
4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion
Netref cat_for_gen.php Arbitrary PHP Command Injection
CMS Made Simple modules/TinyMCE/content_css.php templateid Variable SQL Injection
Allaire JRun Encoded JSP Request Arbitrary Directory Listing
Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc)
PHP < 3.0 mylog.html/mlog.html Arbitrary File Access
Mambo Open Source Multiple Vulnerabilities
WowBB <= 1.61 Multiple Vulnerabilities
Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities
Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion
SandSurfer < 1.7.0 User Authentication Bypass
FCKeditor for PHP-Nuke Arbitrary File Upload
ColdFusion Debug Mode Information Disclosure
Woltlab Burning Board verify_email Function SQL Injection
Lyris ListManager Subscription Form Administrative Command Injection
Vignette StoryServer TCL Server Crash Information Disclosure
Serendipity exit.php Multiple Parameter SQL Injection
Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion
osTicket Form Field Modification File Upload Size Restriction Bypass
Open Virtual Desktop Detection
Advanced Guestbook index.php lang Cookie Variable Path Disclosure
WordPress < 0.72 RC1 Multiple Vulnerabilities
Minis minis.php month Parameter Traversal Arbitrary File Access
PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access
Loudblog backend_settings.php Multiple Parameter Remote File Inclusion
Ipswitch WhatsUp Professional Crafted Header Authentication Bypass
dotProject Multiple Scripts Remote File Inclusion
PostNuke <= 0.760 RC4a Multiple Vulnerabilities
osCommerce update.php readme_file Parameter Arbitrary File Disclosure
Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion
Coppermine imageObjectIM.class.php Command Execution Vulnerabilities
Sambar Server Multiple CGI Environment Variable Disclosure
OneOrZero Helpdesk tupdate.php sg Parameter SQL injection
Silent-Storm Portal Multiple Input Validation Vulnerabilities
CafeLog B2 Multiple Script Remote File Inclusion
e107 db.php User Database Disclosure
Alkalay.Net Multiple Scripts Arbitrary Command Execution
PHP-Calendar includes/search.php Multiple Parameter SQL Injection
Horde Turba Detection
Carello E-Commerce Carello.dll Command Execution
Barracuda Spam Firewall Multiple Remote Vulnerabilities (Cmd Exec, Traversal, Default)
AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc)
Web Wiz check_user.asp txtUserName Parameter SQL Injection
VICIDIAL Call Center Suite Default Administrative Credentials
Directory Browsing Enabled?
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution
WordPress Cookie cache_lastpostdate Parameter PHP Code Injection
Comersus BackOffice comersus_backoffice_menu.asp Multiple Variable SQL Injection
PHPAuction Admin Authentication Bypass
SimpleBoard / Joomlaboard Multiple Script sbp Parameter Remote File Inclusion
phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution
OmniHTTPd visadmin.exe Malformed URL DoS
Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection
HylaFAX faxsurvey Arbitrary Command Execution
J Walk Application Server Encoded Traversal Arbitrary File Disclosure
FtpLocate flsearch.pl fsite Parameter Remote File Inclusion
Simple Machines Forum Validation Code Prediction Arbitrary Password Reset
Microsoft Site Server Multiple Script Information Disclosure
php-proxima autohtml.php Arbitrary File Retrieval
Maia Mailguard login.php lang Parameter Local File Inclusion
phpList cline Parameter Array Remote File Inclusion
Mantis < 1.0.0rc2 Multiple Vulnerabilities
myPHPNuke My_eGallery gallery/displayCategory.php basepath Variable Remote File Inclusion
Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities
Advanced Poll info.php Remote Information Disclosure
paFileDB includes/search.php categories Parameter SQL Injection
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access
Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation
Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection
YaBB YaBB.pl num Parameter Traversal Arbitrary File Access
SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure
paNews 2.0.4b Multiple Input Validation Vulnerabilities
Sympa Malformed Content-Type Header Remote DoS
WebCalendar Detection
PHP Doc System index.php show Parameter Local File Inclusion
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access
phpBB Advanced GuestBook addentry.php phpbb_root_path Variable Remote File Inclusion
Comersus Cart Multiple Vulnerabilities (SQLi, XSS)
TUTOS < 1.1.20040412 Multiple Input Validation Issues
JBrowser Multiple Vulnerabilities (Auth Bypass, Traversal)
Moodle < 1.5.1 Multiple Vulnerabilities
CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID)
ADOdb Lite adodb-perf-module.inc.php last_module Variable Arbitrary Code Execution
phpWebNotes t_path_core Parameter File Include Vulnerability
CVSTrac Ticket Title Arbitrary Command Execution
LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
CVSTrac Invalid Ticket DoS
Trend Micro Scanmail for Domino nsf File Information Disclosure
CuteNews search.php files_arch Array Arbitrary File Access
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities
Mantis manage_user_create.php CSRF New User Creation
phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion
MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities
DCForum dcboard.cgi Multiple Vulnerabilities
2BGal disp_album.php id_album Parameter SQL Injection
WebAdmin < 3.2.6 MDaemon Account Hijacking
Land Down Under HTTP Referer Header SQL Injection
MAILNEWS mailnews.cgi Arbitrary Command Execution
cPanel Backup File Local Disclosure
Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution
Wikka wikka.php Local File Inclusion
phpBB < 2.0.11 Multiple Vulnerabilities
PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection
DevTrack Web Service UserName Field SQL Injection
phpGroupWare Admin/Setup Password Cleartext Cookie Storage
JBoss %00 Request JSP Source Disclosure
Sambar Server /session/sendmail Arbitrary Mail Relay
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness
Multiple Web Server printenv CGI Information Disclosure
osTicket Arbitrary Attachment Disclosure
osTicket open.php Support Address Crafted Mail Loop Remote DoS
Digital Scribe login.php SQL Injection
GMaps Component for Joomla! index.php viewmap Action mapId Parameter SQL Injection
Limbo CMS Multiple Vulnerabilities
Viralator CGI Script Arbitrary Command Execution
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities
Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc)
Extent RBS Web Server Image Parameter Traversal Arbitrary File Access
PHP < 4.4.5 Multiple Vulnerabilities
IlohaMail index.php session Parameter Arbitrary File Access
GuppY < 4.5.6a Multiple Vulnerabilities
bBlog rss.php p Parameter SQL Injection
phpAdsNew helperfunction.php Remote File Inclusion
VP-ASP shopsearch SQL injection (SQLi)
Multiple Vendor phf CGI Arbitrary Command Execution
ASG-Sentry CGI Detection
NETGEAR Wireless Access Point Hardcoded Default Password
ASP-Rider verify.asp username Parameter SQL Injection
CVSTrac Malformed URI Infinite Loop DoS
BEA WebLogic Null Byte Request JSP Source Disclosure
MultiHTML multihtml.pl Traversal Arbitrary File Access
OpenBB < 1.0.9 Multiple Vulnerabilities
XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion
FuseTalk index.cfm txForumID Variable SQL Injection
Horde Mnemo Detection
SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access
Chipmunk CMScore Multiple Script SQL Injection
Sun ONE (iPlanet) Application Server Detection
CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi)
Mantis < 0.17.5 Multiple Vulnerabilities
NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation
vpopmail-CGIApps vpasswd.cgi Remote Command Execution
WordPress < 1.5.1.3 Multiple Vulnerabilities
SiteMinder smpwservicescgi.exe Arbitrary Site Redirect
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion
PowerPortal index.php index_page Parameter SQL Injection
MailScan WebAdministrator Cookie Authentication Bypass
My_eGallery < 3.1.1g Remote File Inclusion
phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion
eLDAPo index.php Cleartext Password Disclosure
Limbo CMS index.php Itemid Variable Arbitrary Command Execution
Gravity Board X <= 1.1 Multiple Vulnerabilities (SQLi, XSS, PD, Cmd Exe)
Guestbook tr3.a Password Disclosure
CVSTrac CVSROOT/passwd Arbitrary Account Deletion
RunCMS Multiple Script bbPath Parameter Remote File Inclusion
ChartDirector for .NET cacheId Parameter Arbitrary File Access
HP Instant TopTools hpnst.exe CGI DoS
IlohaMail Forged GET/POST Arbitrary Contacts Deletion
Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access
Aborior Encore WebForum display.cgi file Variable Command Execution
Trend Micro InterScan VirusWall catinfo CGI Overflow
OpenX fc.php MAX_type Parameter Traversal Local File Inclusion
Atmail WebMail Detection
Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution
YaPiG < 0.95b Multiple Vulnerabilities
PHP Error Log Format String Command Injection
XEROX WorkCentre WebUI Arbitrary Command Execution (XRX06-005)
TWiki %INCLUDE Parameter Arbitrary Command Injection
Multiple Server Crafted Request WEB-INF Directory Information Disclosure
SpiderSales Shopping Cart SQL injection
bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)
e107 email.php Arbitrary Mail Relay
Sun Java System Identity Manager Account Disclosure
Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure
PatchLink Update Server proxyreg.asp Arbitrary Proxy Manipulation
Sawmill < 7.1.6 Multiple Vulnerabilities
SquirrelMail plugin.php plugins Parameter Local File Inclusion
Pluck update.php Remote Privilege Escalation
MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion
Asterisk Recording Interface (ARI) misc/audio.php recording Variable Traversal Arbitrary File Access
Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities
phpSANE file_save Parameter Remote File Include
w-Agora inc_dir Parameter Remote File Inclusion
SPiD lang.php lang_path Remote File Inclusion
/doc Directory Browsable?
Mantis < 0.19.1 Multiple Vulnerabilities
PunBB < 1.2.7 Multiple Vulnerabilities
myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion
Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities
BizDB bizdb-search.cgi Arbitrary Command Execution
iisPROTECT Unpassworded Administrative Interface
Mnogosearch search.cgi Multiple Parameter Remote Overflows
Mambo Detection
Monster Top List sources/functions.php root_path Variable Remote File Inclusion
SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting
Matt Wright textcounter.pl Arbitrary Command Execution
GForge Multiple Script Traversal Arbitrary Directory Listing
Dokeos < 1.6.4 / 2.0.3 Multiple Scripts Remote File Inclusion
TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities
CoolPHP 1.0 Multiple Vulnerabilities
RunCMS Multiple Script lid Parameter SQL Injection
WebLogic Multiple Method Cleartext Password Disclosure
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access
Sympa wwsympa Invalid LDAP Password Remote DoS
Super-M Son hServer URI Traversal Arbitrary File Access
Joomla! < 1.0.11 Unspecified Remote Code Execution
TalentSoft Web+ webplus CGI Traversal Arbitrary File Access
Adobe Document Server for Reader Extensions < 6.1 Multiple Vulnerabilities
Sun JavaServer Default Admin Password
PAJAX < 0.5.2 Multiple Vulnerabilities
XOOPS Dictionary Module print.php id Parameter SQL Injection
Website Baker Admin Login SQL Injection
WWWBoard passwd.txt Authentication Credential Disclosure
vBulletin Detection
Adobe Dreamweaver dwsync.xml Remote Information Disclosure
WordPress query.php is_admin() Function Information Disclosure
Webapp.org WebAPP < 0.9.9.6 Multiple Vulnerabilities
Nukedit utilities/login.asp email Parameter SQL Injection
MailEnable HTTPMail Service Authorization Header Remote Overflow
EZShopper Multiple Script Arbitrary Command Execution
XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion
Icecast Encoded Traversal Arbitrary File Access
Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
GOsa Multiple Script plugin Parameter Remote File Inclusion
Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access
TWiki filename Parameter Traversal Arbitrary File Access
Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities
Multiple Vendor info2www CGI Arbitrary Command Execution
Apache Tomcat Nonexistent File Error Message Path Disclosure
AWOL helperfunction.php includedir Parameter Remote File Inclusion
PHPNews auth.php Multiple Parameter SQL Injection
MediaWiki Language Option eval() Function Arbitrary PHP Code Execution
zenTrack index.php configFile Parameter Traversal Arbitrary Files Access
DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection
Claroline Software Detection
PCCS-Mysql User/Password Exposure
PunBB include/common.php language Paramater Local File Inclusion
Verity Ultraseek < 5.7 Multiple Vulnerabilities
MyBB < 1.0 Multiple SQL Injection Vulnerabilities
PDGSoft Shopping Cart Multiple Vulnerabilities
MailWatch authenticate() Function SQL Injection
PortalApp forums.asp sortby Parameter SQL Injection
MailEnable HTTPMail Service Content-Length Header Overflow
Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe)
Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure
PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access
Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access
dotCMS Multiple Script id Parameter Traversal Local File Inclusion
phpWebFTP index.php language Parameter Local File Inclusion
AspUpload Test11.asp Arbitrary File Upload
GuppY <= 4.5.9 Multiple Remote Vulnerabilities (Traversal, Code Exec)
Trend Micro InterScan Web Security Suite Default Credentials
PHP < 5.2.4 Multiple Vulnerabilities
Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval
IRIX wrap CGI Traversal Arbitrary Directory Listing
JGS-Portal for WoltLab Burning Board Multiple Vulnerabilities (SQLi, XSS)
Sun Java ASP Server Default Admin Password
WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access
MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access
SHOUTcast Server admin.cgi Long Argument Overflow
HotOpentickets Privilege Escalation
Thunderstone Software Texis Nonexistent File Request Path Disclosure
Directory Pro Traversal Arbitrary File Access
Hosting Controller addsubsite.asp Security Bypass
Resin viewfile Servlet Arbitrary File Disclosure
Web Server Generic 3xx Redirect
XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection
gigCalendar Component for Joomla! gigcal_gigs_id Parameter SQL Injection
Photopost PHP Pro photo Parameter SQL Injection
Mort Bay Jetty URL Multiple Slash Character Information Disclosure
TWiki Detection
boastMachine users.inc.php File Extension Validation Arbitrary File Upload
Mambo Open Source usercookie Parameter SQL Injection
OpenBB index.php CID Parameter SQL Injection
PmWiki < 2.1 beta 21 Multiple Vulnerabilities
phpWebSite Image Announcement Upload Arbitrary Command Execution
KW Whois CGI whois Parameter Arbitrary Command Execution
MediaWiki Detection
Serendipity Multiple Scripts serendipity[charset] Parameter Local File Inclusion
PostNuke Install Script Admin Password Disclosure
Drupal Theme System Template Local File Inclusion
Samba Web Administration Tool (SWAT) Error Message Username Enumeration
MODx < 0.9.1a Multiple Vulnerabilities
Allaire JRun Crafted Request WEB-INF Forced Directory Listing
PHP Advanced Transfer Manager <= 1.21 Multiple Vulnerabilities
Exhibit Engine list.php Multiple Parameter SQL Injection
Samba Web Administration Tool (SWAT) Detection
pMachine <= 2.2.1 Multiple Vulnerabilities
BasiliX login.php3 username Variable Arbitrary Command Execution
ASPrunner 2.4 Multiple Vulnerabilities
Help Center Live class/auth.php check_logout Function Admin Authentication Bypass
WordPress < 2.8.4 Password Reset
Plumtree Portal User Object User Enumeration
DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)
phpBB <= 2.0.12 Multiple Vulnerabilities
Invision Gallery index.php st Parameter SQL Injection
Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure
Microsoft IIS advsearch.asp Direct Request DoS
HotNews Multiple Script Remote File Inclusion
CubeCart <= 2.0.6 Multiple SQL Injections
Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)
LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass
WHM AutoPilot < 2.5.20 Multiple Remote Vulnerabilities
MyBB comma Cookie SQL Injection
AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution
phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution
Orion Application Server Crafted Filename Extension JSP Script Source Disclosure
SquirrelMail < 1.45 Multiple Vulnerabilities
PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
SugarCRM Detection
JAWS Multiple Vulnerabilities (XSS, Auth Bypass, Traversal)
Trac quickjump Search Script q Parameter Arbitrary Site Redirect
Ecartis HTML Field Manipulation Arbitrary User Password Reset
PHProjekt setup.php Authentication Bypass Arbitrary Code Execution
Multiple Web Server finger CGI Information Disclosure
LifeType index.php Date Parameter SQL Injection
cPanel guestbook.cgi template Variable Arbitrary Command Execution
Aprox PHP Portal index.php Arbitrary File View
phpWebSite index.php hub_dir Parameter Local File Inclusion
Simplog <= 0.9.2 Multiple Vulnerabilities
Mambo Open Source / Joomla! GLOBALS Variable Remote File Inclusion
Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)
WebSite Pro Malformed URL Path Disclosure
BEA WebLogic SSIServlet Invocation Source Code Disclosure
smb2www Detection
Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access
thttpd ssi Servlet Encoded Traversal Arbitrary File Access
phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution
ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities
CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities
PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal)
Nimda Worm Infected HTML File Detection
TorrentTrader download.php id Parameter SQL Injection
Serendipity < 0.8.1 Multiple Vulnerabilities
CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS)
Xylogics Annex Terminal Service ping CGI Program DoS
Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities
PHP Live Helper Multiple Remote File Inclusions
w-Agora index.php site Parameter Traversal Arbitrary File Access
WebHints hints.pl Arbitrary Command Execution
BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Variable Remote File Inclusion
Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass
Help Center Live osTicket Module Multiple Unspecified SQL Injections
AntiBoard antiboard.php Multiple Parameter SQL Injection
Xoops Incontent Module Traversal Arbitrary PHP File Source Disclosure
TWiki bin/configure image Parameter Traversal Arbitrary File Access/Execution
CVSweb Detection
Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS)
SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion
HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more)
Plogger plog-download.php checked[] Parameter SQL Injection
Jaws BlogModel.php path Parameter Remote File Inclusion
PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion
DUpaypal Pro Multiple Scripts SQL Injection
phpMyFAQ Detection
MediaWiki Multiple Remote Vulnerabilities
UBB.threads dosearch.php SQL injection
Movable Type mt.cfg Information Disclosure
TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow (2)
NetCharts Server Default Password
e_Board index2.cgi message Parameter Traversal Arbitrary File Access
PostNuke Rating System DoS
Muscat Empower CGI Malformed DB Parameter Path Disclosure
MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access
Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access
IBM Lotus Domino Server time/date Fields Remote Overflow
Technote main.cgi filename Parameter Traversal Arbitrary File Access
Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS
FAQManager Arbitrary File Reading Vulnerability
ASP.NET DEBUG Method Enabled
ProductCart Multiple Scripts SQL Injection
UBB.threads doeditconfig Arbitrary Command Injection
ManageEngine Applications Manager Invalid URI Remote Information Disclosure
Netscape PSCOErrPage.htm errPagePath Parameter Traversal Arbitrary File Access
PHP < 5.2.5 Multiple Vulnerabilities
e107 e107_cookie Parameter SQL Injection
Netdynamics ndcgi.exe Previous User Session Replay
Calendarix calendar.php Multiple Parameter SQL Injection
Ipswitch WhatsUp Gold Default Admin Account
Packeteer Web Management Interface Version Detection
Openfire Admin Console Remote Privilege Escalation
CubeCart < 2.0.6 settings.inc.php Multiple Script XSS
WEBrick Encoded Traversal Arbitrary CGI Source Disclosure
Xpressions Interactive Multiple Products login.asp SQL Injection
Simple Form Multiple Parameter Arbitrary Mail Relaying
Listserv < 14.5 Multiple Buffer Overflows
vBulletin authorize.php x_invoice_num Variable SQL Injection
PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
BEA WebLogic Hex Encoded Request JSP Source Disclosure
GWExtranet gwextranet/scp.dll Multiple Variable Traversal Local File Inclusion
DokuWiki Detection
Owl < 0.74.0 Multiple Vulnerabilities
KorWeblog < 1.6.2 Multiple Vulnerabilities
Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution
WebGUI user profile Unspecified Vulnerability
LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities
myPHPNuke phptonuke.php filnavn Parameter Traversal Arbitrary File Access
ArGoSoft Mail Server Multiple Traversals
Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass
e107 ePing Plugin doping.php Arbitrary Code Execution
phpList <= 2.6.3 Multiple Vulnerabilities
PHP < 5.2.9 Multiple Vulnerabilities
YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution
PHP < 5.2.3 Multiple Vulnerabilities
DCP-Portal Multiple Script Path Disclosure
Tenable Security Center Default Credentials
.svn/entries Disclosed via Web Server
BroadVision One-To-One Enterprise Nonexistent JSP Request Path Disclosure
PHP iCalendar Cookie Data Traversal Local File Inclusion
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities
HSWeb HTTP Server /cgi Directory Request Path Disclosure
Truegalerie admin.php loggedin Parameter Admin Authentication Bypass
PHPNews auth.php path Parameter Remote File Inclusion
Default Password (changeme) for SHOUTcast Server Service Port
UebiMiau Multiple Input Validation Vulnerabilities
BroadBoard Multiple Script SQL Injection
PunBB Detection
Loudblog < 0.42 template Parameter Traversal
Plogger plog-rss.php id Parameter SQL Injection
HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)
PhotoPost PHP Detection
INL ulog-php port.php proto Parameter SQL Injection
MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities
SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution
PHPix index.phtml Multiple Parameter Arbitrary Command Execution
AWStats awstats.pl Path Disclosure
osCommerce shopping_cart.php id Array Parameters SQL Injection
iisPROTECT Encoded URL Authentication Bypass
osTicket Attachment Handling File Upload Arbitrary Code Execution
MaxWebPortal <= 1.33 Multiple Vulnerabilities
Exponent CMS index.php view Variable Local File Inclusion
FCKeditor CurrentFolder Arbitrary File Upload
phpListPro Multiple Script returnpath Parameter Remote File Inclusions
osTicket setup.php Accessibility
IlohaMail Multiple Configuration Files Remote Information Disclosure
HP System Management Homepage (SMH) on Windows Namazu lang Parameter Traversal Arbitrary File Access
TYPO3 < 3.5.0 Multiple Vulnerabilities
Novell eDirectory iMonitor HTTP Protocol Stack (httpstk) Host HTTP Header Remote Overflow
WF-Chat User Account Disclosure
Backup Files Disclosure
PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities
Directory Manager edit_image.php Arbitrary Command Execution
phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion
Jinzora Multiple Script include_path Parameter Remote File Inclusion
BugPort Attached File Handling Unspecified Issue
Mantis Detection
Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness
WebSpeed Development Mode Check
Cobalt siteUserMod.cgi Arbitrary Password Modification
Trend Micro TMCM Console Management Detection
QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection
NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing
IceWarp Web Mail Multiple Flaws (3)
Zorum <= 3.5 Multiple Remote Vulnerabilities
Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
Geeklog User Comment Retrieval SQL Injection
Netwin Netauth netauth.cgi Traversal Arbitrary File Access
Horde Nag Detection
PhpMyExplorer index.php chemin Variable Encoded Traversal Arbitrary File Access
htgrep hdr Parameter Arbitrary File access
Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload
ActualAnalyzer direct.php rf Variable Remote File Inclusion
DokuWiki config_cascade Parameter Remote File Inclusion
Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
ADOdb tmssql.php do Variable Arbitrary PHP Function Execution
Microsoft ASP.NET Malformed File Request Path Disclosure
e107 Detection
TYPO3 cmw_linklist Extension category_uid Parameter SQL Injection
IlohaMail Multiple External Programs Arbitrary Command Execution
phPay admin/phpinfo.php Information Disclosure
Pligg settemplate.php template Parameter Local File Inclusion
PostNuke <= 0.760 RC4b Multiple Vulnerabilities
VisNetic / Merak Mail Server Multiple Remote Vulnerabilities
CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution
Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution
PHP < 4.3.8 Multiple Vulnerabilities
Marcus Xenakis directory.php Execute Arbitrary Commands
ZABBIX Web Interface Detection
WebCalendar < 1.0.2 Multiple Vulnerabilities
Simple Machines Forum msg Parameter SQL Injection Vulnerability
Cacti cmd.php Multiple Variable SQL Injection Arbitrary Command Execution
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access
Module Builder DownloadModule Traversal Arbitrary File Disclosure
Sambar Server Multiple Script Arbitrary Code Execution
RunCMS xoopsOption Parameter Local File Inclusion
FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution
Mambo Open Source Tar.php Remote File Inclusion
F-Secure Policy Manager Path Disclosure
BEA WebLogic config.xml Operator/Admin Password Disclosure
cPanel <= 9.1.0 Multiple Vulnerabilities
phpMyAdmin Detection
Microsoft IIS query.asp Direct Request DoS
EDIMAX EW-7205APL Wireless AP Default Password Check
Aventail ASAP Platform Management Console Detection
IlohaMail Unspecified Database Password Disclosure Weakness
Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
Sniplets Plugin for WordPress execute.php text Parameter Arbitrary Command Execution
Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access
w-Agora 4.1.6a Multiple Input Validation Vulnerabilities
Log Rover pword Parameter SQL Injection
Acajoom Component for Joomla! <= 3.2.6 Backdoor
OneOrZero Helpdesk default_language Local File Inclusion
McAfee Common Management Agent 3.6.0.546 Multiple Vulnerabilities
Google Analytics on An Internal Web Server Detection
IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities
ThinClientServer Admin Account Creation Privilege Escalation
Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure
SugarSales Multiple Module Traversal Arbitrary File Access
phpWebSite < 0.9.x Multiple Vulnerabilities
ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI)
Original inc/exif.inc.php exif_prog Parameter Arbitrary Command Execution
IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access
zenTrack index.php Multiple Parameter Remote File Inclusion
phpAdsNew XML-RPC Library Remote Code Injection
Nucleus CMS action.php itemid Parameter SQL Injection
WebCalendar Login Error Message User Account Enumeration
BitDefender Update Server HTTP Request Traversal Arbitrary File Access
RTH login.php uname Parameter SQL Injection
phpMyAdmin export.php what Parameter Traversal Arbitrary File Access
PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion
phpBB <= 2.0.13 Multiple Vulnerabilities
AMember Multiple Script config[root_dir] Parameter Remote File Inclusion
Stellar Docs Malformed Query Path Disclosure
Gallery < 1.4.4-pl5 Multiple Remote Vulnerabilities (XSS, Path Disc)
iXmail Multiple Script Arbitrary File Manipulation
LifeType rss.php profile Parameter Traversal Arbitrary File Access
MapServer < 5.2.2 / 4.10.4 Multiple Flaws
Basilix Webmail id Variable SQL Injection
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
DCP-Portal Multiple Scripts SQL Injection
CherryPy staticFilter Traversal Arbitrary File Access
DB4Web Server db4web_c Filename Request Traversal Arbitrary File Access
SilverStream Database Structure Disclosure
Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access)
Mambo Global Variables Unauthorized Access
Sambar Server cgitest.exe Remote Overflow
eggBlog index.php eggblogpassword Variable Cookie SQL Injection
Coppermine Photo Gallery album Password Cookie SQL Injection
Centreon include/doc/get_image.php img Variable Traversal Arbitrary File Access
Expose for Joomla! (com_expose) uploadimg.php Arbitrary File Upload Code Execution
YaNC yanc.html.php listid Parameter SQL Injection
IBM Websphere Commerce Database Update Information Disclosure
Nucleus CMS < 3.15 Multiple Vulnerabilities
Joomla! CMS com_search Component default_results.php searchword Variable Remote Command Execution
Fortinet Fortigate Web Console Management Detection
Greymatter 1.3 Multiple Vulnerabilities
IBM WebSphere snoopservlet Path Disclosure
NextApp Echo XML External Entity Handling Privilege Escalation
Jinzora name Parameter Local File Inclusion
YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities
Microsoft IIS Translate f: ASP/ASA Source Disclosure
Pinnacle ShowCenter Skin DoS
ColdFusion Multiple Vulnerabilities (File Upload/Manipulation)
Qualiteam X-Cart Multiple Vulnerabilities
PunBB < 1.2.6 Multiple Vulnerabilities
ReviewPost PHP Pro Multiple Script SQL Injections
PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access
gCards < 1.46 Multiple Vulnerabilities
OpenNMS Web Console Default Credentials
Kebi Academy Home Page Administration file Parameter Traversal Arbitrary File Access
DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQL Injection
Clever Copy connect.inc Direct Request Information Disclosure
WordPress check_ajax_referer() Function SQL Injection
SocialEngine Blog Plugin category_id Parameter SQL Injection
Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution
WordPress < 2.8.4 Password Reset (version check)
GoSmart Message Board Multiple Vulnerabilities (SQLi, XSS)
MODx CMS base_path Parameter Remote File Inclusion
paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities
WebShield Appliance Detection
MERCUR WebView WebMail Server mail_user Parameter DoS
Icecast list_directory Function Traversal File/Directory Enumeration
JRun viewsource.jsp Arbitrary File Access
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write
IceWarp Web Mail Multiple Flaws (2)
Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi
RaidenHTTPD check.php SoftParserFileXml Parameter Remote File Inclusion
uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access
Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
TalentSoft Web+ webplus.exe Path Disclosure
HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access
Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing
Serendipity < 0.7.0beta3 Multiple Vulnerabilities
PHP 5 < 5.2.7 Multiple Vulnerabilities
Sphider configset.php settings_dir Parameter Remote File Inclusion
phpMyAdmin grab_globals.lib.php subform Variable Traversal Local File Inclusion
Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure
Microsoft IIS fpcount.exe CGI Remote Overflow
NewsScript newsscript.pl mode Parameter Privilege Escalation
osTicket Detection
Poll It CGI data_dir Parameter Arbitrary File Access
phpList <= 2.10.8 Variable Overwriting
Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion
Basilix Webmail Attachment Crafted POST Arbitrary File Access
Hosting Controller hosting/addreseller.asp reseller Variable Authentication Bypass
PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities
WoltLab Burning Board Lite thread.php decode_cookie Function threadvisit Cookie Variable SQL Injection
paFileDB <= 3.1 Multiple Vulnerabilities (1)
Openfire AuthCheck Authentication Bypass
web-app.org WebAPP Encoded Request .dat File Disclosure
vBulletin includes/init.php Unspecified Vulnerability
Athena Web Registration athenareg.php pass Variable Command Execution
ttCMS 2.2 Multiple Vulnerabilities
SiteEnable Multiple Input Validation Vulnerabilities
paFileDB sessions Directory Admin Hashed Password Disclosure
phpMyAdmin import_blacklist Variable Overwriting
SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion
AnyForm CGI Arbitrary Command Execution
Webmin Detection
Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS)
GuppY inc/includes.inc selskin Parameter Traversal Local File Inclusion
SilverNews < 2.0.4 Multiple Vulnerabilities
WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection
BizMail bizmail.cgi Arbitrary Mail Relay
Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)
Trend Micro IWSS Console Management Detection
PBLang login.php lang Parameter Local File Inclusion
MyBB forumdisplay.php sortby Parameter Arbitrary PHP Code Execution
Web Server Office File Inventory
ICQ Web Front Service guestbook.cgi DoS
MailEnable Professional HTTPMail GET Request Remote Overflow
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities (ID, more)
FlatNuke < 2.5.6 Multiple Remote Vulnerabilities (XSS, Disc, Command Exe)
PerlDesk kb.cgi view Parameter SQL Injection
PHProxy Detection
PHPAuction Multiple Script include_path Parameter File Inclusion
XEROX CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008)
Zen Cart Detection
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
Matt Wright FormHandler.cgi Arbitrary File Access
Gallery Install Log Local Information Disclosure
Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure
Advanced Poll admin/index.php Session Identifier Replay Authentication Bypass
IceWarp Multiple Script Remote File Inclusion
Limbo com_fm Component sql.php classes_dir Variable Remote File Inclusion
Sun Java System Directory Server Online Help Feature Information Disclosure
PostNuke Members_List Module Information Disclosure
ViRobot Linux Server addschup Multiple Overflows
Live Chat Component for Joomla! last Variable SQL Injection
Simple Machines Forum Avatar Information Disclosure Vulnerability
MondoSearch MsmMask.exe Arbitrary Script Source Disclosure
Web Server /cgi-bin Shell Access
VHCS include/sql.php include_path Parameter Remote File Inclusion
LDU Software/Version Detection
Gregarius ajax.php rsargs[] Parameter Array SQL Injection
HP DDMI Web Interface Default Credentials
Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access
Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass
SquirrelMail < 1.4.6 Multiple Vulnerabilities
CVSTrac Database Plaintext Password Storage
Ignite Gallery Component for Joomla! index.php gallery Parameter SQL Injection
phpPgAds dest Parameter HTTP Response Splitting
Synchrologic Email Accelerator aggregate.asp User Account Disclosure
iXmail index.php password Parameter SQL injection
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities
Symantec Reporting Server Improper URL Handling Exposure
Siteman Page User Database Privilege Escalation
SiteBuilder-FX top.php admindir Parameter Remote File Inclusion
TikiWiki File Upload temp Directory Arbitrary Script Execution
D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS
Plogger plog-admin-functions.php config Parameter Remote File Inclusion
Tarantella Enterprise ttawebtop.cgi pg Variable Traversal Arbitrary File Access
WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion
ocPortal index.php req_path Parameter Remote File Inclusion
Trend Micro ControlManager < 3.0 SP5 Multiple Vulnerabilities
phpWebSite <= 0.10.1 Multiple Vulnerabilities
Invision Power Board Dragoran Portal Module index.php site Parameter SQL Injection
Apache Struts < 2.0.12 / 2.1.3 Dispatcher Directory Traversal
Listserv < 14.3-2005a Multiple Vulnerabilities
Mountain Network Systems webcart.cgi Arbitrary Command Execution
ActivePerl perlIS.dll Buffer Overflow
phpMyFAQ Forum Message username Field SQL Injection
Moodle < 1.4.3 Multiple Vulnerabilities
XOOPS Detection
phpGroupWare index.php Addressbook XSS
Horde Chora Software Detection
Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities
Microsoft IIS idq.dll Traversal Arbitrary File Access
DB4Web Server Debug Mode TCP Port Scanning Proxy
PHP < 5.2 Multiple Vulnerabilities
JRun Multiple Sample Files Remote Information Disclosure
Sun Server Console Authentication Bypass
phpMyAdmin < 2.9.1 Multiple Vulnerabilities
Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion
AkoGallery Component for Mambo / Joomla! index.php id Variable SQL Injection
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution
CoolForum Multiple SQL Injections
PHP-Fusion Database Backup Disclosure
PunBB < 1.2.2 Multiple Input Validation Vulnerabilities
Simple PHP Blog Detection
WordPress WP-Forum forum_feed.php thread Parameter SQL Injection
SIR GNUBoard Remote File Inclusion
PunBB < 1.2.8 Multiple Vulnerabilities
Looking Glass Multiple Vulnerabilities
Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities
Verity UltraSeek 3.1.x Malformed URL Remote DoS
Gallery PostNuke Integration Access Validation Privilege Escalation
IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities
IPCheck Server Monitor Traversal Arbitrary File Access
Wordtrans-web exec_wordtrans Function Arbitrary Command Execution
Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access
PHP Live! directory/conf File Include Unspecified Issue
Help Center Live module.php file Parameter Local File Inclusion
MyBB search.php forums Parameter SQL Injection
Sympa Detection
Cacti < 0.8.6e Multiple Vulnerabilities (SQLi, RFI)
Cobalt RaQ2 cgiwrap Multiple Vulnerabilities
HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610)
Invision Power Board index.php Members Action st Parameter SQL Injection
PALS Library System WebPALS pals-cgi Multiple Vulnerabilities
Loudblog index.php id Parameter SQL Injection
InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation
Sun Java System Identity Manager Default Credentials
Behold! Software counter.exe Malformed HTTP Request Counter Log DoS
Mini SQL w3-msql Arbitrary Directory Access
ACal embed/day.php path Variable Remote File Inclusion
PHP < 5.2.11 Multiple Vulnerabilities
Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)
Nabopoll survey.inc.php path Parameter Remote File Inclusion
paFAQ 1.0 Beta 4 Multiple Vulnerabilities
MyBB < 1.01 SQL Injection
Bharat Mediratta Gallery includedir Parameter Remote File Inclusion
Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Remote Vulnerabilities (LFI, SQLi)
Gallery < 2.0.3 Multiple Remote Vulnerabilities (XSS, Traversal)
Limbo CMS sql.php classes_dir Parameter Remote File Inclusion
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
BlackBoard Internet Newsboard System checkdb.inc.php libpath Variable Remote File Inclusion
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities
HAMweather Template.php do_parse_code Function Arbitrary Code Execution
Moodle Forum post.php Unauthorized Post Deletion CSRF
ISS ICEcap Default Password
FlexCMS Login Cookie SQL Injection
Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
Easy Address Book Web Server Query Remote Format String
HP LaserJet Directory Traversal
Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities
LinPHA include/img_view.class.php order parameter SQL Injection
eAccelerator encoder.php File Backup
CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion
phpScheduleIt reserve.php start_date Parameter Arbitrary Command Injection
DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution
SquirrelMail < 1.4.4 Multiple Vulnerabilities
Horde Horde_Image::factory driver Argument Local File Inclusion
phpMyConferences menus.inc.php lvc_include_dir Parameter Remote File Inclusion
Horde go.php url Parameter Arbitrary File Access
Invision Power Board ipchat.php root_path Parameter Remote File Inclusion
PHP Multiple Image Processing Functions File Handling DoS
PHP < 5.2.6 Multiple Vulnerabilities
OpenWrt Router with a Blank Password (Telnet)
MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities
Kayako LiveResponse Multiple Input Validation Vulnerabilities
Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution
OpenCms < 6.2.2 Multiple Vulnerabilities
Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities
phpBB < 2.0.7 Multiple Script SQL Injection
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution
PayPal Store Front index.php page Parameter Remote File Inclusion
e107 eTrace Plugin dotrace.php Arbitrary Code Execution
phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability
P-Synch Password Management Multiple Vulnerabilities
phpBB <= 2.0.11 Multiple Vulnerabilities
SAP Internet Graphics Server (IGS) Traversal Arbitrary File Access
CuteNews inc/function.php archive Variable Arbitrary File Access
phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution
CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution
Mailman Detection
MailMarshal Spam Quarantine Interface Arbitrary Account Password Retrieval
Simple Web Counter swc ctr Parameter Remote Overflow
rot13sj.cgi Arbitrary File Access
HastyMail HTML Attachment Script Execution
phpBB < 2.0.22 Multiple Vulnerabilities
MailMaxWeb Cookie Application Path Disclosure
phpMyFAQ < 1.5.2 Multiple Vulnerabilities
paFileDB Detection
TikiWiki Unauthorized Page Access
Netscape Enterprise Server Default Files Present
TYPO3 spell-check-logic.php userUid Parameter Arbitrary Command Execution
w-Agora Multiple Script Traversal Arbitrary File Access
imageVue < 16.2 admin/upload.php Unrestricted File Upload
Claroline Multiple RemoteVulnerabilities (RFI, Traversal, XSS)
PHP Mail Function Header Spoofing
UBB.threads editpost.php Number Parameter SQL Injection
NetWin CWmail.exe Item Parameter Remote Overflow
Bitweaver wiki/edit.php suck_url Variable Traversal Source Code Disclosure
RunCMS Remote Arbitrary File Upload Vulnerability
Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
WebLogic Servlets Multiple Vulnerabilities
ExtremeZ-IP File and Print Server Zidget/HTTP Server Traversal Arbitrary File Access
Horde Chora CVS Viewer diff Utility Arbitrary Command Execution
N/X Web Content Management Multiple Script Remote File Inclusion
Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection
phpPgAdmin sql.php goto Parameter Traversal Arbitrary File Access
WordPress Detection
PGPMail.pl detection
GForge CVSWeb CGI cvsweb.php PATH_INFO Variable Arbitrary Command Execution
WebAPP apage.cgi f Parameter Arbitrary Command Execution
Plume CMS < 1.0.3 Remote File Inclusion
Novell GroupWise WebAccess WebAccessUninstall.ini Information Disclosure
Mozilla Bonsai Mutiple Flaws (Auth Bypass, XSS, Cmd Exec, PD)
Web Wiz Forums wwforum.mdb Direct Request Database Disclosure
Joomla! Detection
Invision Power Board sources/post.php qpid Parameter SQL Injection
OpenNMS Web Console Detection
PHP-Ping php-ping.php count Parameter Arbitrary Command Execution
PHP < 5.2.1 Multiple Vulnerabilities
e107 download.php extract() Function Variable Overwrite
Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration
phpBB up.php Arbitrary File Upload
jPortal print.inc.php id Parameter SQL Injection
phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion
PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access
Zen Cart ipn_main_handler.php custom SQL Injection
CVSTrac Text Output Formatter SQL Injection DoS
CA Host-Based Intrusion Prevention System Server Default Credentials
XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion
DeluxeBB Multiple Scripts SQL Injection
osCommerce file_manager.php filename Variable Traversal Arbitrary File Access
SimpGB guestbook.php quote Parameter SQL Injection
Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)
Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion
FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution
Movable Type < 3.2 Multiple Vulnerabilities
Gallery Unspecified HTML Injection
Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access
Axis Storpoint CD Admin Authentication Bypass
processit CGI Environment Variable Remote Information Disclosure
PBLang 4.65 Multiple Vulnerabilities
IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure
Ruby on Rails Routing Code URL Code Evaluation DoS
CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection
JFFNMS auth.php Multiple Parameter SQL Injection
Claroline Multiple Script includePath Parameter Remote File Inclusion
Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access
Spyke Multiple Remote Vulnerabilities
Axis 2400 Network Camera Multiple Vulnerabilities
ServletExec 4.1 / JRun ISAPI Multiple DoS
AngelineCMS loadkernel.php installPath Variable Remote File Inclusion
ZPanel 2.0 Multiple Script Remote File Inclusion
WebAPP Directory Traversal
TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities
PHP 5.2.7 magic_quotes_gpc Security Bypass
Upload Lite upload.cgi Arbitrary File Upload
Achievo class.atkdateattribute.js.php config_atkroot Variable Remote File Inclusion
PmWiki < 2.1.21 Global Variables Overwriting
X7 Chat upgradev1.php old_prefix Parameter SQL Injection
/perl Directory Browsable?
The Includer includer.cgi Arbitrary Command Execution
RiSearch show.pl Arbitrary File Access
Geeklog Detection
smb2www Unspecified Arbitrary Remote Command Execution
Pixelpost index.php parent_id Parameter SQL Injection
SPIP < 1.8.2-g Multiple Vulnerabilities
NetworkActiv Web Server Crafted Filename Request Script Source Disclosure
Hosting Controller Software Detection
WebSpeed Workshop Arbitrary Command Execution
MyBB Detection
Trend Micro OfficeScan 7.3 Multiple Vulnerabilities
WP-Lytebox pg Parameter Local File Inclusion
Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID)
CVSTrac history.c history_update Function Overflow
SimpleBBS users disclosure
Adobe Connect Enterprise Server Information Disclosure
Snitz Forums 2000 Detection
YaPiG <= 0.9.5b Multiple Vulnerabilities
IdeaBox include.php ideaDir Parameter Remote File Inclusion
Way-board way-board.cgi db Parameter Arbitrary File Access
vTiger CRM Directory File Disclosure
Sendcard sendcard.php id Parameter SQL Injection
PostNuke Detection
pMachine mail_autocheck.php Arbitrary Code Execution
NCSA Campas cgi-bin Arbitrary Command Execution
Firefly Media Server Limited Directory Traversal Admin Credential Disclosure
Justice Guestbook 1.3 Multiple Vulnerabilities
SIX-webboard generate.cgi content Variable Traveral Arbitrary File Access
Maian Scripts Cookie Manipulation Authentication Bypass
Kayako SupportSuite Ticket Subject XSS
Cart32 c32web.exe ImageName Traversal Arbitrary File Access
Winmail Server Webmail Unspecified Vulnerability
BASE < 1.2.5 readRoleCookie() Auth Bypass
wwwwais QUERY_STRING Parameter Remote Overflow
Plumtree Portal Default Credentials
PBLang < 4.66z Multiple Vulnerabilities
Cold Fusion Administration Page Overflow DoS
Geeklog SEC_authenticate Function SQL Injection
SquirrelMail < 1.4.18 map_yp_alias Function Remote Code Execution
WebStores 2000 browse_item_details.asp SQL injection
ping.asp CGI Arbitrary Command Execution
My Guest Book (myGuestBk) Multiple Vulnerabilities
PhotoPost < 5.1 Multiple Input Validation Vulnerabilities
Interspire ArticleLive Multiple Remote Vulnerabilities (XSS, Auth Bypass)
iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection
Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)
EGroupware Software Detection
rpm_query CGI System Information Disclosure
Pages Pro filenote Parameter Traversal Arbitrary File Modification
YaBB 1 Gold < 1.3.2 Multiple Input Validation Vulnerabilities
CubeCart < 3.0.13 Multiple Remote Vulnerabilities (LFI, SQLi, XSS)
Moodle < 1.6.2 Multiple Vulnerabilities
MyBB HTTP Header CLIENT-IP Field SQL Injection
Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload
Foxweb foxweb.exe Long URL Remote Overflow
Discuz! <= 4.0.0 rc4 Arbitrary File Upload
CommuniGate Pro Referer Field Session Token Disclosure
phpwcms 1.2.5 Multiple Vulnerabilities
SaveWebPortal <= 3.4 Multiple Vulnerabilities
WordPress wp-login.php HTTP Response Splitting
Alibaba get32.exe Arbitrary Command Execution
Land Down Under <= 800 Multiple Vulnerabilities
Mailgust Password Reminder email Field SQL Injection
Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
SimpleFAQ Component for Joomla! aid Parameter SQL Injection
PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
Hosting Controller HCDiskQuoteService.csv Direct Request Information Disclosure
paFileDB <= 3.1 Multiple Vulnerabilities (2)
IRIX pfdispaly Arbitrary File Access
LifeType for Drupal (pLog) index.php albumId Parameter SQL Injection
GTcatalog index.php custom Parameter Remote File Inclusion
DUware Products Multiple Remote Vulnerabilities (SQLi, XSS)
IceWarp Web Mail Multiple Flaws (1)
Adobe ColdFusion FCKeditor CurrentFolder File Upload
Multiple Dangerous CGI Script Detection
YaPiG Password Protected Directory Bypass
Linksys WVC54GCA Wireless-G /img/main.cgi Information Disclosure Vulnerability
aspWebAlbum album.asp SQL Injection
OpenCA Multiple Signature Validation Bypass
PHP-Nuke Network Tools Add-On Arbitrary Command Execution
bttlxeForum login.asp Multiple Field SQL Injection
Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion
Owl Intranet Engine lib/OWL_API.php xrms_file_root Variable Remote File Inclusion
Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion
WebCalendar send_reminders.php includedir Parameter Remote File Inclusion
Adobe Document Server Default Credentials
EasyWeb FileManager pathtext Traversal Arbitrary File/Directory Access
OpenDocMan Access Control Bypass
CGI Generic Tests HTTP Errors
Trac Ticket Query Module group Parameter SQL Injection
XOOPS Articles Module print.php id Parameter SQL Injection
PMOS Help Desk form.php Arbitrary Code Execution
SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion
Philboard philboard_admin.ASP Authentication Bypass
F5 BIG-IP Web Management Interface Version
Limbo weblinks.html.php catid Parameter SQL Injection
Geeklog auth.inc.php loginname Parameter SQL Injection
Apache Win32 ScriptAlias php.exe Arbitrary File Access
WebAdmin < 3.2.5 Multiple Vulnerabilities
SimpleBBS topics.php name Parameter Arbitrary Command Execution
Active Auction Multiple Vulnerabilities (SQLi, XSS)
Fortify 360 Web Interface Detection
Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution
PHP-Update blog.php Variable Overwriting Arbitrary Code Execution
Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
Open WebMail vacation.pl Arbitrary Command Execution
CoolForum Multiple Vulnerabilities (SQLi, XSS)
netOffice Dwins demoSession Parameter Authentication Bypass
Website Baker REMEMBER_KEY Cookie SQL Injection
Cacti copy_cacti_user.php template_user Variable SQL Injection
Phorum search.php location Parameter HTTP Response Splitting
Hosting Controller Multiple Script ForumID Parameter SQL Injection
Icecast XSL Parser Multiple Vulnerabilities (OF, ID)
WordPress Trackback Charset Decoding SQL Injection
VHCS PHPSESSID Cookie Session Fixation
Microsoft IIS search.asp Direct Request DoS
phpGroupWare Multiple Module SQL Injection
Sambar Server dumpenv.pl Information Disclosure
Mambo MOStlyCE Mambot Arbitrary File Rename
OmniPro HTTPd 2.08 Encoded Space Request Script Source Disclosure
e107 ibrowser.php zend_has_del() Function Remote Code Execution
Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities (Cmd Exec, Traversal)
IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection
Adobe Document Server File URI Arbitrary Resource Manipulation
XAMPP Example Pages Detection
LiteCommerce SQL Injection Vulnerabilities
Tivoli Directory Server ldacgi.exe Template Variable Traversal Arbitrary File Access
MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF)
w-Agora <= 4.2.0 Multiple Vulnerabilities
Blog Torrent < 0.81 btdownload.php Multiple Vulnerabilities
FogBugz Interface Detection
Gallery save_photos.php Arbitrary Command Execution
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
man2web Multiple Scripts Arbitrary Command Execution
Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection
Apache Struts devMode Information Disclosure
XMB member.php Multiple Parameter SQL Injection
Squirrelcart index.php Multiple Parameter SQL Injection
CrashPlan Server Default Administrative Credentials
TheServer server.ini Direct Request Cleartext Credentials Disclosure
IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal)
OTRS SOAP Interface Unauthenticated Object Manipulation
Dolphin Multiple Scripts Remote File Inclusion
BASE base_maintenance.php Authentication Bypass
Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe)
PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection
Horde test.php Direct Reqest Information Disclosure
HP DDMI Agent Unauthorized Access
Basilix Webmail .class / .inc Direct Request Remote Information Disclosure
EZPhotoSales Multiple Configuration Files Remote Information Disclosure
Wordit Logbook logbook.pl file Parameter Arbitrary File Access
AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)
CandyPress Store admin/utilities_ConfigHelp.asp helpfield Variable SQL Injection
UBB.threads < 6.5.2 beta Multiple Vulnerabilities
Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities
PHP-Nuke opendir.php Traversal Arbitrary File Read
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities
Boozt index.cgi Banner Creation Name Field Overflow
AN HTTPd count.pl Traversal Arbitrary File Overwrite
VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution
Infinity CGI Exploit Scanner Multiple Vulnerabilities
MercuryBoard User-Agent SQL Injection
PostNuke <= 0.760 RC2 Multiple Vulnerabilities
WebActive HTTP Server active.log Remote Information Disclosure
Pixelpost index.php Multiple Parameter SQL Injection
ModernBill <= 4.3.0 Multiple Vulnerabilities
Custom Pages for Joomla! index.php cpage Variable Remote File Inclusion
CubeCart < 2.0.5 Multiple Vulnerabilities
OpenEMR C_FormEvaluation.class.php fileroot Parameter Remote File Inclusion
Gallery init.php Authentication Bypass
phpCOIN < 1.2.2 2005-12-13 Fix-File Multiple Vulnerabilities
Web Server /cgi-bin Perl Interpreter Access
Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access
Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass
BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS)
eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection
Site@School Multiple Script cmsdir Parameter Remote File Inclusion
Microsoft IIS ODBC Tool getdrvrs.exe DSN Creation
phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities
CVSTrac chdir() chroot Jail Escape
VP-ASP shopexd.asp catalogid Parameter SQL Injection
phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion Vulnerability
IMP Software Detection
AutomatedShops WebC.cgi Installation Detection
Ocean12 ASP Guestbook Manager Database Download
phpBannerExchange Template Class Local File Inclusion
SquirrelMail HTTPS Session Cookie Secure Flag Weakness
Dokeos claro_init_local.inc.php extAuthSource Parameter Array Remote File Inclusion
Web Server info.php / phpinfo.php Detection
WebSite Pro webfind.exe keywords Parameter Remote Overflow
W3.org Anaya Web sendtemp.pl templ Variable Traveral Arbitrary File Access
SquirrelMail Detection
BLNews objects.inc.php4 Server[path] Variable Remote File Inclusion
Terminal Services Web Detection
myEvent Multiple Remote Vulnerabilities
Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection (banner check)
VP-ASP Multiple Script SQL Injection
Singapore Gallery < 0.9.11 Multiple Vulnerabilities
ADOdb server.php sql Variable SQL Injection
PHP iCalendar publish.ical.php Arbitrary File Upload
OpenBiblio < 0.5.2 Multiple Scripts Local File Inclusion
Microsoft IIS Dangerous Sample Files Detection
phpBB viewtopic.php topic_id Variable SQL Injection
ttforum Multiple Vulnerabilities
CVSTrac timeline.c timeline_page Function Overflow
WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion
Seditio Detection
Horde Ingo Software Detection
phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection
Phorum Detection
PT News Unauthorized Administrative Access
DUamazon Pro Multiple Scripts SQL Injection
Smart Publisher index.php filedata Parameter Arbitrary Command Execution
Anaconda Foundation Directory apexec.pl template Parameter Traversal Arbitrary File Retrieval
TYPOlight < 2.2.5 Unspecified Vulnerability
phpGedView arbitrary file reading
PhpDig < 1.8.5 Unspecified Vulnerability
Sawmill Weak Password Encryption Scheme Information Disclosure
Nuked-Klan index.php Multiple Module Vulnerabilities
Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection
Drupal Public Comment/Posting Arbitrary PHP Code Execution
webERP Configuration File Remote Access
PHP-Fusion 4.01 Multiple Vulnerabilities
Microsoft IIS global.asa Remote Information Disclosure
Joomla! < 1.0.11 Multiple Vulnerabilities
ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite
phpBB Multiple Module phpbb_root_path Parameter Remote File Inclusion
PHPNews sendtofriend.php SQL Injection
Redhat Stronghold status / info Request Information Disclosure
cPanel FrontPage Extension Multiple Vulnerabilities
DUforum Multiple Scripts SQL Injection
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
LifeType index.php articleId Parameter SQL Injection
Nuked-Klan function execution
JamMail jammail.pl mail Parameter Arbitrary Command Execution
ashNews 0.83 Multiple Vulnerabilities
Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc)
boastMachine mail.php id Variable SQL Injection
CakePHP vendors.php file Variable Traversal Arbitrary File Access
Super Guestbook superguestconfig Admin Password Disclosure
Microsoft BizTalk Server Multiple Remote Vulnerabilities
Site Sift Listings detail.php id Parameter SQL Injection
Horde Turba status.php Path Disclosure
Big Brother bb-hist.sh History Module Directory Traversal
Packeteer Web Management Interface Detection
Sun Java Web Server bboard Servlet Command Execution
PHP3 Error Message Physical Path Disclosure
phpSysInfo < 2.4.1 Multiple Vulnerabilities
CVSTrac filediff Arbitrary Remote Code Execution
Exhibit Engine styles.php toroot Parameter Remote File Inclusion
Alt-N WebAdmin Multiple Vulnerabilities
DUportal Pro Multiple Scripts SQL Injection (2)
CubeCart FCKeditor connector.php Arbitrary File Upload
Shop-Script admin.php Admin Panel Security Bypass
SquirrelMail Multiple Remote Vulnerabilities
ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval
FCKeditor upload.php Type Variable Arbitrary File Upload
XOOPS xoopsConfig[language] Parameter Local File Inclusion (DSECRG-08-040)
TrackerCam Multiple Remote Vulnerabilities
AutoLinks Pro alpath Parameter File Include Vulnerability
CodeGrrl Applications Remote File Inclusion Vulnerabilities
vBulletin misc.php template Variable PHP Code Injection
Thunderstone Software Texis Crafted Request Information Disclosure
Tikiwiki tiki-listmovies.php movie Parameter Traversal Arbitrary File Access
Mini SQL CGI content-length Field Remote Overflow
Invision Power Board ssi.php f Parameter SQL Injection
WordPress blog.header.php Multiple Parameter SQL Injection
XOOPS < 2.0.12 Multiple Vulnerabilities
Nuked-Klan index.php user_langue Parameter Traversal Arbitrary File Access
TUTOS < 1.2 Multiple Input Validation Vulnerabilities
Phpauction <= 2.5 Multiple Vulnerabilities
XTreme ASP Photo Gallery adminlogin.asp Multiple Variable SQL Injection
Glimpse HTTP aglimpse Arbitrary Command Execution
Joomla! < 1.0.8 Multiple Vulnerabilities
HP OpenView Client Configuration Manager Default Credentials
Brightmail Control Center Default Password (symantec) for admin Account
News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access
PHP < 4.2.x mail Function CRLF Injection
AEC Subscription Manager Component usage Parameter SQL Injection
Oreon lang/index.php file Parameter Remote File Inclusion
AutomatedShops WebC.cgi Multiple Overflows
Segue CMS themesettings.inc.php themesdir Parameter Remote File Inclusion
4D WebSTAR Tomcat Plugin Remote Buffer Overflow
3Com Network Supervisor Traversal Arbitrary File Access
Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation
Microsoft IIS newdsn.exe Arbitrary File Creation
FTGate <= 4.4.002 Multiple Remote Vulnerabilities (OF, FS, XSS)
WowBB view_user.php Multiple Parameter SQL Injection
Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion
Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation
Informix SQL Web DataBlade Module Traversal Arbitrary File Access
TinyWebGallery lang Parameter Local File Inclusion
PAFileDB Multiple Script Error Message Path Disclosure
Sympa wwsympa.fcgi Unauthorised List Creation
ZixForum ZixForum.mdb DIrect Request Database Disclosure
paFileDB SQL injection
phpMyFAQ Image Upload Authentication Bypass
BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation
Moodle index.php tag Parameter SQL Injection
MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite
Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure
AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation
Webmin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
Instaboard index.cfm Multiple Parameter SQL Injection
Land Down Under / Seditio polls.php id Parameter SQL Injection
Mailman private.py true_path Function Traversal Arbitrary File Access
Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection
WordPress template-functions-category.php cat_ID Parameter SQL Injection
Moodle < 1.3.3 Multiple Vulnerabilities
OmniHTTPd imagemap.exe CGI Remote Overflow
Java (.java / .class) Source Code Disclosure
Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution
Open WebMail userstat.pl Arbitrary Command Execution
Sun Java System Identity Manager Detection
ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure
Ipswitch IMail Web Interface URI Referer Session Token Disclosure
phpBB <= 2.0.17 Multiple Vulnerabilities
MyBB < 1.04 Multiple Vulnerabilities
myphpPageTool /doc/admin/index.php ptinclude Parameter Remote File Inclusion
SLMail WebMail Multiple Remote Overflows
cfWebStore Multiple Vulnerabilities (SQLi, XSS)
Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF)
Simple PHP Blog comments.php Traversal Arbitrary File Access
CopperExport XP_Publish.PHP SQL Injection Vulnerability
BASE Multiple Script BASE_path Parameter Remote File Inclusion
Newbb_plus Module for RunCMS Client-Ip Header SQL Injection
miniBB index.php user Variable SQL Injection
WordPress Pingback File Information Disclosure
Microsoft IIS ASP::$DATA ASP Source Disclosure
phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities
VHCS login.php check_login() Function Authentication Bypass






Les derniers commentaires publiés sur SecuObs (6-25):
- rebind - DNS Rebinding Tool
- ESRT @ToolsWatch - DOMTracer - Firefox Plugin Trace DOM and JavaScript Calls just released
- ESRT @Carlos_Perez @sullrich - pfSense gets props for being the only router software defending against dns rebinding
- ESRT @backtracklinux @emgent - Dharmaencoder NOW available in BackTrack 4 Repository - @BlackHatEvents @nathanhamiel
- ESRT @jcran @ChrisJohnRiley - New release of PacketFu 1.0 at BSidesLV - Ruby packet manipulation
- ESRT @curphey - Taint mode for Python
- Cisco Internet Streamer Web Server Directory Traversal Vulnerability
- Win32 Kernel Debugging with BinNavi
- Playing With Tabnabbing
- Introducing TitanMist
- BSidesLV Beyond r57
- Snort 2.8.6.1 and Snort 2.9 Beta Released
- Suricata 1.0.1 released
- Wireshark 1.2.10, 1.0.15, and 1.4.0rc2 Released
- SET 0.6 - Social Engineering Toolkit by @dave_rel1k
- ESRT @maltainfosec @sandrogauci - acunetix just published a video on facebook xss exploitation
- ESRT @dragosr @ChrisPaget - Extreme-range RFID - Slides, whitepaper, notes, and an open challenge
- ESRT @phenrycissp - Researchers uncover Cisco firewall vulnerabilites, McAfee console flaws
- Sourcefires open source framework for deep threat inspection
- BitBlaze tool boosts bug-hunting productivity 10-fold


SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Archives Failles Secunia :
- SA38830 Symantec Products File Parsing Multiple Vulnerabilities
- SA40681 JBoss Enterprise SOA Platform Multiple Security Issues
- SA38704 Lotus Notes File Parsing Multiple Vulnerabilities
- SA40747 Cisco Multiple Products TLS Session Renegotiation Plaintext Injection
- SA40730 IBM AIX BIND DNSSEC Cache Poisoning Vulnerability

Archives Mailing Full Disclosure :
- Full-disclosure Jonathan Plourde est absent(e).
- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e).
- Full-disclosure NULL + H4CK3R Meet in Delhi on 31st July 2010
- Full-disclosure WAF fail
- Re: Full-disclosure Day of bugs in WordPress 2

Archives Mailing Bugtraq :
- Akamai Download Manager arbitrary file download & execution
- Insomnia : ISVA-100730.1 - CMS Multiple SQL injection Vulnerabilities
- Day of bugs in WordPress 2
- SECURITY DSA 2077-1 New openldap packages fix potential code execution
- HITB-Ann Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
- security bulletin HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :