ESET Nod32 Antivirus | Antispyware | Console d administration
Chercher :
Newsletter :  
Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs



Abonnez vous � Nessus Professional Feed !

Sponsors :

Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- Commentaires

Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs

Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques

Secumail :
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS/XML :
- Articles
- Brèves
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS SecuObs :
- sécurité
- exploit
- windows
- microsoft
- réseau
- attaque

RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network

RSS Videos :
- vmware
- security
- virus
- windows
- biometric
- lockpicking

RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco

RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques

RSS OPML :
- Français
- International

Abonnez vous � Nessus Professional Feed !


Revue de presse francophone :
- Logiciels Radio IP et Day Wireless forment un partenariat pour offrir une solution VPN mobile à la South Bay Regional Public Communications Authority
- Maître Henri Leben Les modalités d'évaluation du préjudice en cas de perte de données
- HackBBS Hack en situation réelle Voir le sujet - Présentation de Lauplesser
- Pour augmenter sa portée, l'e-commerce doit savoir rassurer
- Les outils collaboratifs confortent leur position en entreprises
- Une interface unique pour rend les appareils électroniques plus accessibles
- BitDefender protège contre les nouvelles vulnérabilités d'Internet Explorer 6 et 7
- Verizon Business intègre le consortium Open Identity Exchange
- securite Le botnet Zeus revient sur le devant de la scène
- Adobe Flash lecture de fichiers
- Empêcher l'intrusion lors des connexions Bluetooth est une question d'ordre
- Yves Jégo cumule les gaffes sur le Net
- Exclusive Networks Group remporte le prix du meilleur distributeur de Fortinet
- CUPS élévation de privilèges via lppasswd
- Asie les entreprises pétrolières adoptent les outils collaboratifs

Dernier articles de SecuObs :
- Edenwall obtient une subvention de la DGA
- Imposter 0.9 une plateforme de phishing ciblant les navigateurs Web
- Une faille dans l’implémentation RSA de OpenSSL
- Flint un scanner pour simuler, vérifier et nettoyer les règles de filtrage
- SET 0.4.1 - Social Engineering Toolkit - une plateforme de Social Engineering
- 100 000 dollars pour le Pwn2own 2010
- Un botnet qui rapporte gros
- Webraider offre un reverse shell contre une simple injection SQL
- Des nouvelles du traité secret ACTA
- Keimpx un outil d'audit pour les réseaux Microsoft Windows

Revue de presse internationale :
- Security Industry Faces Attacks It Cannot Stop
- Smartphone apps need securing at the software development stages
- Mark Zuckerberg's 2004 Email Break-In Could Be A Felony
- Koobface Worm Doubles Its Number Of Command And Control Servers In 48 Hours
- iPhone 4.0 Bringing Multitasking
- Moshe Ben Abu publishes exploit code for new IE hole
- Foreign intelligence agencies hack into British companies
- Pennsylvania CISO out of a job following RSA Conference appearance
- Sacrificing Privacy for National Security
- HSBC Breach of Customer Data 'Inexcusable'
- Rootkit shows potential for hackers to wreak havoc on smartphones
- Balancing 'Advanced Security' With User Privacy
- Nvidia Denies Bribing Game Developers for Implementation of PhysX
- Pentagon trains workers to hack Defense computers
- Code library gives homebrew iPod remotes chance for awesome

Annuaire des videos
- Official sqlmap video demonstration 10
- Official sqlmap video demonstration 12
- Creating running and deleting files with Device File names
- Using SSLStrip to proxy an SSL connection and sniff it
- FIREWALL LINUX IPTABLES Disquete de Boot do BrazilFW www professorramos com
- RSA Conference USA 2010 Opening Ceremony
- Shmoocon 2010 Blackberry Mobile Spyware The Monkey Steals the Berries 4 6
- RSA Conference USA 2010 Remarks from Secretary Janet Napolitano US Homeland Security 1
- Shmoocon 2010 GPU vs CPU Supercomputing Security Shootout 1 3
- RSA Conference USA 2010 Shifts in the Security Paradigm What Cloud and Collaboration Demand
- Malware Analyzis Sandbox and PC Remote Control over Twitter Hak5
- Biometric ID Card Storm Troopers Raid Philly Bars
- BIOMETRIC ID CARD
- open vpn vista flv
- Malicious Email Social Engineer Attack using Social Engineers

Revue Twitter
- RT @burgessct Borderless Networks? Cisco is having a webinar 17 March http://j.mp/d9fsrG which will be worth your time effort
- neat, comodo and network solutions use the same ev ssl validation reps!
- On the contrary, I think Twitter is one of many great forums in which to toy with PCI.
- check out trust management in cloud discussion http://bit.ly/a1xrRQ i'm moderating
- RT @druidian: @dinodaizovi Of course man... Yesterday was Microsoft 0day Wednesday, which comes right after Microsoft Patch Tuesday.
- @anthonymckay Heh yep.. and I wouldn't really call it a rootkit from the small data I've seen on it.
- Good news guys! I was just informed that MD5 is magical!
- all booked for cansecwest, sourceboston and interop las vegas.
- The joy of installing latest PyQt on a linux box... at least latest Qt is available in binary, don't have to spend 2h compiling!
- @dinodaizovi first time that I can recall so many just floating around publicly (re: another IE 0day)

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse
Annuaires des videos : vmware, security, virus, windows, biometric, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux

+ de mots clés pour les videos
Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter



Top bi-hebdo des articles de SecuObs
- Apprendre à parler Skype pour mieux le faire taire !
- Des nouvelles du traité secret ACTA
- Une faille dans l’implémentation RSA de OpenSSL
- SET 0.4.1 - Social Engineering Toolkit - une plateforme de Social Engineering
- Keimpx un outil d'audit pour les réseaux Microsoft Windows
- 100 000 dollars pour le Pwn2own 2010
- Webraider offre un reverse shell contre une simple injection SQL
- DNScat 0.3 pour faciliter la mise en place des tunnels DNS de communication
- Les acteurs de la lutte contre la cybercriminalité
- Keimpx un outil d'audit pour les réseaux Microsoft Windows

Top bi-hebdo de la revue de presse
- Sea World killer whale attack video leads to malware
- How to Jailbreak iPhone 3.1.3 IPSW with PwnageTool 3.1.5
- Dev Team Confirms iPhone 3.1.3 IPSW Jailbreak
- FREE Kaspersky Internet Security 2010 Activation Code Valid for 6 Months
- Rozlyn Papa sex tape rumours lead to malware
- Bajolet a-t-il dénoncé des agents de la DGSE
- installer backtrack 4 [tuto]
- Nouveau dictionnaire WPA Livebox
- Windows 7 browser choice screen March 1 Office 2010 ballot screen Highly critical Firefox vulnerability Google CEO Schmidt knows everything about you
- Flight simulator, c est périmé

Top bi-hebdo de l'annuaire des videos
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- install MacOSX Snow Leopard in Windows PC using Vmware Workstation as virtual machine
- Blaze botnet in action www opensc ws
- Windows Backtrack 4 in Virtualbox Part 1
- Basic Squid Proxy Server Tutorial Part 3 of 3
- Scan opened ports by Metasploit
- Ch0ry Euro iPhone 3G 3GS 30 Hack WIFI key
- Windows XP Pro SP3 in VMWare off iSCSI Target using gPXE over 802.11n
- Avast Internet Security 5 0 396 Final Free Full Download Licensed with Serial Key
- SSLstrip wmv

Top bi-hebdo de la revue Twitter
- Wirshark + SSH = Wireshark Remote Capturing - http://www.howtoforge.com/wireshark-remote-capturing (via @welias)
- RT @FrikiFeeds: The newbie's guide to hacking the Linux kernel | TuxRadar Linux http://dlvr.it/6sQp
- RT @manicode: Very interesting Java ESAPI-like library coming out of Apache : http://bit.ly/9poefg
- Watching Metasploit Tricks 1 from @mubix - http://vimeo.com/9695470
- Exploit for Apache mod_isapi = 2.2.14 Dangling Pointer (CVE2010-0425) vulnerability ported to Metasploit http://bit.ly/ctDQjk
- RT @InfoSec208: The Virtual USB Analyzer: http://bit.ly/dpXc5F
- RT @damienmiller: Help test the new OpenSSH release (it's a big one): http://bit.ly/avLI9B #openbsd #openssh
- Product Watch: Free Tool Cleans Up Rusty, Unsafe Firewall Settings - Dark Reading http://bit.ly/d8hGhS #Security
- Discoverer: Automatic Protocol Reverse Engineering from Network Traces #pdf http://ow.ly/1gHd1
- Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue. http://bit.ly/9OGP6H

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- Microsoft Gazelle, mini-OS virtuel basé sur MashupOS pour une navigation Web sécurisée par isolation
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Hacking Hardware - Partie 1] - Introduction et présentation

Les derniers commentaires publiés sur SecuObs (1-5):
- plecost v0.2.2-7 Beta Update
- cookiemonster v1.6
- Automatic Reverse Engineering of Data Structures from Binary Execution
- Samhain v2.6.3 Beltane v2.3.19 released
- Social-Engineering Ninja v0.1 Beta - PHP scripts
Détail du test :
ID
21645
Nom
Pixelpost index.php category Parameter SQL Injection
Auteurs
This script is Copyright (C) 2006-2009 Tenable Network Security, Inc.
Catégorie
CGI abuses
Action
attack
Résumé
Tries to exploit SQL injection issue in Pixelpost
Description
Synopsis : The remote web server contains a PHP script that is prone to SQL injection attacks. Description : The remote host is running Pixelpost, a photo blog application based on PHP and MySQL. The version of Pixelpost installed on the remote fails to sanitize user-supplied input to the 'category' parameter of the 'index.php' script before using it to construct database queries. Provided PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated attacker can exploit this flaw to manipulate database queries and, for example, uncover the administrator's username and password hash, which can later be used to gain administrative access to the affected application. In addition, Pixelpost reportedly suffers from a similar issue involving the 'archivedate' parameter of the 'index.php' script, although Nessus has not checked for it. See also : http://www.securityfocus.com/archive/1/435856/30/60/threaded http://forum.pixelpost.org/showthread.php?t=4331 Solution : Apply the patches listed in the vendor forum post referenced above. Risk factor : Medium / CVSS Base Score : 5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)


Cliquer pour le detail - Liste des tests :
IlohaMail Attachment Arbitrary File Create/Overwrite
Flyspray install-0.9.7.php adodbpath Variable Remote File Inclusion
Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure
phpBB up.php Arbitrary File Upload
SPIP < 1.8.2-g Multiple Vulnerabilities
Sun Java System Identity Manager Detection
SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure
Kayako SupportSuite Ticket Subject XSS
Movable Type mt.cfg Information Disclosure
BASE base_maintenance.php Authentication Bypass
Plume CMS < 1.0.3 Remote File Inclusion
PHPWind Board faq.php skin Parameter Remote File Inclusion
Adcycle build.cgi Remote Password Disclosure
Horde Chora Software Detection
Directory Browsing Enabled?
Calendar Express Multiple Vulnerabilities (SQLi, XSS)
Calendarix Multiple Vulnerabilties (SQLi, XSS)
PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities
TheServer server.ini Direct Request Cleartext Credentials Disclosure
Mantis < 1.0.0rc2 Multiple Vulnerabilities
CVSTrac Invalid Ticket DoS
Tivoli Directory Server ldacgi.exe Template Variable Traversal Arbitrary File Access
CuteNews Multiple Script Traversal Privilege Escalation
iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection
EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion
e107 db.php User Database Disclosure
boastMachine users.inc.php File Extension Validation Arbitrary File Upload
Clever Copy connect.inc Direct Request Information Disclosure
Horde go.php url Parameter Arbitrary File Access
TWiki %INCLUDE Parameter Arbitrary Command Injection
CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion
Web Server info.php / phpinfo.php Detection
Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Remote Vulnerabilities (LFI, SQLi)
Claroline Software Detection
OraMon config/oramon.ini Information Disclosure
CrashPlan Server Default Administrative Credentials
bBlog rss.php p Parameter SQL Injection
Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass
Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation
ht://Dig htsearch Multiple Vulnerabilities
SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow
Anaconda Foundation Directory apexec.pl template Parameter Traversal Arbitrary File Retrieval
Achievo class.atkdateattribute.js.php config_atkroot Variable Remote File Inclusion
PerlDesk kb.cgi view Parameter SQL Injection
paFileDB includes/search.php categories Parameter SQL Injection
PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access
WowBB <= 1.61 Multiple Vulnerabilities
BEA WebLogic SSIServlet Invocation Source Code Disclosure
ServerView Servername Parameter Arbitrary Command Execution
CVSTrac Detection
Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities
Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities
PHP-Calendar includes/search.php Multiple Parameter SQL Injection
TYPO3 cmw_linklist Extension category_uid Parameter SQL Injection
zml.cgi Directory Traversal
CGI Generic Format String Vulnerability
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
MyBB < 1.04 Multiple Vulnerabilities
Big Brother bb-hostsvc.sh HOSTSVC Parameter Traversal Arbitrary File Access
PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access
phpGroupWare Unspecified Remote File Inclusion
AN HTTPd count.pl Traversal Arbitrary File Overwrite
PCCS-Mysql User/Password Exposure
Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities
WordPress < 1.5.1.3 Multiple Vulnerabilities
IBM Lotus Domino Web Server $defaultNav Information Disclosure
PMOS Help Desk form.php Arbitrary Code Execution
phpGroupWare Multiple Module SQL Injection
NextApp Echo XML External Entity Handling Privilege Escalation
SquirrelMail S/MIME Plug-in Remote Command Execution
WordPress fGallery fim_rss.php album Parameter SQL Injection
Segue CMS themesettings.inc.php themesdir Parameter Remote File Inclusion
CoolForum Multiple Vulnerabilities (SQLi, XSS)
CakePHP vendors.php file Variable Traversal Arbitrary File Access
Microsoft IIS Dangerous Sample Files Detection
ServletExec 4.1 / JRun ISAPI Multiple DoS
Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection
PostNuke <= 0.760 RC4b Multiple Vulnerabilities
XEROX MicroServer Web Server Multiple Vulnerabilities (XRX05-008)
AsteriDex callboth.php Multiple Variable CRLF Injection Arbitrary Command Execution
DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection
phpBB < 2.0.11 Multiple Vulnerabilities
PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
MaxWebPortal <= 1.33 Multiple Vulnerabilities
phpBB < 2.0.9 Multiple Vulnerabilities
Netscape Enterprise Default Administrative Password
Asterisk Recording Interface (ARI) misc/audio.php recording Variable Traversal Arbitrary File Access
BEA WebLogic FileServlet Source Code Disclosure
vTiger < 4.5a2 Multiple Vulnerabilities
Lucent VitalNet VsSetCookie.exe Unauthorized Access
phpMyBackupPro < 1.0.0 Unspecified Input Validation Issues
phpWebSite Detection
Bugzilla Multiple Vulnerabilities (SQLi, ID)
Coppermine Photo Gallery < 1.3.2 Multiple SQL Injections
i-Gallery <= 3.3 Multiple Vulnerabilities
SquirrelMail Detection
Help Center Live class/auth.php check_logout Function Admin Authentication Bypass
Serendipity Detection
phpBB < 2.0.22 Multiple Vulnerabilities
MyBB global.php Global Variable Overwrite
Synchrologic Email Accelerator aggregate.asp User Account Disclosure
Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass
GoSmart Message Board Multiple Vulnerabilities (SQLi, XSS)
Gravity Board X <= 1.1 Multiple Vulnerabilities (SQLi, XSS, PD, Cmd Exe)
Barracuda Spam Firewall Multiple Remote Vulnerabilities (Cmd Exec, Traversal, Default)
vBulletin Email Field XSS
BulletScript MailList bsml.pl Information Disclosure
CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access
Mantis < 0.19.1 Multiple Vulnerabilities
MyServer 0.8 Multiple Vulnerabilities
SAP Internet Graphics Server (IGS) Traversal Arbitrary File Access
CGI Generic Path Traversal Vulnerability
Tektronix PhaserLink Printer Web Server Direct Request Administrator Access
eLDAPo index.php Cleartext Password Disclosure
CoolPHP 1.0 Multiple Vulnerabilities
TYPOlight < 2.2.5 Unspecified Vulnerability
Sphider configset.php settings_dir Parameter Remote File Inclusion
TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion
IdealBB Multiple Vulnerabilities (XSS, SQLi, more)
w-Agora inc_dir Parameter Remote File Inclusion
CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval
PunBB include/common.php language Paramater Local File Inclusion
Pluck update.php Remote Privilege Escalation
Dune Web Server GET Request Remote Overflow
Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)
smb2www Unspecified Arbitrary Remote Command Execution
phpList <= 2.6.3 Multiple Vulnerabilities
.svn/entries Disclosed via Web Server
Super-M Son hServer URI Traversal Arbitrary File Access
BEA WebLogic Hex Encoded Request JSP Source Disclosure
AMember Multiple Script config[root_dir] Parameter Remote File Inclusion
HP OpenView Network Node Manager Multiple Scripts Remote Command Execution
ExtremeZ-IP File and Print Server Zidget/HTTP Server Traversal Arbitrary File Access
FCKeditor for PHP-Nuke Arbitrary File Upload
osCommerce update.php readme_file Parameter Arbitrary File Disclosure
Calendarix Multiple Script id Parameter SQL Injection
VideoDB < 2.0.2 Multiple Vulnerabilities
EGroupWare Multiple Vulnerabilities (SQLi, ID)
Atlassian JIRA < 3.12.1 Multiple Vulnerabilities
NCSA Campas cgi-bin Arbitrary Command Execution
Serendipity < 0.7.0beta3 Multiple Vulnerabilities
Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
phpMyWebHosting Authentication SQL Injection
phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities
Newbb_plus Module for RunCMS Client-Ip Header SQL Injection
Claroline Multiple RemoteVulnerabilities (RFI, Traversal, XSS)
PHPLinks Multiple Input Validation Vulnerabilities
DokuWiki Detection
AngelineCMS loadkernel.php installPath Variable Remote File Inclusion
netOffice Dwins demoSession Parameter Authentication Bypass
phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion
Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion
IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal)
EZsite Forum Discloses Passwords to Remote Users
phpList <= 2.10.8 Variable Overwriting
CubeCart Detection
e107 email.php Arbitrary Mail Relay
Jaws BlogModel.php path Parameter Remote File Inclusion
AWOL helperfunction.php includedir Parameter Remote File Inclusion
WordPress < 2.8.4 Password Reset
W3.org Anaya Web sendtemp.pl templ Variable Traveral Arbitrary File Access
CGI Generic Header Injection Vulnerability
MailScan WebAdministrator Cookie Authentication Bypass
Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access
HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access
ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe)
Limbo weblinks.html.php catid Parameter SQL Injection
Gallery stepOrder Parameter Local File Inclusion
Novell GroupWise WebAccess WebAccessUninstall.ini Information Disclosure
Samba Web Administration Tool (SWAT) Error Message Username Enumeration
ELOG Remote Buffer Overflow Vulnerabilities
Moodle lib/kses.php kses_bad_protocol_once Function Arbitrary PHP Code Execution
phpBB Detection
Sympa wwsympa.fcgi Unauthorised List Creation
Alibaba tst.bat Arbitrary Command Execution
Horde test.php Direct Reqest Information Disclosure
cPanel <= 9.1.0 Multiple Vulnerabilities
XOOPS WF-Section Module print.php articleid Parameter SQL Injection
ISS ICEcap Default Password
Gallery index.php GALLERY_BASEDIR Variable Remote File Inclusion
MODx config.js.php Information Disclosure
phpBB <= 2.0.17 Multiple Vulnerabilities
WordPress Detection
WebSpeed Development Mode Check
phpWebThings Multiple Scripts SQL Injection
Pages Pro filenote Parameter Traversal Arbitrary File Modification
toendaCMS < 0.6.2.1 Multiple Vulnerabilities
PPA functions.inc.php ppa_root_path Variable File Inclusion
phpScheduleIt Detection
Sun Server Console Authentication Bypass
WebSpeed Messenger Administration Utility Unauthenticed Access
Browsable Web Directories
pMachine <= 2.2.1 Multiple Vulnerabilities
Moodle Detection
Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Variable SQL Injection
SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution
Land Down Under HTTP Referer Header SQL Injection
Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion
Gallery main.php g2_itemId Variable Traversal Arbitrary File Access
vBulletin Detection
paFileDB <= 3.1 Multiple Vulnerabilities (1)
PHPX admin/index.php username Parameter SQL Injection
Tripwire for Webpages Installation Disclosure
Greymatter 1.3 Multiple Vulnerabilities
ReviewPost PHP Pro Multiple Script SQL Injections
Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access
PostNuke Detection
TalentSoft Web+ webplus.exe Path Disclosure
WordPress < 1.5.1 Multiple Vulnerabilities
Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow
Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)
CGI Generic Tests Timeout
PHPAuction Admin Authentication Bypass
phpCOIN <= 1.2.1b Multiple Vulnerabilities
Sybase EAServer WebConsole jaqadmin Default Password
IceWarp Web Mail Multiple Flaws (4)
phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)
Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
Upload Lite upload.cgi Arbitrary File Upload
WordPress Cookie cache_lastpostdate Parameter PHP Code Injection
PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion
paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection
Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID)
CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities
Moodle < 1.3.3 Cross-Site Scripting Vulnerability
phpMyAdmin setup.php save Action Arbitrary PHP Code Injection
PHP-Fusion <= 6.00.106 Multiple Vulnerabilities
phpScheduleIt reserve.php start_date Parameter Arbitrary Command Injection
Ultimate PHP Board add.php Direct Request Information Disclosure
Calendarix calendar.php Multiple Parameter SQL Injection
SalesLogix eViewer slxweb.dll Request Remote DoS
XOOPS Article Module article.php id Parameter SQL Injection
Matt Wright guestbook.pl Arbitrary Command Execution
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure
3Com Network Supervisor Traversal Arbitrary File Access
Horde Help Viewer Arbitrary Code Execution
CGI Generic Tests HTTP Errors
ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI)
TUTOS < 1.2 Multiple Input Validation Vulnerabilities
Plesk Multiple Script locale_id Parameter Traversal Arbitrary File Access
Woltlab Burning Board verify_email Function SQL Injection
Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution
Terminal Services Web Detection
Informix SQL Web DataBlade Module Traversal Arbitrary File Access
Adobe Document Server for Reader Extensions < 6.1 Multiple Vulnerabilities
WHM AutoPilot < 2.5.20 Multiple Remote Vulnerabilities
ttforum Multiple Vulnerabilities
RCBlog index.php post Parameter Traversal Arbitrary File Access
ModernBill <= 4.3.0 Multiple Vulnerabilities
Verity Ultraseek < 5.7 Multiple Vulnerabilities
My Guest Book (myGuestBk) Multiple Vulnerabilities
Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval
CubeCart FCKeditor connector.php Arbitrary File Upload
KW Whois CGI whois Parameter Arbitrary Command Execution
HP OpenView Client Configuration Manager Default Credentials
Multiple Web Server finger CGI Information Disclosure
HylaFAX faxsurvey Arbitrary Command Execution
PDGSoft Shopping Cart Multiple Vulnerabilities
Horde Horde_Image::factory driver Argument Local File Inclusion
Cacti copy_cacti_user.php template_user Variable SQL Injection
UBB.threads < 6.5.2 beta Multiple Vulnerabilities
SpiderSales Shopping Cart SQL injection
JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID)
CVSTrac cgi.c Multiple Overflows
GForge Multiple Script Traversal Arbitrary Directory Listing
Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution
Serendipity Multiple Scripts serendipity[charset] Parameter Local File Inclusion
WordPress template-functions-category.php cat_ID Parameter SQL Injection
CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution
pluck < 4.5.3 Multiple Local File Include Vulnerabilities
Alkalay.Net Multiple Scripts Arbitrary Command Execution
JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure
FlatNuke index.php id Variable Traversal Arbitrary File Access
MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite
Apache Tomcat TroubleShooter Servlet Information Disclosure
PunBB < 1.2.8 Multiple Vulnerabilities
PostNuke < 0.762 Multiple Vulnerabilities
Simple Form Multiple Parameter Arbitrary Mail Relaying
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
Web Wiz Forums wwforum.mdb Direct Request Database Disclosure
Openfire < 3.6.3 Multiple Vulnerabilities
WebSite Pro webfind.exe keywords Parameter Remote Overflow
GuppY <= 4.5.9 Multiple Remote Vulnerabilities (Traversal, Code Exec)
CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi)
TextPortal Default Passwords
OpenBiblio < 0.5.2 Multiple Scripts Local File Inclusion
ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS)
MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF)
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
CandyPress Store admin/utilities_ConfigHelp.asp helpfield Variable SQL Injection
Simple PHP Blog Detection
MailEnable HTTPMail Service Authorization Header Handling Remote DoS
Apache Win32 ScriptAlias php.exe Arbitrary File Access
Emulive Server4 Authentication Bypass
PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access
ActualAnalyzer Lite style Variable Traversal Local File Inclusion
Netwin Netauth netauth.cgi Traversal Arbitrary File Access
Zen Cart Detection
Mailman Utils.py Spoofed Log Entry Injection
ASG-Sentry CGI Detection
Sambar Server /sysadmin Default Accounts
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities
Site@School Multiple Script cmsdir Parameter Remote File Inclusion
PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion
TikiWiki Unauthorized Page Access
OmniHTTPd imagemap.exe CGI Remote Overflow
Etomite CMS index.php id Paramater SQL Injection
Moodle moodledata/sessions/ Session Files Remote Information Disclosure
Zen Cart password_forgotten.php admin_email Parameter SQL Injection
Trac quickjump Search Script q Parameter Arbitrary Site Redirect
WebCalendar includes/functions.php noSet Variable Overwrite
VHCS login.php check_login() Function Authentication Bypass
Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval
TWiki Detection
Axis Storpoint CD Admin Authentication Bypass
IdeaBox include.php ideaDir Parameter Remote File Inclusion
ping.asp CGI Arbitrary Command Execution
Maian Scripts Cookie Manipulation Authentication Bypass
Dokeos < 1.6.4 / 2.0.3 Multiple Scripts Remote File Inclusion
XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection
ListManager Error Message Information Disclosure
TYPO3 < 3.5.0 Multiple Vulnerabilities
PHP-Ping index.php pingto Parameter Arbitrary Code Execution
IceWarp Web Mail Multiple Flaws (3)
phpwcms 1.2.5 Multiple Vulnerabilities
vCard define.inc.php match Parameter Remote File Inclusion
TWiki ImageGalleryPlugin Shell Command Injection
LimeSurvey sUser Variable SQL Injection
Chipmunk Forum Multiple SQL Injections
LinPHA include/img_view.class.php order parameter SQL Injection
Icecast list_directory Function Traversal File/Directory Enumeration
eggBlog index.php eggblogpassword Variable Cookie SQL Injection
Gallery PostNuke Integration Access Validation Privilege Escalation
Horde Turba status.php Path Disclosure
phpAlbum language.php data_dir Parameter Remote File Inclusion
Mantis < 0.19.3 Multiple Vulnerabilities
Moodle filter/tex/texed.php pathname Parameter Remote Command Execution
Mountain Network Systems webcart.cgi Arbitrary Command Execution
Microsoft IIS idq.dll Traversal Arbitrary File Access
PHP TopSites setup.php Administration Authentication Bypass
AnyForm CGI Arbitrary Command Execution
Mambo Site Server Multiple Vulnerabilities
Seditio Detection
phpMyFAQ < 1.5.2 Multiple Vulnerabilities
XOOPS Jobs Module index.php cid Parameter SQL Injection
BEA WebLogic Null Byte Request JSP Source Disclosure
MPM Guestbook Pro top.php Traversal Arbitrary File Access
Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass
Enterasys Dragon Enterprise Reporting Detection
phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities
myPHPNuke My_eGallery gallery/displayCategory.php basepath Variable Remote File Inclusion
phpBB <= 2.0.14 Multiple Vulnerabilities
PostNuke Sections Module Information Disclosure
OpenEMR C_FormEvaluation.class.php fileroot Parameter Remote File Inclusion
phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution
JRun Web Server (JWS) GET Request Traversal Arbitrary File Access
BBS E-Market Professional index.php filename Variable Traversal Arbitrary File Access
ManageEngine Applications Manager Invalid URI Remote Information Disclosure
Oracle Secure Backup Administration Server Authentication Bypass
WebLogic < 8.1 SP3 Multiple Vulnerabilities
iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read
Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)
boastMachine mail.php id Variable SQL Injection
phpMyAdmin grab_globals.lib.php subform Variable Traversal Local File Inclusion
paFAQ 1.0 Beta 4 Multiple Vulnerabilities
FogBugz Interface Detection
CopperExport XP_Publish.PHP SQL Injection Vulnerability
PHP3 Error Message Physical Path Disclosure
PHP < 5.2.5 Multiple Vulnerabilities
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution
AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution
DUamazon Pro Multiple Scripts SQL Injection
Microsoft Outlook Web Access (OWA) Version Detection
BF Survey Pro Component for Joomla! table Parameter SQL Injection
e107 e107_cookie Parameter SQL Injection
MailEnable HTTPMail Service Authorization Header Remote Overflow
PHP < 5.2 Multiple Vulnerabilities
EZShopper Multiple Directory Traversal Vulnerabilities
Novell GroupWise WebAccess Error Handler Authentication Bypass
Apache Struts devMode Information Disclosure
Xaraya Software/Version Detection
Profense Web Application Firewall Default Credentials
ASP-Rider verify.asp username Parameter SQL Injection
ROADS search.pl form Parameter Traversal Arbitrary File Access
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
PHP Mail Function Header Spoofing
ACal embed/day.php path Variable Remote File Inclusion
AWStats is Openly Accessible
Centreon include/doc/get_image.php img Variable Traversal Arbitrary File Access
CVS (Web Based) Directory Spider
CubeCart <= 2.0.6 Multiple SQL Injections
Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation
CitrusDB Static id_hash Admin Authentication Bypass
Big Brother bb-hist.sh History Module Directory Traversal
Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution
PALS Library System WebPALS pals-cgi Multiple Vulnerabilities
Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure
JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Traversal Arbitrary File Manipulation
Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF)
Nuked-Klan 1.2b Multiple Vulnerabilities
Resin viewfile Servlet Arbitrary File Disclosure
OpenCms < 6.2.2 Multiple Vulnerabilities
Website Baker Admin Login SQL Injection
Backup Files Disclosure
XTreme ASP Photo Gallery adminlogin.asp Multiple Variable SQL Injection
DevoyBB Multiple Remote Vulnerabilities (SQLi, XSS)
WordPress Pingback File Information Disclosure
PostNuke Members_List Module Information Disclosure
AutomatedShops WebC.cgi Multiple Overflows
PHP iCalendar publish.ical.php Arbitrary File Upload
JamMail jammail.pl mail Parameter Arbitrary Command Execution
phpMyFAQ index.php action Variable Local File Inclusion
MyBB search.php forums Parameter SQL Injection
phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification
myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion
ViewCVS < 1.0.0 Multiple Vulnerabilities
XOOPS < 2.0.12 Multiple Vulnerabilities
QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection
Websense Reporting Console Detection
Nukedit utilities/login.asp email Parameter SQL Injection
P-News p-news.php Name Field Privilege Escalation
Horde Imp Webmail status.php3 message Parameter XSS
Mambo Open Source Tar.php Remote File Inclusion
DCP-Portal lib.php root Parameter Remote File Inclusion
EGroupware Software Detection
Listserv < 14.5 Multiple Buffer Overflows
Drupal SA-CONTRIB-2009-080: Simplenews Statistics Open Redirect
FlexCast Server Terminal Authentication Unspecified Remote Issue
PHP-Fusion 4.01 Multiple Vulnerabilities
Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution
PHP Live Helper Multiple Remote File Inclusions
Land Down Under / Seditio polls.php id Parameter SQL Injection
Sambar Server pagecount CGI Traversal Arbitrary File Overwrite
Philboard philboard_admin.ASP Authentication Bypass
SilverNews < 2.0.4 Multiple Vulnerabilities
WebMatic Unspecified Login Function Access Vulnerability
Drupal Software Detection
Microsoft BizTalk Server Multiple Remote Vulnerabilities
Guestbook CGI Arbitrary Command Execution
rot13sj.cgi Arbitrary File Access
Open WebMail userstat.pl Arbitrary Command Execution
SHOUTcast Server User-Agent / Host Header DoS
osTicket setup.php Accessibility
PHPNews auth.php Multiple Parameter SQL Injection
X7 Chat help/index.php help_file Parameter Local File Inclusion
Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access
Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS
Multiple Server Crafted Request WEB-INF Directory Information Disclosure
Trapeze Service Shell - Admin Service Accessible
MediaWiki Multiple Remote Vulnerabilities
Hosting Controller addsubsite.asp Security Bypass
BasiliX login.php3 username Variable Arbitrary Command Execution
CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion
Open Virtual Desktop Detection
Sun Java System Identity Manager Account Disclosure
IMP Software Detection
MediaWiki Language Option eval() Function Arbitrary PHP Code Execution
Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection
WebActive HTTP Server active.log Remote Information Disclosure
Vignette StoryServer TCL Server Crash Information Disclosure
Qualiteam X-Cart Multiple Vulnerabilities
ProductCart Multiple Input Validation Vulnerabilities
paFileDB Detection
sawmill allows the reading of the first line of any file
SquirrelMail strings.php base_uri Parameter Information Disclosure
FtpLocate flsearch.pl fsite Parameter Remote File Inclusion
SiteScope Web Service Unpassworded Access
paFileDB sessions Directory Admin Hashed Password Disclosure
WebLogic Multiple Method Cleartext Password Disclosure
HotOpentickets Privilege Escalation
Sambar Server dumpenv.pl Information Disclosure
PD9 MegaBBS Multiple Vulnerabilities
Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access
PHProjekt <= 5.1 Multiple Remote File Inclusions
ATutor Password Reminder SQL Injection
Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities
VChat Multiple Remote Vulnerabilities
YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities
Simple Web Counter swc ctr Parameter Remote Overflow
Monster Top List sources/functions.php root_path Variable Remote File Inclusion
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities (ID, more)
Squid cachemgr.cgi Proxied Port Scanning
PunBB search.php old_searches Parameter SQL Injection
imageVue < 16.2 admin/upload.php Unrestricted File Upload
XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal
Drupal Theme System Template Local File Inclusion
PHPix index.phtml Multiple Parameter Arbitrary Command Execution
RTH login.php uname Parameter SQL Injection
osTicket Form Field Modification File Upload Size Restriction Bypass
Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities
Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc)
Poster version.two index.php Account Manipulation Privilege Escalation
PHP < 5.2.9 Multiple Vulnerabilities
Site Sift Listings detail.php id Parameter SQL Injection
Sambar Server Multiple Script Arbitrary Code Execution
CuteNews search.php files_arch Array Arbitrary File Access
Wikka wikka.php Local File Inclusion
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
Exponent CMS index.php view Variable Local File Inclusion
PAFileDB Multiple Script Error Message Path Disclosure
VICIDIAL Call Center Suite admin.php SQL Injection
Mensajeitor Tag Board Admin Bypass
pMachine lib.inc.php pm_path Parameter Remote File Inclusion
PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access
Joomla! index.php mosConfig_absolute_path Parameter Remote File Inclusion
phpPgAdmin sql.php goto Parameter Traversal Arbitrary File Access
w-Agora <= 4.2.0 Multiple Vulnerabilities
Coppermine imageObjectIM.class.php Command Execution Vulnerabilities
PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection
Multiple Vendor test-cgi Arbitrary File Access
phpWebNotes t_path_core Parameter File Include Vulnerability
Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
Serendipity XML-RPC for PHP Remote Code Injection
Invision Power Board ipchat.php root_path Parameter Remote File Inclusion
w-Agora index.php site Parameter Traversal Arbitrary File Access
FTGate <= 4.4.002 Multiple Remote Vulnerabilities (OF, FS, XSS)
Discuz! <= 4.0.0 rc4 Arbitrary File Upload
SIX-webboard generate.cgi content Variable Traveral Arbitrary File Access
AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation
Snitz Forums 2000 <= 3.4.07 register.asp Email Parameter SQL Injection Vulnerability
PHP-Blogger pref.db Database Information Disclosure
PHPCatalog id Parameter SQL Injection
myPHPNuke phptonuke.php filnavn Parameter Traversal Arbitrary File Access
Matt Wright textcounter.pl Arbitrary Command Execution
Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution
2BGal disp_album.php id_album Parameter SQL Injection
DUclassmate Multiple Scripts SQL Injection
ProductCart Multiple Scripts SQL Injection
WordPress < 1.2.2 Multiple Vulnerabilities
Plumtree Portal Default Credentials
Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cookie SQL Injection
phpBB viewtopic.php topic_id Variable SQL Injection
Horde IMP mailbox.php3 Multiple Variable SQL Injection
Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection
PostNuke Install Script Admin Password Disclosure
Roxen Web Server Counter Module Crafted Request Saturation DoS
Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion
NewsScript newsscript.pl mode Parameter Privilege Escalation
PHPWebAdmin for hMailServer Multiple File Inclusions
ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal)
JBoss JMX Console Unrestricted Access
Simple Machines Forum Avatar Information Disclosure Vulnerability
EATON MGE Network Shutdown Module < 3.20 Authentication Bypass / Command Execution
PostNuke Glossary Module page Parameter SQL Injection
TrackerCam Multiple Remote Vulnerabilities
UBB.threads doeditconfig Arbitrary Command Injection
MercuryBoard User-Agent SQL Injection
htgrep hdr Parameter Arbitrary File access
ADOdb server.php sql Variable SQL Injection
Windmail.exe Shell Metacharacter Arbitrary Command Execution
ASG-Sentry CGI Default Credentials
Blog Torrent < 0.81 btdownload.php Multiple Vulnerabilities
Web Server /cgi-bin Perl Interpreter Access
Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
JBrowser Admin Authentication Bypass Vulnerability
Cart32 c32web.exe ImageName Traversal Arbitrary File Access
Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing
CMS Made Simple url Parameter Arbitrary File Access
SocialEngine Blog Plugin category_id Parameter SQL Injection
JFFNMS auth.php Multiple Parameter SQL Injection
Custom Pages for Joomla! index.php cpage Variable Remote File Inclusion
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
vBulletin authorize.php x_invoice_num Variable SQL Injection
Web Wiz check_user.asp txtUserName Parameter SQL Injection
phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities
Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
PBLang login.php lang Parameter Local File Inclusion
Snitz Forums 2000 Detection
Apache Tomcat source.jsp Arbitrary Directory Listing
Coppermine Photo Gallery displayimage.php SQL injection
WowBB view_user.php Multiple Parameter SQL Injection
Plogger plog-rss.php id Parameter SQL Injection
VP-ASP Multiple Script SQL Injection
Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities
PHPAuction Multiple Script include_path Parameter File Inclusion
TWiki filename Parameter Traversal Arbitrary File Access
Trend Micro Scanmail for Domino nsf File Information Disclosure
phpMyAdmin sql.php Traversal Arbitrary File Access
HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more)
TinyWebGallery lang Parameter Local File Inclusion
Listserv < 14.3-2005a Multiple Vulnerabilities
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities
Horde Ingo Software Detection
Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload
RealServer /admin/Docs/default.cfg Information Disclosure
MaxWebPortal memKey Parameter SQL Injection
Thyme event_view.php eid Parameter SQL Injection
phpAdsNew XML-RPC Library Remote Code Injection
PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution
Dream4 Koobi CMS index.php area Parameter SQL Injection
NETGEAR Wireless Access Point Hardcoded Default Password
Stoc'an Shopping Cart shop.plx Path Disclosure
Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)
PAJAX < 0.5.2 Multiple Vulnerabilities
Pixelpost index.php category Parameter SQL Injection
PHP/FI php.cgi Traversal Arbitrary File Access
YaNC yanc.html.php listid Parameter SQL Injection
Phorum search.php location Parameter HTTP Response Splitting
Advanced Poll info.php Remote Information Disclosure
DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution
PHP < 5.2.11 Multiple Vulnerabilities
ASPrunner 2.4 Multiple Vulnerabilities
Movable Type Detection
NetWin CWmail.exe Item Parameter Remote Overflow
NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing
WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection
Netquery <= 3.11 nquser.php host Variable Arbitrary Command Execution
PostNuke <= 0.760 RC2 Multiple Vulnerabilities
Webserver 4D Cleartext Password Storage
SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion
FuseTalk index.cfm txForumID Variable SQL Injection
phpBB <= 2.0.13 Multiple Vulnerabilities
Webmin / Usermin miniserv.pl Arbitrary File Disclosure
Zen Cart password_forgotten.php Admin Access Bypass
Kayako LiveResponse Multiple Input Validation Vulnerabilities
PBLang 4.65 Multiple Vulnerabilities
Help Center Live osTicket Module Multiple Unspecified SQL Injections
phpWebSite <= 0.10.1 Multiple Vulnerabilities
Coppermine Photo Gallery index.php file Parameter Local File Inclusion
WordPress WP-Forum forum_feed.php thread Parameter SQL Injection
Woltlab Burning Board Multiple SQL Injections
Novell Teaming Login User Account Enumeration Weakness
Gregarius ajax.php rsargs[] Parameter Array SQL Injection
Directory Manager edit_image.php Arbitrary Command Execution
HP OpenView Network Node Manager Multiple CGI Remote Overflows
dotProject Multiple Scripts Remote File Inclusion
DotNetNuke Upgrade Process validationkey Generation Weakness Privilege Escalation
ELOG Web LogBook global Denial of Service
phpSANE file_save Parameter Remote File Include
GTcatalog password.inc Direct Request Password Disclosure
Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)
BitDefender Update Server HTTP Request Traversal Arbitrary File Access
TWiki configure Script Arbitrary Command Execution
Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)
phpMyAdmin Detection
phpWebSite < 0.9.x Multiple Vulnerabilities
PHPNews auth.php path Parameter Remote File Inclusion
Joomla! Detection
WebShield Appliance Detection
Sympa wwsympa Invalid LDAP Password Remote DoS
Symantec Reporting Server Improper URL Handling Exposure
MyDMS < 1.4.3 Multiple Vulnerabilities
AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc)
PHP Doc System index.php show Parameter Local File Inclusion
PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection
SquirrelMail HTTPS Session Cookie Secure Flag Weakness
PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion
HP DDMI on Windows Unspecified Remote Agent Access
IRIX webdist.cgi Arbitrary Command Execution
OrangeHRM login.php txtUserName Parameter SQL Injection
DokuWiki fetch.php Multiple Variable imconvert Function Arbitrary Command Execution
Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion
Sambar Server Multiple CGI Remote Overflow
Guestbook tr3.a Password Disclosure
BasiliX Application Installation Detection
Trend Micro TMCM Console Management Detection
OpenX ac.php bannerid Parameter SQL Injection
Firefly Media Server Limited Directory Traversal Admin Credential Disclosure
Way-board way-board.cgi db Parameter Arbitrary File Access
yappa-ng index.php album Parameter Local File Inclusion
Allaire JRun Crafted Request WEB-INF Forced Directory Listing
Bharat Mediratta Gallery includedir Parameter Remote File Inclusion
Gallery Zipcart Module Arbitrary File Disclosure
OpenWebMail < 1.90 Multiple Vulnerabilities
Woltlab Burning Board Detection
XAMPP Example Pages Detection
phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion Vulnerability
/doc/packages Directory Browsable
Moodle < 1.5.1 Multiple Vulnerabilities
osTicket <= 1.2.7 Multiple Vulnerabilities
Forum51/Board51/News51 Users Disclosure
ArGoSoft Mail Server Pro <= 1.8.7.6 Multiple Vulnerabilities (XSS, Traversal, Priv Esc)
Mambo < 4.6.5 mos_user_template Local File Inclusion
Horde Admin Account Default Password
InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation
BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Variable Remote File Inclusion
NetCharts Server Default Password
Web Wiz Site News / Compulsive Media CNU5 news.mdb Direct Request Database Disclosure
Pligg settemplate.php template Parameter Local File Inclusion
Stronghold swish Search Script Information Disclosure
Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload
SimpleChat Information Disclosure
e107 download.php extract() Function Variable Overwrite
YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution
Joomla! < 1.0.8 Multiple Vulnerabilities
MyBB forumdisplay.php sortby Parameter Arbitrary PHP Code Execution
UBB.threads dosearch.php SQL injection
Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
Mini SQL CGI content-length Field Remote Overflow
Website Baker REMEMBER_KEY Cookie SQL Injection
Cobalt RaQ2 cgiwrap Multiple Vulnerabilities
Mort Bay Jetty URL Multiple Slash Character Information Disclosure
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval
Basilix Webmail .class / .inc Direct Request Remote Information Disclosure
CVSTrac Database Plaintext Password Storage
PGPMail.pl detection
DUportal Pro Multiple Scripts SQL Injection (2)
Mambo Detection
CVS (Web Based) Entries File Information Disclosure
CuteNews inc/function.php archive Variable Arbitrary File Access
phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)
Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access
LedgerSMB / SQL-Ledger login.pl script Parameter Arbitrary Perl Code Execution
Microsoft IIS newdsn.exe Arbitrary File Creation
Invision Community Blog Module eid Parameter SQL Injection
Moodle < 1.5.3 Multiple SQL Injection Vulnerabilities
Calendarix Basic cal_cat.php catview Variable SQL Injection
iisPROTECT Encoded URL Authentication Bypass
Coppermine Photo Gallery Detection
phpMyFAQ Image Upload Authentication Bypass
Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution
XOOPS Multiple Modules spaw_control.class.php spaw_root Parameter Remote File Inclusion
HSWeb HTTP Server /cgi Directory Request Path Disclosure
IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities
Oreon lang/index.php file Parameter Remote File Inclusion
Land Down Under <= 801 Multiple Vulnerabilities
INL ulog-php port.php proto Parameter SQL Injection
Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass
IlohaMail index.php init_lang Variable Arbitrary File Access
PHP-Fusion Database Backup Disclosure
FCKeditor CurrentFolder Arbitrary File Upload
Justice Guestbook 1.3 Multiple Vulnerabilities
Web Application Tests : load estimation
phpLDAPadmin custom_welcome_page Parameter File Include Vulnerability
A1Stats Multiple Script Traversal Arbitrary File Access
PHP < 4.2.x mail Function CRLF Injection
Limbo CMS sql.php classes_dir Parameter Remote File Inclusion
SaveWebPortal <= 3.4 Multiple Vulnerabilities
PunBB Search Dropdown Private Forum Disclosure
PmWiki < 2.1.21 Global Variables Overwriting
FireStats < 1.6.2 Multiple Vulnerabilities
Redhat Stronghold status / info Request Information Disclosure
iXmail index.php password Parameter SQL injection
CGI::Session File Driver CGISESSID Cookie Traversal Authentication Bypass
Module Builder DownloadModule Traversal Arbitrary File Disclosure
DokuWiki config_cascade Parameter Remote File Inclusion
phpMyFAQ Forum Message username Field SQL Injection
Ingo Foldername Arbitrary Command Execution
MyBB member.php uid Parameter SQL Injection
Savant Web Server cgitest.exe Overflow
Master Index search.cgi Traversal Arbitrary File/Directory Access
Mailgust Password Reminder email Field SQL Injection
DUpaypal Pro Multiple Scripts SQL Injection
PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution
CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS)
WebAdmin < 3.2.5 Multiple Vulnerabilities
phpMyFAQ < 1.6.10 Multiple Script Arbitrary File Upload
Monkey HTTP Daemon (monkeyd) < 0.9.1 Multiple Vulnerabilities
WebCalendar Login Error Message User Account Enumeration
Lyris ListManager Subscription Form Administrative Command Injection
Geeklog Detection
WordPress AdServe adclick.php id Parameter SQL Injection
Sun Java Web Server bboard Servlet Command Execution
OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access
OneOrZero Helpdesk default_language Local File Inclusion
Sun ONE (iPlanet) Application Server Detection
Netquery <= 3.1 Multiple Vulnerabilities
CVSTrac CVSROOT/passwd Arbitrary Account Deletion
CuteNews Detection
SPiD lang.php lang_path Remote File Inclusion
IlohaMail Multiple Configuration Files Remote Information Disclosure
IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access
IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities
DUforum Multiple Scripts SQL Injection
Nabopoll survey.inc.php path Parameter Remote File Inclusion
AWStats awstats.pl Path Disclosure
Limbo com_fm Component sql.php classes_dir Variable Remote File Inclusion
Mambo Global Variables Unauthorized Access
CGI Generic Local File Inclusion Vulnerability
WoltLab Burning Board search.php Multiple Variable SQL Injection
Packeteer Web Management Interface Version Detection
Silent-Storm Portal Multiple Input Validation Vulnerabilities
Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access
JGS-Portal for WoltLab Burning Board Multiple Vulnerabilities (SQLi, XSS)
Seditio plug.php pag_sub Parameter SQL Injection
Sysinfo name Parameter Arbitrary Code Execution
PunBB < 1.2.2 Multiple Input Validation Vulnerabilities
Phorum Detection
HP DDMI Web Interface Default Credentials
Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS
Flyspeck lang Parameter Local File Inclusion
webERP Configuration File Remote Access
Icecast Encoded Traversal Arbitrary File Access
icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access
Sympa Detection
FAQManager Arbitrary File Reading Vulnerability
Interspire ArticleLive Multiple Remote Vulnerabilities (XSS, Auth Bypass)
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
GuppY inc/includes.inc selskin Parameter Traversal Local File Inclusion
Mambo MOStlyCE Mambot Arbitrary File Rename
Log Rover pword Parameter SQL Injection
FCKeditor upload.php Type Variable Arbitrary File Upload
Plogger plog-download.php checked[] Parameter SQL Injection
WebLogic Servlets Multiple Vulnerabilities
Gallery save_photos.php Arbitrary Command Execution
MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access
Mambo Open Source / Joomla! GLOBALS Variable Remote File Inclusion
phpMyAgenda rootagenda Parameter File Include Vulnerability
MyBB ratethread.php rating Parameter SQL Injection
Hosting Controller Multiple Script ForumID Parameter SQL Injection
EZPhotoSales Multiple Configuration Files Remote Information Disclosure
WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution
Open WebMail Shell Escape Arbitrary Command Execution
Web Server Generic 3xx Redirect
KorWeblog < 1.6.2 Multiple Vulnerabilities
phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability
Sympa Malformed Content-Type Header Remote DoS
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access
Leif Wright ad.cgi file Parameter Arbitrary Command Execution
Instaboard index.cfm Multiple Parameter SQL Injection
Mambo / Joomla! Multiple Components mosConfig_live_site Parameter Remote File Inclusion
Coppermine Photo Gallery keysToSkip Variable Overwrite
Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access
DevTrack Web Service UserName Field SQL Injection
vBulletin calendar.php eventid Variable SQL Injection
Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access
ashNews 0.83 Multiple Vulnerabilities
BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation
PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
FlatNuke < 2.5.6 Multiple Remote Vulnerabilities (XSS, Disc, Command Exe)
MailMarshal Spam Quarantine Interface Arbitrary Account Password Retrieval
Ocean12 ASP Calendar Administrative Access
Spyke Multiple Remote Vulnerabilities
BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS)
Coppermine Photo Gallery showdoc.php f Variable Local File Inclusion
Webhosting Component for Joomla catid Parameter SQL Injection
phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities
Ipswitch WhatsUp Professional Crafted Header Authentication Bypass
MyBB misc.php fid Parameter SQL Injection
Simplicity oF Upload download.php language Parameter Local File Inclusion
PunBB profile.php id Parameter SQL Injection
CA Host-Based Intrusion Prevention System Server Default Credentials
Simple PHP Blog install05.php blog_language Parameter Local File Inclusion
WebAPP Detection
WEBrick Encoded Traversal Arbitrary CGI Source Disclosure
Directory Pro Traversal Arbitrary File Access
MailWatch authenticate() Function SQL Injection
Marcus Xenakis directory.php Execute Arbitrary Commands
Moodle Forum post.php Unauthorized Post Deletion CSRF
OpenCart route Parameter Local File Inclusion
Truegalerie admin.php loggedin Parameter Admin Authentication Bypass
Advanced Guestbook index.php entry Parameter SQL Injection
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities
Multiple Dangerous CGI Script Detection
PHP < 5.2.1 Multiple Vulnerabilities
Microsoft FrontPage htimage.exe CGI Remote Overflow
DB4Web Server Debug Mode TCP Port Scanning Proxy
PlusMail plusmail CGI Arbitrary Command Execution
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
Sambar Server search.pl results.stm Overflow DoS
thttpd ssi Servlet Encoded Traversal Arbitrary File Access
IceWarp Web Mail Multiple Flaws (1)
web-app.org WebAPP Encoded Request .dat File Disclosure
PSCS VPOP3 messagelist.html msglistlen Parameter DoS
NetworkActiv Web Server Crafted Filename Request Script Source Disclosure
VP-ASP shopexd.asp catalogid Parameter SQL Injection
IlohaMail Software Detection
WebCalendar assistant_edit.php Unauthorized Access
Nucleus CMS < 3.15 Multiple Vulnerabilities
Macallan Mail Solution Web Interface Authentication Bypass
PHP Multiple Image Processing Functions File Handling DoS
Simple Machines Forum msg Parameter SQL Injection Vulnerability
Ikonboard ikonboard.cgi Multiple Parameter SQL Injection
Glimpse HTTP aglimpse Arbitrary Command Execution
Sun JavaServer Default Admin Password
Microsoft ASP.NET Malformed File Request Path Disclosure
Claroline ldap.inc.php clarolineRepositorySys Variable Remote File Inclusion
Microsoft IIS fpcount.exe CGI Remote Overflow
Dragonfly CMS install.php newlang Variable Local File Inclusion
SiteEnable Multiple Input Validation Vulnerabilities
Limbo CMS Multiple Vulnerabilities
Apache Tomcat RequestDispatcher Directory Traversal Vulnerability
XEROX WorkCentre WebUI Arbitrary Command Execution (XRX06-005)
SLMail WebMail Multiple Remote Overflows
VHCS PHPSESSID Cookie Session Fixation
SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion
phpMyAdmin < 2.5.2 Multiple Vulnerabilities
w-Agora 4.1.6a Multiple Input Validation Vulnerabilities
Fortinet Fortigate Web Console Management Detection
SilverStream Database Structure Disclosure
GTcatalog index.php custom Parameter Remote File Inclusion
phpBB Cash_Mod admin_cash.php Arbitrary Command Execution
pMachine mail_autocheck.php Arbitrary Code Execution
AutomatedShops WebC.cgi Installation Detection
WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access
JAWS Directory Traversal Vulnerability
Cerberus Support Center Multiple Remote Vulnerabilities (SQLi, XSS)
GWExtranet gwextranet/scp.dll Multiple Variable Traversal Local File Inclusion
Loudblog index.php id Parameter SQL Injection
phpSysInfo < 2.4.1 Multiple Vulnerabilities
Geronimo Console Default Credentials
Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access)
paFileDB auth.php pafiledbcookie Cookie SQL Injection
HAMweather Template.php do_parse_code Function Arbitrary Code Execution
ocPortal index.php req_path Parameter Remote File Inclusion
phpLDAPadmin Anonymous Bind Security Bypass Vulnerability
ICQ Web Front Service guestbook.cgi DoS
LifeType index.php Date Parameter SQL Injection
Ipswitch WhatsUp Professional Login.asp Multiple Field SQL Injection
Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection
MediaWiki Detection
Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution
TYPO3 jumpUrl Mechanism Information Disclosure
IBM Websphere Commerce Database Update Information Disclosure
phPay admin/phpinfo.php Information Disclosure
Owl Intranet Engine lib/OWL_API.php xrms_file_root Variable Remote File Inclusion
Web Site Malicious Javascript Link Detection
CGI Generic Command Execution Vulnerability
Geeklog User Comment Retrieval SQL Injection
Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass
Serendipity exit.php Multiple Parameter SQL Injection
Kietu index.php Remote File Inclusion
GNUMP3d < 2.9.6 Multiple Remote Vulnerabilities (XSS, Traversal)
Owl < 0.74.0 Multiple Vulnerabilities
CoolForum Multiple SQL Injections
phpGroupWare Detection
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities
Acajoom Component for Joomla! <= 3.2.6 Backdoor
BroadVision One-To-One Enterprise Nonexistent JSP Request Path Disclosure
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
Viralator CGI Script Arbitrary Command Execution
Microsoft Site Server Multiple Script Information Disclosure
Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion
HP LaserJet Web Server Unspecified Admin Component Traversal Arbitrary File Access
phpList cline Parameter Array Remote File Inclusion
Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
iBill ibillpm.pl Password Generation Weakness
Hosting Controller hosting/addreseller.asp reseller Variable Authentication Bypass
HappyMall Multiple Script Arbitrary Command Execution
RaidenHTTPD workspace.php ulang Parameter Local File Inclusion
Ipswitch WhatsUp Gold Default Admin Account
SimpGB guestbook.php quote Parameter SQL Injection
Serendipity Multiple Script HTTP Response Splitting
MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities
Vignette Application Portal Diagnostic Utility Information Disclosure
e107 ePing Plugin doping.php Arbitrary Code Execution
Siteman Page User Database Privilege Escalation
Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion
Moodle LaTeX Information Disclosure
Multiple Web Server printenv CGI Information Disclosure
TalentSoft Web+ webplus CGI Traversal Arbitrary File Access
Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure
ListManager < 8.9b Multiple Vulnerabilities
Polar HelpDesk Authentication Bypass
ZixForum ZixForum.mdb DIrect Request Database Disclosure
Coppermine Photo Gallery include/functions.inc.php _data Cookie lang Variable Traversal Local File Inclusion
IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure
CubeCart < 2.0.6 settings.inc.php Multiple Script XSS
HotNews Multiple Script Remote File Inclusion
bttlxeForum login.asp Multiple Field SQL Injection
phpWebSite index.php Search Module SQL Injection
Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion
osTicket <= 1.3.1 Multiple Vulnerabilities
Trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion
VP-ASP shopsearch SQL injection (SQLi)
PHPFM Arbitrary File Upload
paFileDB pafiledb.php Multiple Parameter SQL Injection
Advanced Poll admin/index.php Session Identifier Replay Authentication Bypass
Cobalt siteUserMod.cgi Arbitrary Password Modification
PayPal Store Front index.php page Parameter Remote File Inclusion
PunBB < 1.2.6 Multiple Vulnerabilities
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
SquirrelMail < 1.4.6 Multiple Vulnerabilities
Hosting Controller Software Detection
Carello E-Commerce Carello.dll Command Execution
CVSTrac history.c history_update Function Overflow
Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe)
Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities
Drupal Comment Function Arbitrary Code Execution
paNews Detection
Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)
phpMyConferences menus.inc.php lvc_include_dir Parameter Remote File Inclusion
my_gallery Plugin for e107 dload.php file Parameter Arbitrary File PHP Source Disclosure
PmWiki < 2.1 beta 21 Multiple Vulnerabilities
phpList Detection
Invision Power Board ssi.php f Parameter SQL Injection
Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection
ZABBIX Web Interface Detection
PHP < 5.2.10 Multiple Vulnerabilities
AspUpload Test11.asp Arbitrary File Upload
ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal)
cPanel guestbook.cgi template Variable Arbitrary Command Execution
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
WebGUI user profile Unspecified Vulnerability
Web Server /cgi-bin Shell Access
Smart Publisher index.php filedata Parameter Arbitrary Command Execution
OneOrZero Helpdesk tinfo.php Arbitrary File Upload
The Includer includer.cgi Arbitrary Command Execution
SquirrelMail decodeHeader HTML injection vulnerability
dotProject docs/ Directory Multiple Script Information Disclosure
Bugzilla Software Detection
MultiHTML multihtml.pl Traversal Arbitrary File Access
Squirrelcart index.php Multiple Parameter SQL Injection
Microsoft IIS query.asp Direct Request DoS
SHOUTcast Server admin.cgi Long Argument Overflow
IceWarp Multiple Script Remote File Inclusion
AWStats Referrer Arbitrary Command Execution Vulnerability
VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution
Geeklog SEC_authenticate Function SQL Injection
Joomla! < 1.0.11 Unspecified Remote Code Execution
Tenable Security Center Default Credentials
PowerPortal index.php index_page Parameter SQL Injection
Mailman private.py true_path Function Traversal Arbitrary File Access
MyBB < 1.01 SQL Injection
PunBB Detection
Stoc'an Shopping Cart shop.plx page Parameter Arbitrary Command Execution
eFiction < 2.0.2 Multiple Remote Vulnerabilities (SQLi, XSS, Disc)
Symantec Web Security Detection
SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion
ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities
csSearch csSearch.cgi setup Parameter Arbitrary Command Execution
Cacti cmd.php Multiple Variable SQL Injection Arbitrary Command Execution
Site@School slideshow_full.php album_name Parameter SQL Injection
Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing
SquirrelMail < 1.45 Multiple Vulnerabilities
Mozilla Bonsai Mutiple Flaws (Auth Bypass, XSS, Cmd Exec, PD)
Cacti index.php/sql.php Login Action login_username Variable SQL Injection
Mantis Detection
Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities
IRCXPro Default Admin Password
phpBB viewtopic.php highlight Parameter SQL Injection
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities
vBulletin includes/init.php Unspecified Vulnerability
Exhibit Engine list.php Multiple Parameter SQL Injection
Xylogics Annex Terminal Service ping CGI Program DoS
CubeCart < 2.0.5 Multiple Vulnerabilities
JBoss %00 Request JSP Source Disclosure
PHP Easy Download admin/save.php moreinfo Parameter Code Injection
HP System Management Homepage < 3.0.1.73 Multiple Flaws
OpenNMS Web Console Detection
Bugzilla < 2.16.7 / 2.18.0rc3 Multiple Information Disclosures
Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion
ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure
XOOPS Articles Module print.php id Parameter SQL Injection
uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access
Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)
F5 BIG-IP Web Management Interface Version
FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
Plumtree Portal User Object User Enumeration
phpMyAdmin import_blacklist Variable Overwriting
RaidenHTTPD check.php SoftParserFileXml Parameter Remote File Inclusion
OpenDocMan Access Control Bypass
Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities
Simplog <= 0.9.2 Multiple Vulnerabilities
IlohaMail Forged GET/POST Arbitrary Contacts Deletion
ActivePerl findtar Sample Script Remote Command Execution
Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion
OmniHTTPd visadmin.exe Malformed URL DoS
Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi
CGI Generic SQL Injection Vulnerability
Moodle < 1.6.2 Multiple Vulnerabilities
PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access
Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure
BASE Authentication Redirect Authentication Bypass
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
OmniPro HTTPd 2.08 Encoded Space Request Script Source Disclosure
Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution
Thunderstone Software Texis Crafted Request Information Disclosure
PhpWebGallery comments.php sort_by Parameter SQL Injection
XOOPS xoopsConfig[language] Parameter Local File Inclusion (DSECRG-08-040)
Gallery Install Log Local Information Disclosure
Boozt index.cgi Banner Creation Name Field Overflow
AEC Subscription Manager Component usage Parameter SQL Injection
MapServer Multiple Remote Vulnerabilities
Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass
CommuniGate Pro Referer Field Session Token Disclosure
Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay
Zen Cart products_id[] Array SQL Injection
phpAdsNew helperfunction.php Remote File Inclusion
WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities
Mantis manage_user_create.php CSRF New User Creation
phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution
Invision Power Board sources/post.php qpid Parameter SQL Injection
CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution
Sambar Server cgitest.exe Remote Overflow
Serendipity < 0.8.1 Multiple Vulnerabilities
WordPress < 0.72 RC1 Multiple Vulnerabilities
ActualAnalyzer direct.php rf Variable Remote File Inclusion
LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities
AppServ appserv/main.php appserv_root Variable Remote File Inclusion
Tarantella Enterprise ttawebtop.cgi pg Variable Traversal Arbitrary File Access
TorrentTrader download.php id Parameter SQL Injection
Icecast MP3 Client HTTP GET Request Remote Overflow
Webcart Default Install Configuration Disclosure
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
LDU Software/Version Detection
WebAPP apage.cgi f Parameter Arbitrary Command Execution
phpFormGenerator Arbitrary File Upload
Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure
MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities
OpenNMS Web Console Default Credentials
Inktomi Search MS-DOS Device Name Request Path Disclosure
Web Server Office File Inventory
phpPgAdmin index.php _language Parameter Local File Inclusion
Zen Cart ipn_main_handler.php custom SQL Injection
JCE Admin Component for Joomla! jce.php Multiple Vulnerabilities (LFI, XSS)
Claroline claro_init_local.inc.php extAuthSource[newUser] Variable Remote File Inclusion
osTicket open.php Support Address Crafted Mail Loop Remote DoS
X7 Chat index.php day Parameter SQL Injection
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities
Mambo Open Source Multiple Vulnerabilities
Stadtaus Gaestebuch-Script index.php include_files Variable Remote File Inclusion
Kerio WebMail < 5.7.7 Multiple Vulnerabilities
Snitz Forums 2000 3.4.03 Multiple Vulnerabilities
Microsoft IIS Translate f: ASP/ASA Source Disclosure
VisNetic / Merak Mail Server Multiple Remote Vulnerabilities
DCForum dcboard.cgi Multiple Vulnerabilities
Singapore Gallery < 0.9.11 Multiple Vulnerabilities
Trend Micro Emanager Detection
phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection
WordPress 2.1.1 Multiple Script Backdoor
PHP-Nuke opendir.php Traversal Arbitrary File Read
News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access
Open WebMail Detection
BASE < 1.2.5 readRoleCookie() Auth Bypass
Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion
OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities
webadmin.php show Parameter Arbitrary File Access
WihPhoto sendphoto.php Traversal Arbitrary File Access
Java (.java / .class) Source Code Disclosure
RoundCube Webmail bin/html2text.php Post Request Remote PHP Code Execution
PHP < 4.4.9 Multiple Vulnerabilities
WP-Syntax apply_filters function Command Execution
Adobe Breeze Directory Traversal Arbitrary File Access
Trend Micro ControlManager < 3.0 SP5 Multiple Vulnerabilities
Adobe Document Server File URI Arbitrary Resource Manipulation
Infinity CGI Exploit Scanner Multiple Vulnerabilities
Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion
phpGroupWare Admin/Setup Password Cleartext Cookie Storage
PHPNews news.php prevnext Parameter SQL Injection
WebHints hints.pl Arbitrary Command Execution
FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution
Zmanda Recovery Manager for MySQL socket-server.pl MYSQL_BINPATH Variable Command Execution
Webmin miniserv.pl username Parameter Format String
ArGoSoft Mail Server Multiple Traversals
My_eGallery < 3.1.1g Remote File Inclusion
XAMPP < 1.4.14 Multiple Vulnerabilities
e107 resetcore.php user Field SQL Injection
AWStats rawlog.pm logfile Parameter Arbitrary Command Execution
Turbo Seek tseekdir.cgi location Parameter Arbitrary File Access
Webmin / Usermin Null Byte Filtering Vulnerabilities
phpCOIN < 1.2.2 2005-12-13 Fix-File Multiple Vulnerabilities
Geeklog auth.inc.php loginname Parameter SQL Injection
Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access
Winmail Server Webmail Unspecified Vulnerability
Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS)
IBM WebSphere Application Server %20 Request Source Disclosure
Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection
phpSecurePages cfgProgDir Variable File Include Vulnerabilities
PHP-Ping php-ping.php count Parameter Arbitrary Command Execution
AWStats migrate Parameter Arbitrary Command Execution
RunCMS Remote Arbitrary File Upload Vulnerability
PostNuke <= 0.760 RC4a Multiple Vulnerabilities
LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass
TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow (2)
Gallery < 1.4.4-pl5 Multiple Remote Vulnerabilities (XSS, Path Disc)
BugPort Attached File Handling Unspecified Issue
DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQL Injection
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution
Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion
RiSearch show.pl Open Proxy Relay
JRun viewsource.jsp Directory Traversal Vulnerability
Athena Web Registration athenareg.php pass Variable Command Execution
MondoSearch MsmMask.exe Arbitrary Script Source Disclosure
WordPress Trackback wp-trackback.php tb_id Parameter SQL Injection
e107 class2.php e107language_e107cookie Cookie Traversal Local File Inclusion
EDIMAX EW-7205APL Wireless AP Default Password Check
Mobius DocumentDirect ddicgi.exe Long GET Request Overflow
Site Documentation Module for Drupal Database Tables Access Content Permission Information Disclosure
CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection
Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion
bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)
Zorum <= 3.5 Multiple Remote Vulnerabilities
Thunderstone Software Texis Nonexistent File Request Path Disclosure
HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access
Netscape PSCOErrPage.htm errPagePath Parameter Traversal Arbitrary File Access
XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)
myphpPageTool /doc/admin/index.php ptinclude Parameter Remote File Inclusion
CubeCart index.php cat_id Parameter SQL Injection
WWWBoard passwd.txt Authentication Credential Disclosure
Microsoft IIS Multiple Vulnerabilities (MS02-018)
GNU Mailman Multiple Unspecified Remote Vulnerabilities
miniBB index.php user Variable SQL Injection
ColdFusion Multiple Vulnerabilities (File Upload/Manipulation)
Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration
Nucleus CMS action.php itemid Parameter SQL Injection
Alibaba get32.exe Arbitrary Command Execution
CherryPy staticFilter Traversal Arbitrary File Access
ProductCart Multiple Vulnerabilities
WebWho+ whois.pl time Parameter Arbitrary Command Execution
Photopost PHP Pro photo Parameter SQL Injection
WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion
TYPO3 spell-check-logic.php userUid Parameter Arbitrary Command Execution
BizDB bizdb-search.cgi Arbitrary Command Execution
Horde Chora CVS Viewer diff Utility Arbitrary Command Execution
CVSTrac filediff Arbitrary Remote Code Execution
ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure
MyBB < 1.0 Multiple SQL Injection Vulnerabilities
Trac Ticket Query Module group Parameter SQL Injection
WordPress wp-login.php HTTP Response Splitting
BEA WebLogic config.xml Operator/Admin Password Disclosure
Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure
Movable Type mt-load.cgi Privilege Escalation
D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS
Gallery HTTP Global Variables File Inclusion
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
YaBB 1 Gold < 1.3.2 Multiple Input Validation Vulnerabilities
ColdFusion Debug Mode Information Disclosure
Basilix Webmail Attachment Crafted POST Arbitrary File Access
Jinzora Multiple Script include_path Parameter Remote File Inclusion
Linksys WVC54GCA Wireless-G /img/main.cgi Information Disclosure Vulnerability
Loudblog backend_settings.php Multiple Parameter Remote File Inclusion
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion
eZ Publish settings/site.ini Configuration Disclosure
Microsoft IIS/PWS %2e Request ASP Source Disclosure
Horde Software Detection
Netbilling nbmember.cgi cmd Parameter Information Disclosure
Pixelpost < 1.5 RC1 showimage Parameter SQL Injection
Sawmill < 7.1.6 Multiple Vulnerabilities
PHP < 4.4.8 Multiple Vulnerabilities
spin_client.cgi Remote Overflow
WebAPP Directory Traversal
PhpDig < 1.8.5 Unspecified Vulnerability
ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities
McAfee Common Management Agent 3.6.0.546 Multiple Vulnerabilities
Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
iisPROTECT Unpassworded Administrative Interface
Invision Power Board Software Detection
Zanfi CMS Lite index.php inc Parameter Remote File Inclusion
IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure
ShopCartCGI Multiple Script Traversal Arbitrary File Access
DUware Products Multiple Remote Vulnerabilities (SQLi, XSS)
MapServer < 5.4.2 / 5.2.3 / 4.10.5 Buffer Overflow
OpenBB < 1.0.9 Multiple Vulnerabilities
Horde Mnemo Detection
Default Password (changeme) for SHOUTcast Server Service Port
e107 < 7.0 Multiple Vulnerabilities
Sun Java System ASP < 4.0.3 Multiple Vulnerabilities
Advanced Guestbook index.php lang Cookie Variable Path Disclosure
LifeType rss.php profile Parameter Traversal Arbitrary File Access
Packeteer Web Management Interface Authentication
SandSurfer < 1.7.0 User Authentication Bypass
Netscape Enterprise Server Default Files Present
SimpleBBS users disclosure
ExoPHPDesk faq.php id Variable SQL Injection
vTiger CRM Directory File Disclosure
phpBannerExchange Template Class Local File Inclusion
Maia Mailguard login.php lang Parameter Local File Inclusion
Gallery < 2.0.3 Multiple Remote Vulnerabilities (XSS, Traversal)
IRIX wrap CGI Traversal Arbitrary Directory Listing
AkoGallery Component for Mambo / Joomla! index.php id Variable SQL Injection
Zenphoto rss.php albumnr Parameter SQL Injection
ViRobot Linux Server addschup Multiple Overflows
jPortal print.inc.php id Parameter SQL Injection
osTicket Detection
RunCMS <= 1.2 Multiple Vulnerabilities
Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)
PHP < 4.3.8 Multiple Vulnerabilities
Woppoware PostMaster <= 4.2.2 Multiple Vulnerabilities
OpenCA Multiple Signature Validation Bypass
Namazu < 2.0.14 Multiple Vulnerabilities
Open WebMail vacation.pl Arbitrary Command Execution
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access
PhpMyExplorer index.php chemin Variable Encoded Traversal Arbitrary File Access
LifeType for Drupal (pLog) index.php albumId Parameter SQL Injection
WoltLab Burning Board Lite wbb_userid Variable PHP Unset SQL Injection
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution
PortalApp forums.asp sortby Parameter SQL Injection
Moodle index.php tag Parameter SQL Injection
Shop-Script admin.php Admin Panel Security Bypass
Adobe RoboHelp Server Security Bypass (APSA09-05 / intrusive check)
Informix webdriver CGI Unauthenticated Database Access
Land Down Under <= 800 Multiple Vulnerabilities
Exhibit Engine styles.php toroot Parameter Remote File Inclusion
Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access
TikiWiki jhot.php Arbitrary File Upload
VHCS include/sql.php include_path Parameter Remote File Inclusion
Microsoft ASP.NET Application Tracing trace.axd Information Disclosure
SquirrelMail plugin.php plugins Parameter Local File Inclusion
BLNews objects.inc.php4 Server[path] Variable Remote File Inclusion
DeluxeBB Multiple Scripts SQL Injection
CGI Generic Remote File Inclusion Vulnerability
Nuked-Klan index.php user_langue Parameter Traversal Arbitrary File Access
Emumail WebMail Multiple Remote Vulnerabilities (XSS, Disc)
WebGais webgais CGI Arbitrary Command Execution
Invision Gallery < 1.3.1 Multiple SQL Injections
WordPress Trackback Charset Decoding SQL Injection
Joomla! components/com_user/models/reset.php Reset Token Validation Forgery
AWStats Detection
PHP-Nuke Detection
osTicket Arbitrary Attachment Disclosure
Brightmail Control Center Default Password (symantec) for admin Account
Web Application Potentially Sensitive CGI Parameter Detection
CodeGrrl Applications Remote File Inclusion Vulnerabilities
WordPress blog.header.php Multiple Parameter SQL Injection
Multiple Vendor info2www CGI Arbitrary Command Execution
eAccelerator encoder.php File Backup
Trend Micro IMSS Console Management Detection
Kebi Academy Home Page Administration file Parameter Traversal Arbitrary File Access
F-Secure Policy Manager Path Disclosure
Phpauction <= 2.5 Multiple Vulnerabilities
Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection
WoltLab Burning Board Lite thread.php decode_cookie Function threadvisit Cookie Variable SQL Injection
Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc)
PHP Support Tickets index.php Multiple Parameter SQL Injection
vpopmail-CGIApps vpasswd.cgi Remote Command Execution
Centreon fileOreonConf Parameter File Include Vulnerabilities
getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities
Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities
PHP Advanced Transfer Manager <= 1.21 Multiple Vulnerabilities
Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow
osCommerce Unprotected Admin Directory
SIR GNUBoard Remote File Inclusion
NOCC <= 1.0 Multiple Vulnerabilities
ImageFolio Default Password
Drupal Unspecified Privilege Escalation
YaPiG < 0.95b Multiple Vulnerabilities
Aventail ASAP Platform Management Console Detection
Claroline Multiple Script includePath Parameter Remote File Inclusion
Limbo Contact Component (com_contact) contact.html.php contact_attach Unrestricted File Upload
Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow
PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion
TikiWiki File Upload temp Directory Arbitrary Script Execution
iXmail Multiple Script Arbitrary File Manipulation
MODx CMS base_path Parameter Remote File Inclusion
Gallery Unspecified HTML Injection
4D WebSTAR Tomcat Plugin Remote Buffer Overflow
Psunami.CGI Command Execution
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
Web Site sitemap.xml File and Directory Disclosure
PJ CGI Neo PJreview_Neo.cgi p Parameter Traversal Arbitrary File Access
MERCUR WebView WebMail Server mail_user Parameter DoS
CubeCart < 3.0.13 Multiple Remote Vulnerabilities (LFI, SQLi, XSS)
miniPortail admin.php Cookie Manipulation Security Bypass
Phorum common.php ForumLang Parameter Traversal Arbitrary File Access
PostNuke Rating System DoS
Gallery init.php Authentication Bypass
w-Agora Multiple Script Traversal Arbitrary File Access
Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access
WordPress query.php is_admin() Function Information Disclosure
phpMyAdmin export.php what Parameter Traversal Arbitrary File Access
Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure
HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610)
Symantec Mail Security for SMTP Admin Center Default Credentials
SimpleFAQ Component for Joomla! aid Parameter SQL Injection
Dokeos claro_init_local.inc.php extAuthSource Parameter Array Remote File Inclusion
myEvent Multiple Remote Vulnerabilities
LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
Samba Web Administration Tool (SWAT) Detection
Mnogosearch search.cgi Multiple Parameter Remote Overflows
RunCMS xoopsOption Parameter Local File Inclusion
Ignite Gallery Component for Joomla! index.php gallery Parameter SQL Injection
Trend Micro InterScan VirusWall catinfo CGI Overflow
Ultimate PHP Board users.dat Multiple Vulnerabilities
ViRobot Linux Server filescan Authentication Bypass
Coppermine Photo Gallery Voting Restriction Bypass
P-Synch Password Management Multiple Vulnerabilities
PHP 5.2.7 magic_quotes_gpc Security Bypass
IlohaMail Multiple External Programs Arbitrary Command Execution
DCP-Portal Multiple Scripts SQL Injection
SimpleBoard / Joomlaboard Multiple Script sbp Parameter Remote File Inclusion
phpList index.php database_module Parameter Local File Inclusion
Simple Machines Forum Validation Code Prediction Arbitrary Password Reset
MyBB index.php referrer Parameter SQL Injection
iWebNegar Multiple Scripts SQL Injection
CVSTrac chdir() chroot Jail Escape
N/X Web Content Management Multiple Script Remote File Inclusion
MyBB comma Cookie SQL Injection
aspWebCalendar calendar.asp SQL Injection
Stellar Docs Malformed Query Path Disclosure
PunBB < 1.2.7 Multiple Vulnerabilities
Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure
LifeType index.php articleId Parameter SQL Injection
Goollery < 0.04b Multiple Vulnerabilities
Loudblog < 0.42 template Parameter Traversal
UebiMiau Multiple Input Validation Vulnerabilities
PHProxy Detection
HastyMail HTML Attachment Script Execution
RiSearch show.pl Arbitrary File Access
Nuked-Klan index.php Multiple Module Vulnerabilities
ADOdb tmssql.php do Variable Arbitrary PHP Function Execution
Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)
osTicket Attachment Handling File Upload Arbitrary Code Execution
Sun ONE Application Server Upper Case Request JSP Source Disclosure
Nimda Worm Infected HTML File Detection
Community Link Pro login.cgi file Parameter Arbitrary Command Execution
ZPanel 2.0 Multiple Script Remote File Inclusion
Technote main.cgi filename Parameter Traversal Arbitrary File Access
Dolphin Multiple Scripts Remote File Inclusion
Microsoft IIS ASP::$DATA ASP Source Disclosure
Drupal XML-RPC for PHP Remote Code Injection
CafeLog B2 Multiple Script Remote File Inclusion
FlexCMS Login Cookie SQL Injection
Sun Java System Identity Manager Default Credentials
Bitweaver wiki/edit.php suck_url Variable Traversal Source Code Disclosure
Adobe Document Server Default Credentials
Mambo Site Server MD5 Hash Session ID Privilege Escalation
Microsoft IIS global.asa Remote Information Disclosure
ClearSpace Detection
ChartDirector for .NET cacheId Parameter Arbitrary File Access
CVSTrac timeline.c timeline_page Function Overflow
Simple Form Subject Tags Arbitrary Mail Relay
Merak Webmail / IceWarp Web Mail 5.2.8 Multiple Vulnerabilties
paFileDB <= 3.1 Multiple Vulnerabilities (2)
X7 Chat upgradev1.php old_prefix Parameter SQL Injection
Expose for Joomla! (com_expose) uploadimg.php Arbitrary File Upload Code Execution
zFeeder admin.php Direct Request Admin Authentication Bypass
ttCMS 2.2 Multiple Vulnerabilities
e107 Detection
WebsitePro Remote Request Overflow
Active Auction Multiple Vulnerabilities (SQLi, XSS)
ViewVC Direct Request CVSROOT Information Disclosure
Hosting Controller HCDiskQuoteService.csv Direct Request Information Disclosure
PHP Surveyor Multiple Vulnerabilities
Ocean12 ASP Guestbook Manager Database Download
@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion
zenTrack index.php configFile Parameter Traversal Arbitrary Files Access
BroadBoard Multiple Script SQL Injection
Sun Java System Directory Server Online Help Feature Information Disclosure
PHP < 3.0 mylog.html/mlog.html Arbitrary File Access
Atmail WebMail Detection
IBM Lotus Domino Server time/date Fields Remote Overflow
Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe)
Mantis < 0.17.5 Multiple Vulnerabilities
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access
Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure
RunCMS Multiple Script bbPath Parameter Remote File Inclusion
Cuyahoga FCKEditor Misconfiguration Unrestricted File Upload
EasyWeb FileManager pathtext Traversal Arbitrary File/Directory Access
Metertek pagelog.cgi Traversal Arbitrary File Access
PBLang < 4.66z Multiple Vulnerabilities
Free Articles Directory index.php page Parameter Remote File Inclusion
Netwin WebNews Webnews.exe Remote Overflow
TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities
Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc)
phpMyFAQ Detection
OpenX fc.php MAX_type Parameter Traversal Local File Inclusion
Fortify 360 Web Interface Detection
Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities
Adobe Connect Enterprise Server Information Disclosure
SugarSales Multiple Module Traversal Arbitrary File Access
e_Board index2.cgi message Parameter Traversal Arbitrary File Access
IceWarp Web Mail Multiple Flaws (2)
phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution
PHP-Nuke sql_debug Information Disclosure
Trend Micro InterScan Web Security Suite Default Credentials
Ruby on Rails HTTP Digest Authentication Bypass
rpm_query CGI System Information Disclosure
Mailman Detection
Spiceworks Accept Request Header Overflow
phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion
Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection
PHPNews sendtofriend.php SQL Injection
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access
GForge top/topusers.php offset Parameter SQL Injection
MODx < 0.9.1a Multiple Vulnerabilities
CuteNews Debug Info Disclosure
XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion
smb2www Proxy Bypass
BASE Multiple Script BASE_path Parameter Remote File Inclusion
ASP PortalApp Multiple SQL Injection
Plogger plog-admin-functions.php config Parameter Remote File Inclusion
IlohaMail Unspecified Database Password Disclosure Weakness
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access
PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access
PHP < 5.2.3 Multiple Vulnerabilities
IPCheck Server Monitor Traversal Arbitrary File Access
MyBB Detection
XAMPP ADOdb mssql_connect Remote Buffer Overflow
phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution
Openfire Admin Console Remote Privilege Escalation
XEROX CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008)
Packeteer Web Management Interface Detection
Easy Address Book Web Server Query Remote Format String
osCommerce shopping_cart.php id Array Parameters SQL Injection
popper_mod PHP Administration Script Authentication Bypass
Ipswitch IMail Web Interface URI Referer Session Token Disclosure
SugarCRM Detection
Symantec Web Security (SWS) Multiple Vulnerabilities
RWCards Component for Joomla! index.php category_id Parameter SQL Injection
US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure
IRIX pfdispaly Arbitrary File Access
Aborior Encore WebForum display.cgi file Variable Command Execution
VICIDIAL Call Center Suite Default Administrative Credentials
eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection
Philboard /database/philboard.mdb Direct Request Database Disclosure
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities
MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities
Symphony sym_auth Cookie SQL Injection
Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure
SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access
Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
RunCMS Detection
AntiBoard antiboard.php Multiple Parameter SQL Injection
phpPgAds dest Parameter HTTP Response Splitting
myGallery mygallerybrowser.php myPath Parameter Remote File Inclusion
Basilix Webmail id Variable SQL Injection
ADOdb Lite adodb-perf-module.inc.php last_module Variable Arbitrary Code Execution
Mambo Open Source usercookie Parameter SQL Injection
Blazix Trailing Character JSP Source Disclosure
PatchLink Update Server proxyreg.asp Arbitrary Proxy Manipulation
Moodle < 1.4.3 Multiple Vulnerabilities
Miva htmlscript Traversal Arbitrary File Access
DB4Web Server db4web_c Filename Request Traversal Arbitrary File Access
Google Analytics on An Internal Web Server Detection
dotCMS Multiple Script id Parameter Traversal Local File Inclusion
Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access
Simple Machines Forum Search.php SQL Injection
Jinzora Multiple Script include_path Parameter Remote File Inclusion (2)
Extent RBS Web Server Image Parameter Traversal Arbitrary File Access
Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation
Chipmunk CMScore Multiple Script SQL Injection
WordPress < 2.8.4 wp-login.php key Parameter Remote Administrator Password Reset (uncredentialed check)
nBill component for Joomla! index.php cid Parameter SQL Injection
Limbo CMS index.php Itemid Variable Arbitrary Command Execution
Adobe Dreamweaver dwsync.xml Remote Information Disclosure
Wordit Logbook logbook.pl file Parameter Arbitrary File Access
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
Exponent CMS Path Disclosure Vulnerability
MAILNEWS mailnews.cgi Arbitrary Command Execution
Microsoft IIS search.asp Direct Request DoS
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution
yappa-ng < 2.3.2 Multiple Vulnerabilities
DUware Multiple Products type.asp iType Parameter SQL Injection
CMS Made Simple modules/TinyMCE/content_css.php templateid Variable SQL Injection
WebCalendar Detection
Comersus Cart Multiple Vulnerabilities (SQLi, XSS)
Cacti < 0.8.6f Multiple Vulnerabilities (Priv Esc, Cmd Exe)
Sniplets Plugin for WordPress execute.php text Parameter Arbitrary Command Execution
wwwcount Count.cgi Remote Overflow
Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution
Ipswitch WhatsUp Gold <= 8.04 Multiple Vulnerabilities
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities
cfWebStore Multiple Vulnerabilities (SQLi, XSS)
Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities
PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion
Simple PHP Blog comments.php Traversal Arbitrary File Access
Coppermine Photo Gallery album Password Cookie SQL Injection
SiteMinder smpwservicescgi.exe Arbitrary Site Redirect
Apache Tomcat Nonexistent File Error Message Path Disclosure
NETFile FTP/Web Server Directory Traversal Arbitrary File Access
phpBB < 2.0.7 Multiple Script SQL Injection
Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities
GMaps Component for Joomla! index.php viewmap Action mapId Parameter SQL Injection
Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities (Cmd Exec, Traversal)
Multiple Vendor phf CGI Arbitrary Command Execution
Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access
WebStores 2000 browse_item_details.asp SQL injection
eXtropia Web Store web_store.cgi Traversal Arbitrary File Access
phpMyAdmin Installation Not Password Protected
Apache Tomcat Snoop Servlet Remote Information Disclosure
PHP iCalendar Cookie Data Traversal Local File Inclusion
PHP-Nuke Network Tools Add-On Arbitrary Command Execution
YaBB SE Cookie Authentication Bypass
Aprox PHP Portal index.php Arbitrary File View
Netref cat_for_gen.php Arbitrary PHP Command Injection
OpenWrt Router with a Blank Password (telnet check)
GForge CVSWeb CGI cvsweb.php PATH_INFO Variable Arbitrary Command Execution
Les Visiteurs Multiple Remote File Inclusion
phpBB Knowledge Base Module kb.php cat Parameter SQL Injection
NETFile Default Credentials
Invision Power Board index.php Members Action st Parameter SQL Injection
Poll It CGI data_dir Parameter Arbitrary File Access
Home Free search.cgi Traversal Arbitrary File Access
FCKeditor.Java Connector Servlet CurrentFolder Infinite Loop DoS Vulnerability
PHP Error Log Format String Command Injection
AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)
TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities
WebSPIRS webspirs.cgi Traversal Arbitrary File Access
Apache Tomcat Directory Listing and File disclosure
phpBB < 2.0.17 Nested BBCode URL Tags Cross-Site Scripting Vulnerability
ITA Forum Multiple Scripts SQL Injection
phpBB <= 2.0.12 Multiple Vulnerabilities
Help Center Live module.php file Parameter Local File Inclusion
Webmin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities
MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion
Muscat Empower CGI Malformed DB Parameter Path Disclosure
ActivePerl perlIS.dll Buffer Overflow
Owl browse.php Authentication Bypass
Apache mod_jk Long URL Worker Map Stack Overflow
SimpleBBS topics.php name Parameter Arbitrary Command Execution
Nukestyles.com viewpage.php Addon for PHP-Nuke File Variable Traversal Arbitrary File Access
PhpDig config.php relative_script_path Parameter Remote File Inclusion
phpGroupWare index.php Addressbook XSS
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
Ruby on Rails Routing Code URL Code Evaluation DoS
IBM WebSphere snoopservlet Path Disclosure
SquirrelMail < 1.4.18 map_yp_alias Function Remote Code Execution
SquirrelMail Multiple Remote Vulnerabilities
gCards < 1.46 Multiple Vulnerabilities
SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion
WebSite Pro Malformed URL Path Disclosure
ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite
vBulletin <= 3.0.9 Multiple Vulnerabilities
Jaws language Parameter Multiple Local File Includes
WebCalendar login.php webcalendar_session Cookie SQL Injection
XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion
Tikiwiki tiki-listmovies.php movie Parameter Traversal Arbitrary File Access
MDPro index.php topicid Parameter SQL Injection
BlackBoard Internet Newsboard System checkdb.inc.php libpath Variable Remote File Inclusion
XOOPS 1.0 RC1 Multiple Vulnerabilities
OTRS SOAP Interface Unauthenticated Object Manipulation
WebCalendar < 1.0.2 Multiple Vulnerabilities
MyBB HTTP Header CLIENT-IP Field SQL Injection
Adobe ColdFusion FCKeditor CurrentFolder File Upload
GOsa Multiple Script plugin Parameter Remote File Inclusion
Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS)
WebGais websendmail CGI Arbitrary Command Execution
CVSTrac Text Output Formatter SQL Injection DoS
paNews 2.0.4b Multiple Input Validation Vulnerabilities
XOOPS Detection
Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc)
PHP iCalendar Multiple Script Remote File Inclusion
Contenido contenido/classes/class.inuse.php Multiple Variable Remote File Inclusion
MPC SoftWeb Guestbook Multiple Vulnerabilities
E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion
PHP < 5.2.4 Multiple Vulnerabilities
vBulletin misc.php template Variable PHP Code Injection
Cold Fusion Administration Page Overflow DoS
J Walk Application Server Encoded Directory Traversal Vulnerability
phpBB Advanced GuestBook addentry.php phpbb_root_path Variable Remote File Inclusion
Bugzilla < 2.18.1 Multiple Information Disclosures
PNphpBB2 index.php c Parameter SQL Injection
Webmin Detection
Sawmill Weak Password Encryption Scheme Information Disclosure
SHOUTcast Server Filename Handling Format String
Pligg evb/check_url.php url Parameter SQL Injection
Jinzora name Parameter Local File Inclusion
Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access
php-proxima autohtml.php Arbitrary File Retrieval
Original inc/exif.inc.php exif_prog Parameter Arbitrary Command Execution
SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting
UBB.threads Detection
Alt-N WebAdmin Multiple Vulnerabilities
AutoLinks Pro alpath Parameter File Include Vulnerability
Verity UltraSeek 3.1.x Malformed URL Remote DoS
HP System Management Homepage (SMH) on Windows Namazu lang Parameter Traversal Arbitrary File Access
LinPHA <= 1.0 Multiple Vulnerabilities
SiteBuilder-FX top.php admindir Parameter Remote File Inclusion
miniBB bb_func_txt.php pathToFiles Variable Remote File Inclusion
Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities
Invision Gallery index.php st Parameter SQL Injection
FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution
X-News Password MD5 Hash Authentication Bypass
Multiple Vendor jj CGI Arbitrary Command Execution
Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection
sBLOG search.php keyword Parameter SQL Injection
Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more)
Web Site Cross-Domain Policy File Detection
RunCMS Multiple Script lid Parameter SQL Injection
Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution
Xpressions Interactive Multiple Products login.asp SQL Injection
ZABBIX Web Interface extlang[] Parameter Remote Code Execution
TWiki rev Parameter Arbitrary Command Execution
Hosting Controller Multiple Script Arbitrary Directory Browsing
IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection
Openads Delivery Engine OA_Delivery_Cache_store() Function name Argument Arbitrary PHP Code Execution
phpWebSite index.php hub_dir Parameter Local File Inclusion
TrailScout Module For Drupal Session Cookie SQL Injection
Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities
DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)
Ecartis HTML Field Manipulation Arbitrary User Password Reset
Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities
Orion Application Server Crafted Filename Extension JSP Script Source Disclosure
Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation
YaBB SE < 1.5.2 Multiple Vulnerabilities
Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion
Trend Micro IWSS Console Management Detection
Minis minis.php month Parameter Traversal Arbitrary File Access
Mini SQL w3-msql Arbitrary Directory Access
PHP-Update blog.php Variable Overwriting Arbitrary Code Execution
Infoblox IPAM Appliance Default Credentials
processit CGI Environment Variable Remote Information Disclosure
WF-Chat User Account Disclosure
CGI Generic SSI Injection Vulnerability
osCommerce Customer Testimonials customer_testimonials.php testimonial_id Parameter SQL Injection
CVSweb Detection
Horde Turba Detection
phpMyAdmin < 2.9.1 Multiple Vulnerabilities
phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion
Live Chat Component for Joomla! last Variable SQL Injection
PhotoPost < 5.1 Multiple Input Validation Vulnerabilities
Netdynamics ndcgi.exe Previous User Session Replay
PHP-Fusion Detection
phpGedView arbitrary file reading
Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
Sympa wwsympa do_search_list Overflow DoS
MaxWebPortal <= 1.35 Multiple Vulnerabilities
ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion
ThinClientServer Admin Account Creation Privilege Escalation
Wordtrans-web exec_wordtrans Function Arbitrary Command Execution
MapServer < 5.2.2 / 4.10.4 Multiple Flaws
OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness
Openfire AuthCheck Authentication Bypass
WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion
WP-Lytebox pg Parameter Local File Inclusion
Horde Nag Detection
Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure
IlohaMail Unspecified Vulnerability
phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions
Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion
CVSTrac Ticket Title Arbitrary Command Execution
Sun Java ASP Server Default Admin Password
IlohaMail index.php session Parameter Arbitrary File Access
e107 ibrowser.php zend_has_del() Function Remote Code Execution
Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation
Looking Glass Multiple Vulnerabilities
Joomla! < 1.0.11 Multiple Vulnerabilities
Joomla! CMS com_search Component default_results.php searchword Variable Remote Command Execution
phpListPro Multiple Script returnpath Parameter Remote File Inclusions
Sambar Server /session/sendmail Arbitrary Mail Relay
CVSTrac Malformed URI Infinite Loop DoS
Microsoft IIS ODBC Tool getdrvrs.exe DSN Creation
Docebo GLOBALS Variable Overwrite Remote File Inclusion
WebCalendar send_reminders.php includedir Parameter Remote File Inclusion
Behold! Software counter.exe Malformed HTTP Request Counter Log DoS
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution
wwwwais QUERY_STRING Parameter Remote Overflow
XMB Forum < 1.9.2 Multiple Vulnerabilities
Matt Wright FormHandler.cgi Arbitrary File Access
CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID)
man2web Multiple Scripts Arbitrary Command Execution
osCommerce file_manager.php filename Variable Traversal Arbitrary File Access
phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion
BizMail bizmail.cgi Arbitrary Mail Relay
Webapp.org WebAPP < 0.9.9.6 Multiple Vulnerabilities
XMB member.php Multiple Parameter SQL Injection
MyReview Admin.php email Parameter SQL Injection
phpWebSite Image Announcement Upload Arbitrary Command Execution
Trend Micro OfficeScan 7.3 Multiple Vulnerabilities
MediaWiki JSON Callback Crafted API Request Information Disclosure
Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution
phpBB <= 2.0.11 Multiple Vulnerabilities
Pinnacle ShowCenter Skin DoS
MailEnable Professional HTTPMail GET Request Remote Overflow
PT News Unauthorized Administrative Access
Invision Power Board Dragoran Portal Module index.php site Parameter SQL Injection
e107 eTrace Plugin dotrace.php Arbitrary Code Execution
HP Instant TopTools hpnst.exe CGI DoS
TWiki bin/configure image Parameter Traversal Arbitrary File Access/Execution
McAfee Common Management Agent Traversal Arbitrary File Write
Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)
PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities
Sendcard sendcard.php id Parameter SQL Injection
Digital Scribe login.php SQL Injection
WordPress check_ajax_referer() Function SQL Injection
Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access
Novell eDirectory iMonitor HTTP Protocol Stack (httpstk) Host HTTP Header Remote Overflow
YaBB YaBB.pl num Parameter Traversal Arbitrary File Access
EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion
Icecast XSL Parser Multiple Vulnerabilities (OF, ID)
4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion
JRun Multiple Sample Files Remote Information Disclosure
WebAdmin < 3.2.6 MDaemon Account Hijacking
PHP Live! directory/conf File Include Unspecified Issue
NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation
TUTOS < 1.1.20040412 Multiple Input Validation Issues
Sambar Server Multiple CGI Environment Variable Disclosure
MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities
PHProjekt setup.php Authentication Bypass Arbitrary Code Execution
SquirrelMail < 1.4.4 Multiple Vulnerabilities
YaPiG <= 0.9.5b Multiple Vulnerabilities
Microsoft Outlook Web Access (OWA) Anonymous Access
/doc Directory Browsable?
Microsoft IIS advsearch.asp Direct Request DoS
PBLang BBS <= 4.65 Multiple Vulnerabilities
WebSpeed Workshop Arbitrary Command Execution
SWAT Unauthenticated Access (Demo Mode)
PHP < 5.2.6 Multiple Vulnerabilities
Comersus BackOffice comersus_backoffice_menu.asp Multiple Variable SQL Injection
Cacti < 0.8.6e Multiple Vulnerabilities (SQLi, RFI)
MailEnable NetWebAdmin Unauthorized Access (ME-10019)
Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval
Axis 2400 Network Camera Multiple Vulnerabilities
Pixelpost index.php parent_id Parameter SQL Injection
Movable Type < 3.2 Multiple Vulnerabilities
XOOPS Dictionary Module print.php id Parameter SQL Injection
Plain Old Webserver URI Traversal Arbitrary File Access
MailMaxWeb Cookie Application Path Disclosure
Allaire JRun Encoded JSP Request Arbitrary Directory Listing
Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure
Goscript go.cgi Arbitrary Command Execution
MailMan Webmail mmstdod.cgi Arbitrary Command Execution
GuppY < 4.5.6a Multiple Vulnerabilities
K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution
zenTrack index.php Multiple Parameter Remote File Inclusion
ASP.NET DEBUG Method Enabled
gigCalendar Component for Joomla! gigcal_gigs_id Parameter SQL Injection
PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection
WordPress index.php cat Parameter Local File Inclusion
PHP-Fusion extract() Global Variable Overwriting
Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities
PhotoPost PHP Detection
Xoops Incontent Module Traversal Arbitrary PHP File Source Disclosure
Webman I-Mall i-mall.cgi Arbitrary Command Execution
HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)
OpenBB index.php CID Parameter SQL Injection
XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion
Drupal Public Comment/Posting Arbitrary PHP Code Execution
Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval
Sympa src/queue.c queue Utility Local Overflow
Apache Struts < 2.0.12 / 2.1.3 Dispatcher Directory Traversal
Bugzilla Multiple Remote Command Execution
Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness
IRIX handler CGI Arbitrary Command Execution
IlohaMail Configuration Scripts Remote Disclosure
UBB.threads editpost.php Number Parameter SQL Injection
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write
Sitecore CMS < 5.3.2 rev. 090212 Web Service Security Database Information Disclosure
MailEnable HTTPMail Service Content-Length Header Overflow
YaPiG Password Protected Directory Bypass
DCP-Portal Multiple Script Path Disclosure
phpWebFTP index.php language Parameter Local File Inclusion
Basic Analysis and Security Engine Authentication Check
Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD)
Claroline inc/lib/language.lib.php language Variable Traversal Local File Inclusion
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
Multiple Vendor view_source CGI Traversal Arbitrary File Access
PHPSurveyor Multiple SQL Injections
OneOrZero Helpdesk tupdate.php sg Parameter SQL injection
aspWebAlbum album.asp SQL Injection
Super Guestbook superguestconfig Admin Password Disclosure






Les derniers commentaires publiés sur SecuObs (6-25):
- Botan 1.9.4
- The Beginning of the End of Data Retention
- A Notepad PoC for the remote CHM help file hijack MS vulnerability
- What's New in Chanalyzer 34
- gnupg 2.0.15
- fwbuilder 4.0.0
- ESRT @sbrabez - w3af 10-rc2 updated on FreeBSD
- ESRT @MarioVilas - gnupgpy is a Python API which wraps the GNU Privacy Guard
- ESRT @mosesrenegade @JoelEsler - How to make Snort Attribute tables using Nma
- ESRT @Trancer00t - Metasploit exploit module for the new MSIE 0day vuln
- ESRT @ToolsWatch - FireCAT v1.6.2 updated with 4 Firebug add-ons
- ESRT @komeilipour - Discoverer: Automatic Protocol Reverse Engineering from N
- BeEF Key Logging
- SubSeven v2.3.2010 released
- OpenSCAP v0.5.7 released
- Building a Linux Incident Response Forensic Disk
- ESRT @opexxx @FrikiFeeds - The newbie's guide to hacking the Linux kernel
- tor.uclibc.i686.20100309.iso
- WordPress Injection Attack
- IM ME GoodFET Wiring Tutorial


SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Archives Failles Secunia :
- SA38868 Debian update for tdiary
- SA38890 NUs Newssystem id SQL Injection Vulnerability
- SA38876 Fedora update for samba
- SA38912 Kandidat CMS contentcenter Cross-Site Scripting Vulnerability
- SA38893 Jevci Siparis Formu Database Disclosure Security Issue

Archives Mailing Full Disclosure :
- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e).
- Full-disclosure ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability
- Full-disclosure ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability
- Re: Full-disclosure credit union phishing scam
- Re: Full-disclosure credit union phishing scam

Archives Mailing Bugtraq :
- USN-909-1 dpkg vulnerability
- Skype URI Handler Input Validation
- MDVSA-2010:060 squid
- Vulnerabilities in Abton
- Multiple vulnerabilities in SUPERAntiSpyware and Super Ad Blocker
- SECURITY DSA 2011-1 New dpkg packages fix path traversal

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :