Chercher :
Newsletter :  
Exoscan : audit gratuit de failles
Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- SecuObs




Livres Blancs :

Le Cahier de Sécurité Business Orange Services présente les solutions existantes pour sécuriser une solution de ToIP




Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- Commentaires

Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top :
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs
- Commentaires


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours

Exostat :
:: Détails tests
:: Top Failles
:: Top Divers
:: Top Tests

Secumail :
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS/XML :
- Articles
- Brèves
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS SecuObs :
- sécurité
- windows
- exploit
- microsoft
- réseau
- attaque

RSS Revue :
- security
- microsoft
- vulnérabilité
- windows
- vulnerability
- network

RSS Videos :
- virus
- spyware
- vmware
- firmware
- security
- malware

RSS Twitter :
- patch
- conficker
- twitter
- attack
- metasploit
- firewall

RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours

RSS OPML :
- Français
- International



Revue de presse francophone :
- IBM TSM : multiples vulnérabilités du client
- Solaris : modification de fichiers via Lightweight Availability Collection Tool
- La ToIP progresse dans les entreprises grâce aux box
- Cisco annonce sa certification la plus élevée : mariage entre les réseaux et les métiers
- Chorégie calibre ses machines virtuelles grâce à un outil ad hoc
- Grève de 2500 employés chez Alcatel-Lucent
- Passeport d'urgence : les Etats-Unis n'acceptent que la version électronique
- Facebook veut répondre aux critiques sur la protection de la vie privée
- Le Nokia N97 chez Orange courant juillet à 279 euros
- The Pirate Bay vendu
- Le Barreau de Bruxelles élit ses représentants via le web
- Téléphonie sur Wifi pour 350 utilisateurs au CHU de Clermont-Ferrand
- Coup de poker chez les pirates Chinois
- securite 55 bugs décelés dans Firefox 3.5
- Bulletin d'actualité numéro 027 de l'année 2009 (03 juillet 2009)

Dernier articles de SecuObs :
- MuDoS un générateur générique de Dénis de Service se basant sur la modélisation de facteurs communs
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux
- Récupérer l'historique Web du navigateur d'une victime sans recourir à du code Javascript
- Slowloris exploite, en Déni de Service, une faille de conception dans Apache 1.x et 2.x, Squid, dhttpd et GoAhead WebServer
- Veiled un réseau chiffré et anonyme type Darknet avec un simple navigateur Web
- Le traçage de traître(s) pas aussi simple qu’il n’y paraît
- Fuzzgrind, un fuzzer intelligent et automatique
- Une compromission via le bus PCI et l’aide d’un processeur FPGA
- ARPFreeze facilite la protection de Microsoft Windows contre l'ARP Poisonning et les Man in the Middle
- Quelques statistiques et les évolutions à venir pour le projet Metasploit

Revue de presse internationale :
- RAutor: Windows rdp session recorder
- Windows Internals 5th Edition
- Happy 4th of July from Adafruit!
- World Smallest TV-B-Gone clone
- Twitter: tool of social outrage
- MSF eXploit Builder version 3
- Cognitive Radio is like the ISM band
- Jammie Thomas To Appeal $1.9 Million RIAA Verdict
- WALEDAC celebrates Independence Day, too
- Create Photo Maps With 93 Photo Street
- Grab Your Free Copy of East-Tec Backup 2009
- Belgian crisiscommunication about flu nearing to disaster [belsec]
- publishing 1200 fast up webproxies in an original way [belsec]
- Atlanta July NAISG Meeting
- Has My Phone Identity Been Stolen?

Annuaire des videos
- Backtrack Tutorial Series 11: Retrieving Forum Passwords ...
- PDC Episode 151 Part II w3af Console Seth Misenar
- PDC Episode 151 Part I w3af GUI Seth Misenar
- Man In the Middle Attacks in a Virtual World
- Stoned Vienna Bootkit Introduction
- MAQ00327
- Lockpicking ABUS 55/35 [Tutorial]
- CNet Segment on Defcon 4
- Defcon 10 Random Footage
- Systm Episode 62 Bluetooth Speakerphone Mod
- CNN Segment on Defcon 13
- Systm 89: Boot Windows of a USB Drive Best Of...
- Script Injection Demonstration
- XSS Cross Site Scripting Demonstration
- Hak.5 Episode 2x10

Revue Twitter
- #life Continuous File Integrity Monitoring: A New Approach for PCI DSS ... http://bit.ly/F2NSt
- Man in the middle framework prototype - The Middler - http://bit.ly/T8tCV
- RT @sitefuse: No to SQL? Anti-database movement gains steam - http://bit.ly/f66VK
- RT @securityshell: Metasploit Framework eXploit Builder v3 -http://bit.ly/vbrn7
- RT @developerworks: Mastering Ajax - using JSON - Work natively with JavaScript objects http://bit.ly/X66rO
- RT @linuxalive: scp- secure way to copy files between hosts using ssh #linux http://bit.ly/THYTH
- @michaelrash Excellent blog post on Disrupting Conficker Worm Traffic with iptables and fwsnort: http://is.gd/1nnVK
- @Jabra Can you update the BT4 repo with cowpatty 4.6? Now with less teh suck! http://www.willhackforsushi.com
- http://is.gd/1nnOq - twittascope: please fix your XSS vulnerability. Or else I'll keep posting this nonsense ;b
- Browsing: DLL injection by modifying an executable file. | Megapanzer http://bit.ly/PPUj8

Mini-Tagwall
Revue de presse : security, microsoft, vulnérabilité, windows, vulnerability, network, attack, google, hacker, exploit, inject, internet, remote

+ de mots clés pour la revue de presse
Annuaires des videos : virus, spyware, vmware, firmware, security, malware, lockpicking, biometric, kernel, iphone, windows, adware, password

+ de mots clés pour les videos
Revue Twitter : security, cisco, linux, defcon, firewall, vmware, metasploit, attack, server, phish, network, twitter, windows

+ de mots clés pour la revue Twitter

Top des articles de SecuObs
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- UCSniff ou comment capturer des conversations VoIP en haute définition
- Une nouvelle implémentation GSM libre
- Comment changer un mot de passe perdu pour un compte WINDOWS
- Downadup/Conficker, un ver qui fait des étincelles
- Une faille dans Gmail pour rediriger les mails des utilisateurs
- Injecteur de librairies DLL dans un processus distant sous Microsoft Windows Vista 32 bits
- Vista permet le monitoring Wifi quasiment “out of the box”
- SCS, un scanner pour déterminer si un poste est contaminé par Conficker
- [Sécuriser un réseau sans fil - Partie 1] Introduction à la sécurité du WI-FI

Top de la revue de presse
- La nouvelle DSi de Nintendo piraté !
- GSD How To: Dual Boot Windows 7 on Vista via VHD file
- Burundanga Drug Rumors Spread to Canada, Australia
- 15 minutes pour casser une clé WPA TKIP
- Un virus s'attaque au PHP, ASP et l'HTML !
- backtrack 4
- Le téléphone de Barak Obama n'est pas un Blackberry !
- Ron Paul supporter inadvertently gets iPhones banned from U.S. aircraft
- Une attaque de phishing cible les abonnés de Free
- Watch NBA Playoffs 2009 Live Streaming On Your Computer for FREE

Top de l'annuaire des videos
- HACK WINDOWS XP PASSWORD
- metasploit 3 autopwn
- Download Free NOD32 Eset Antivirus Forever
- iPhone/iPod Touch Firmware 3.0 DOWNLOAD + WARNING (Detailed ...
- [Amazing] Hacking SSH Tunneling Exploit
- SSH into your iPod Touch/iPhone via USB on Windows!
- Downgrade IPhone Firmware 2.2 to 2.1
- Get iPhone/iPod touch firmware 3.0 OFFICIAL! Free (NOT BETA)
- Mac OS X Server Leopard Install in VMWare Fusion 2 beta 2
- Download The Final 3.0 Firmware For iPhone,iPhone 3G & iPod ...

Top de la revue Twitteer
- $ md5sum bt4-pre-final.iso b0485da6194d75b30cda282ceb629654 bt4-pre-final.iso
- currently downloading BackTrack 4 Pre-final because I'm am subscriber of #Informer (HackersforCharity.org)
- Slowloris HTTP DoS affects web servers (apache and others..not IIS).. didn't test yet but a plausible DoS http://bit.ly/Qf5C4
- PDF Structazer tool presented at BH Europe 2008 released: http://www.esiea-recherche.eu/
- RT @jogorman: IHC Informer subscribers, the pre-final version of Backtrack 4 is up! Complete with an installer, a forensic boot mode, etc!!
- I want some java porn .oO(hrm, naked arrays[]) but can't muster the energy right now to crack open the book.
- presentation materials from the SANS Pen-Test Summit Future of Metasploit talk: http://metasploit.com/research/conferences/
- RT @montemplar: Sniffing Browser History with NO Javascript! http://ff.im/-3Mvci
- Metasploit plugins and tutorials - http://tinyurl.com/pcttra

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Le projet de loi HADOPI bientôt de retour à l'assemblée
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Le cloud computing est-il sûr ?
- [Hacking Hardware - Partie 1] - Introduction et présentation
- [Ubiquiti SuperRange 300 mW - Partie 1] Installation et configuration
- Injection en mémoire de codes malicieux pour Apple Mac OS X
- GreenSQL un proxy MySQL pour filtrer les requêtes SQL et contrer les injections
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission

Exostats/Exoscan
Nombre de tests inclus
29046
Tests ajoutés
Aujourd'hui
Ce mois
10
36
Les derniers commentaires publiés sur SecuObs (1-5):
- Vidéo : Man In the Middle Attacks in a Virtual World
- RAutor: Windows rdp session recorder
- Vidéo : Retrieving Forum Passwords with Backtrack
- Quelques antennes Wi-FI à construire soi-même
- Vidéo : ESRT @SecurityTube Ettercap bEEf Mashup
Détail du test :
ID
24266
Nom
Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution
Auteurs
This script is Copyright (C) 2007-2008 Tenable Network Security, Inc.
Catégorie
CGI abuses
Action
attack
Résumé
Tries to execute a command via Drupal
Description
Synopsis : The remote web server contains a PHP application that allows execution of arbitrary code. Description : The version of Drupal installed on the remote host fails to properly validate previews on comments and allows access to more than one input filter, which is not enabled by default. An attacker can leverage this issue while previewing a comment to have it interpreted as PHP code, which will result in it being executed on the affected host with the privileges of the web server user id. See also : http://drupal.org/node/113935 Solution : Upgrade to Drupal version 4.7.6 / 5.1 or later. Risk factor : Medium / CVSS Base Score : 5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)


Cliquer pour le detail - Liste des tests :
WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities
Informix SQL Web DataBlade Module Traversal Arbitrary File Access
ELOG Web LogBook global Denial of Service
AppServ appserv/main.php appserv_root Variable Remote File Inclusion
YaPiG < 0.95b Multiple Vulnerabilities
SilverNews < 2.0.4 Multiple Vulnerabilities
GoSmart Message Board Multiple Vulnerabilities (SQLi, XSS)
A1Stats Multiple Script Traversal Arbitrary File Access
Microsoft ASP.NET Application Tracing trace.axd Information Disclosure
CakePHP vendors.php file Variable Traversal Arbitrary File Access
GNUMP3d < 2.9.6 Multiple Remote Vulnerabilities (XSS, Traversal)
Crystal Reports crystalimagehandler.aspx Traversal Arbitrary File Access
Drupal Comment Function Arbitrary Code Execution
IlohaMail Configuration Scripts Remote Disclosure
phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion
SiteBuilder-FX top.php admindir Parameter Remote File Inclusion
Horde Horde_Image::factory driver Argument Local File Inclusion
Geeklog SEC_authenticate Function SQL Injection
ActivePerl findtar Sample Script Remote Command Execution
WebCalendar assistant_edit.php Unauthorized Access
phpWebNotes t_path_core Parameter File Include Vulnerability
SIR GNUBoard Remote File Inclusion
WebsitePro Remote Request Overflow
Land Down Under / Seditio polls.php id Parameter SQL Injection
Plumtree Portal Default Credentials
Pinnacle ShowCenter Skin DoS
ZABBIX Web Interface extlang[] Parameter Remote Code Execution
sawmill allows the reading of the first line of any file
Claroline Software Detection
Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities
vpopmail-CGIApps vpasswd.cgi Remote Command Execution
MailEnable HTTPMail Service Authorization Header Remote Overflow
Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc)
VHCS include/sql.php include_path Parameter Remote File Inclusion
Cart32 c32web.exe ImageName Traversal Arbitrary File Access
MediaWiki Multiple Remote Vulnerabilities
Horde IMP mailbox.php3 Multiple Variable SQL Injection
MailScan WebAdministrator Cookie Authentication Bypass
Claroline claro_init_local.inc.php extAuthSource[newUser] Variable Remote File Inclusion
WebGais webgais CGI Arbitrary Command Execution
Gallery stepOrder Parameter Local File Inclusion
2BGal disp_album.php id_album Parameter SQL Injection
YaBB 1 Gold < 1.3.2 Multiple Input Validation Vulnerabilities
Pages Pro filenote Parameter Traversal Arbitrary File Modification
Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)
Symantec Web Security (SWS) Multiple Vulnerabilities
PBLang login.php lang Parameter Local File Inclusion
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution
PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection
LifeType index.php Date Parameter SQL Injection
MercuryBoard User-Agent SQL Injection
Expose for Joomla! (com_expose) uploadimg.php Arbitrary File Upload Code Execution
MapServer < 5.2.2 / 4.10.4 Multiple Flaws
CubeCart Detection
phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)
Coppermine Photo Gallery < 1.3.2 Multiple SQL Injections
Coppermine Photo Gallery album Password Cookie SQL Injection
e107 email.php Arbitrary Mail Relay
Foxweb foxweb.exe Long URL Remote Overflow
PortalApp forums.asp sortby Parameter SQL Injection
HP Instant TopTools hpnst.exe CGI DoS
CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS)
Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion
OTRS SOAP Interface Unauthenticated Object Manipulation
Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID)
Big Brother bb-hist.sh History Module Arbitrary File Read
CoolForum Multiple SQL Injections
miniPortail admin.php Cookie Manipulation Privilege Escalation
ZixForum ZixForum.mdb DIrect Request Database Disclosure
NetworkActiv Web Server Crafted Filename Request Script Source Disclosure
PT News Unauthorized Administrative Access
Netdynamics ndcgi.exe Previous User Session Replay
MyBB comma Cookie SQL Injection
LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass
Ruby on Rails Routing Code URL Code Evaluation DoS
EZPhotoSales Multiple Configuration Files Remote Information Disclosure
Inktomi Search MS-DOS Device Name Request Path Disclosure
RiSearch show.pl Open Proxy Relay
PostNuke Rating System DoS
zml.cgi Directory Traversal
PBLang 4.65 Multiple Vulnerabilities
GuppY <= 4.5.9 Multiple Remote Vulnerabilities (Traversal, Code Exec)
PhpDig < 1.8.5 Unspecified Vulnerability
SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution
PHP iCalendar Cookie Data Traversal Local File Inclusion
phpBB <= 2.0.13 Multiple Vulnerabilities
MyBB HTTP Header CLIENT-IP Field SQL Injection
PHP Surveyor Multiple Vulnerabilities
CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution
Web Site Malicious Javascript Link Detection
processit CGI Environment Variable Remote Information Disclosure
Comersus Cart Multiple Vulnerabilities (SQLi, XSS)
PHP-Nuke Detection
TalentSoft Web+ webplus CGI Traversal Arbitrary File Access
RCBlog index.php post Parameter Traversal Arbitrary File Access
MyBB ratethread.php rating Parameter SQL Injection
SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow
phpWebSite index.php hub_dir Parameter Local File Inclusion
UBB.threads doeditconfig Arbitrary Command Injection
Mini SQL w3-msql Arbitrary Directory Access
MailEnable NetWebAdmin Unauthorized Access (ME-10019)
PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access
Muhammad A. Muquit wwwcount Count.cgi Remote Overflow
phpBB <= 2.0.12 Multiple Vulnerabilities
Chipmunk Forum Multiple SQL Injections
CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion
CVSTrac Malformed URI Infinite Loop DoS
Sun ONE Application Server Upper Case Request JSP Source Disclosure
PHP/FI php.cgi Traversal Arbitrary File Access
ashNews 0.83 Multiple Vulnerabilities
TYPOlight < 2.2.5 Unspecified Vulnerability
Snitz Forums 2000 register.asp Email Parameter SQL Injection (banner check)
Stadtaus Gaestebuch-Script index.php include_files Variable Remote File Inclusion
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion
miniBB bb_func_txt.php pathToFiles Variable Remote File Inclusion
Icecast XSL Parser Multiple Vulnerabilities (OF, ID)
PHP-Fusion Database Backup Disclosure
osTicket Form Field Modification File Upload Size Restriction Bypass
Coppermine Photo Gallery include/functions.inc.php _data Cookie lang Variable Traversal Local File Inclusion
Gregarius ajax.php rsargs[] Parameter Array SQL Injection
QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection
Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access)
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
ClearSpace Detection
Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution
PHP < 5.2.10 Multiple Vulnerabilities
cPanel guestbook.cgi template Variable Arbitrary Command Execution
OpenDocMan Access Control Bypass
phpMyFAQ Forum Message username Field SQL Injection
LimeSurvey sUser Variable SQL Injection
Hosting Controller addsubsite.asp Security Bypass
phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification
XOOPS 1.0 RC1 Multiple Vulnerabilities
Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval
KW Whois CGI whois Parameter Arbitrary Command Execution
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
PayPal Store Front index.php page Parameter Remote File Inclusion
PHP Error Log Format String Command Injection
phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities
Simple Web Counter swc ctr Parameter Remote Overflow
Multiple Vendor test-cgi Arbitrary File Access
Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion
XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion
Polar HelpDesk Authentication Bypass
Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi
MyBB < 1.04 Multiple Vulnerabilities
Claroline Multiple RemoteVulnerabilities (RFI, Traversal, XSS)
WebCalendar includes/functions.php noSet Variable Overwrite
SLMail WebMail Multiple Remote Overflows
PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities
WEBrick Encoded Traversal Arbitrary CGI Source Disclosure
GOsa Multiple Script plugin Parameter Remote File Inclusion
w-Agora Multiple Script Traversal Arbitrary File Access
NetCharts Server Default Password
Simple PHP Blog install05.php blog_language Parameter Local File Inclusion
JAWS Multiple Vulnerabilities (XSS, Auth Bypass, Traversal)
Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)
Microsoft IIS/PWS %2e Request ASP Source Disclosure
my_gallery Plugin for e107 dload.php file Parameter Arbitrary File PHP Source Disclosure
/doc Directory Browsable?
PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
PHP < 5.2 Multiple Vulnerabilities
MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access
Singapore Gallery < 0.9.11 Multiple Vulnerabilities
PHPNews auth.php path Parameter Remote File Inclusion
w-Agora inc_dir Parameter Remote File Inclusion
BLNews objects.inc.php4 Server[path] Variable Remote File Inclusion
WordPress query.php is_admin() Function Information Disclosure
phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion
aspWebAlbum album.asp SQL Injection
Greymatter 1.3 Multiple Vulnerabilities
PNphpBB2 index.php c Parameter SQL Injection
Drupal Theme System Template Local File Inclusion
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution
Kayako LiveResponse Multiple Input Validation Vulnerabilities
UBB.threads < 6.5.2 beta Multiple Vulnerabilities
WebSpeed Workshop Arbitrary Command Execution
boastMachine users.inc.php File Extension Validation Arbitrary File Upload
paNews Detection
Atlassian JIRA < 3.12.1 Multiple Vulnerabilities
ViRobot Linux Server filescan Authentication Bypass
MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF)
CVSTrac chdir() chroot Jail Escape
Cacti index.php/sql.php Login Action login_username Variable SQL Injection
pMachine mail_autocheck.php Arbitrary Code Execution
Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
Carello E-Commerce Carello.dll Command Execution
phpMyAdmin import_blacklist Variable Overwriting
SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting
Movable Type Detection
Behold! Software counter.exe Malformed HTTP Request Counter Log DoS
Hosting Controller Multiple Script Arbitrary Directory Browsing
CVSTrac filediff Arbitrary Remote Code Execution
Sambar Server /session/sendmail Arbitrary Mail Relay
Trend Micro OfficeScan 7.3 Multiple Vulnerabilities
phpWebSite <= 0.10.1 Multiple Vulnerabilities
FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution
Sitecore CMS < 5.3.2 rev. 090212 Web Service Security Database Information Disclosure
WordPress Trackback Charset Decoding SQL Injection
Exhibit Engine styles.php toroot Parameter Remote File Inclusion
Snitz Forums 2000 3.4.03 Multiple Vulnerabilities
CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities
rpm_query CGI System Information Disclosure
Drupal Software Detection
SPIP < 1.8.2-g Multiple Vulnerabilities
PHP TopSites setup.php Administration Authentication Bypass
Sun Java System Identity Manager Account Disclosure
Aborior Encore WebForum display.cgi file Variable Command Execution
MyBB misc.php fid Parameter SQL Injection
PunBB Search Dropdown Private Forum Disclosure
phpBB Multiple Module phpbb_root_path Parameter Remote File Inclusion
Sun JavaServer Default Admin Password
Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
SquirrelMail < 1.4.6 Multiple Vulnerabilities
Mozilla Bonsai Mutiple Flaws (Auth Bypass, XSS, Cmd Exec, PD)
WordPress Trackback wp-trackback.php tb_id Parameter SQL Injection
Horde test.php Direct Reqest Information Disclosure
ASG-Sentry CGI Default Credentials
Openfire < 3.6.3 Multiple Vulnerabilities
HP LaserJet Directory Traversal
ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe)
XOOPS Articles Module print.php id Parameter SQL Injection
YaPiG Password Protected Directory Bypass
PunBB profile.php id Parameter SQL Injection
Microsoft IIS Translate f: ASP/ASA Source Disclosure
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access
nBill component for Joomla! index.php cid Parameter SQL Injection
e107 eTrace Plugin dotrace.php Arbitrary Code Execution
ZABBIX Web Interface Detection
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)
osCommerce shopping_cart.php id Array Parameters SQL Injection
Limbo com_fm Component sql.php classes_dir Variable Remote File Inclusion
MODx < 0.9.1a Multiple Vulnerabilities
Turbo Seek tseekdir.cgi location Parameter Arbitrary File Access
DB4Web Server db4web_c Filename Request Traversal Arbitrary File Access
Advanced Guestbook index.php entry Parameter SQL Injection
Xylogics Annex Terminal Service ping CGI Program DoS
phpMyAdmin < 2.9.1 Multiple Vulnerabilities
DUware Multiple Products type.asp iType Parameter SQL Injection
Microsoft IIS idq.dll Traversal Arbitrary File Access
Moodle index.php tag Parameter SQL Injection
Redhat Stronghold status / info Request Information Disclosure
eFiction < 2.0.2 Multiple Remote Vulnerabilities (SQLi, XSS, Disc)
Atmail WebMail Detection
Sphider configset.php settings_dir Parameter Remote File Inclusion
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
OpenBB < 1.0.9 Multiple Vulnerabilities
Microsoft IIS global.asa Remote Information Disclosure
ttforum Multiple Vulnerabilities
Invision Power Board ipchat.php root_path Parameter Remote File Inclusion
US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure
Symphony sym_auth Cookie SQL Injection
Directory Pro Traversal Arbitrary File Access
Microsoft BizTalk Server Multiple Remote Vulnerabilities
WebAPP Directory Traversal
Plain Old Webserver URI Traversal Arbitrary File Access
EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion
Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF)
Site Sift Listings detail.php id Parameter SQL Injection
phpWebSite Detection
Vignette Application Portal Diagnostic Utility Information Disclosure
PHP iCalendar publish.ical.php Arbitrary File Upload
Zorum <= 3.5 Multiple Remote Vulnerabilities
CMS Made Simple modules/TinyMCE/content_css.php templateid Variable SQL Injection
Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD)
phpList <= 2.6.3 Multiple Vulnerabilities
YaPiG <= 0.9.5b Multiple Vulnerabilities
AnyForm CGI Arbitrary Command Execution
Tarantella Enterprise ttawebtop.cgi pg Variable Traversal Arbitrary File Access
Zanfi CMS Lite index.php inc Parameter Remote File Inclusion
Help Center Live osTicket Module Multiple Unspecified SQL Injections
Nag Detection
Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure
Trend Micro Scanmail for Domino nsf File Information Disclosure
e107 class2.php e107language_e107cookie Cookie Traversal Local File Inclusion
Joomla! < 1.0.11 Unspecified Remote Code Execution
Sambar Server cgitest.exe Remote Overflow
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access
Basilix Webmail Attachment Crafted POST Arbitrary File Access
osCommerce update.php readme_file Parameter Arbitrary File Disclosure
bBlog rss.php p Parameter SQL Injection
Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities
yappa-ng < 2.3.2 Multiple Vulnerabilities
DCP-Portal Multiple Script Path Disclosure
phPay admin/phpinfo.php Information Disclosure
Seditio Detection
AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc)
TikiWiki File Upload temp Directory Arbitrary Script Execution
Multiple Server Crafted Request WEB-INF Directory Information Disclosure
ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite
WordPress Detection
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities
J Walk Application Server Encoded Traversal Arbitrary File Disclosure
Justice Guestbook 1.3 Multiple Vulnerabilities
Ocean12 ASP Guestbook Manager Database Download
Sympa Malformed Content-Type Header Remote DoS
PBLang < 4.66z Multiple Vulnerabilities
Nuked-Klan index.php user_langue Parameter Traversal Arbitrary File Access
GNU Mailman Multiple Unspecified Remote Vulnerabilities
ping.asp CGI Arbitrary Command Execution
Guestbook CGI Arbitrary Command Execution
RunCMS Multiple Script lid Parameter SQL Injection
vCard define.inc.php match Parameter Remote File Inclusion
ADOdb Lite adodb-perf-module.inc.php last_module Variable Arbitrary Code Execution
Icecast Encoded Traversal Arbitrary File Access
Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection
GTcatalog password.inc Direct Request Password Disclosure
Technote main.cgi filename Parameter Traversal Arbitrary File Access
BizMail bizmail.cgi Arbitrary Mail Relay
TYPO3 spell-check-logic.php userUid Parameter Arbitrary Command Execution
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
BitDefender Update Server HTTP Request Traversal Arbitrary File Access
Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
Netscape PSCOErrPage.htm errPagePath Parameter Traversal Arbitrary File Access
PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion
DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection
osTicket <= 1.2.7 Multiple Vulnerabilities
spin_client.cgi Remote Overflow
cPanel FrontPage Extension Multiple Vulnerabilities
myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion
XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion
Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)
PostNuke <= 0.760 RC4a Multiple Vulnerabilities
CherryPy staticFilter Traversal Arbitrary File Access
phpBannerExchange Template Class Local File Inclusion
XAMPP ADOdb mssql_connect Remote Buffer Overflow
WordPress < 0.72 RC1 Multiple Vulnerabilities
Horde Turba status.php Path Disclosure
CGI Generic Remote File Inclusion Vulnerability
Ecartis HTML Field Manipulation Arbitrary User Password Reset
Symantec Web Security Detection
Bugzilla Multiple Remote Command Execution
PHPCatalog id Parameter SQL Injection
Calendar Express Multiple Vulnerabilities (SQLi, XSS)
Resin viewfile Servlet Arbitrary File Disclosure
Owl browse.php Authentication Bypass
Invision Gallery < 1.3.1 Multiple SQL Injections
Microsoft IIS fpcount.exe CGI Remote Overflow
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
WordPress check_ajax_referer() Function SQL Injection
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
Icecast list_directory Function Traversal File/Directory Enumeration
vBulletin <= 3.0.9 Multiple Vulnerabilities
Woltlab Burning Board Detection
Aprox PHP Portal index.php Arbitrary File View
Philboard philboard_admin.ASP Authentication Bypass
osCommerce Customer Testimonials customer_testimonials.php testimonial_id Parameter SQL Injection
YaBB YaBB.pl num Parameter Traversal Arbitrary File Access
CVSTrac CVSROOT/passwd Arbitrary Account Deletion
Simple PHP Blog comments.php Traversal Arbitrary File Access
DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)
PHP Multiple Image Processing Functions File Handling DoS
BASE < 1.2.5 readRoleCookie() Auth Bypass
Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure
VHCS PHPSESSID Cookie Session Fixation
Web Wiz Site News / Compulsive Media CNU5 news.mdb Direct Request Database Disclosure
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access
iWebNegar Multiple Scripts SQL Injection
Website Baker Admin Login SQL Injection
Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc)
Web Server info.php / phpinfo.php Detection
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write
Mambo / Joomla! Multiple Components mosConfig_live_site Parameter Remote File Inclusion
PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access
cfWebStore Multiple Vulnerabilities (SQLi, XSS)
Pixelpost index.php Multiple Parameter SQL Injection
ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval
Multiple Web Server printenv CGI Information Disclosure
iBill ibillpm.pl Password Generation Weakness
PHP < 3.0 mylog.html/mlog.html Arbitrary File Access
CoolPHP 1.0 Multiple Vulnerabilities
IceWarp Multiple Script Remote File Inclusion
phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion
EATON MGE Network Shutdown Module < 3.20 Authentication Bypass / Command Execution
Plume CMS < 1.0.3 Remote File Inclusion
Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion
Sun Java System Identity Manager Detection
TWiki Detection
Custom Pages for Joomla! index.php cpage Variable Remote File Inclusion
TWiki ImageGalleryPlugin Shell Command Injection
Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access
paFileDB <= 3.1 Multiple Vulnerabilities (1)
phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution
phpMyConferences menus.inc.php lvc_include_dir Parameter Remote File Inclusion
WebCalendar < 1.0.2 Multiple Vulnerabilities
Bharat Mediratta Gallery includedir Parameter Remote File Inclusion
Microsoft Outlook Web Access (OWA) Anonymous Access
Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution
IceWarp Web Mail Multiple Flaws (3)
Sun Server Console Authentication Bypass
phpAlbum language.php data_dir Parameter Remote File Inclusion
PHPAuction Multiple Script include_path Parameter File Inclusion
WordPress AdServe adclick.php id Parameter SQL Injection
Woltlab Burning Board verify_email Function SQL Injection
TYPO3 < 3.5.0 Multiple Vulnerabilities
CA Host-Based Intrusion Prevention System Server Default Credentials
Coppermine Photo Gallery Voting Restriction Bypass
WebAdmin < 3.2.6 MDaemon Account Hijacking
UBB.threads Detection
Extent RBS Web Server Image Parameter Traversal Arbitrary File Access
Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval
Moodle lib/kses.php kses_bad_protocol_once Function Arbitrary PHP Code Execution
Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS)
SimpleBBS users disclosure
BasiliX login.php3 username Variable Arbitrary Command Execution
phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities
Kebi Academy Home Page Administration file Parameter Traversal Arbitrary File Access
WebSpeed Development Mode Check
XOOPS Jobs Module index.php cid Parameter SQL Injection
RoundCube Webmail bin/html2text.php Post Request Remote PHP Code Execution
Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cookie SQL Injection
Microsoft Frontpage htimage.exe CGI Remote Overflow
phpSecurePages cfgProgDir Variable File Include Vulnerabilities
SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion
CuteNews Detection
popper_mod PHP Administration Script Authentication Bypass
Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
vBulletin includes/init.php Unspecified Vulnerability
WF-Chat User Account Disclosure
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
Sun Java System Directory Server Online Help Feature Information Disclosure
AEC Subscription Manager Component usage Parameter SQL Injection
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution
Sympa wwsympa Invalid LDAP Password Remote DoS
Exponent CMS Multiple Cross-Site Scripting Vulnerabilities
Wikka wikka.php Local File Inclusion
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection
Netquery <= 3.1 Multiple Vulnerabilities
WebLogic < 8.1 SP3 Multiple Vulnerabilities
Webmin / Usermin Null Byte Filtering Vulnerabilities
OpenWebMail < 1.90 Multiple Vulnerabilities
Gallery PostNuke Integration Access Validation Privilege Escalation
Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution
TorrentTrader download.php id Parameter SQL Injection
HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more)
phpCOIN < 1.2.2 2005-12-13 Fix-File Multiple Vulnerabilities
Novell Teaming Login User Account Enumeration Weakness
Directory Browsing Enabled?
Mailgust Password Reminder email Field SQL Injection
eggBlog index.php eggblogpassword Variable Cookie SQL Injection
PHP < 4.3.8 Multiple Vulnerabilities
Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities
SHOUTcast Server admin.cgi Long Argument Overflow
Thyme event_view.php eid Parameter SQL Injection
Plogger plog-download.php checked[] Parameter SQL Injection
Minis minis.php month Parameter Traversal Arbitrary File Access
MapServer Multiple Remote Vulnerabilities
JRun Multiple Sample Files Remote Information Disclosure
ASPrunner 2.4 Multiple Vulnerabilities
ViewVC Direct Request CVSROOT Information Disclosure
Apache Tomcat TroubleShooter Servlet Information Disclosure
pMachine lib.inc.php pm_path Parameter Remote File Inclusion
PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities
CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID)
MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities
CafeLog B2 Multiple Script Remote File Inclusion
PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
Macallan Mail Solution Web Interface Multiple Vulnerabilities (Auth Bypass, DoS)
phpMyFAQ Detection
Horde Turba Detection
csSearch csSearch.cgi setup Parameter Arbitrary Command Execution
OpenCart route Parameter Local File Inclusion
Multiple Vendor jj CGI Arbitrary Command Execution
Dokeos < 1.6.4 / 2.0.3 Multiple Scripts Remote File Inclusion
Matt Wright guestbook.pl Arbitrary Command Execution
IRIX webdist.cgi Arbitrary Command Execution
Sambar Server dumpenv.pl Information Disclosure
Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
Novell GroupWise WebAccess WebAccessUninstall.ini Information Disclosure
Terminal Services Web Detection
phpListPro Multiple Script returnpath Parameter Remote File Inclusions
phpBB up.php Arbitrary File Upload
OneOrZero Helpdesk default_language Local File Inclusion
YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities
phpMyAdmin grab_globals.lib.php subform Variable Traversal Local File Inclusion
PunBB < 1.2.2 Multiple Input Validation Vulnerabilities
HotNews Multiple Script Remote File Inclusion
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
CubeCart < 2.0.6 settings.inc.php Multiple Script XSS
WordPress < 1.5.1.3 Multiple Vulnerabilities
ePolicy Orchestrator Local Information Disclosure Vulnerability
P-News p-news.php Name Field Privilege Escalation
PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection
Digital Scribe login.php SQL Injection
LifeType for Drupal (pLog) index.php albumId Parameter SQL Injection
Phpauction <= 2.5 Multiple Vulnerabilities
phpLDAPadmin custom_welcome_page Parameter File Include Vulnerability
Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
CitrusDB Static id_hash Admin Authentication Bypass
Gallery Zipcart Module Arbitrary File Disclosure
DCP-Portal Multiple Scripts SQL Injection
IlohaMail Forged GET/POST Arbitrary Contacts Deletion
Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities
BasiliX Application Installation Detection
Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Remote Vulnerabilities (LFI, SQLi)
Simple Machines Forum Avatar Information Disclosure Vulnerability
PSCS VPOP3 messagelist.html msglistlen Parameter DoS
VChat Multiple Remote Vulnerabilities
Mensajeitor Tag Board Admin Bypass
TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion
phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access
Serendipity XML-RPC for PHP Remote Code Injection
RaidenHTTPD workspace.php ulang Parameter Local File Inclusion
PunBB < 1.2.7 Multiple Vulnerabilities
Coppermine Photo Gallery showdoc.php f Variable Local File Inclusion
Ipswitch WhatsUp Professional Login.asp Multiple Field SQL Injection
PHP-Blogger pref.db Database Information Disclosure
SPiD lang.php lang_path Remote File Inclusion
Help Center Live module.php file Parameter Local File Inclusion
Lyris ListManager Subscription Form Administrative Command Injection
Sysinfo name Parameter Arbitrary Code Execution
phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions
dotProject Multiple Scripts Remote File Inclusion
TrackerCam Multiple Remote Vulnerabilities
ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities
Packeteer Web Management Interface Detection
phpAdsNew XML-RPC Library Remote Code Injection
Cacti < 0.8.6e Multiple Vulnerabilities (SQLi, RFI)
ADOdb tmssql.php do Variable Arbitrary PHP Function Execution
WebLogic Servlets Multiple Vulnerabilities
Novell GroupWise WebAccess Error Handler Authentication Bypass
FlatNuke < 2.5.6 Multiple Remote Vulnerabilities (XSS, Disc, Command Exe)
Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
Coppermine Photo Gallery displayimage.php SQL injection
Adobe Document Server Default Credentials
BugPort Attached File Handling Unspecified Issue
CGI Generic Path Traversal Vulnerability
WihPhoto sendphoto.php Traversal Arbitrary File Access
DevTrack Web Service UserName Field SQL Injection
XOOPS Detection
MPC SoftWeb Guestbook Multiple Vulnerabilities
Mambo Open Source Tar.php Remote File Inclusion
NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing
Photopost PHP Pro photo Parameter SQL Injection
WP-Lytebox pg Parameter Local File Inclusion
Horde Ingo Software Detection
XEROX MicroServer Web Server Multiple Vulnerabilities (XRX05-008)
SHOUTcast Server Filename Handling Format String
Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection
Site@School slideshow_full.php album_name Parameter SQL Injection
e107 resetcore.php user Field SQL Injection
DUpaypal Pro Multiple Scripts SQL Injection
PHP < 5.2.3 Multiple Vulnerabilities
Java (.java / .class) Source Code Disclosure
CuteNews Multiple Script Traversal Privilege Escalation
MailEnable Professional HTTPMail GET Request Remote Overflow
Gallery save_photos.php Arbitrary Command Execution
FAQManager Arbitrary File Reading Vulnerability
CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion
XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion
Serendipity < 0.8.1 Multiple Vulnerabilities
Gallery HTTP Global Variables File Inclusion
phpPgAds dest Parameter HTTP Response Splitting
Dragonfly CMS install.php newlang Variable Local File Inclusion
Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation
Gallery Unspecified HTML Injection
E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion
Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation
Simple Machines Forum Validation Code Prediction Arbitrary Password Reset
Alibaba alibaba.pl Arbitrary Command Execution
KorWeblog < 1.6.2 Multiple Vulnerabilities
MDPro index.php topicid Parameter SQL Injection
MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite
GuppY inc/includes.inc selskin Parameter Traversal Local File Inclusion
MaxWebPortal memKey Parameter SQL Injection
Tikiwiki tiki-listmovies.php movie Parameter Traversal Arbitrary File Access
BEA WebLogic FileServlet Source Code Disclosure
PHP-Ping index.php pingto Parameter Arbitrary Code Execution
Bitweaver wiki/edit.php suck_url Variable Traversal Source Code Disclosure
phpWebThings Multiple Scripts SQL Injection
Boozt index.cgi Banner Creation Name Field Overflow
Easy Address Book Web Server Query Remote Format String
DUclassmate Multiple Scripts SQL Injection
Joomla! < 1.0.11 Multiple Vulnerabilities
Xerver < 4.20 Multiple Vulnerabilities
VHCS login.php check_login() Function Authentication Bypass
ttCMS 2.2 Multiple Vulnerabilities
Plumtree Portal User Object User Enumeration
BlackBoard Internet Newsboard System checkdb.inc.php libpath Variable Remote File Inclusion
Joomla! CMS com_search Component default_results.php searchword Variable Remote Command Execution
vBulletin Email Field XSS
TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities
WordPress blog.header.php Multiple Parameter SQL Injection
phpWebFTP index.php language Parameter Local File Inclusion
Gallery < 1.4.4-pl5 Multiple Remote Vulnerabilities (XSS, Path Disc)
Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe)
Moodle < 1.4.3 Multiple Vulnerabilities
HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)
Mnogosearch search.cgi Multiple Parameter Remote Overflows
PHProjekt <= 5.1 Multiple Remote File Inclusions
PHPLinks Multiple Input Validation Vulnerabilities
ModernBill <= 4.3.0 Multiple Vulnerabilities
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)
D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS
IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access
Allaire JRun Crafted Request WEB-INF Forced Directory Listing
phpMyAdmin sql.php Traversal Arbitrary File Access
JBrowser Multiple Vulnerabilities (Auth Bypass, Traversal)
Centreon fileOreonConf Parameter File Include Vulnerabilities
HAMweather Template.php do_parse_code Function Arbitrary Code Execution
Mobius DocumentDirect ddicgi.exe Long GET Request Overflow
Trac quickjump Search Script q Parameter Arbitrary Site Redirect
CubeCart < 2.0.5 Multiple Vulnerabilities
PHPX admin/index.php username Parameter SQL Injection
XOOPS < 2.0.12 Multiple Vulnerabilities
AWStats awstats.pl Path Disclosure
YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution
RunCMS xoopsOption Parameter Local File Inclusion
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access
Exhibit Engine list.php Multiple Parameter SQL Injection
Sympa wwsympa.fcgi Unauthorised List Creation
IceWarp Web Mail Multiple Flaws (4)
PDGSoft Shopping Cart Multiple Vulnerabilities
GuppY < 4.5.6a Multiple Vulnerabilities
Sambar Server Multiple Script Arbitrary Code Execution
Easy File Sharing Web Server Information Disclosure
Module Builder DownloadModule Traversal Arbitrary File Disclosure
OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access
Sympa wwsympa do_search_list Overflow DoS
Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)
Pligg < 9.9.5 Multiple Remote Vulnerabilities
CuteNews Debug Info Disclosure
JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Traversal Arbitrary File Manipulation
PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access
phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities
Horde Chora CVS Viewer diff Utility Arbitrary Command Execution
phpScheduleIt reserve.php start_date Parameter Arbitrary Command Injection
e107 < 7.0 Multiple Vulnerabilities
RunCMS Remote Arbitrary File Upload Vulnerability
Nucleus CMS action.php itemid Parameter SQL Injection
IlohaMail Software Detection
PmWiki < 2.1 beta 21 Multiple Vulnerabilities
PHPNews auth.php Multiple Parameter SQL Injection
Squirrelcart index.php Multiple Parameter SQL Injection
X7 Chat index.php day Parameter SQL Injection
AntiBoard antiboard.php Multiple Parameter SQL Injection
WebSpeed Messenger Administration Utility Unauthenticed Access
Mantis < 0.19.3 Multiple Vulnerabilities
EZShopper Multiple Script Arbitrary Command Execution
PHP-Calendar includes/search.php Multiple Parameter SQL Injection
Goollery < 0.04b Multiple Vulnerabilities
Nukestyles.com viewpage.php Addon for PHP-Nuke File Variable Traversal Arbitrary File Access
Stronghold swish Search Script Information Disclosure
PunBB Detection
Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)
Master Index search.cgi Traversal Arbitrary File/Directory Access
Netref cat_for_gen.php Arbitrary PHP Command Injection
XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection
paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection
InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation
PHP Easy Download admin/save.php moreinfo Parameter Code Injection
Nucleus CMS < 3.15 Multiple Vulnerabilities
PerlDesk kb.cgi view Parameter SQL Injection
pMachine <= 2.2.1 Multiple Vulnerabilities
Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities
HP OpenView Client Configuration Manager Default Credentials
My Guest Book (myGuestBk) Multiple Vulnerabilities
Loudblog backend_settings.php Multiple Parameter Remote File Inclusion
PHP < 4.4.5 Multiple Vulnerabilities
ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal)
DB4Web Server Debug Mode TCP Port Scanning Proxy
MaxWebPortal <= 1.35 Multiple Vulnerabilities
osTicket Arbitrary Attachment Disclosure
Gallery index.php GALLERY_BASEDIR Variable Remote File Inclusion
Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation
TUTOS < 1.2 Multiple Input Validation Vulnerabilities
Ipswitch WhatsUp Professional Crafted Header Authentication Bypass
Flyspray install-0.9.7.php adodbpath Variable Remote File Inclusion
Help Center Live class/auth.php check_logout Function Admin Authentication Bypass
Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities
Sympa Detection
NextApp Echo XML External Entity Handling Privilege Escalation
CGI::Session File Driver CGISESSID Cookie Traversal Authentication Bypass
Webhosting Component for Joomla catid Parameter SQL Injection
TYPO3 cmw_linklist Extension category_uid Parameter SQL Injection
LifeType index.php articleId Parameter SQL Injection
WWWBoard passwd.txt Authentication Credential Disclosure
phpwcms 1.2.5 Multiple Vulnerabilities
Invision Power Board Software Detection
BroadVision One-To-One Enterprise Nonexistent JSP Request Path Disclosure
Webcart Default Install Configuration Disclosure
WHM AutoPilot < 2.5.20 Multiple Remote Vulnerabilities
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure
GTcatalog index.php custom Parameter Remote File Inclusion
Ultimate PHP Board add.php Direct Request Information Disclosure
AsteriDex callboth.php Multiple Variable CRLF Injection Arbitrary Command Execution
PhpMyExplorer index.php chemin Variable Encoded Traversal Arbitrary File Access
IceWarp Web Mail Multiple Flaws (2)
PostNuke Sections Module Information Disclosure
Moodle Forum post.php Unauthorized Post Deletion CSRF
MAILNEWS mailnews.cgi Arbitrary Command Execution
Trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion
IBM WebSphere snoopservlet Path Disclosure
JFFNMS auth.php Multiple Parameter SQL Injection
Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
WebCalendar Detection
phpMyAdmin < 2.5.2 Multiple Vulnerabilities
Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
Comersus BackOffice comersus_backoffice_menu.asp Multiple Variable SQL Injection
Easy File Sharing Web Server ACL Bypass
Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion
LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
BEA WebLogic Hex Encoded Request JSP Source Disclosure
WoltLab Burning Board Lite thread.php decode_cookie Function threadvisit Cookie Variable SQL Injection
Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
phpGroupWare index.php Addressbook XSS
Invision Power Board sources/post.php qpid Parameter SQL Injection
Oreon lang/index.php file Parameter Remote File Inclusion
Zen Cart ipn_main_handler.php custom SQL Injection
Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure
MyBB < 1.01 SQL Injection
Mnemo Detection
WordPress WP-Forum forum_feed.php thread Parameter SQL Injection
MyReview Admin.php email Parameter SQL Injection
XMB member.php Multiple Parameter SQL Injection
Home Free search.cgi Traversal Arbitrary File Access
PHP < 5.2.1 Multiple Vulnerabilities
Website Baker REMEMBER_KEY Cookie SQL Injection
AspUpload Test11.asp Arbitrary File Upload
OpenCA Multiple Signature Validation Bypass
SimpleBoard / Joomlaboard Multiple Script sbp Parameter Remote File Inclusion
phpBB <= 2.0.17 Multiple Vulnerabilities
MyDMS < 1.4.3 Multiple Vulnerabilities
OrangeHRM login.php txtUserName Parameter SQL Injection
e107 ePing Plugin doping.php Arbitrary Code Execution
Mambo Open Source / Joomla! GLOBALS Variable Remote File Inclusion
Web Server /cgi-bin Perl Interpreter Access
w-Agora <= 4.2.0 Multiple Vulnerabilities
Jaws BlogModel.php path Parameter Remote File Inclusion
toendaCMS < 0.6.2.1 Multiple Vulnerabilities
phpBB Detection
Simple PHP Blog Detection
Mambo Open Source Multiple Vulnerabilities
Super-M Son hServer URI Traversal Arbitrary File Access
DokuWiki config_cascade Parameter Remote File Inclusion
Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion
miniBB index.php user Variable SQL Injection
MyBB search.php forums Parameter SQL Injection
PatchLink Update Server proxyreg.asp Arbitrary Proxy Manipulation
MODx CMS base_path Parameter Remote File Inclusion
PHP-Fusion 4.01 Multiple Vulnerabilities
WordPress < 1.5.1 Multiple Vulnerabilities
ACal embed/day.php path Variable Remote File Inclusion
HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access
Sugar Open Source Detection
Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure
VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
AWStats rawlog.pm logfile Parameter Arbitrary Command Execution
LiteCommerce SQL Injection Vulnerabilities
PHP-Nuke sql_debug Information Disclosure
TWiki rev Parameter Arbitrary Command Execution
Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection
phpGroupWare Detection
LDU Software/Version Detection
PHP < 4.4.8 Multiple Vulnerabilities
Coppermine Photo Gallery index.php file Parameter Local File Inclusion
phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution
Instaboard index.cfm Multiple Parameter SQL Injection
IdealBB Multiple Vulnerabilities (XSS, SQLi, more)
WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion
PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection
Bugzilla < 2.16.7 / 2.18.0rc3 Multiple Information Disclosures
HastyMail HTML Attachement Script Execution
Calendarix Multiple Script id Parameter SQL Injection
Joomla! index.php mosConfig_absolute_path Parameter Remote File Inclusion
MailEnable HTTPMail Service Content-Length Header Overflow
Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload
Original inc/exif.inc.php exif_prog Parameter Arbitrary Command Execution
PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access
LedgerSMB / SQL-Ledger login.pl script Parameter Arbitrary Perl Code Execution
e107 e107_cookie Parameter SQL Injection
Newbb_plus Module for RunCMS Client-Ip Header SQL Injection
w-Agora 4.1.6a Multiple Input Validation Vulnerabilities
Phorum search.php location Parameter HTTP Response Splitting
SimpleFAQ Component for Joomla! aid Parameter SQL Injection
Joomla! Detection
Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution
X-News Password MD5 Hash Authentication Bypass
@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion
DokuWiki Detection
Etomite CMS index.php id Paramater SQL Injection
Hosting Controller Software Detection
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities
Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing
SquirrelMail plugin.php plugins Parameter Local File Inclusion
PunBB < 1.2.6 Multiple Vulnerabilities
PHP Live! directory/conf File Include Unspecified Issue
Samba Web Administration Tool (SWAT) Detection
SquirrelMail < 1.4.18 map_yp_alias Function Remote Code Execution
IlohaMail Unspecified Database Password Disclosure Weakness
Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation
cPanel Backup File Local Disclosure
CuteNews inc/function.php archive Variable Arbitrary File Access
ColdFusion Debug Mode Information Disclosure
XOOPS WF-Section Module print.php articleid Parameter SQL Injection
OpenBB index.php CID Parameter SQL Injection
boastMachine mail.php id Variable SQL Injection
HappyMall Multiple Script Arbitrary Command Execution
Savant Web Server cgitest.exe Overflow
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
YaBB SE < 1.5.2 Multiple Vulnerabilities
Serendipity < 0.7.0beta3 Multiple Vulnerabilities
PHP3 Error Message Physical Path Disclosure
Microsoft IIS newdsn.exe Arbitrary File Creation
smb2www Detection
Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing
Webmin Detection
WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access
Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
PAJAX < 0.5.2 Multiple Vulnerabilities
phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution
PGPMail.pl detection
Webmin / Usermin miniserv.pl Arbitrary File Disclosure
Apache Tomcat RequestDispatcher Directory Traversal Vulnerability
DeluxeBB Multiple Scripts SQL Injection
JBoss JMX Console Unrestricted Access
PHPNews news.php prevnext Parameter SQL Injection
sBLOG search.php keyword Parameter SQL Injection
OraMon config/oramon.ini Information Disclosure
WowBB view_user.php Multiple Parameter SQL Injection
web-app.org WebAPP Encoded Request .dat File Disclosure
Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities
MediaWiki Language Option eval() Function Arbitrary PHP Code Execution
Moodle < 1.5.3 Multiple SQL Injection Vulnerabilities
Movable Type < 3.2 Multiple Vulnerabilities
Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution
Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access
MailWatch authenticate() Function SQL Injection
OpenBiblio < 0.5.2 Multiple Scripts Local File Inclusion
Thunderstone Software Texis Nonexistent File Request Path Disclosure
/perl Directory Browsable?
WordPress template-functions-category.php cat_ID Parameter SQL Injection
F-Secure Policy Manager Path Disclosure
PHP 5 < 5.2.7 Multiple Vulnerabilities
Leif Wright ad.cgi file Parameter Arbitrary Command Execution
Sambar Server Multiple CGI Environment Variable Disclosure
Trend Micro InterScan VirusWall catinfo CGI Overflow
Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access
phpGroupWare Multiple Module SQL Injection
Trend Micro ControlManager < 3.0 SP5 Multiple Vulnerabilities
XOOPS Dictionary Module print.php id Parameter SQL Injection
DevoyBB Multiple Remote Vulnerabilities (SQLi, XSS)
GForge top/topusers.php offset Parameter SQL Injection
Trac Ticket Query Module group Parameter SQL Injection
RiSearch show.pl Arbitrary File Access
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow
Site Documentation Module for Drupal Database Tables Access Content Permission Information Disclosure
ActualAnalyzer Lite style Variable Traversal Local File Inclusion
Phorum common.php ForumLang Parameter Traversal Arbitrary File Access
imageVue < 16.2 Multiple Vulnerabilities
XTreme ASP Photo Gallery adminlogin.asp Multiple Variable SQL Injection
AkoGallery Component for Mambo / Joomla! index.php id Variable SQL Injection
osTicket Attachment Handling File Upload Arbitrary Code Execution
NetGear Wireless Access Point Hardcoded Default Password
AWStats is Openly Accessible
PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read
PHP Support Tickets index.php Multiple Parameter SQL Injection
CuteNews search.php files_arch Array Arbitrary File Access
Web Server /cgi-bin Shell Access
dotProject docs/ Directory Multiple Script Information Disclosure
osTicket setup.php Accessibility
Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution
phpWebSite < 0.9.x Multiple Vulnerabilities
Land Down Under <= 801 Multiple Vulnerabilities
MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities
PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion
phpList Detection
WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution
Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access
paFileDB Detection
Moodle filter/tex/texed.php pathname Parameter Remote Command Execution
phpMyWebHosting Authentication SQL Injection
3Com Network Supervisor Traversal Arbitrary File Access
Simplog <= 0.9.2 Multiple Vulnerabilities
IlohaMail Attachment Arbitrary File Create/Overwrite
Marcus Xenakis directory.php Execute Arbitrary Commands
Glimpse HTTP aglimpse Arbitrary Command Execution
HSWeb HTTP Server /cgi Directory Request Path Disclosure
JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID)
ocPortal index.php req_path Parameter Remote File Inclusion
Simple Form Multiple Parameter Arbitrary Mail Relaying
MyBB forumdisplay.php sortby Parameter Arbitrary PHP Code Execution
Poster version.two index.php Account Manipulation Privilege Escalation
Stellar Docs Malformed Query Path Disclosure
TinyWebGallery lang Parameter Local File Inclusion
RunCMS Multiple Script bbPath Parameter Remote File Inclusion
JRun Web Server (JWS) GET Request Traversal Arbitrary File Access
yappa-ng index.php album Parameter Local File Inclusion
Truegalerie admin.php loggedin Parameter Admin Authentication Bypass
Mini SQL CGI content-length Field Remote Overflow
PostNuke <= 0.760 RC4b Multiple Vulnerabilities
CVS (Web Based) Entries File Information Disclosure
BEA WebLogic config.xml Operator/Admin Password Disclosure
EGroupWare Software Detection
phpMyFAQ < 1.5.2 Multiple Vulnerabilities
Calendarix calendar.php Multiple Parameter SQL Injection
osTicket <= 1.3.1 Multiple Vulnerabilities
SHOUTcast Server User-Agent / Host Header DoS
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
Nuked-Klan function execution
FCKeditor for PHP-Nuke Arbitrary File Upload
Orion Application Server Crafted Filename Extension JSP Script Source Disclosure
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities (ID, more)
Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities
Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass
phpBB < 2.0.22 Multiple Vulnerabilities
AngelineCMS loadkernel.php installPath Variable Remote File Inclusion
Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities
Horde Software Detection
Synchrologic Email Accelerator aggregate.asp User Account Disclosure
ImageFolio Default Password
SaveWebPortal <= 3.4 Multiple Vulnerabilities
Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion
Sendcard sendcard.php id Parameter SQL Injection
PHP 5.2.7 magic_quotes_gpc Security Bypass
Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion
CVSTrac Detection
e107 ibrowser.php zend_has_del() Function Remote Code Execution
Invision Gallery index.php st Parameter SQL Injection
Axis 2400 Network Camera Multiple Vulnerabilities
Simple Machines Forum Search.php SQL Injection
IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure
Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation
Advanced Guestbook index.php lang Cookie Variable Path Disclosure
Merak Webmail / IceWarp Web Mail 5.2.8 Multiple Vulnerabilties
SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure
ActivePerl perlIS.dll Buffer Overflow
X7 Chat upgradev1.php old_prefix Parameter SQL Injection
Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)
GWExtranet gwextranet/scp.dll Multiple Variable Traversal Local File Inclusion
WebSPIRS webspirs.cgi Traversal Arbitrary File Access
Winmail Server Webmail Unspecified Vulnerability
Nuked-Klan index.php Multiple Module Vulnerabilities
Alt-N WebAdmin Multiple Vulnerabilities
Simplicity oF Upload download.php language Parameter Local File Inclusion
Lucent VitalNet VsSetCookie.exe Unauthorized Access
VisNetic / Merak Mail Server Multiple Remote Vulnerabilities
Land Down Under <= 800 Multiple Vulnerabilities
ht://Dig htsearch Multiple Vulnerabilities
HP System Management Homepage (SMH) on Windows Namazu lang Parameter Traversal Arbitrary File Access
Geronimo Console Default Credentials
Netwin Netauth netauth.cgi Traversal Arbitrary File Access
IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure
Web Wiz Forums wwforum.mdb Direct Request Database Disclosure
Adcycle build.cgi Remote Password Disclosure
XEROX CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008)
Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe)
jPortal print.inc.php id Parameter SQL Injection
Openfire AuthCheck Authentication Bypass
Serendipity Multiple Script HTTP Response Splitting
Coppermine imageObjectIM.class.php Command Execution Vulnerabilities
vBulletin calendar.php eventid Variable SQL Injection
Discuz! <= 4.0.0 rc4 Arbitrary File Upload
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access
paNews 2.0.4b Multiple Input Validation Vulnerabilities
Plesk Multiple Script locale_id Parameter Traversal Arbitrary File Access
AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation
Cuyahoga FCKEditor Misconfiguration Unrestricted File Upload
Trend Micro InterScan Web Security Suite Default Credentials
Sniplets Plugin for WordPress execute.php text Parameter Arbitrary Command Execution
DUware Products Multiple Remote Vulnerabilities (SQLi, XSS)
Advanced Poll admin/index.php Session Identifier Replay Authentication Bypass
w-Agora index.php site Parameter Traversal Arbitrary File Access
NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation
OmniHTTPd visadmin.exe Malformed URL DoS
Calendarix Multiple Vulnerabilties (SQLi, XSS)
myEvent Multiple Remote Vulnerabilities
ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI)
P-Synch Password Management Multiple Vulnerabilities
CVSweb Detection
phpBB Advanced GuestBook addentry.php phpbb_root_path Variable Remote File Inclusion
Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access
PhpWebGallery comments.php sort_by Parameter SQL Injection
phpBB Knowledge Base Module kb.php cat Parameter SQL Injection
HP System Management Homepage < 3.0.1.73 Multiple Flaws
SquirrelMail < 1.4.4 Multiple Vulnerabilities
Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass
Coppermine Photo Gallery keysToSkip Variable Overwrite
EGroupWare Multiple Vulnerabilities (SQLi, ID)
SquirrelMail decodeHeader HTML injection vulnerability
Gallery < 2.0.3 Multiple Remote Vulnerabilities (XSS, Traversal)
AWStats Detection
Alibaba get32.exe Arbitrary Command Execution
Multiple Web Server finger CGI Information Disclosure
OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities
WebMatic Unspecified Login Function Access Vulnerability
PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
Tripwire for Webpages Installation Disclosure
Listserv < 14.5 Multiple Buffer Overflows
bttlxeForum login.asp Multiple Field SQL Injection
phpMyAdmin export.php what Parameter Traversal Arbitrary File Access
iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read
Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure
Jinzora Multiple Script include_path Parameter Remote File Inclusion (2)
Tenable Security Center Default Credentials
Webapp.org WebAPP < 0.9.9.6 Multiple Vulnerabilities
Goscript go.cgi Arbitrary Command Execution
Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)
Moodle < 1.6.2 Multiple Vulnerabilities
RTH login.php uname Parameter SQL Injection
OpenNMS Web Console Detection
MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities
VP-ASP shopexd.asp catalogid Parameter SQL Injection
Sun Java Web Server bboard Servlet Command Execution
Segue CMS themesettings.inc.php themesdir Parameter Remote File Inclusion
NETFile FTP/Web Server Directory Traversal Arbitrary File Access
ReviewPost PHP Pro Multiple Script SQL Injection
CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi)
Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval
ViRobot Linux Server addschup Multiple Overflows
Nimda Worm Infected HTML File Detection
Stoc'an Shopping Cart shop.plx page Parameter Arbitrary Command Execution
Roxen Web Server Counter Module Crafted Request Saturation DoS
SquirrelMail HTTPS Session Cookie Secure Flag Weakness
phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion Vulnerability
Adobe Breeze Directory Traversal Arbitrary File Access
vTiger < 4.5a2 Multiple Vulnerabilities
cPanel <= 9.1.0 Multiple Vulnerabilities
Sawmill < 7.1.6 Multiple Vulnerabilities
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities
Packeteer Web Management Interface Authentication
Site@School Multiple Script cmsdir Parameter Remote File Inclusion
Geeklog Detection
CrashPlan Server Default Administrative Credentials
Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)
CoolForum Multiple Vulnerabilities (SQLi, XSS)
AWStats Referrer Arbitrary Command Execution Vulnerability
PHP Mail Function Header Spoofing
MyBB global.php Global Variable Overwrite
PMOS Help Desk form.php Arbitrary Code Execution
Mort Bay Jetty URL Multiple Slash Character Information Disclosure
ColdFusion Multiple Vulnerabilities (File Upload/Manipulation)
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
PHP-Nuke opendir.php Traversal Arbitrary File Read
Microsoft IIS advsearch.asp Direct Request DoS
Cacti < 0.8.6f Multiple Vulnerabilities (Priv Esc, Cmd Exe)
Basilix Webmail .class / .inc Direct Request Remote Information Disclosure
phpGedView arbitrary file reading
MyBB Detection
Webman I-Mall i-mall.cgi Arbitrary Command Execution
ViewCVS < 1.0.0 Multiple Vulnerabilities
MERCUR WebView WebMail Server mail_user Parameter DoS
Apache Tomcat Nonexistent File Error Message Path Disclosure
Cacti copy_cacti_user.php template_user Variable SQL Injection
phpMyFAQ index.php action Variable Local File Inclusion
vBulletin Detection
Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure
NetWin CWmail.exe Item Parameter Remote Overflow
TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow (2)
ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal)
Sun ONE (iPlanet) Application Server Detection
MPM Guestbook Pro top.php Traversal Arbitrary File Access
Zen Cart products_id[] Array SQL Injection
ArGoSoft Mail Server Pro <= 1.8.7.6 Multiple Vulnerabilities (XSS, Traversal, Priv Esc)
JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure
ProductCart Multiple Input Validation Vulnerabilities
Flyspeck lang Parameter Local File Inclusion
Looking Glass Multiple Vulnerabilities
Joomla! < 1.0.8 Multiple Vulnerabilities
Basic Analysis and Security Engine Authentication Check
PHPFM Arbitrary File Upload
Woltlab Burning Board Multiple SQL Injections
SilverStream Database Structure Disclosure
ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion
e_Board index2.cgi message Parameter Traversal Arbitrary File Access
Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
LifeType rss.php profile Parameter Traversal Arbitrary File Access
smb2www Unspecified Arbitrary Remote Command Execution
Netquery <= 3.11 nquser.php host Variable Arbitrary Command Execution
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution
SugarSales Multiple Module Traversal Arbitrary File Access
VICIDIAL Call Center Suite admin.php SQL Injection
IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
PHP < 4.2.x mail Function CRLF Injection
Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass
IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal)
Emumail WebMail Multiple Remote Vulnerabilities (XSS, Disc)
Spyke Multiple Remote Vulnerabilities
Microsoft IIS search.asp Direct Request DoS
MediaWiki JSON Callback Crafted API Request Information Disclosure
Adobe Dreamweaver dwsync.xml Remote Information Disclosure
ProductCart Multiple Vulnerabilities
Microsoft Outlook Web Access (OWA) Version Detection
PHPAuction Admin Authentication Bypass
Sun Java System Identity Manager Default Credentials
XAMPP Example Pages Detection
PHP Live Helper Multiple Remote File Inclusions
Apache Tomcat Snoop Servlet Remote Information Disclosure
paFileDB <= 3.1 Multiple Vulnerabilities (2)
WoltLab Burning Board search.php Multiple Variable SQL Injection
Dream4 Koobi CMS index.php area Parameter SQL Injection
Open WebMail Detection
Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities
Ipswitch WhatsUp Gold <= 8.04 Multiple Vulnerabilities
My_eGallery < 3.1.1g Remote File Inclusion
Jinzora Multiple Script include_path Parameter Remote File Inclusion
Backup Files Disclosure
Matt Wright FormHandler.cgi Arbitrary File Access
Matt Wright textcounter.pl Arbitrary Command Execution
PostNuke <= 0.760 RC2 Multiple Vulnerabilities
Silent-Storm Portal Multiple Input Validation Vulnerabilities
Verity Ultraseek < 5.7 Multiple Vulnerabilities
PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access
DokuWiki fetch.php Multiple Variable imconvert Function Arbitrary Command Execution
Microsoft IIS ASP::$DATA ASP Source Disclosure
Adobe Document Server File URI Resource Access Issue
Acajoom Component for Joomla! <= 3.2.6 Backdoor
LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities
SiteEnable Multiple Input Validation Vulnerabilities
SAP Internet Graphics Server (IGS) Traversal Arbitrary File Access
CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval
PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection
FCKeditor upload.php Type Variable Arbitrary File Upload
Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion
phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution
NOCC <= 1.0 Multiple Vulnerabilities
phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability
Gallery Install Log Local Information Disclosure
Squid cachemgr.cgi Proxied Port Scanning
PhotoPost < 5.1 Multiple Input Validation Vulnerabilities
webERP Configuration File Remote Access
WordPress Cookie cache_lastpostdate Parameter PHP Code Injection
Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution
LinPHA <= 1.0 Multiple Vulnerabilities
PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion
paFileDB auth.php pafiledbcookie Cookie SQL Injection
Zenphoto rss.php albumnr Parameter SQL Injection
Sambar Server search.pl results.stm Overflow DoS
IRIX pfdisplay.cgi Arbitrary File Access
phpGroupWare Unspecified Remote File Inclusion
K-COLLECT CSV-DB CSV_DB.CGI Remote Command Execution Vulnerability
Linksys WVC54GCA Wireless-G /img/main.cgi Information Disclosure Vulnerability
Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)
Blog Torrent < 0.81 btdownload.php Multiple Vulnerabilities
AWOL helperfunction.php includedir Parameter Remote File Inclusion
Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion
phpBB < 2.0.9 Multiple Vulnerabilities
Zen Cart Detection
Mantis Detection
Adobe Document Server for Reader Extensions < 6.1 Multiple Vulnerabilities (Auth Bypass, XSS, Info Disc, Enum)
Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities
OpenX ac.php bannerid Parameter SQL Injection
Sambar Server pagecount CGI Traversal Arbitrary File Overwrite
PPA functions.inc.php ppa_root_path Variable File Inclusion
Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access
CVSTrac Database Plaintext Password Storage
Symantec Mail Security for SMTP Admin Center Default Credentials
RunCMS Detection
UBB.threads editpost.php Number Parameter SQL Injection
BASE Authentication Redirect Authentication Bypass
OpenCms < 6.2.2 Multiple Vulnerabilities
CopperExport XP_Publish.PHP SQL Injection Vulnerability
AutomatedShops WebC.cgi Multiple Overflows
Alkalay.Net Multiple Scripts Arbitrary Command Execution
Tivoli Directory Server ldacgi.exe Template Variable Traversal Arbitrary File Access
phpBB viewtopic.php topic_id Variable SQL Injection
Phorum Detection
phpScheduleIt Detection
Mambo MOStlyCE Mambot Arbitrary File Rename
Directory Manager edit_image.php Arbitrary Command Execution
OneOrZero Helpdesk tinfo.php Arbitrary File Upload
Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access
Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc)
DCP-Portal lib.php root Parameter Remote File Inclusion
XAMPP < 1.4.14 Multiple Vulnerabilities
XOOPS Article Module article.php id Parameter SQL Injection
TikiWiki jhot.php Arbitrary File Upload
Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities
HP OpenView Network Node Manager Multiple CGI Remote Overflows
ThinClientServer Admin Account Creation Privilege Escalation
Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS
bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution
Active Auction Multiple Vulnerabilities (SQLi, XSS)
SandSurfer < 1.7.0 User Authentication Bypass
Miva htmlscript Traversal Arbitrary File Access
e107 Detection
BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS)
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution
SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion
Viralator CGI Script Arbitrary Command Execution
Stoc'an Shopping Cart shop.plx Path Disclosure
CVSTrac cgi.c Multiple Overflows
Microsoft IIS query.asp Direct Request DoS
HylaFAX faxsurvey Arbitrary Command Execution
Xaraya Software/Version Detection
NCSA Campas cgi-bin Arbitrary Command Execution
Land Down Under HTTP Referer Header SQL Injection
WebAPP apage.cgi f Parameter Arbitrary Command Execution
ASP-Rider verify.asp username Parameter SQL Injection
VP-ASP shopsearch SQL injection (SQLi)
Live Chat Component for Joomla! last Variable SQL Injection
myPHPNuke phptonuke.php filnavn Parameter Traversal Arbitrary File Access
PHP < 5.2.4 Multiple Vulnerabilities
ASG-Sentry CGI Detection
ExtremeZ-IP File and Print Server Zidget/HTTP Server Traversal Arbitrary File Access
icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access
WordPress wp-login.php HTTP Response Splitting
ZPanel 2.0 Multiple Script Remote File Inclusion
PmWiki < 2.1.21 Global Variables Overwriting
Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution
Web Server Generic 3xx Redirect
vTiger CRM Directory File Disclosure
WebGUI user profile Unspecified Vulnerability
PHP-Fusion extract() Global Variable Overwriting
YaNC yanc.html.php listid Parameter SQL Injection
Movable Type mt.cfg Information Disclosure
Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay
Poll It CGI data_dir Parameter Arbitrary File Access
SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion
Sambar Server Multiple CGI Remote Overflow
Psunami.CGI Command Execution
PostNuke Glossary Module page Parameter SQL Injection
PHPix index.phtml Multiple Parameter Arbitrary Command Execution
PHP < 5.2.9 Multiple Vulnerabilities
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities
Aventail ASAP Platform Management Console Detection
Metertek pagelog.cgi Traversal Arbitrary File Access
XEROX WorkCentre WebUI Arbitrary Command Execution (XRX06-005)
VP-ASP Multiple Script SQL Injection
PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities
WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion
SiteMinder smpwservicescgi.exe Arbitrary Site Redirect
Invision Community Blog Module eid Parameter SQL Injection
PostNuke Detection
FtpLocate flsearch.pl fsite Parameter Remote File Inclusion
eLDAPo index.php Cleartext Password Disclosure
ArGoSoft Mail Server Multiple Traversals
ListManager < 8.9b Multiple Vulnerabilities
osCommerce Unprotected Admin Directory
TWiki bin/configure image Parameter Traversal Arbitrary File Access/Execution
Serendipity exit.php Multiple Parameter SQL Injection
Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities
Claroline Multiple Script includePath Parameter Remote File Inclusion
PHPSurveyor Multiple SQL Injections
PCCS-Mysql User/Password Exposure
Axis Storpoint CD Admin Authentication Bypass
XOOPS xoopsConfig[language] Parameter Local File Inclusion (DSECRG-08-040)
ListManager Error Message Information Disclosure
XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal
Dolphin Multiple Scripts Remote File Inclusion
CubeCart <= 2.0.6 Multiple SQL Injections
iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection
Sybase EAServer WebConsole jaqadmin Default Password
WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection
EZsite Forum Discloses Passwords to Remote Users
Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval
Ignite Gallery Component for Joomla! index.php gallery Parameter SQL Injection
WebAPP Detection
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
FlatNuke index.php id Variable Traversal Arbitrary File Access
vBulletin misc.php template Variable PHP Code Injection
Super Guestbook superguestconfig Admin Password Disclosure
PowerPortal index.php index_page Parameter SQL Injection
WebLogic Multiple Method Cleartext Password Disclosure
SimpGB guestbook.php quote Parameter SQL Injection
phpBB viewtopic.php highlight Parameter SQL Injection
Smart Publisher index.php filedata Parameter Arbitrary Command Execution
Claroline ldap.inc.php clarolineRepositorySys Variable Remote File Inclusion
Seditio plug.php pag_sub Parameter SQL Injection
ROADS search.pl form Parameter Traversal Arbitrary File Access
MultiHTML multihtml.pl Traversal Arbitrary File Access
HP OpenView Network Node Manager Multiple Scripts Remote Command Execution
ActualAnalyzer direct.php rf Variable Remote File Inclusion
paFAQ 1.0 Beta 4 Multiple Vulnerabilities
Clever Copy connect.inc Direct Request Information Disclosure
WebGais websendmail CGI Arbitrary Command Execution
Microsoft IIS Multiple Vulnerabilities (MS02-018)
SocialEngine Blog Plugin category_id Parameter SQL Injection
Snitz Forums 2000 register.asp Email Parameter SQL Injection
MailMan Webmail mmstdod.cgi Arbitrary Command Execution
Monkey HTTP Daemon < 0.9.1 Multiple Vulnerabilities
phpSysInfo < 2.4.1 Multiple Vulnerabilities
PAFileDB Multiple Script Error Message Path Disclosure
Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow
Hosting Controller Multiple Script ForumID Parameter SQL Injection
Mambo Site Server MD5 Hash Session ID Privilege Escalation
MyBB index.php referrer Parameter SQL Injection
RealServer /admin/Docs/default.cfg Information Disclosure
The Includer includer.cgi Arbitrary Command Execution
PHP iCalendar Multiple Script Remote File Inclusion
Mantis < 0.17.5 Multiple Vulnerabilities
netOffice Dwins demoSession Parameter Authentication Bypass
Shop-Script admin.php Admin Panel Security Bypass
paFileDB SQL injection
WebActive HTTP Server active.log Remote Information Disclosure
JCE Admin Component for Joomla! jce.php Multiple Vulnerabilities (LFI, XSS)
phpList <= 2.10.8 Variable Overwriting
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities
AutomatedShops WebC.cgi Installation Detection
Apache Tomcat Directory Listing and File disclosure
OpenX fc.php MAX_type Parameter Traversal Local File Inclusion
TWiki filename Parameter Traversal Arbitrary File Access
dotCMS Multiple Script id Parameter Traversal Local File Inclusion
Advanced Poll info.php Remote Information Disclosure
Contenido contenido/classes/class.inuse.php Multiple Variable Remote File Inclusion
CVSTrac history.c history_update Function Overflow
Limbo Contact Component (com_contact) contact.html.php contact_attach Unrestricted File Upload
IlohaMail Unspecified Vulnerability
Siteman Page User Database Privilege Escalation
aspWebCalendar calendar.asp SQL Injection
MaxWebPortal <= 1.33 Multiple Vulnerabilities
Netwin WebNews Webnews.exe Remote Overflow
Openfire Admin Console Remote Privilege Escalation
Achievo class.atkdateattribute.js.php config_atkroot Variable Remote File Inclusion
WebWho+ whois.pl time Parameter Arbitrary Command Execution
rot13sj.cgi Arbitrary File Access
phpMyFAQ < 1.6.10 Multiple Script Arbitrary File Upload
TikiWiki Unauthorized Page Access
phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion
ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure
Ipswitch WhatsUp Gold Default Admin Account
ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS)
IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities
phpLDAPadmin Anonymous Bind Security Bypass Vulnerability
thttpd ssi Servlet Encoded Traversal Arbitrary File Access
Mambo Open Source usercookie Parameter SQL Injection
Horde go.php url Parameter Arbitrary File Access
Allaire JRun Encoded JSP Request Arbitrary Directory Listing
WowBB <= 1.61 Multiple Vulnerabilities
Geeklog User Comment Retrieval SQL Injection
Mailman Utils.py Spoofed Log Entry Injection
Listserv < 14.3-2005a Multiple Vulnerabilities
Serendipity Multiple Scripts serendipity[charset] Parameter Local File Inclusion
SIX-webboard generate.cgi content Variable Traveral Arbitrary File Access
Sun Java System ASP < 4.0.3 Multiple Vulnerabilities
Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more)
DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution
Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion
UBB.threads dosearch.php SQL injection
PALS Library System WebPALS pals-cgi Multiple Vulnerabilities
Infinity CGI Exploit Scanner Multiple Vulnerabilities
Moodle moodledata/sessions/ Session Files Remote Information Disclosure
Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution
PostNuke Install Script Admin Password Disclosure
Default password (changeme) for SHOUTcast Server Service Port
Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities
ATutor Password Reminder SQL Injection
phpBB <= 2.0.14 Multiple Vulnerabilities
Web Site sitemap.xml File and Directory Disclosure
Dune Web Server GET Request Remote Overflow
Multiple Dangerous CGI Script Detection
WebSite Pro webfind.exe keywords Parameter Remote Overflow
CubeCart index.php cat_id Parameter SQL Injection
Basilix Webmail id Variable SQL Injection
Interspire ArticleLive Multiple Remote Vulnerabilities (XSS, Auth Bypass)
HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610)
RWCards Component for Joomla! index.php category_id Parameter SQL Injection
Muscat Empower CGI Malformed DB Parameter Path Disclosure
Mambo Global Variables Unauthorized Access
iXmail index.php password Parameter SQL injection
osTicket Detection
Limbo CMS sql.php classes_dir Parameter Remote File Inclusion
Exponent CMS index.php view Variable Local File Inclusion
Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass
FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution
Verity UltraSeek 3.1.x Malformed URL Remote DoS
PHP-Fusion <= 6.00.106 Multiple Vulnerabilities
Gallery main.php g2_itemId Variable Traversal Arbitrary File Access
WebStores 2000 browse_item_details.asp SQL injection
PHP < 4.4.9 Multiple Vulnerabilities
Centreon include/doc/get_image.php img Variable Traversal Arbitrary File Access
Webmin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
Loudblog < 0.42 template Parameter Traversal
phpMyAgenda rootagenda Parameter File Include Vulnerability
Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access
Mambo Site Server Multiple Vulnerabilities
gigCalendar Component for Joomla! gigcal_gigs_id Parameter SQL Injection
phpMyBackupPro < 1.0.0 Unspecified Input Validation Issues
AMember Multiple Script config[root_dir] Parameter Remote File Inclusion
Plogger plog-admin-functions.php config Parameter Remote File Inclusion
ServletExec 4.1 / JRun ISAPI Multiple DoS
UebiMiau Multiple Input Validation Vulnerabilities
MailMarshal Spam Quarantine Interface Arbitrary Account Password Retrieval
WoltLab Burning Board Lite wbb_userid Variable PHP Unset SQL Injection
JamMail jammail.pl mail Parameter Arbitrary Command Execution
Jinzora name Parameter Local File Inclusion
Philboard /database/philboard.mdb Direct Request Database Disclosure
Free Articles Directory index.php page Parameter Remote File Inclusion
Sun Java ASP Server Default Admin Password
CVSTrac timeline.c timeline_page Function Overflow
Web Wiz check_user.asp txtUserName Parameter SQL Injection
WordPress Pingback File Information Disclosure
Firefly Media Server Limited Directory Traversal Admin Credential Disclosure
Loudblog index.php id Parameter SQL Injection
OneOrZero Helpdesk tupdate.php sg Parameter SQL injection
phpCOIN <= 1.2.1b Multiple Vulnerabilities
PlusMail plusmail CGI Arbitrary Command Execution
SquirrelMail S/MIME Plug-in Remote Command Execution
ITA Forum Multiple Scripts SQL Injection
ProductCart Multiple Scripts SQL Injection
Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities
Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access
IPCheck Server Monitor Traversal Arbitrary File Access
PHPWind Board faq.php skin Parameter Remote File Inclusion
TYPO3 jumpUrl Mechanism Information Disclosure
4D WebSTAR Tomcat Plugin Remote Buffer Overflow
Xoops Incontent Module Directory Traversal Vulnerability
CodeGrrl Applications Remote File Inclusion Vulnerabilities
PHPNews sendtofriend.php SQL Injection
Ocean12 ASP Calendar Administrative Access
phpMyAdmin setup.php save Action Arbitrary PHP Code Injection
Maian Scripts Cookie Manipulation Authentication Bypass
Limbo weblinks.html.php catid Parameter SQL Injection
FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
HotOpenTickets Privilege Escalation
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities
PostNuke Members_List Module Information Disclosure
PunBB include/common.php language Paramater Local File Inclusion
ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities
Chipmunk CMScore Multiple Script SQL Injection
phpBB < 2.0.11 Multiple Vulnerabilities
TrailScout Module For Drupal Session Cookie SQL Injection
AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)
Joomla! components/com_user/models/reset.php Reset Token Validation Forgery
SiteScope Web Service Unpassworded Access
Multiple Vendor view_source CGI Traversal Arbitrary File Access
pluck < 4.5.3 Multiple Local File Include Vulnerabilities
phpMyAdmin Detection
PhpDig config.php relative_script_path Parameter Remote File Inclusion
VideoDB < 2.0.2 Multiple Vulnerabilities
phpBB < 2.0.17 Nested BBCode URL Tags Cross-Site Scripting Vulnerability
Coppermine Photo Gallery Detection
Multiple Vendor phf CGI Arbitrary Command Execution
Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc)
myGallery mygallerybrowser.php myPath Parameter Remote File Inclusion
Simple Machines Forum msg Parameter SQL Injection Vulnerability
Windmail.exe Shell Metacharacter Arbitrary Command Execution
Bugzilla Multiple Vulnerabilities (SQLi, ID)
OpenNMS Web Console Default Credentials
HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access
IlohaMail Multiple External Programs Arbitrary Command Execution
phpPgAdmin index.php _language Parameter Local File Inclusion
wwwwais QUERY_STRING Parameter Remote Overflow
Calendarix Basic cal_cat.php catview Variable SQL Injection
Bugzilla < 2.18.1 Multiple Information Disclosures
W3.org Anaya Web sendtemp.pl templ Variable Traveral Arbitrary File Access
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities
phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection
Asterisk Recording Interface (ARI) misc/audio.php recording Variable Traversal Arbitrary File Access
Novell eDirectory iMonitor HTTP Protocol Stack (httpstk) Host HTTP Header Remote Overflow
osCommerce file_manager.php filename Variable Traversal Arbitrary File Access
Adobe Connect Enterprise Server Information Disclosure
zFeeder admin.php Direct Request Admin Authentication Bypass
Mantis < 1.0.0rc2 Multiple Vulnerabilities
Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass
Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access
Pixelpost index.php parent_id Parameter SQL Injection
CubeCart < 3.0.13 Multiple Remote Vulnerabilities (LFI, SQLi, XSS)
AWStats migrate Parameter Arbitrary Command Execution
NewsScript newsscript.pl mode Parameter Privilege Escalation
PHP-Nuke Network Tools Add-On Arbitrary Command Execution
Serendipity Detection
Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access
Multiple Vendor info2www CGI Arbitrary Command Execution
SpiderSales Shopping Cart SQL injection
DUamazon Pro Multiple Scripts SQL Injection
Horde Admin Account Default Password
phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities
Maia Mailguard login.php lang Parameter Local File Inclusion
Apache Struts devMode Information Disclosure
Sambar Server /sysadmin Default Accounts
Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure
man2web Multiple Scripts Arbitrary Command Execution
OmniHTTPd imagemap.exe CGI Remote Overflow
TIPS MailPost Multiple Remote Vulnerabilities
PHProjekt setup.php Authentication Bypass Arbitrary Code Execution
Microsoft ASP.NET Malformed File Request Path Disclosure
MyBB member.php uid Parameter SQL Injection
NETFile Default Credentials
MailEnable HTTPMail Service Authorization Header Handling Remote DoS
YaBB SE Cookie Authentication Bypass
XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)
Docebo GLOBALS Variable Overwrite Remote File Inclusion
myphpPageTool /doc/admin/index.php ptinclude Parameter Remote File Inclusion
phpBB Cash_Mod admin_cash.php Arbitrary Command Execution
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution
Mailman Detection
WordPress < 1.2.2 Multiple Vulnerabilities
Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution
phpWebSite Image Announcement Upload Arbitrary Command Execution
ManageEngine Applications Manager Invalid URI Remote Information Disclosure
BASE Multiple Script BASE_path Parameter Remote File Inclusion
Invision Power Board ssi.php f Parameter SQL Injection
PHPWebAdmin for hMailServer Multiple File Inclusions
Apache Tomcat source.jsp Arbitrary Directory Listing
PunBB search.php old_searches Parameter SQL Injection
phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)
MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion
Mantis manage_user_create.php CSRF New User Creation
phpGroupWare Admin/Setup Password Cleartext Cookie Storage
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
Zen Cart password_forgotten.php Admin Access Bypass
News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access
PHP-Ping php-ping.php count Parameter Arbitrary Command Execution
BizDB bizdb-search.cgi Arbitrary Command Execution
IdeaBox include.php ideaDir Parameter Remote File Inclusion
PJ CGI Neo PJreview_Neo.cgi p Parameter Traversal Arbitrary File Access
DotNetNuke Upgrade Process validationkey Generation Weakness Privilege Escalation
Drupal Unspecified Privilege Escalation
iXmail Multiple Script Arbitrary File Manipulation
SalesLogix eViewer slxweb.dll Request Remote DoS
Informix webdriver CGI Unauthenticated Database Access
Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)
Movable Type mt-load.cgi Privilege Escalation
McAfee Common Management Agent 3.6.0.546 Multiple Vulnerabilities
IBM Websphere Commerce Database Update Information Disclosure
gCards < 1.46 Multiple Vulnerabilities
Pligg evb/check_url.php url Parameter SQL Injection
PHP-Update blog.php Variable Overwriting Arbitrary Code Execution
JGS-Portal for WoltLab Burning Board Multiple Vulnerabilities (SQLi, XSS)
Drupal Public Comment/Posting Arbitrary PHP Code Execution
Vignette StoryServer TCL Server Crash Information Disclosure
getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities
SimpleBBS topics.php name Parameter Arbitrary Command Execution
BASE base_maintenance.php Authentication Bypass
Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure
phpList index.php database_module Parameter Local File Inclusion
Web Site Cross-Domain Policy File Detection
paFileDB includes/search.php categories Parameter SQL Injection
Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion
SquirrelMail < 1.45 Multiple Vulnerabilities
CubeCart FCKeditor connector.php Arbitrary File Upload
Fortinet Fortigate Web Console Management Detection
Trend Micro Emanager Detection
ServerView Servername Parameter Arbitrary Command Execution
ADOdb server.php sql Variable SQL Injection
Horde Imp Webmail status.php3 message Parameter XSS
TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities
Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload
CandyPress Store admin/utilities_ConfigHelp.asp helpfield Variable SQL Injection
WordPress fGallery fim_rss.php album Parameter SQL Injection
Jaws language Parameter Multiple Local File Includes
BEA WebLogic SSIServlet Invocation Source Code Disclosure
PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access
Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion
ezPublish settings/site.ini Configuration Disclosure
DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQL Injection
Symantec Reporting Server Improper URL Handling Exposure
Big Brother bb-hostsvc.sh HOSTSVC Parameter Traversal Arbitrary File Access
PHP Advanced Transfer Manager <= 1.21 Multiple Vulnerabilities
IBM WebSphere Application Server %20 Request Source Disclosure
WebAdmin < 3.2.5 Multiple Vulnerabilities
Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection
SimpleChat Information Disclosure
Webserver 4D Cleartext Password Storage
Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access
MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities
IBM Lotus Domino Web Server $defaultNav Information Disclosure
Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities
BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Variable Remote File Inclusion
TextPortal Default Passwords
Cacti cmd.php Multiple Variable SQL Injection Arbitrary Command Execution
Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access
Cerberus Support Center Multiple Remote Vulnerabilities (SQLi, XSS)
Alibaba tst.bat Arbitrary Command Execution
htgrep hdr Parameter Arbitrary File access
Blazix Trailing Character JSP Source Disclosure
phpList cline Parameter Array Remote File Inclusion
OpenEMR C_FormEvaluation.class.php fileroot Parameter Remote File Inclusion
IceWarp Web Mail Multiple Flaws (1)
Plogger plog-rss.php id Parameter SQL Injection
Netscape Enterprise Server Default Files Present
CGI Generic Command Execution Vulnerability
Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure
Bugzilla Software Detection
Forum51/Board51/News51 Users Disclosure
Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection
OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness
phpBB <= 2.0.11 Multiple Vulnerabilities
Netbilling nbmember.cgi cmd Parameter Information Disclosure
Moodle < 1.3.3 Multiple Vulnerabilities
Cobalt RaQ2 cgiwrap Multiple Vulnerabilities
Owl < 0.74.0 Multiple Vulnerabilities
Cobalt siteUserMod.cgi Arbitrary Password Modification
GForge Multiple Script Traversal Arbitrary Directory Listing
CVS (Web Based) Directory Spider
Horde Help Viewer Arbitrary Code Execution
GMaps Component for Joomla! index.php viewmap Action mapId Parameter SQL Injection
Sympa src/queue.c queue Utility Local Overflow
Packeteer Web Management Interface Version Detection
WebCalendar login.php webcalendar_session Cookie SQL Injection
Athena Web Registration athenareg.php pass Variable Command Execution
Qualiteam X-Cart Multiple Vulnerabilities
e107 db.php User Database Disclosure
WebHints hints.pl Arbitrary Command Execution
Profense Web Application Firewall Default Credentials
TUTOS < 1.1.20040412 Multiple Input Validation Issues
ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure
PostNuke < 0.762 Multiple Vulnerabilities
Nukedit utilities/login.asp email Parameter SQL Injection
osTicket open.php Support Address Crafted Mail Loop Remote DoS
Moodle < 1.5.1 Multiple Vulnerabilities
Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection
AN HTTPd count.pl Traversal Arbitrary File Overwrite
phpMyFAQ Image Upload Authentication Bypass
iisPROTECT Unpassworded Administrative Interface
Claroline inc/lib/language.lib.php language Variable Traversal Local File Inclusion
WebCalendar Login Error Message User Account Enumeration
Gallery init.php Authentication Bypass
GForge CVSWeb CGI cvsweb.php PATH_INFO Variable Arbitrary Command Execution
Les Visiteurs Multiple Remote File Inclusion
PHProxy Detection
zenTrack index.php configFile Parameter Traversal Arbitrary Files Access
Ikonboard ikonboard.cgi Multiple Parameter SQL Injection
Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities (Cmd Exec, Traversal)
ShopCartCGI Multiple Script Traversal Arbitrary File Access
myPHPNuke My_eGallery gallery/displayCategory.php basepath Variable Remote File Inclusion
PD9 MegaBBS Multiple Vulnerabilities
Pixelpost < 1.5 RC1 Multiple Vulnerabilities
PhotoPost PHP Detection
Mambo Detection
Guestbook tr3.a Password Disclosure
Hosting Controller HCDiskQuoteService.csv Direct Request Information Disclosure
DCForum dcboard.cgi Multiple Vulnerabilities
BulletScript MailList bsml.pl Information Disclosure
IRIX handler CGI Arbitrary Command Execution
Ingo Foldername Arbitrary Command Execution
Limbo CMS index.php Itemid Variable Arbitrary Command Execution
MailMaxWeb Cookie Application Path Disclosure
Geeklog auth.inc.php loginname Parameter SQL Injection
Apache Struts < 2.0.12 / 2.1.3 Dispatcher Directory Traversal
CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection
Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities
BEA WebLogic Null Byte Request JSP Source Disclosure
webadmin.php show Parameter Arbitrary File Access
BBS E-Market Professional index.php filename Variable Traversal Arbitrary File Access
Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Variable SQL Injection
Invision Power Board index.php Members Action st Parameter SQL Injection
Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
N/X Web Content Management Multiple Script Remote File Inclusion
Netscape Enterprise Default Administrative Password
Kietu index.php Remote File Inclusion
Wordtrans-web exec_wordtrans Function Arbitrary Command Execution
4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion
Monster Top List sources/functions.php root_path Variable Remote File Inclusion
ASP.NET DEBUG Method Enabled
Mantis < 0.19.1 Multiple Vulnerabilities
MyBB < 1.0 Multiple SQL Injection Vulnerabilities
CVSTrac Ticket Title Arbitrary Command Execution
IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection
IMP Software Detection
SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion
vBulletin authorize.php x_invoice_num Variable SQL Injection
JRun viewsource.jsp Arbitrary File Access
EDIMAX EW-7205APL Wireless AP Default Password Check
Microsoft Site Server Multiple Script Information Disclosure
Barracuda Spam Firewall Multiple Remote Vulnerabilities (Cmd Exec, Traversal, Default)
Simple Form Subject Tags Arbitrary Mail Relay
paFileDB sessions Directory Admin Hashed Password Disclosure
Owl Intranet Engine lib/OWL_API.php xrms_file_root Variable Remote File Inclusion
OmniPro HTTPd 2.08 Encoded Space Request Script Source Disclosure
BroadBoard Multiple Script SQL Injection
PHP < 5.2.6 Multiple Vulnerabilities
e107 download.php extract() Function Variable Overwrite
VICIDIAL Call Center Suite Default Administrative Credentials
i-Gallery <= 3.3 Multiple Vulnerabilities
Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS)
Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access
RaidenHTTPD check.php SoftParserFileXml Parameter Remote File Inclusion
CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access
Way-board way-board.cgi db Parameter Arbitrary File Access
DUforum Multiple Scripts SQL Injection
Limbo CMS Multiple Vulnerabilities
FTGate <= 4.4.002 Multiple Remote Vulnerabilities (OF, FS, XSS)
Wordit Logbook logbook.pl file Parameter Arbitrary File Access
.svn/entries Disclosed via Web Server
XMB Forum < 1.9.2 Multiple Vulnerabilities
AutoLinks Pro alpath Parameter File Include Vulnerability
Hosting Controller hosting/addreseller.asp reseller Variable Authentication Bypass
PBLang BBS <= 4.65 Multiple Vulnerabilities
ASP PortalApp Multiple SQL Injection
Pluck update.php Remote Privilege Escalation
Thunderstone Software Texis Crafted Request Information Disclosure
Xpressions Interactive Multiple Products login.asp SQL Injection
Moodle Detection
Woppoware PostMaster <= 4.2.2 Multiple Vulnerabilities
phpFormGenerator Arbitrary File Upload
CVSTrac Text Output Formatter SQL Injection DoS
Apache mod_jk Long URL Worker Map Stack Overflow
uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access
Generic SQL Injection Testing
Zen Cart password_forgotten.php admin_email Parameter SQL Injection
Invision Power Board Dragoran Portal Module index.php site Parameter SQL Injection
Cold Fusion Administration Page Overflow DoS
WordPress index.php cat Parameter Local File Inclusion
Upload Lite upload.cgi Arbitrary File Upload
Ultimate PHP Board users.dat Multiple Vulnerabilities
SquirrelMail strings.php base_uri Parameter Information Disclosure
PunBB < 1.2.8 Multiple Vulnerabilities
Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration
IRIX wrap CGI Traversal Arbitrary Directory Listing
ExoPHPDesk faq.php id Variable SQL Injection
Icecast MP3 Client HTTP GET Request Remote Overflow
Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution
/doc/packages Directory Browsable
Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion
php-proxima autohtml.php Arbitrary File Retrieval
WordPress 2.1.1 Multiple Script Backdoor
CVSTrac Invalid Ticket DoS
Gravity Board X <= 1.1 Multiple Vulnerabilities (SQLi, XSS, PD, Cmd Exe)
zenTrack index.php Multiple Parameter Remote File Inclusion
RunCMS <= 1.2 Multiple Vulnerabilities
MondoSearch MsmMask.exe Arbitrary Script Source Disclosure
MediaWiki Detection
TWiki configure Script Arbitrary Command Execution
X7 Chat help/index.php help_file Parameter Local File Inclusion
eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection
FuseTalk index.cfm txForumID Variable SQL Injection
EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion
SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access
TalentSoft Web+ webplus.exe Path Disclosure
Openads Delivery Engine OA_Delivery_Cache_store() Function name Argument Arbitrary PHP Code Execution
Namazu < 2.0.14 Multiple Vulnerabilities
PHP Doc System index.php show Parameter Local File Inclusion
Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure
SquirrelMail Multiple Remote Vulnerabilities
Mountain Network Systems webcart.cgi Arbitrary Command Execution
AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution
Moodle LaTeX Information Disclosure
WebCalendar send_reminders.php includedir Parameter Remote File Inclusion
INL ulog-php port.php proto Parameter SQL Injection
ICQ Web Front Service guestbook.cgi DoS
Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion
Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness
CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution
PHP < 5.2.5 Multiple Vulnerabilities
Drupal XML-RPC for PHP Remote Code Injection
DUportal Pro Multiple Scripts SQL Injection (2)
FlexCast Server Terminal Authentication Unspecified Remote Issue
BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation
Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS
Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion
iisPROTECT Encoded URL Authentication Bypass
XOOPS Multiple Modules spaw_control.class.php spaw_root Parameter Remote File Inclusion
Generic CGI Tests Timeout
Nabopoll survey.inc.php path Parameter Remote File Inclusion
Community Link Pro login.cgi file Parameter Arbitrary Command Execution
EasyWeb FileManager pathtext Traversal Arbitrary File/Directory Access
Emulive Server4 Authentication Bypass
PHP-Fusion Detection
LinPHA include/img_view.class.php order parameter SQL Injection
JBoss %00 Request JSP Source Disclosure
Dokeos claro_init_local.inc.php extAuthSource Parameter Array Remote File Inclusion
MyServer 0.8 Multiple Vulnerabilities
phpBB < 2.0.7 Multiple Script SQL Injection
Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities
Open Virtual Desktop Detection
Mambo < 4.6.5 mos_user_template Local File Inclusion
Microsoft IIS ODBC Tool getdrvrs.exe DSN Creation
phpWebSite index.php Search Module SQL Injection
Horde Chora Software Detection
SquirrelMail Detection
McAfee Common Management Agent Traversal Arbitrary File Write
WebSite Pro Malformed URL Path Disclosure


Les derniers commentaires publiés sur SecuObs (6-25):
- ESRT @securityshell - Metasploit Framework eXploit Builder v3
- ESRT @dougburks @michaelrash Conficker vs iptables and fwsnort
- WepBuster v1.0 beta0.5 released
- 130232 downloads of BackTrack 4 Pre-Final since the release
- Latest version virtualbox 3.0.0 released
- ESRT @mubix A very effective SSH bruteforcer by @laramies recently updated
- ESRT @mubix - Middler gets some more updates today
- Vidéo : P. Kleissner Stoned Bootkit preview, full at BH 09 Las Vegas
- SSTIC 2009 Challenge vs Metasm
- Vidéo : Password cracking with L0phtcrack 6
- DLL injection by modifying an executable file
- reverse shell from SQLi with 1 HTTP request, no extra channel to upload initial
- Hackers crack ColdFusion
- Vidéo : Hiding Files with NTFS Alternative Data Streams
- Whitepaper Understanding and using RFID
- phpMyAdmin exploited in masses
- Update: PyLoris 1.8
- ESRT @dougburks - Richard Bejtlich's Wireshark 12 Tutorial
- ESRT @Carlos_Perez @joswr1ght WPA2-PSK cracker Cowpatty 46 with less teh suck
- ESRT @dougburks Synjunkie on DNS BackTrack 4 tools Fierce and DNSRecon


SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Archives Failles Secunia :
- SA35687 Gentoo update for mod_security
- SA35686 Gentoo update for libwmf
- SA35699 Red Hat update for ruby
- SA35697 Red Hat update for pidgin
- SA35688 Ubuntu update for nagios2 and nagios3

Archives Mailing Full Disclosure :
- Full-disclosure Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products
- Full-disclosure Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability
- Full-disclosure Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
- Full-disclosure Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
- Full-disclosure SSANZ - Server Systems Administration NZ.

Archives Mailing Bugtraq :
- Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products
- Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability
- Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
- Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
- Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome
- SECURITY DSA 1825-1 New nagios2/nagios3 packages fix arbitrary code execution

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :