'); //-->

Proposer un article

Chercher

Revue de presse

SecuToolBox



Exostat

Sommaires

Secumail

Services

Liens

Breves
- Appel de la dernière chance pour Gary McKinnon (Lire)

- Version 3.0 du CD de secours F-Secure (Lire)

- 20% de remise sur les certificats SSL VeriSign jusqu'au 31 mai 2008 (Lire)

- Vol de données à Harvard (Lire)

- Un exploit pour Quicktime découvert « in the wild » (Lire)

- Les derniers jours de MD5 ? (Lire)

- Le spam sur le déclin (Lire)

- Des spams au format MP3 (Lire)

- Areva T&D choisit iPass pour équiper 7000 utilisateurs (Lire)

- Ironport lance des fonctions de prévention des fuites d’informations (Lire)

- Sortie du numéro 8 de Uninformed (Lire)

- Liens malveillants sur le service Google Adwords (Lire)

- RSA SecurID en version mobile (Lire)

- Deux exploits preuves de concept pour Adobe Photoshop (Lire)

- Des titres suspendus à la bourse américaine pour cause de spam (Lire)

- Le programme de SSTIC 2007 (Lire)

- Le mois des failles PHP vient de commencer (Lire)

- Internet de plus en plus résistant ? (Lire)

- Augmentation des cryptovirus rançonneurs en vue pour Kaspersky (Lire)

- Les forces de l’ordre interdites de piratage en Allemagne (Lire)



Newsletter :

Gratuit


Articles
- Perfectionnement du Return Oriented Programming (Lire)

- Le projet de loi HADOPI prochainement présenté à l’assemblée nationale (Lire)

- PktAnon un framework pour l'anonymat des traces PCAP (Lire)

- Maltego un outil de cartographie d’informations (Lire)

- Exploitation en cours de la faille DNS (Lire)

- [Lutter contre les spams vocaux par Sysun Technologies – partie 1] Introduction à la VoIP (Lire)

- [Lutter contre les spams vocaux par Sysun Technologies – partie 2] Les risques de la VoIP (Lire)

- [Lutter contre les spams vocaux par Sysun Technologies – partie 3] Le module AntiSPIT (Lire)

- [Lutter contre les spams vocaux par Sysun Technologies – partie 4] AntiSPIT par l'exemple (Lire)

- [Lutter contre les spams vocaux par Sysun Technologies – partie 5] Crédits et webographie (Lire)

- Un accès complet à la mémoire des systèmes Microsoft Windows via le port Firewire (Lire)

- GenDBG, un debugger générique (Lire)

- [NessusWX – Partie 1] Introduction, installation et configuration (Lire)

- [NessusWX – Partie 2] Audits et conclusion (Lire)

- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT (Lire)

- [IDS Snort Windows – Partie 2] Installation et configuration (Lire)

- [IDS Snort Windows – Partie 3] Exemple de fichier de configuration (Lire)

- [IDS Snort Windows – Partie 4] Conclusion et webographie (Lire)

- [Sécurité et PHP - Partie 1] Les injections SQL (Lire)

- [Sécurité et PHP - Partie 2] La gestion des sessions (Lire)

Commentaires
- la notion de prototype s'applique au fait que l'on puisse effect ... (Lire)

- il faut aussi prendre en compte le fait que "prototype" dans ce ... (Lire)

- Bonjour Ines, Le terme détournement de prototype ne me choque pa ... (Lire)

- Bonjour,je profite du fait que vous connaissiez bien ce domaine ... (Lire)

- du point de vue des visiteurs oui mais le repas des speakers c'é ... (Lire)

- Contrairement a ce que vous annoncez, le SSTIC s'était déroulé d ... (Lire)

- en l'état ça ne semble pas possible de récupérer la base SAM loc ... (Lire)

- mais avec quelle logiciel va tu capturer la sam d'un windows.Sac ... (Lire)

- Si la question est "est-ce que je peux prendre la base SAM sur u ... (Lire)

- Salut je voulais savoir si on peut faire sa en réseau local, ave ... (Lire)

- je viens de rectifier les deux liens, merci pour la correction N ... (Lire)

- L'adresse officielle du magazine MISC est :www (dot) miscmag (do ... (Lire)

- Merci beaucoup je viens de corriger ça ... ... (Lire)

- Deux petites coquilles dans la commande iptables de l'article: i ... (Lire)

- L'ancienne version mise en page est disponible sur cette page : ... (Lire)

- je n'arive pas a le lire en entier, le tuto est peut etre bien m ... (Lire)

- j'utilise un certificat Rapid SSL depuis 2 ans et j'en suis cont ... (Lire)

- Merci pour ce lien, je ne connaissais pas ce prestataire! Ils on ... (Lire)

- pourquoi on devrait utiliser live helper plutot que la méthode d ... (Lire)

- les utilisateurs ne sont pas toujours les seuls à pouvoir être m ... (Lire)

- Comme c'est indiqué dans l'article les pilotes madwifi ne permet ... (Lire)

- Tout ça peut se résumer à: C'st l'utilisateur qui est le point f ... (Lire)

- après tout cela, comment mettre la carte sur une puissance de 30 ... (Lire)

- pourquoi ne pas utiliser live-helper ?voir le projet Debian Live ... (Lire)

- C'est le problème des solutions de sécurité en général qu'elles ... (Lire)

Exostats
Tests
23504
Tests
Aujourd'hui
Ce mois
Ajoutés
5
942










OPML (Tous)
OPML Francophone


Détail du test :
ID
29854
Nom
Bitweaver suck_url Parameter Directory Traversal Vulnerability
Auteurs
This script is Copyright (C) 2008 Tenable Network Security, Inc.
Catégorie
CGI abuses
Action
attack
Résumé
Tries to retrieve a local file using edit.php
Description
Synopsis : The remote web server contains a PHP script that is prone to a directory traversal attack. Description : The remote host is running Bitweaver, an open-source content management system written in PHP. The version of this software installed on the remote host fails to sanitize input to the 'suck_url' parameter of the 'wiki/edit.php' script of directory traversal sequences. An unauthenticated attacker can leverage this issue to read the contents of sensitive files to which he might not otherwise have access, such as the application's configuration file. Note that there are reportedly several other vulnerabilities associated with this version of Bitweaver, although Nessus has not checked for them. See also : http://archives.neohapsis.com/archives/bugtraq/2007-12/0347.html http://www.milw0rm.com/exploits/4814 Solution : Unknown at this time. Risk factor : Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)


Cliquer pour le detail - Liste des tests :
Nukedit email Parameter SQL Injection Vulnerability
PDGSoft Shopping cart vulnerability
ideabox code injection
Allaire JRun directory browsing vulnerability
Vignette Application Portal Information Disclosure
SQL injection in ReviewPost PHP Pro
Stoc'an Shopping Cart Path disclosure
Adobe Document Server File URI Resource Access Vulnerability
IBM Websphere default user information leak
webERP Configuration File Remote Access
KW whois
RunCMS Client-Ip Header SQL Injection Vulnerability
Mnemo Detection
Coppermine Photo Gallery < 1.3.2 Multiple Vulnerabilities
Docebo GLOBALS Variable Overwrite Vulnerability
PortalApp sortby Parameter SQL Injection Vulnerability
PhotoPost PHP Detection
E-Theni code injection
CoolForum SQL Injection flaws
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities
php4/5 Vulnerabilities
SQL injection in Antiboard
Mantis Detection
myServer POST Denial of Service
Unpassworded iiprotect administrative interface
PHP mylog.html/mlog.html read arbitrary file
dwsync.xml Information Disclosure
Inktomi Search Physical Path Disclosure
RedHat 6.0 cachemgr.cgi
ICECast FileSystem disclosure
ProductCart Multiple Input Validation Vulnerabilities
Webapp.org WebAPP < 0.9.9.6 Multiple Vulnerabilities
phpFormGenerator Arbitrary File Upload Vulnerability
CuteNews code injection
empower cgi path
TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities
cPanel FrontPage Extension Flaws
PatchLink Update downloadreport Script SQL Injection Vulnerabilities
Coppermine Photo Gallery file Parameter Local File Include Vulnerability
AWStats configdir parameter arbitrary cmd exec
phpPgAdmin arbitrary files reading
PJreview_Neo.cgi arbitrary file reading
Gallery stepOrder Parameter Local File Include Vulnerabilities
PlusMail vulnerability
RunCMS xoopsOption Local File Include Vulnerability
CVSTrac timeline.c timeline_page function overflow
MyBB member.php SQL Injection Vulnerability
php 4.3.0
XMB Forum < 1.9.2 Multiple Vulnerabilities
paNews showpost Parameter Cross-Site Scripting Vulnerability
ActualAnalyzer Lite style Parameter File Include Vulnerability
Sympa wwsympa do_search_list Overflow DoS
Seditio pag_sub Parameter SQL Injection Vulnerability
CubeCart Detection
BDPDT Arbitrary File Upload Vulnerabily
Multiple Vulnerabilities in PostNuke 0.760 RC2 and older
Multiple vulnerabilities in phpBB <= 2.0.12
MiniVend Piped command
idq.dll directory traversal
HotNews code injection
PunBB detection
ASP PortalApp SQL injection
phpwcms spaw_root Parameter Remote File Include Vulnerability
Multiple vulnerabilities in OpenConnect WebConnect < 6.5.1
AMember config[root_dir] Parameter Remote File Include Vulnerabilities
Trend Micro ControlManager Multiple Vulnerabilities
TrailScout Module For Drupal SQL Injection
ADOdb Lite last_module Parameter Command Execution Vulnerability
Sympa Detection
CodeThatShoppingCart Input Validation Vulnerabilities
perlcal
Web Server load balancer detection
Geeklog _CONF[path] Parameter Remote File Include Vulnerability
PhpGroupWare Detection
msmmask.exe
cgiWebupdate.exe vulnerability
Serendipity XML-RPC for PHP Remote Code Injection Vulnerability
phpLDAPadmin Anonymous Bind Security Bypass Vulnerability
phpCOIN _CCFG Parameter Remote File Include Vulnerability
Ingo Detection
Adobe Connect Enterprise Server Information Disclosure Vulnerability
foxweb CGI
AkoGallery id Parameter SQL Injection Vulnerability
XOOPS Module spaw_root Parameter Remote File Include Vulnerability
Acajoom Component mailingid Parameter SQL Injection Vulnerability
Burning Board wbb_userid parameter SQL Injection Vulnerability
JBoss Malformed HTTP Request Remote Information Disclosure
Plogger id Parameter SQL Injection Vulnerability
WordPress < 1.5.1 Multiple Vulnerabilities
DUware iType Parameter SQL Injection Vulnerability
ListManager Error Message Information Disclosure Vulnerability
CandyPress helpfield Parameter SQL Injection Vulnerability
UBB.threads Detection
toendaCMS < 0.6.2.1 Multiple Vulnerabilities
Simple Machines Forum userspec Parameter SQL Injection Vulnerability
IlohaMail User Parameter Vulnerability
SunONE Application Server source disclosure
osCommerce attributes SQL Injection Vulnerability
Comersus BackOffice Administrator Authentication Bypass Vulnerability
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities
PhpGroupWare multiple HTML injection vulnerabilities
VP-ASP shopsearch SQL injection
PAFileDB Error Message Path Disclosure Vulnerability
WebLogic management servlet
Invision Power Board Privilege Escalation Vulnerability / SQL Injection
Site@School album_name Parameter SQL Injection Vulnerability
PHP-Nuke is installed on the remote host
aprox portal file disclosure
SilverStream directory listing
MediaWiki Multiple Remote Vulnerabilities
Backup CGIs download
phpBB Fetch All < 2.0.12
UBB.threads < 6.5.2 beta Multiple Vulnerabilities
Pagesetter id Parameter Information Disclosure Vulnerability
hsx directory traversal
Help Center Live osTicket Module Multiple SQL Injection Vulnerabilities
Snoop Servlet path disclosure
Ipswitch WhatsUp Professional Login.asp SQL Injection Vulnerability
DUportal Pro Multiple SQL Injection Vulnerabilities
eggBlog Cookie Parameter SQL Injection Vulnerability
Community Link Pro webeditor login.cgi remote command execution
IlohaMail Attachment Upload Vulnerability
Trend Micro OfficeScan configuration file disclosure
Jinzora include_path Parameter Remote File Include Vulnerabilities
PHP < 4.4.9 Multiple Vulnerabilities
SAXoPRESS url Parameter Directory Traversal Vulnerability
ServletExec 4.1 / JRun ISAPI DoS
ExtremeZ-IP Zidget/HTTP Directory Traversal Vulnerability
php-proxima file reading
BASE BASE_path Parameter Remote File Include Vulnerability
osCommerce readme_file Parameter File Disclosure Vulnerability
WordPress Pingback Information Disclosure Vulnerability
Apache < 2.2.6 Multiple Vulnerabilities
w-Agora <= 4.2.0 Multiple Vulnerabilities
Ipswitch WhatsUp Professional Authentication bypass detection
paFileDB Detection
SquirrelMail S/MIME Plug-in Remote Command Execution Vulnerability
Macallan Mail Solution Multiple HTTP vulnerabilities
HastyMail HTML Attachement Script Execution
Instaboard SQL injection
PWSPHP XSS
Outlook Web Access Version
PHP < 5.2.5 Multiple Vulnerabilities
Comersus Login SQL injection
GForge CVS Plugin Arbitrary Command Execution Vulnerability
Cart32 Arbitrary File Retrieval Vulnerability
WebAPP File Disclosure Vulnerability
phpWebSite <= 0.10.1 Multiple Vulnerabilities
Ultimate PHP Board users.dat Information Disclosure
MailScan WebAdministrator Authentication Bypass Vulnerability
Kayako SupportSuite syncml Information Disclosure Vulnerability
Apache for Windows CGI Source Code Disclosure Vulnerability
Minis Remote File Access
Finger cgi
JCE Admin Component Local File Include Vulnerabilities
store.cgi
FlexCast Server Terminal Authentication Vulnerability
DeluxeBB Multiple SQL injection flaws
Easy File Sharing Web Server ACL Bypass
Bugzilla Authentication Bypass and Information Disclosure
OpenDocMan Access Control Bypass
Limbo catid Parameter SQL Injection Vulnerability
HSWeb document path
ping.asp
ddicgi.exe vulnerability
NewsScript Access Validation Vulnerability
mailnews.cgi
x-news 1
Whatsup Gold vulnerable CGI
ncbook/book.cgi
IPCheck Server Monitor Directory Traversal Vulnerability
YaBB SE Command Execution
ServletExec 4.1 ISAPI Physical Path Disclosure
Loudblog template Parameter Command Execution Vulnerability
Fusion News X-Forwarded-For Code Injection Vulnerability
Master Index directory traversal vulnerability
LifeType profile Parameter Information Disclosure Vulnerability
PunBB search dropdown information disclosure
WebSpeed Workshop Command Execution
e107 e107language_e107cookie Local File Include Vulnerability
PostNuke Install Script
X-Cart Multiple Vulnerabilities
NetCommerce SQL injection
Easy Address Book Web Server Format String Vulnerability
PCCS-Mysql User/Password Exposure
Goscript command execution
zenTrack Files Reading
Joomla < 1.0.11 Remote Code Execution Vulnerability
SQL injection in XPression Software
phpBB Detection
GuppY <= 4.5.9 Multiple Vulnerabilities
myServer 0.4.3 / 0.7 Directory Traversal Vulnerability
Multiple Vulnerabilities in paFileDB 3.1 and older (2)
Openfire Admin Console Privilege Escalation Vulnerability
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities
ArGoSoft Mail Server Directory Traversal Vulnerability
Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Vulnerabilities
ttawebtop
Mambo Site Server Cookie Validation
Sawmill < 7.1.6 Multiple Vulnerabilities
phpAdsNew XML-RPC Library Remote Code Injection Vulnerability
vBulletin Forumdisplay.PHP Remote Command Execution Vulnerability
PHPAuction include_path Parameter File Include Vulnerabilities
phpMyAdmin < 2.9.1 Multiple Vulnerabilities
nph-test-cgi
WordPress Cross-Site Scripting / SQL Injection
Dwarf HTTP Server < 1.3.3 Multiple Vulnerabilities
PHP < 5.2.6 Multiple Vulnerabilities
Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Include Vulnerability
Land Down Under <= 800 Multiple Vulnerabilities
Horde Help Viewer Code Execution Vulnerability
Mambo Global Variables Unauthorized Access
BasiliX Arbitrary Command Execution Vulnerability
Bugzilla XSS and insecure temporary filenames
ASP-Rider SQL Injection
texis.exe information disclosure
Drupal Comment Preview Code Execution Vulnerability (2)
ocPortal Remote File Include
Adobe Document Server Default Credentials
RCBlog post Parameter Directory Traversal Vulnerability
Plumtree Portal User Object Information Disclosure Vulnerability
WordPress is_admin() Information Disclosure Vulnerability
webadmin.dll detection
Tikiwiki movie Parameter Directory Traversal Vulnerability
phpWebFTP language Parameter Local File Include Vulnerability
Ultimate PHP Board Information Leak
Tutos SQL injection and Cross Site Scripting Issues
XOOPS Article Module article.php SQL Injection Vulnerability
JBoss EAP Status Servlet Information Disclosure Vulnerability
WebAPP Directory Traversal
Zenphoto albumnr Parameter SQL Injection Vulnerability
CWmail.exe vulnerability
osTicket Detection
uploader.exe
Multiple Remote Vulnerabilities in myEvent
Hosting Controller vulnerable ASP pages
e107 My_Gallery Plugin dload.php Information Disclosure Vulnerability
Xerox XRX08-008
PHP Mail Function Header Spoofing Vulnerability
Sambar /cgi-bin/mailit.pl installed ?
Open WebMail Detection
PHP Rocket Add-in File Traversal
Coppermine Photo Gallery data Cookie Local File Include Vulnerability
CVSTrac invalid ticket DoS
Dokeos < 1.6.4 / 2.0.3 Remote File Include Vulnerabilities
Ashnews Code Injection
PHP-Calendar Remote File Include Vulnerability
Infinite Mobile Delivery Webmail Multiple vulnerabilities
Maia Mailguard lang Parameter Local File Include Vulnerability
csSearch.cgi
Vignette StoryServer TCL code injection
mmstdod.cgi
MailGust SQL Injection Vulnerability
php-ping Count Parameter Command Execution Vulnerability
vCard match Parameter Remote File Inclusion Vulnerability
ThinClientServer Admin Account Creation Vulnerability
Allaire JRun Directory Listing
Limbo com_contact File Upload Vulnerability
AEC Subscription Manager Component usage Parameter SQL Injection Vulnerability
OpenCA multiple signature validation bypass
osCommerce directory traversal
Simple PHP Blog blog_language Parameter Local File Include Vulnerability
Land Down Under <= 801 Multiple Vulnerabilities
CommuniGate Pro WebUser Interface Cross-Site Scripting Vulnerability
phpMyFAQ action parameter arbitrary file disclosure vulnerability
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
Dune Web Server Overflow
IlohaMail Insecure Install
ftp.pl shows the listing of any dir
Oreon file Parameter Remote File Include Vulnerability
LiteSpeed Web Server Null Byte Source Code Disclosure Vulnerability
PHP-Fusion < 6.00.110 Multiple SQL Injection Vulnerabilities
Invision Community Blog Multiple Input Validation Vulnerabilities
Drupal Arbitrary PHP Code Execution Vulnerability
PHP-Fusion Viewthread.php Information Disclosure Vulnerability
PHPX username Parameter SQL Injection Vulnerability
Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability (2)
Geronimo Console Default Credentials
PunBB < 1.2.6 Multiple Vulnerabilities
Cobalt siteUserMod cgi
HFS+ data fork file access
/doc/packages directory browsable ?
webspirs.cgi
AWStats Referrer Arbitrary Command Execution Vulnerability
@lex guestbook remote file include
SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow Vulnerability
guestbook.pl
StellarDocs Path Disclosure
PBLang BBS <= 4.65 Multiple Vulnerabilities
RunCMS <= 1.2 Multiple Vulnerabilities
Super Guestbook config disclosure
Simple Form Mail Relaying Vulnerability
SPIP < 1.8.2-g SQL Injection and XSS Flaws
CVSTrac database plaintext password storage
Fingerprint web server with favicon.ico
X7 Chat old_prefix SQL Injection Vulnerability
Terminal Services Web Detection
Drupal Privilege Escalation Vulnerability
CuteNews archive Parameter Information Disclosure Vulnerability
NetTools command execution
Wordtrans-web advanced Parameter Command Execution Vulnerabilities
php.cgi
ibillpm.pl
JRun directory traversal
Web Wiz txtUserName Parameter SQL Injection Vulnerability
phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities
Invision Power Board Dragoran Portal Plugin site Parameter SQL Injection Vulnerability
QuickEStore CFTOKEN parameter SQL Injection Vulnerability
LifeType date Parameter SQL Injection Vulnerability
Exponent CMS Multiple Cross-Site Scripting Vulnerabilities
boastMachine Remote Arbitrary File Upload Vulnerability
Multiple Vulnerabilities in paFileDB 3.1 and older
MyBB Detection
XoopsGallery GALLERY_BASEDIR Parameter File Include Vulnerability
ServletExec 4.1 ISAPI File Reading
Moodle tag Parameter SQL Injection Vulnerability
Nag Detection
Cyberstrong eShop SQL Injection Vulnerabilities
dotProject docs Directory Information Disclosure Vulnerabilities
Burning Board verify_email SQL Injection Vulnerability
Multiple vulnerabilities in PHP Surveyor
ModernBill 4.3.0 and older Multiple Vulnerabilities
IBProArcade index.php SQL Injection
PHP Easy Download admin/save.php Paramater Code Injection Vulnerability
viralator
EZShopper 3.0
WebAdmin < 3.2.6 MDaemon Account Hijacking Vulnerability
ezUpload <= 2.2 Multiple Vulnerabilities
spin_client.cgi buffer overrun
Pixelpost category Parameter SQL Injection Vulnerability
SquirrelMail decodeHeader HTML injection vulnerability
JBoss source disclosure
MRTG mrtg.cgi File Disclosure
Adobe Breeze Directory Traversal Vulnerability
BitDefender Update Server Directory Traversal Vulnerability
Mailman Detection
MetaCart E-Shop ProductsByCategory.ASP SQL and XSS Injection Vulnerabilities
WEBInsta CMS templates_dir Parameter Remote File Include Vulnerability
info2www
ASP.NET DEBUG method enabled
Upload cgi
PHP-Kit Multiple Flaws
PHPSurveyor sid SQL Injection Flaw
Horde url Parameter File Disclosure Vulnerability
Mantis Multiple Flaws (4)
mailreader.com directory traversal and arbitrary command execution
IceWarp lang_settings Remote File Include Vulnerabilities
iiprotect bypass
wpoison (nasl version)
TikiWiki multiple input validation vulnerabilities
Limbo com_fm Component PHP Shell Vulnerability
TYPO3 cmw_linklist Extension SQL Injection Vulnerability
SugarCRM <= 4.2.0a Multiple Remote File Include Vulnerabilities
SQLiteManager SQLiteManager_currentTheme Cookie Local File Include Vulnerability
phpSecurePages cfgProgDir Variable File Include Vulnerabilities
HP OpenView Client Configuration Manager Default Credentials
Simple Machines Forum msg Parameter SQL Injection Vulnerability
PBLang lang Parameter Local File Include Vulnerability
Coppermine Gallery Voting Restriction Failure
Sympa invalid LDAP password DoS
PHP < 5.2 Multiple Vulnerabilities
Pixelpost parent_id Parameter SQL Injection Vulnerability
Gallery g2_itemId Parameter Directory Traversal Vulnerability
Joomla! Detection
PunBB language Paramater Local File Include Vulnerability
ActualAnalyzer rf Parameter Remote File Include Vulnerability
viewpage.php arbitrary file reading
Multiple Vulnerabilities in PostNuke <= 0.760 RC4a
Centreon fileOreonConf Parameter File Include Vulnerabilities
ACal path Parameter Remote File Include Vulnerability
SysCP < 1.2.11 Multiple Script Execution Vulnerabilities
NeoMail Session Id Validation Vulnerability
Trend Micro Emanager software check
ATutor < 1.5.1-pl1 Multiple Flaws
MediaWiki JSON Callback Information Disclosure Vulnerability
Coppermine Photo Gallery Album Password Cookie SQL Injection Vulnerability
Tests for Nimda Worm infected HTML files
PHProjekt <= 5.1 Multiple Remote File Include Vulnerabilities
VsSetCookie.exe vulnerability
ListManager Administrative Command Injection Vulnerability
Bypass Axis Storpoint CD authentication
BroadVision Physical Path Disclosure Vulnerability
IkonBoard arbitrary command execution
SimpGB Guestbook.PHP SQL Injection Vulnerability
PHP iCalendar Remote File Inclusion Vulnerability
YaPiG Remote Server-Side Script Execution Vulnerability
DokuWiki dwpage.php Accessibility Vulnerability
Multiple vulnerabilities in PHP TopSites
Red Hat redhat-ds-admin Shell Command Injection and Security Bypass Vulnerabilities
SimpleBBS users disclosure
Barracuda Spam Firewall Firmware < 3.1.18 Multiple Vulnerabilities
phpBB Component phpbb_root_path Parameter Remote File Include Vulnerabilities
php safemode
IIS phonebook
DCP-Portal Multiple SQL Injection Vulnerabilities
Joomla GMaps Component mapId SQL Injection Vulnerability
Sniplets Plugin text Parameter Command Execution Vulnerability
PHP-Blogger pref.db Information Disclosure Vulnerability
Zeroboard flaws (2)
cPanel Login Command Execution
GNU Mailman Multiple Unspecified Remote Vulnerabilities
Siteframe LOCAL_PATH Remote File Include Vulnerability
JBoss JMX Console DeploymentFileRepository Directory Traversal Vulnerability
CoolForum XSS and SQL Injection Vulnerabilities
Bitweaver suck_url Parameter Directory Traversal Vulnerability
Sambar default CGI info disclosure
MyBB sortby Parameter Command Execution Vulnerability
Invision Gallery st Parameter SQL Injection Vulnerability
Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
eFiction < 2.0.2 Multiple Vulnerabilities
Resin viewfile Servlet File Disclosure Vulnerability
UploadLite cgi
CVSTrac Detection
ASP source using %20 trick
SquirrelMail < 1.45 Multiple Vulnerabilities
Zeus shows the content of the cgi scripts
Coppermine Photo Gallery Bridge Wizard Cookie SQL Injection Vulnerability
OmniHTTPd visadmin exploit
CMS400.NET res Parameter SQL Injection Vulnerability
Squirrelcart cart_isp_root Remote File Include Vulnerability
Plain Old Webserver Directory Traversal Vulnerability
Jave Source Code Disclosure
Sun Java System ASP < 4.0.3 Multiple Vulnerabilities
Post-Nuke Rating System Denial Of Service
Serendipity exit.php SQL Injection Vulnerabilities
Ideal BB < 1.5.4b Multiple Vulnerabilities
Pixelpost < 1.5 RC1 Multiple Vulnerabilities
texis.exe path disclosure
Packeteer Web Management Interface Login
Owl Login bypass
WEB-INF folder accessible
PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
Mambo / Joomla Component mosConfig_live_site Parameter Remote File Include Vulnerability
CVSTrac chdir() chroot jail escape
RunCMS Detection
JGS-Portal Multiple XSS and SQL injection Vulnerabilities
phpWebSite Detection
popper_mod
OneOrZero SQL injection
YaPiG Password Protected Directory Access Flaw
Stadtaus Form Mail Script Remote File Include Vulnerability
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities
CubeCart FCKeditor Arbitrary File Upload Vulnerability
Apache Tomcat source.jsp malformed request information disclosure
phpPgAdmin formLanguage Parameter Local File Include Vulnerability
MyBB comma Parameter SQL Injection Vulnerability
CMS Made Simple nls Parameter File Include Vulnerability
smb2www installed
PBLang < 4.66z Multiple Vulnerabilities
Ultimate PHP Board ViewForum.PHP SQL injection and XSS flaws
MercuryBoard User-Agent SQL Injection Vulnerability
Multiple Vulnerabilities in PostNuke <= 0.760 RC4b
WordPress cat_ID SQL Injection Vulnerability
DUpaypal Pro Multiple SQL Injection Vulnerabilities
SquirrelMail session_expired_post Arbitrary Variables Overwriting Vulnerability
YaPiG Multiple Flaws
Checks for listrec.pl
BASE base_maintenance Authentication Bypass Vulnerability
phpMyFAQ username SQL Injection Vulnerability
WebCalendar noSet Variable Overwrite Vulnerability
AutomatedShops WebC.cgi buffer overflows
Exo PHPDesk id Parameter SQL Injection Vulnerability
CVS directory spider
Ipswitch WhatsUp Professional Multiple Vulnerabilities
ViewCVS HTTP Response Splitting
Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Vulnerabilities
ODBC tools check
OpenEMR fileroot Parameter Remote File Include Vulnerability
ActivePerl perlIS.dll Buffer Overflow
wwwwais
Carello detection
TWiki filename Parameter Directory Traversal Vulnerability
CVS/Entries
Hosting Controller addsubsite.asp Security Bypass
Fuji Xerox Printing Systems Authentication Bypass Vulnerability
FAQManager Arbitrary File Reading Vulnerability
Plume CMS <= 1.0.2 Remote File Inclusion Vulnerability
MailEnable HTTPMail Service Authorization Header DoS Vulnerability
Clever Copy connect.inc Information Disclosure Vulnerability
SandSurfer User Authentication Vulnerability
MediaWiki Multiple Remote Vulnerabilities (2)
Alt-N WebAdmin Multiple Remote Vulnerabilities
Invision Power Board st Parameter SQL Injection Vulnerability
Nuked-klan file include
Multiple Vulnerabilities in PHPlist <= 2.6.3
Read any file thanks to ~nobody/
Sambar /sysadmin directory 2
Hosting Controller Detection
Turba Path Disclosure
Monkey HTTP Daemon < 0.9.1 Multiple Vulnerabilities
TrueGalerie admin access
Seditio Detection
XOOPS Jobs Module cid Parameter SQL Injection Vulnerability
IkonBoard SQL injection vulnerabilties
Horde Default Admin Password Vulnerability
SunSolve CD CGI user input validation
Burning Board Detection
IceWarp Web Mail Multiple Flaws (2)
GNUMP3d < 2.9.6 Multiple Vulnerabilities
FtpLocate fsite Parameter Command Execution Vulnerability
Philboard database access
OpenBiblio < 0.5.2 Multiple Local File Include Vulnerabilities
Moodle moodledata Information Disclosure Vulnerability
QuickTime/Darwin Remote Admin Exploit
VHCS include_path Parameter Remote File Include Vulnerability
Admbook PHP Code Injection Flaw
Windmail.exe allows any user to execute arbitrary commands
Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities
myGallery myPath Parameter Remote File Include Vulnerability
Loudblog id Parameter SQL Injection Vulnerability
phpix remote command execution
ttCMS code injection
Mantis < 0.19.3 Multiple Flaws
EasyWeb FileManager Directory Traversal
Invision Gallery Multiple Input Validation Vulnerabilities
PhotoPost Multiple Input Validation Vulnerabilities
Dumpenv
MacOS X Finder reveals contents of Apache Web directories
VP-ASP SQL Injection (2)
ColdFusion Vulnerability
AlienForm CGI script
dcforum
BiTBOARD IMG BBCode Tag Cross-Site Scripting Vulnerability
ATutor password reminder SQL injection
CMS Made Simple templateid Parameter SQL Injection Vulnerability
WebGUI Unspecified Vulnerability
Claroline Detection
Wikka Local File Include Vulnerability
Gallery PostNuke Integration Access Validation Vulnerability
FCKeditor Arbitrary File Upload Vulnerability
Digital Scribe login.php SQL Injection flaw
PHProxy Detection
WebLogic < 8.1 SP3 Multiple Vulnerabilities
Mambo MOStlyCE Mambot File Rename Vulnerability
phpMyFAQ Detection
Kietu code injection
ColdFusion Path Disclosure
TikiWiki multiple remote unspecified flaws
myPHPNuke phptonuke.php Directory Traversal
Coppermine Gallery SQL injection
PostNuke < 0.762 Multiple Vulnerabilities
Limbo CMS Itemid Arbitrary Code Execution Vulnerability
PHPWind Board Remote File Include Vulnerability
anacondaclip CGI vulnerability
PowerPortal SQL Injection
osCommerce Customer Testimonials testimonial_id SQL Injection Vulnerability
InterScan VirusWall Remote Configuration Vulnerability
HotOpenTickets Privilege Escalation
WebStores 2000 browse_item_details.asp SQL injection
MailEnable NetWebAdmin Unauthorized Access Vulnerability (ME-10019)
php socket_iovec_alloc() integer overflow
SimpleChat information disclosure
Plumtree Portal Default Credentials
osTicket setup.php Accessibility
MODx CMS base_path Parameter Remote File Include Vulnerability
CVSTrac history.c history_update function overflow
paFAQ Multiple Vulnerabilities
PHP Live Helper Multiple Remote File Include Vulnerabilities
WordPress HTTP Splitting Vulnerability
Ruby on Rails Routing Denial of Service Vulnerability
ITA Forum Multiple SQL Injection Vulnerabilities
Cacti login_username Parameter SQL Injection Vulnerability
GeekLog SQL vulns
WebSpeed Development Mode Check
myphpnuke code injection
Loudblog < 0.42 Multiple Vulnerabilities
Burning Board decode_cookie() SQL Injection Vulnerability
X7 Chat day Parameter SQL Injection Vulnerability
glimpse
WEBalbum Local File Include Vulnerability
SquirrelMail Detection
PunBB < 1.2.7 Multiple Vulnerabilities
Claroline < 1.5.4 / 1.6.0 Multiple Input Validation Vulnerabilities
axis2400 webcams
HappyMall Command Execution
cgiforum
Sambar sendmail /session/sendmail
KF Web Server /%00 bug
FuseTalk txForumID Parameter SQL Injection Vulnerability
Jinzora include_path Variable File Include Vulnerabilities
CherryPy staticFilter Directory Traversal Vulnerability
Fedora DS Administration Server Information Disclosure Vulnerability
Mailman Log Spoofing Vulnerability
MS Personal WebServer ...
Home Free search.cgi directory traversal
MyBBB rating Parameter SQL Injection Vulnerability
biztalk server flaws
Wordit Logbook File Disclosure Vulnerability
vBulletin Email Field Cross-Site Scripting Vulnerability
Post-Nuke pnTresMailer Directory Traversal
Post-Nuke information disclosure
ActiveState Perl directory traversal
CA Host-Based Intrusion Prevention System Server Default Credentials
Macromedia ColdFusion MX Path Disclosure Vulnerability
AsteriDex IN Parameter Command Injection Vulnerability
IceWarp Web Mail Multiple Flaws
phpLDAPadmin custom_welcome_page Parameter File Include Vulnerability
Multiple SQL Injection Vulnerabilities in phpCOIN <= 1.2.2
BBS E-Market File Disclosure
Bugzilla remote arbitrary command execution
PHP Support Tickets SQL Injection Vulnerability
Invision PowerBoard code injection
Emumail WebMail multiple vulnerabilities
Qualiteam X-Cart remote command execution
IceWarp Web Mail Multiple Flaws (3)
Drupal Captcha Bypass Vulnerability
ZixForum Database Disclosure
Listserv < 14.3-2005a Multiple Vulnerabilities
e107 database dump
phpWebSite hub_dir Parameter Local File Include Vulnerability
Gregarius rsargs Parameter Array SQL Injection Vulnerability
PHPAuction Admin Authentication Bypass
Webmin / Usermin Arbitrary File Disclosure Vulnerability
TextPortal Default Passwords
RiSearch Arbitrary File Access
test-cgi
YaBB XSS and Administrator Command Execution
CVSTrac text output formatter DoS
Nucleus CMS DIR_LIBS Parameter Remote File Include Vulnerability
PPA ppa_root_path Variable File Include Vulnerability
IBM WebSphere Application Server JSP Source Disclosure
BEA WebLogic Operator/Admin Password Disclosure Vulnerability
Claroline includePath Parameter Remote File Include Vulnerability
Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities
CSNews.cgi vulnerability
phpinfo.php
F-Secure Policy Manager Path Disclosure
Sun Server Console Authentication Bypass Vulnerability
w-Agora inc_dir Parameter Remote File Include Vulnerabilities
OpenBB XSS and SQL injection flaws
IMP Detection
Excite for WebServers
quickstore traversal
Resin Directory Traversal Vulnerability
Silent-Storm Portal Multiple Input Validation Vulnerabilities
LinPHA <= 1.0 Multiple Vulnerabilities
getID3 < 1.7.8-b1 Multiple Vulnerabilities
FormHandler.cgi
Tivoli LDACGI Directory Traversal
BasiliX SQL Injection Vulnerability
Sphider settings_dir Parameter Remote File Include Vulnerability
Webfroot shoutbox file inclusion
vBulletin Misc.PHP PHP Script Code Execution Vulnerability
Symantec Web Security flaws
osTicket Attachment Viewing Vulnerability
Episodex Guestbook Unauthorized Access and HTML Injection Vulnerability
Moodle < 1.6.2 Multiple Vulnerabilities
Mambo Site Server XSS and remote arbitrary code execution
phpMyAdmin arbitrary file reading (2)
Detects LDU version
NETFile FTP/Web Server Directory Traversal Vulnerabilities
Novell iManager < 2.7 SP1 Security Bypass Vulnerability
Firefly Media Server Partial Directory Traversal and Authentication Bypass Vulnerabilities
PmWiki < 2.1.21 Global Variables Overwrite Vulnerability
Gallery ZipCart File Retrieval Vulnerability
calendar_admin.pl
Drupal Detection
ad.cgi
SQL injection in phpBB
IBM-HTTP-Server View Code
DokuWiki im_convert Arbitrary Code Execution Vulnerability
nbmember.cgi information disclosure
Unknown CGIs arguments torture
Calendarix SQL Injection Vul