Chercher :
Newsletter :  
Exoscan : audit gratuit de failles
Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- SecuObs




Livres Blancs :

Le Cahier de Sécurité Business Orange Services présente les solutions existantes pour sécuriser une solution de ToIP




Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- Commentaires

Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top :
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs
- Commentaires


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours

Exostat :
:: Détails tests
:: Top Failles
:: Top Divers
:: Top Tests

Secumail :
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS/XML :
- Articles
- Brèves
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS SecuObs :
- sécurité
- windows
- exploit
- microsoft
- réseau
- attaque

RSS Revue :
- security
- microsoft
- vulnérabilité
- windows
- vulnerability
- network

RSS Videos :
- virus
- spyware
- vmware
- firmware
- security
- malware

RSS Twitter :
- patch
- conficker
- twitter
- attack
- metasploit
- firewall

RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours

RSS OPML :
- Français
- International



Revue de presse francophone :
- La ToIP progresse dans les entreprises grâce aux box
- Cisco annonce sa certification la plus élevée : mariage entre les réseaux et les métiers
- Chorégie calibre ses machines virtuelles grâce à un outil ad hoc
- Grève de 2500 employés chez Alcatel-Lucent
- Passeport d'urgence : les Etats-Unis n'acceptent que la version électronique
- Facebook veut répondre aux critiques sur la protection de la vie privée
- Le Nokia N97 chez Orange courant juillet à 279 euros
- The Pirate Bay vendu
- Le Barreau de Bruxelles élit ses représentants via le web
- Téléphonie sur Wifi pour 350 utilisateurs au CHU de Clermont-Ferrand
- Coup de poker chez les pirates Chinois
- securite 55 bugs décelés dans Firefox 3.5
- Bulletin d'actualité numéro 027 de l'année 2009 (03 juillet 2009)
- phion airlock Web Application Firewall : Injection de Commande
- SSTIC 2009 Challenge vs Metasm

Dernier articles de SecuObs :
- MuDoS un générateur générique de Dénis de Service se basant sur la modélisation de facteurs communs
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux
- Récupérer l'historique Web du navigateur d'une victime sans recourir à du code Javascript
- Slowloris exploite, en Déni de Service, une faille de conception dans Apache 1.x et 2.x, Squid, dhttpd et GoAhead WebServer
- Veiled un réseau chiffré et anonyme type Darknet avec un simple navigateur Web
- Le traçage de traître(s) pas aussi simple qu’il n’y paraît
- Fuzzgrind, un fuzzer intelligent et automatique
- Une compromission via le bus PCI et l’aide d’un processeur FPGA
- ARPFreeze facilite la protection de Microsoft Windows contre l'ARP Poisonning et les Man in the Middle
- Quelques statistiques et les évolutions à venir pour le projet Metasploit

Revue de presse internationale :
- Free Gift: Independence Day USA flag
- Xilinx Memory Controller
- Hacker Robs Bullitt County Of $415,000 1hr
- c|net: Symantec's Ramzan on solving the antivirus puzzle
- SANS Forensics: System State Backup
- BackTrack 4 Pre Final ? Feel the pwnsauce!
- WepBuster v1.0 beta0.5 released
- ThreatChaos Weekly Updates for 2009-07-03
- Va Pbaterff Nffrzoyrq, Whyl 4 1776
- Easily Delete All Wordpress Spam Comments Using phpMyAdmin
- BitDefender weekly review – ZBot uses Michael Jackson to spread
- Links for 2009-07-03 [del.icio.us]
- Terminology Woes
- Free Proxy Sites: Are they Reliable?
- Website Kidnapping

Annuaire des videos
- PDC Episode 151 Part II w3af Console Seth Misenar
- PDC Episode 151 Part I w3af GUI Seth Misenar
- Man In the Middle Attacks in a Virtual World
- Stoned Vienna Bootkit Introduction
- MAQ00327
- Lockpicking ABUS 55/35 [Tutorial]
- CNet Segment on Defcon 4
- Defcon 10 Random Footage
- Systm Episode 62 Bluetooth Speakerphone Mod
- CNN Segment on Defcon 13
- Systm 89: Boot Windows of a USB Drive Best Of...
- Script Injection Demonstration
- XSS Cross Site Scripting Demonstration
- Hak.5 Episode 2x10
- Hak.5 Whiteboard with mubix part 2/2

Revue Twitter
- RT @SecuObs: 130 232 downloads of BackTrack 4 Pre-Final since the release #backtrack http://bit.ly/Fqc0U Sa en fait des personnes...
- Stayed up late playing with Wireshark's telephony tab stuff... up early fretting over cooking/burning duties... pool already at 82!
- Toorcamp looks freaking awesome.
- @shrdlu Not entirely sure. Fam is off visiting ladies for the day. Crashed out in bed and starting up Star Wars while sipping coffee. :)
- New blog post: Rogue domain: avyciso.cn http://bit.ly/tMdLD
- Reading: Unixmen - Linux howto and Tutorials - Encrypt data in Linux/Unix (http://twitthis.com/6ftag8)
- RT @OWASP_podcast: OWASP Podcast 31, an interview with OWASP project founder Mark Curphey, is now live! http://preview.tinyurl.com/curphey
- RT @curphey: RT @OWASP_podcast: OWASP Podcast 31, an interview with OWASP project founder Mark Curphey, is now live! http://snurl.com/lr7oa
- Drinking club mate. Lockpicking about to start.
- VPN (google): 7 Advantages to Setup Virtual Private Network - TMCnet http://tinyurl.com/ok38w9 Full http://tinyurl.com/lbc2c4

Mini-Tagwall
Revue de presse : security, microsoft, vulnérabilité, windows, vulnerability, network, attack, google, hacker, exploit, inject, internet, remote

+ de mots clés pour la revue de presse
Annuaires des videos : virus, spyware, vmware, firmware, security, malware, lockpicking, biometric, kernel, iphone, windows, adware, password

+ de mots clés pour les videos
Revue Twitter : security, cisco, linux, defcon, firewall, vmware, metasploit, attack, server, phish, network, twitter, windows

+ de mots clés pour la revue Twitter

Top des articles de SecuObs
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- UCSniff ou comment capturer des conversations VoIP en haute définition
- Une nouvelle implémentation GSM libre
- Comment changer un mot de passe perdu pour un compte WINDOWS
- Downadup/Conficker, un ver qui fait des étincelles
- Une faille dans Gmail pour rediriger les mails des utilisateurs
- Injecteur de librairies DLL dans un processus distant sous Microsoft Windows Vista 32 bits
- Vista permet le monitoring Wifi quasiment “out of the box”
- SCS, un scanner pour déterminer si un poste est contaminé par Conficker
- [Sécuriser un réseau sans fil - Partie 1] Introduction à la sécurité du WI-FI

Top de la revue de presse
- La nouvelle DSi de Nintendo piraté !
- GSD How To: Dual Boot Windows 7 on Vista via VHD file
- Burundanga Drug Rumors Spread to Canada, Australia
- 15 minutes pour casser une clé WPA TKIP
- Un virus s'attaque au PHP, ASP et l'HTML !
- backtrack 4
- Le téléphone de Barak Obama n'est pas un Blackberry !
- Ron Paul supporter inadvertently gets iPhones banned from U.S. aircraft
- Une attaque de phishing cible les abonnés de Free
- Watch NBA Playoffs 2009 Live Streaming On Your Computer for FREE

Top de l'annuaire des videos
- HACK WINDOWS XP PASSWORD
- metasploit 3 autopwn
- Download Free NOD32 Eset Antivirus Forever
- iPhone/iPod Touch Firmware 3.0 DOWNLOAD + WARNING (Detailed ...
- [Amazing] Hacking SSH Tunneling Exploit
- SSH into your iPod Touch/iPhone via USB on Windows!
- Downgrade IPhone Firmware 2.2 to 2.1
- Get iPhone/iPod touch firmware 3.0 OFFICIAL! Free (NOT BETA)
- Mac OS X Server Leopard Install in VMWare Fusion 2 beta 2
- Download The Final 3.0 Firmware For iPhone,iPhone 3G & iPod ...

Top de la revue Twitteer
- $ md5sum bt4-pre-final.iso b0485da6194d75b30cda282ceb629654 bt4-pre-final.iso
- currently downloading BackTrack 4 Pre-final because I'm am subscriber of #Informer (HackersforCharity.org)
- Slowloris HTTP DoS affects web servers (apache and others..not IIS).. didn't test yet but a plausible DoS http://bit.ly/Qf5C4
- PDF Structazer tool presented at BH Europe 2008 released: http://www.esiea-recherche.eu/
- RT @jogorman: IHC Informer subscribers, the pre-final version of Backtrack 4 is up! Complete with an installer, a forensic boot mode, etc!!
- I want some java porn .oO(hrm, naked arrays[]) but can't muster the energy right now to crack open the book.
- presentation materials from the SANS Pen-Test Summit Future of Metasploit talk: http://metasploit.com/research/conferences/
- RT @montemplar: Sniffing Browser History with NO Javascript! http://ff.im/-3Mvci
- Metasploit plugins and tutorials - http://tinyurl.com/pcttra

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Le projet de loi HADOPI bientôt de retour à l'assemblée
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Le cloud computing est-il sûr ?
- [Hacking Hardware - Partie 1] - Introduction et présentation
- [Ubiquiti SuperRange 300 mW - Partie 1] Installation et configuration
- Injection en mémoire de codes malicieux pour Apple Mac OS X
- GreenSQL un proxy MySQL pour filtrer les requêtes SQL et contrer les injections
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission

Exostats/Exoscan
Nombre de tests inclus
29046
Tests ajoutés
Aujourd'hui
Ce mois
17
36
Les derniers commentaires publiés sur SecuObs (1-5):
- WepBuster v1.0 beta0.5 released
- 130232 downloads of BackTrack 4 Pre-Final since the release
- Latest version virtualbox 3.0.0 released
- ESRT @mubix A very effective SSH bruteforcer by @laramies recently updated
- ESRT @mubix - Middler gets some more updates today
Détail du test :
ID
29854
Nom
Bitweaver wiki/edit.php suck_url Variable Traversal Source Code Disclosure
Auteurs
This script is Copyright (C) 2008-2009 Tenable Network Security, Inc.
Catégorie
CGI abuses
Action
attack
Résumé
Tries to retrieve a local file using edit.php
Description
Synopsis : The remote web server contains a PHP script that is prone to a directory traversal attack. Description : The remote host is running Bitweaver, an open-source content management system written in PHP. The version of this software installed on the remote host fails to sanitize input to the 'suck_url' parameter of the 'wiki/edit.php' script of directory traversal sequences. An unauthenticated attacker can leverage this issue to read the contents of sensitive files to which he might not otherwise have access, such as the application's configuration file. Note that there are reportedly several other vulnerabilities associated with this version of Bitweaver, although Nessus has not checked for them. See also : http://archives.neohapsis.com/archives/bugtraq/2007-12/0347.html http://www.milw0rm.com/exploits/4814 Solution : Unknown at this time. Risk factor : Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)


Cliquer pour le detail - Liste des tests :
Ipswitch WhatsUp Gold Default Admin Account
RunCMS Multiple Script bbPath Parameter Remote File Inclusion
e107 eTrace Plugin dotrace.php Arbitrary Code Execution
PHP-Fusion <= 6.00.106 Multiple Vulnerabilities
BizDB bizdb-search.cgi Arbitrary Command Execution
Sun ONE Application Server Upper Case Request JSP Source Disclosure
zenTrack index.php Multiple Parameter Remote File Inclusion
phpGroupWare Admin/Setup Password Cleartext Cookie Storage
Live Chat Component for Joomla! last Variable SQL Injection
SquirrelMail decodeHeader HTML injection vulnerability
TrailScout Module For Drupal Session Cookie SQL Injection
PHP < 5.2.3 Multiple Vulnerabilities
GForge Multiple Script Traversal Arbitrary Directory Listing
Monster Top List sources/functions.php root_path Variable Remote File Inclusion
PHP Doc System index.php show Parameter Local File Inclusion
e107 < 7.0 Multiple Vulnerabilities
Crystal Reports crystalimagehandler.aspx Traversal Arbitrary File Access
Plogger plog-rss.php id Parameter SQL Injection
Sun JavaServer Default Admin Password
Ikonboard ikonboard.cgi Multiple Parameter SQL Injection
iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection
ttCMS 2.2 Multiple Vulnerabilities
PunBB profile.php id Parameter SQL Injection
PunBB < 1.2.6 Multiple Vulnerabilities
Woltlab Burning Board Detection
Nabopoll survey.inc.php path Parameter Remote File Inclusion
CoolForum Multiple SQL Injections
Technote main.cgi filename Parameter Traversal Arbitrary File Access
CrashPlan Server Default Administrative Credentials
Serendipity Multiple Scripts serendipity[charset] Parameter Local File Inclusion
PunBB < 1.2.7 Multiple Vulnerabilities
Adobe Document Server Default Credentials
PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion
Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
SquirrelMail strings.php base_uri Parameter Information Disclosure
Webserver 4D Cleartext Password Storage
WebSite Pro webfind.exe keywords Parameter Remote Overflow
SIX-webboard generate.cgi content Variable Traveral Arbitrary File Access
PHP < 4.4.5 Multiple Vulnerabilities
phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion
Flyspray install-0.9.7.php adodbpath Variable Remote File Inclusion
zenTrack index.php configFile Parameter Traversal Arbitrary Files Access
Limbo Contact Component (com_contact) contact.html.php contact_attach Unrestricted File Upload
phpBB < 2.0.7 Multiple Script SQL Injection
Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities
MyBB < 1.01 SQL Injection
phpAlbum language.php data_dir Parameter Remote File Inclusion
phpBB < 2.0.22 Multiple Vulnerabilities
JRun viewsource.jsp Arbitrary File Access
Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
Behold! Software counter.exe Malformed HTTP Request Counter Log DoS
Bugzilla < 2.18.1 Multiple Information Disclosures
Horde IMP mailbox.php3 Multiple Variable SQL Injection
Dokeos claro_init_local.inc.php extAuthSource Parameter Array Remote File Inclusion
Alibaba get32.exe Arbitrary Command Execution
phpPgAds dest Parameter HTTP Response Splitting
WordPress < 1.2.2 Multiple Vulnerabilities
Adobe Document Server for Reader Extensions < 6.1 Multiple Vulnerabilities (Auth Bypass, XSS, Info Disc, Enum)
Simplog <= 0.9.2 Multiple Vulnerabilities
TWiki configure Script Arbitrary Command Execution
Limbo CMS sql.php classes_dir Parameter Remote File Inclusion
osCommerce file_manager.php filename Variable Traversal Arbitrary File Access
CubeCart < 2.0.5 Multiple Vulnerabilities
PJ CGI Neo PJreview_Neo.cgi p Parameter Traversal Arbitrary File Access
Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe)
Sun Java System Directory Server Online Help Feature Information Disclosure
Turbo Seek tseekdir.cgi location Parameter Arbitrary File Access
Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access
WebHints hints.pl Arbitrary Command Execution
OneOrZero Helpdesk tinfo.php Arbitrary File Upload
phpMyFAQ Image Upload Authentication Bypass
Sun Java System ASP < 4.0.3 Multiple Vulnerabilities
MPC SoftWeb Guestbook Multiple Vulnerabilities
Zorum <= 3.5 Multiple Remote Vulnerabilities
Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities
JBoss JMX Console Unrestricted Access
McAfee Common Management Agent Traversal Arbitrary File Write
e107 db.php User Database Disclosure
WebAPP Detection
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
Web Wiz Site News / Compulsive Media CNU5 news.mdb Direct Request Database Disclosure
Multiple Vendor jj CGI Arbitrary Command Execution
Packeteer Web Management Interface Version Detection
Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution
Symphony sym_auth Cookie SQL Injection
YaBB SE < 1.5.2 Multiple Vulnerabilities
IlohaMail Attachment Arbitrary File Create/Overwrite
WebWho+ whois.pl time Parameter Arbitrary Command Execution
Icecast Encoded Traversal Arbitrary File Access
WordPress < 1.5.1 Multiple Vulnerabilities
Invision Power Board Software Detection
Snitz Forums 2000 register.asp Email Parameter SQL Injection
CandyPress Store admin/utilities_ConfigHelp.asp helpfield Variable SQL Injection
ListManager < 8.9b Multiple Vulnerabilities
Gravity Board X <= 1.1 Multiple Vulnerabilities (SQLi, XSS, PD, Cmd Exe)
Chipmunk CMScore Multiple Script SQL Injection
WebActive HTTP Server active.log Remote Information Disclosure
Symantec Reporting Server Improper URL Handling Exposure
Hosting Controller Multiple Script Arbitrary Directory Browsing
PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion
AnyForm CGI Arbitrary Command Execution
Exponent CMS Multiple Cross-Site Scripting Vulnerabilities
netOffice Dwins demoSession Parameter Authentication Bypass
Mambo Open Source / Joomla! GLOBALS Variable Remote File Inclusion
PCCS-Mysql User/Password Exposure
CuteNews inc/function.php archive Variable Arbitrary File Access
Phpauction <= 2.5 Multiple Vulnerabilities
CVSTrac Malformed URI Infinite Loop DoS
PunBB include/common.php language Paramater Local File Inclusion
Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection
MODx CMS base_path Parameter Remote File Inclusion
PerlDesk kb.cgi view Parameter SQL Injection
Marcus Xenakis directory.php Execute Arbitrary Commands
e107 resetcore.php user Field SQL Injection
XMB member.php Multiple Parameter SQL Injection
Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)
K-COLLECT CSV-DB CSV_DB.CGI Remote Command Execution Vulnerability
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution
PHP < 5.2.10 Multiple Vulnerabilities
SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion
XOOPS < 2.0.12 Multiple Vulnerabilities
FlatNuke < 2.5.6 Multiple Remote Vulnerabilities (XSS, Disc, Command Exe)
BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation
Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access
Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi
SandSurfer < 1.7.0 User Authentication Bypass
Webapp.org WebAPP < 0.9.9.6 Multiple Vulnerabilities
Limbo CMS Multiple Vulnerabilities
UBB.threads < 6.5.2 beta Multiple Vulnerabilities
YaPiG Password Protected Directory Bypass
icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access
phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability
Stellar Docs Malformed Query Path Disclosure
Psunami.CGI Command Execution
PHP Live Helper Multiple Remote File Inclusions
Netref cat_for_gen.php Arbitrary PHP Command Injection
CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities
Active Auction Multiple Vulnerabilities (SQLi, XSS)
smb2www Unspecified Arbitrary Remote Command Execution
Serendipity Multiple Script HTTP Response Splitting
Muscat Empower CGI Malformed DB Parameter Path Disclosure
EZShopper Multiple Script Arbitrary Command Execution
CGI Generic Path Traversal Vulnerability
Pixelpost < 1.5 RC1 Multiple Vulnerabilities
Gregarius ajax.php rsargs[] Parameter Array SQL Injection
WebGais websendmail CGI Arbitrary Command Execution
Web Wiz Forums wwforum.mdb Direct Request Database Disclosure
Microsoft Site Server Multiple Script Information Disclosure
OrangeHRM login.php txtUserName Parameter SQL Injection
My_eGallery < 3.1.1g Remote File Inclusion
PHPWind Board faq.php skin Parameter Remote File Inclusion
WordPress Detection
phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities
Aborior Encore WebForum display.cgi file Variable Command Execution
WebCalendar Detection
ListManager Error Message Information Disclosure
Web Site Malicious Javascript Link Detection
PHP < 4.4.8 Multiple Vulnerabilities
Gallery main.php g2_itemId Variable Traversal Arbitrary File Access
dotProject Multiple Scripts Remote File Inclusion
GOsa Multiple Script plugin Parameter Remote File Inclusion
Seditio Detection
Synchrologic Email Accelerator aggregate.asp User Account Disclosure
Mensajeitor Tag Board Admin Bypass
Calendarix Basic cal_cat.php catview Variable SQL Injection
phpMyAdmin < 2.9.1 Multiple Vulnerabilities
SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution
W3.org Anaya Web sendtemp.pl templ Variable Traveral Arbitrary File Access
phpScheduleIt Detection
Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation
YaPiG <= 0.9.5b Multiple Vulnerabilities
Nuked-Klan index.php Multiple Module Vulnerabilities
/doc/packages Directory Browsable
jPortal print.inc.php id Parameter SQL Injection
Default password (changeme) for SHOUTcast Server Service Port
ASG-Sentry CGI Default Credentials
Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access
bBlog rss.php p Parameter SQL Injection
ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS)
Gallery PostNuke Integration Access Validation Privilege Escalation
Coppermine Photo Gallery keysToSkip Variable Overwrite
myPHPNuke phptonuke.php filnavn Parameter Traversal Arbitrary File Access
ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite
Xerver < 4.20 Multiple Vulnerabilities
Joomla! < 1.0.8 Multiple Vulnerabilities
PHProjekt setup.php Authentication Bypass Arbitrary Code Execution
XEROX MicroServer Web Server Multiple Vulnerabilities (XRX05-008)
PHP < 5.2 Multiple Vulnerabilities
PDGSoft Shopping Cart Multiple Vulnerabilities
Claroline Multiple Script includePath Parameter Remote File Inclusion
PHP Live! directory/conf File Include Unspecified Issue
phpwcms 1.2.5 Multiple Vulnerabilities
Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities
PostNuke < 0.762 Multiple Vulnerabilities
Poster version.two index.php Account Manipulation Privilege Escalation
phpMyFAQ Forum Message username Field SQL Injection
DevoyBB Multiple Remote Vulnerabilities (SQLi, XSS)
Wordit Logbook logbook.pl file Parameter Arbitrary File Access
rpm_query CGI System Information Disclosure
IlohaMail Unspecified Database Password Disclosure Weakness
Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access
AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution
phpLDAPadmin custom_welcome_page Parameter File Include Vulnerability
GTcatalog password.inc Direct Request Password Disclosure
Super-M Son hServer URI Traversal Arbitrary File Access
UBB.threads Detection
MyBB index.php referrer Parameter SQL Injection
GNUMP3d < 2.9.6 Multiple Remote Vulnerabilities (XSS, Traversal)
ActivePerl perlIS.dll Buffer Overflow
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection
Plumtree Portal User Object User Enumeration
Sambar Server pagecount CGI Traversal Arbitrary File Overwrite
Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure
Gallery stepOrder Parameter Local File Inclusion
PHP < 4.4.9 Multiple Vulnerabilities
Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
Openads Delivery Engine OA_Delivery_Cache_store() Function name Argument Arbitrary PHP Code Execution
JAWS Multiple Vulnerabilities (XSS, Auth Bypass, Traversal)
Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution
Foxweb foxweb.exe Long URL Remote Overflow
Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass
Microsoft IIS Translate f: ASP/ASA Source Disclosure
BBS E-Market Professional index.php filename Variable Traversal Arbitrary File Access
OpenBB < 1.0.9 Multiple Vulnerabilities
phpWebSite Detection
osTicket Detection
NetCharts Server Default Password
PunBB < 1.2.2 Multiple Input Validation Vulnerabilities
Limbo com_fm Component sql.php classes_dir Variable Remote File Inclusion
yappa-ng < 2.3.2 Multiple Vulnerabilities
phpGedView arbitrary file reading
OneOrZero Helpdesk tupdate.php sg Parameter SQL injection
HylaFAX faxsurvey Arbitrary Command Execution
Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
CVSTrac cgi.c Multiple Overflows
OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access
WebGais webgais CGI Arbitrary Command Execution
Claroline ldap.inc.php clarolineRepositorySys Variable Remote File Inclusion
IceWarp Web Mail Multiple Flaws (1)
Thyme event_view.php eid Parameter SQL Injection
Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)
LifeType index.php Date Parameter SQL Injection
VICIDIAL Call Center Suite Default Administrative Credentials
ActualAnalyzer direct.php rf Variable Remote File Inclusion
Bugzilla Software Detection
Simple Machines Forum Avatar Information Disclosure Vulnerability
IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure
TikiWiki Unauthorized Page Access
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion
IlohaMail Software Detection
WebLogic < 8.1 SP3 Multiple Vulnerabilities
BASE Authentication Redirect Authentication Bypass
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)
LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass
BEA WebLogic Hex Encoded Request JSP Source Disclosure
Generic CGI Tests Timeout
AutomatedShops WebC.cgi Multiple Overflows
Invision Community Blog Module eid Parameter SQL Injection
PostNuke Install Script Admin Password Disclosure
e107 download.php extract() Function Variable Overwrite
ProductCart Multiple Input Validation Vulnerabilities
Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
Directory Pro Traversal Arbitrary File Access
IPCheck Server Monitor Traversal Arbitrary File Access
paFAQ 1.0 Beta 4 Multiple Vulnerabilities
Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
RealServer /admin/Docs/default.cfg Information Disclosure
WHM AutoPilot < 2.5.20 Multiple Remote Vulnerabilities
Simple Machines Forum Search.php SQL Injection
Land Down Under / Seditio polls.php id Parameter SQL Injection
Vignette Application Portal Diagnostic Utility Information Disclosure
Multiple Dangerous CGI Script Detection
phpBB Detection
DUware Products Multiple Remote Vulnerabilities (SQLi, XSS)
PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access
osTicket Arbitrary Attachment Disclosure
PHP-Ping php-ping.php count Parameter Arbitrary Command Execution
Truegalerie admin.php loggedin Parameter Admin Authentication Bypass
VChat Multiple Remote Vulnerabilities
Alkalay.Net Multiple Scripts Arbitrary Command Execution
SugarSales Multiple Module Traversal Arbitrary File Access
Terminal Services Web Detection
Land Down Under <= 801 Multiple Vulnerabilities
Boozt index.cgi Banner Creation Name Field Overflow
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities
phpMyFAQ Detection
PHPFM Arbitrary File Upload
KW Whois CGI whois Parameter Arbitrary Command Execution
myPHPNuke My_eGallery gallery/displayCategory.php basepath Variable Remote File Inclusion
Tarantella Enterprise ttawebtop.cgi pg Variable Traversal Arbitrary File Access
Guestbook CGI Arbitrary Command Execution
Gallery index.php GALLERY_BASEDIR Variable Remote File Inclusion
Claroline inc/lib/language.lib.php language Variable Traversal Local File Inclusion
Novell GroupWise WebAccess WebAccessUninstall.ini Information Disclosure
Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities
WordPress template-functions-category.php cat_ID Parameter SQL Injection
Trend Micro Scanmail for Domino nsf File Information Disclosure
Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe)
e107 class2.php e107language_e107cookie Cookie Traversal Local File Inclusion
w-Agora Multiple Script Traversal Arbitrary File Access
Sun Java Web Server bboard Servlet Command Execution
MailEnable NetWebAdmin Unauthorized Access (ME-10019)
WebSpeed Development Mode Check
CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution
Generic SQL Injection Testing
VHCS PHPSESSID Cookie Session Fixation
SquirrelMail Detection
FTGate <= 4.4.002 Multiple Remote Vulnerabilities (OF, FS, XSS)
ViewCVS < 1.0.0 Multiple Vulnerabilities
WoltLab Burning Board search.php Multiple Variable SQL Injection
TWiki filename Parameter Traversal Arbitrary File Access
Webcart Default Install Configuration Disclosure
Cobalt siteUserMod.cgi Arbitrary Password Modification
CGI Generic Command Execution Vulnerability
Alibaba tst.bat Arbitrary Command Execution
Phorum common.php ForumLang Parameter Traversal Arbitrary File Access
OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities
ViRobot Linux Server addschup Multiple Overflows
SimpleBBS topics.php name Parameter Arbitrary Command Execution
TalentSoft Web+ webplus CGI Traversal Arbitrary File Access
Module Builder DownloadModule Traversal Arbitrary File Disclosure
PHP 5 < 5.2.7 Multiple Vulnerabilities
DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
Minis minis.php month Parameter Traversal Arbitrary File Access
BitDefender Update Server HTTP Request Traversal Arbitrary File Access
Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
TYPO3 cmw_linklist Extension category_uid Parameter SQL Injection
ReviewPost PHP Pro Multiple Script SQL Injection
PhotoPost < 5.1 Multiple Input Validation Vulnerabilities
PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access
Segue CMS themesettings.inc.php themesdir Parameter Remote File Inclusion
Trend Micro OfficeScan 7.3 Multiple Vulnerabilities
WebLogic Multiple Method Cleartext Password Disclosure
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access
iisPROTECT Unpassworded Administrative Interface
SHOUTcast Server admin.cgi Long Argument Overflow
AkoGallery Component for Mambo / Joomla! index.php id Variable SQL Injection
Simple Form Multiple Parameter Arbitrary Mail Relaying
Phorum search.php location Parameter HTTP Response Splitting
spin_client.cgi Remote Overflow
w-Agora inc_dir Parameter Remote File Inclusion
PortalApp forums.asp sortby Parameter SQL Injection
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure
Apache Tomcat Nonexistent File Error Message Path Disclosure
ZixForum ZixForum.mdb DIrect Request Database Disclosure
Mambo Open Source Multiple Vulnerabilities
Basic Analysis and Security Engine Authentication Check
PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access
Mountain Network Systems webcart.cgi Arbitrary Command Execution
Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities
Mambo Global Variables Unauthorized Access
DB4Web Server db4web_c Filename Request Traversal Arbitrary File Access
Joomla! Detection
Coppermine Photo Gallery Voting Restriction Bypass
HP OpenView Client Configuration Manager Default Credentials
HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more)
phpSysInfo < 2.4.1 Multiple Vulnerabilities
LedgerSMB / SQL-Ledger login.pl script Parameter Arbitrary Perl Code Execution
WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution
Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure
WordPress Trackback wp-trackback.php tb_id Parameter SQL Injection
PHProjekt <= 5.1 Multiple Remote File Inclusions
GNU Mailman Multiple Unspecified Remote Vulnerabilities
Sambar Server search.pl results.stm Overflow DoS
MailMaxWeb Cookie Application Path Disclosure
Tikiwiki tiki-listmovies.php movie Parameter Traversal Arbitrary File Access
paFileDB <= 3.1 Multiple Vulnerabilities (1)
Singapore Gallery < 0.9.11 Multiple Vulnerabilities
Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion
MERCUR WebView WebMail Server mail_user Parameter DoS
SiteBuilder-FX top.php admindir Parameter Remote File Inclusion
Alt-N WebAdmin Multiple Vulnerabilities
GuppY <= 4.5.9 Multiple Remote Vulnerabilities (Traversal, Code Exec)
JGS-Portal for WoltLab Burning Board Multiple Vulnerabilities (SQLi, XSS)
ADOdb server.php sql Variable SQL Injection
Ultimate PHP Board add.php Direct Request Information Disclosure
Movable Type mt.cfg Information Disclosure
MapServer < 5.2.2 / 4.10.4 Multiple Flaws
WordPress Pingback File Information Disclosure
Apache Tomcat RequestDispatcher Directory Traversal Vulnerability
Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities
PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities
TYPOlight < 2.2.5 Unspecified Vulnerability
SquirrelMail plugin.php plugins Parameter Local File Inclusion
MailWatch authenticate() Function SQL Injection
Sambar Server Multiple CGI Remote Overflow
WihPhoto sendphoto.php Traversal Arbitrary File Access
iBill ibillpm.pl Password Generation Weakness
Custom Pages for Joomla! index.php cpage Variable Remote File Inclusion
phPay admin/phpinfo.php Information Disclosure
phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution
vBulletin misc.php template Variable PHP Code Injection
Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities
webadmin.php show Parameter Arbitrary File Access
phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion
vBulletin Email Field XSS
OpenX ac.php bannerid Parameter SQL Injection
Barracuda Spam Firewall Multiple Remote Vulnerabilities (Cmd Exec, Traversal, Default)
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
DevTrack Web Service UserName Field SQL Injection
PHPAuction Multiple Script include_path Parameter File Inclusion
Nucleus CMS action.php itemid Parameter SQL Injection
D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS
ROADS search.pl form Parameter Traversal Arbitrary File Access
Serendipity Detection
Sugar Open Source Detection
Netbilling nbmember.cgi cmd Parameter Information Disclosure
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution
phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions
Mambo Detection
PBLang BBS <= 4.65 Multiple Vulnerabilities
OpenCart route Parameter Local File Inclusion
Woltlab Burning Board Multiple SQL Injections
Serendipity < 0.8.1 Multiple Vulnerabilities
Apache Tomcat Snoop Servlet Remote Information Disclosure
ezPublish settings/site.ini Configuration Disclosure
SquirrelMail HTTPS Session Cookie Secure Flag Weakness
Multiple Web Server printenv CGI Information Disclosure
PhpMyExplorer index.php chemin Variable Encoded Traversal Arbitrary File Access
Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)
Verity Ultraseek < 5.7 Multiple Vulnerabilities
RTH login.php uname Parameter SQL Injection
Sambar Server dumpenv.pl Information Disclosure
Calendarix Multiple Script id Parameter SQL Injection
zFeeder admin.php Direct Request Admin Authentication Bypass
Etomite CMS index.php id Paramater SQL Injection
VHCS include/sql.php include_path Parameter Remote File Inclusion
Mambo / Joomla! Multiple Components mosConfig_live_site Parameter Remote File Inclusion
SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion
Philboard /database/philboard.mdb Direct Request Database Disclosure
HastyMail HTML Attachement Script Execution
Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access)
phpListPro Multiple Script returnpath Parameter Remote File Inclusions
BEA WebLogic config.xml Operator/Admin Password Disclosure
phpPgAdmin index.php _language Parameter Local File Inclusion
paFileDB auth.php pafiledbcookie Cookie SQL Injection
processit CGI Environment Variable Remote Information Disclosure
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow
Big Brother bb-hist.sh History Module Arbitrary File Read
phpAdsNew XML-RPC Library Remote Code Injection
Spyke Multiple Remote Vulnerabilities
ThinClientServer Admin Account Creation Privilege Escalation
XAMPP ADOdb mssql_connect Remote Buffer Overflow
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
Website Baker Admin Login SQL Injection
JFFNMS auth.php Multiple Parameter SQL Injection
Cerberus Support Center Multiple Remote Vulnerabilities (SQLi, XSS)
HAMweather Template.php do_parse_code Function Arbitrary Code Execution
Comersus Cart Multiple Vulnerabilities (SQLi, XSS)
Stoc'an Shopping Cart shop.plx Path Disclosure
Microsoft Frontpage htimage.exe CGI Remote Overflow
Allaire JRun Encoded JSP Request Arbitrary Directory Listing
Trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion
CVS (Web Based) Entries File Information Disclosure
Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities
MyServer 0.8 Multiple Vulnerabilities
XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion
aspWebCalendar calendar.asp SQL Injection
MediaWiki Language Option eval() Function Arbitrary PHP Code Execution
PHP-Nuke opendir.php Traversal Arbitrary File Read
Plesk Multiple Script locale_id Parameter Traversal Arbitrary File Access
phpBB <= 2.0.17 Multiple Vulnerabilities
Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure
Cuyahoga FCKEditor Misconfiguration Unrestricted File Upload
Simple Machines Forum msg Parameter SQL Injection Vulnerability
osCommerce Unprotected Admin Directory
PBLang login.php lang Parameter Local File Inclusion
Fortinet Fortigate Web Console Management Detection
ImageFolio Default Password
DeluxeBB Multiple Scripts SQL Injection
Site@School Multiple Script cmsdir Parameter Remote File Inclusion
phpGroupWare Multiple Module SQL Injection
Horde test.php Direct Reqest Information Disclosure
phpBB <= 2.0.14 Multiple Vulnerabilities
Ecartis HTML Field Manipulation Arbitrary User Password Reset
Webmin Detection
WordPress fGallery fim_rss.php album Parameter SQL Injection
Coppermine Photo Gallery showdoc.php f Variable Local File Inclusion
XEROX WorkCentre WebUI Arbitrary Command Execution (XRX06-005)
OraMon config/oramon.ini Information Disclosure
Cobalt RaQ2 cgiwrap Multiple Vulnerabilities
VP-ASP Multiple Script SQL Injection
ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe)
Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection
Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow
Emumail WebMail Multiple Remote Vulnerabilities (XSS, Disc)
pMachine lib.inc.php pm_path Parameter Remote File Inclusion
Hosting Controller hosting/addreseller.asp reseller Variable Authentication Bypass
phpScheduleIt reserve.php start_date Parameter Arbitrary Command Injection
PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion
Netquery <= 3.11 nquser.php host Variable Arbitrary Command Execution
Discuz! <= 4.0.0 rc4 Arbitrary File Upload
Moodle Forum post.php Unauthorized Post Deletion CSRF
Moodle < 1.6.2 Multiple Vulnerabilities
Les Visiteurs Multiple Remote File Inclusion
HP LaserJet Directory Traversal
Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
phpWebNotes t_path_core Parameter File Include Vulnerability
UBB.threads dosearch.php SQL injection
Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval
WoltLab Burning Board Lite thread.php decode_cookie Function threadvisit Cookie Variable SQL Injection
Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection
LinPHA include/img_view.class.php order parameter SQL Injection
boastMachine mail.php id Variable SQL Injection
Trend Micro Emanager Detection
pMachine mail_autocheck.php Arbitrary Code Execution
Mnemo Detection
ZABBIX Web Interface extlang[] Parameter Remote Code Execution
Community Link Pro login.cgi file Parameter Arbitrary Command Execution
YaBB YaBB.pl num Parameter Traversal Arbitrary File Access
PNphpBB2 index.php c Parameter SQL Injection
Novell eDirectory iMonitor HTTP Protocol Stack (httpstk) Host HTTP Header Remote Overflow
Smart Publisher index.php filedata Parameter Arbitrary Command Execution
Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution
JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure
PHP < 5.2.4 Multiple Vulnerabilities
PHP-Blogger pref.db Database Information Disclosure
DCForum dcboard.cgi Multiple Vulnerabilities
MDPro index.php topicid Parameter SQL Injection
TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion
Invision Gallery < 1.3.1 Multiple SQL Injections
e107 ibrowser.php zend_has_del() Function Remote Code Execution
IdeaBox include.php ideaDir Parameter Remote File Inclusion
Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities
WebAPP Directory Traversal
MaxWebPortal <= 1.33 Multiple Vulnerabilities
HappyMall Multiple Script Arbitrary Command Execution
Horde Ingo Software Detection
WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion
phpBB < 2.0.9 Multiple Vulnerabilities
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities
Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)
PhotoPost PHP Detection
Nukedit utilities/login.asp email Parameter SQL Injection
myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities
MyBB ratethread.php rating Parameter SQL Injection
ColdFusion Debug Mode Information Disclosure
SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow
pMachine <= 2.2.1 Multiple Vulnerabilities
WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection
Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access
MyDMS < 1.4.3 Multiple Vulnerabilities
Web Server info.php / phpinfo.php Detection
WWWBoard passwd.txt Authentication Credential Disclosure
Site@School slideshow_full.php album_name Parameter SQL Injection
PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection
OpenCA Multiple Signature Validation Bypass
Muhammad A. Muquit wwwcount Count.cgi Remote Overflow
BEA WebLogic Null Byte Request JSP Source Disclosure
Movable Type Detection
TinyWebGallery lang Parameter Local File Inclusion
bttlxeForum login.asp Multiple Field SQL Injection
TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities
Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc)
Trac quickjump Search Script q Parameter Arbitrary Site Redirect
SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting
NCSA Campas cgi-bin Arbitrary Command Execution
PAFileDB Multiple Script Error Message Path Disclosure
TikiWiki File Upload temp Directory Arbitrary Script Execution
Mambo Site Server MD5 Hash Session ID Privilege Escalation
CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS)
phpMyBackupPro < 1.0.0 Unspecified Input Validation Issues
Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
CoolPHP 1.0 Multiple Vulnerabilities
ColdFusion Multiple Vulnerabilities (File Upload/Manipulation)
Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
Xpressions Interactive Multiple Products login.asp SQL Injection
AWStats Detection
Webhosting Component for Joomla catid Parameter SQL Injection
HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)
Leif Wright ad.cgi file Parameter Arbitrary Command Execution
Flyspeck lang Parameter Local File Inclusion
PHP iCalendar Cookie Data Traversal Local File Inclusion
Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness
CVS (Web Based) Directory Spider
PostNuke Glossary Module page Parameter SQL Injection
AutoLinks Pro alpath Parameter File Include Vulnerability
PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
ttforum Multiple Vulnerabilities
VisNetic / Merak Mail Server Multiple Remote Vulnerabilities
XTreme ASP Photo Gallery adminlogin.asp Multiple Variable SQL Injection
OpenDocMan Access Control Bypass
AspUpload Test11.asp Arbitrary File Upload
Cold Fusion Administration Page Overflow DoS
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access
Openfire < 3.6.3 Multiple Vulnerabilities
SaveWebPortal <= 3.4 Multiple Vulnerabilities
PHP Easy Download admin/save.php moreinfo Parameter Code Injection
Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion
PunBB < 1.2.8 Multiple Vulnerabilities
paFileDB Detection
ITA Forum Multiple Scripts SQL Injection
Lyris ListManager Subscription Form Administrative Command Injection
Plume CMS < 1.0.3 Remote File Inclusion
Instaboard index.cfm Multiple Parameter SQL Injection
Gallery Unspecified HTML Injection
Sysinfo name Parameter Arbitrary Code Execution
PHPAuction Admin Authentication Bypass
Athena Web Registration athenareg.php pass Variable Command Execution
My Guest Book (myGuestBk) Multiple Vulnerabilities
MailMan Webmail mmstdod.cgi Arbitrary Command Execution
phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities
WebsitePro Remote Request Overflow
SpiderSales Shopping Cart SQL injection
ManageEngine Applications Manager Invalid URI Remote Information Disclosure
RWCards Component for Joomla! index.php category_id Parameter SQL Injection
Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure
smb2www Detection
VideoDB < 2.0.2 Multiple Vulnerabilities
Microsoft IIS/PWS %2e Request ASP Source Disclosure
PHP iCalendar publish.ical.php Arbitrary File Upload
Poll It CGI data_dir Parameter Arbitrary File Access
OmniHTTPd visadmin.exe Malformed URL DoS
Polar HelpDesk Authentication Bypass
SquirrelMail < 1.4.4 Multiple Vulnerabilities
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution
XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection
Atlassian JIRA < 3.12.1 Multiple Vulnerabilities
X7 Chat upgradev1.php old_prefix Parameter SQL Injection
GMaps Component for Joomla! index.php viewmap Action mapId Parameter SQL Injection
Directory Manager edit_image.php Arbitrary Command Execution
Open WebMail Detection
Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS
sBLOG search.php keyword Parameter SQL Injection
Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)
TUTOS < 1.1.20040412 Multiple Input Validation Issues
Advanced Guestbook index.php lang Cookie Variable Path Disclosure
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
GForge CVSWeb CGI cvsweb.php PATH_INFO Variable Arbitrary Command Execution
GoSmart Message Board Multiple Vulnerabilities (SQLi, XSS)
Owl browse.php Authentication Bypass
Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload
Atmail WebMail Detection
McAfee Common Management Agent 3.6.0.546 Multiple Vulnerabilities
uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access
PD9 MegaBBS Multiple Vulnerabilities
Moodle < 1.5.1 Multiple Vulnerabilities
Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution
PHPSurveyor Multiple SQL Injections
Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution
Netwin WebNews Webnews.exe Remote Overflow
BasiliX Application Installation Detection
phpMyAgenda rootagenda Parameter File Include Vulnerability
PHP Error Log Format String Command Injection
MercuryBoard User-Agent SQL Injection
AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)
Microsoft IIS ODBC Tool getdrvrs.exe DSN Creation
Sun Java System Identity Manager Detection
Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)
CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID)
VP-ASP shopexd.asp catalogid Parameter SQL Injection
PunBB Detection
BASE base_maintenance.php Authentication Bypass
CVSTrac timeline.c timeline_page Function Overflow
CMS Made Simple modules/TinyMCE/content_css.php templateid Variable SQL Injection
Adobe Dreamweaver dwsync.xml Remote Information Disclosure
Kietu index.php Remote File Inclusion
Woppoware PostMaster <= 4.2.2 Multiple Vulnerabilities
w-Agora <= 4.2.0 Multiple Vulnerabilities
Drupal Public Comment/Posting Arbitrary PHP Code Execution
BEA WebLogic FileServlet Source Code Disclosure
NetGear Wireless Access Point Hardcoded Default Password
osTicket open.php Support Address Crafted Mail Loop Remote DoS
MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities
Bugzilla Multiple Vulnerabilities (SQLi, ID)
PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access
AEC Subscription Manager Component usage Parameter SQL Injection
Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities
WordPress < 1.5.1.3 Multiple Vulnerabilities
Calendar Express Multiple Vulnerabilities (SQLi, XSS)
webERP Configuration File Remote Access
CubeCart FCKeditor connector.php Arbitrary File Upload
Cacti cmd.php Multiple Variable SQL Injection Arbitrary Command Execution
OpenNMS Web Console Detection
Loudblog index.php id Parameter SQL Injection
DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution
AWStats awstats.pl Path Disclosure
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities (ID, more)
DUportal Pro Multiple Scripts SQL Injection (2)
Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
phpBB viewtopic.php topic_id Variable SQL Injection
Sun Java System Identity Manager Default Credentials
Microsoft IIS query.asp Direct Request DoS
thttpd ssi Servlet Encoded Traversal Arbitrary File Access
Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion
DUpaypal Pro Multiple Scripts SQL Injection
FCKeditor upload.php Type Variable Arbitrary File Upload
Packeteer Web Management Interface Authentication
phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection
DCP-Portal lib.php root Parameter Remote File Inclusion
MultiHTML multihtml.pl Traversal Arbitrary File Access
Blog Torrent < 0.81 btdownload.php Multiple Vulnerabilities
MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities
Thunderstone Software Texis Crafted Request Information Disclosure
ViRobot Linux Server filescan Authentication Bypass
PunBB Search Dropdown Private Forum Disclosure
Horde Imp Webmail status.php3 message Parameter XSS
Claroline Multiple RemoteVulnerabilities (RFI, Traversal, XSS)
Horde Admin Account Default Password
Xoops Incontent Module Directory Traversal Vulnerability
OneOrZero Helpdesk default_language Local File Inclusion
IlohaMail Forged GET/POST Arbitrary Contacts Deletion
Horde Software Detection
vpopmail-CGIApps vpasswd.cgi Remote Command Execution
SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion
MyBB < 1.04 Multiple Vulnerabilities
ASP PortalApp Multiple SQL Injection
Owl Intranet Engine lib/OWL_API.php xrms_file_root Variable Remote File Inclusion
Sambar Server Multiple CGI Environment Variable Disclosure
UebiMiau Multiple Input Validation Vulnerabilities
Symantec Web Security Detection
WebStores 2000 browse_item_details.asp SQL injection
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
CodeGrrl Applications Remote File Inclusion Vulnerabilities
AWStats rawlog.pm logfile Parameter Arbitrary Command Execution
AN HTTPd count.pl Traversal Arbitrary File Overwrite
PHP Advanced Transfer Manager <= 1.21 Multiple Vulnerabilities
Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection
IceWarp Web Mail Multiple Flaws (4)
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
Cart32 c32web.exe ImageName Traversal Arbitrary File Access
CVSTrac Database Plaintext Password Storage
Sympa src/queue.c queue Utility Local Overflow
Land Down Under <= 800 Multiple Vulnerabilities
Netdynamics ndcgi.exe Previous User Session Replay
osCommerce update.php readme_file Parameter Arbitrary File Disclosure
JCE Admin Component for Joomla! jce.php Multiple Vulnerabilities (LFI, XSS)
gCards < 1.46 Multiple Vulnerabilities
phpSecurePages cfgProgDir Variable File Include Vulnerabilities
XOOPS Jobs Module index.php cid Parameter SQL Injection
BASE < 1.2.5 readRoleCookie() Auth Bypass
Site Documentation Module for Drupal Database Tables Access Content Permission Information Disclosure
Dragonfly CMS install.php newlang Variable Local File Inclusion
Icecast MP3 Client HTTP GET Request Remote Overflow
PlusMail plusmail CGI Arbitrary Command Execution
Microsoft IIS fpcount.exe CGI Remote Overflow
phpMyAdmin sql.php Traversal Arbitrary File Access
Multiple Vendor phf CGI Arbitrary Command Execution
2BGal disp_album.php id_album Parameter SQL Injection
MyBB search.php forums Parameter SQL Injection
Sybase EAServer WebConsole jaqadmin Default Password
Maian Scripts Cookie Manipulation Authentication Bypass
PmWiki < 2.1 beta 21 Multiple Vulnerabilities
DokuWiki fetch.php Multiple Variable imconvert Function Arbitrary Command Execution
Drupal Theme System Template Local File Inclusion
CuteNews Multiple Script Traversal Privilege Escalation
Gallery < 1.4.4-pl5 Multiple Remote Vulnerabilities (XSS, Path Disc)
Simple Web Counter swc ctr Parameter Remote Overflow
Geeklog auth.inc.php loginname Parameter SQL Injection
Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection
Lucent VitalNet VsSetCookie.exe Unauthorized Access
TWiki Detection
CA Host-Based Intrusion Prevention System Server Default Credentials
TWiki rev Parameter Arbitrary Command Execution
phpGroupWare Detection
Multiple Vendor info2www CGI Arbitrary Command Execution
Simple PHP Blog Detection
Hosting Controller addsubsite.asp Security Bypass
Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure
RCBlog index.php post Parameter Traversal Arbitrary File Access
Windmail.exe Shell Metacharacter Arbitrary Command Execution
Mambo Open Source usercookie Parameter SQL Injection
PBLang 4.65 Multiple Vulnerabilities
SHOUTcast Server User-Agent / Host Header DoS
phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution
WebMatic Unspecified Login Function Access Vulnerability
DCP-Portal Multiple Scripts SQL Injection
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
MyBB < 1.0 Multiple SQL Injection Vulnerabilities
BroadVision One-To-One Enterprise Nonexistent JSP Request Path Disclosure
Orion Application Server Crafted Filename Extension JSP Script Source Disclosure
phpList index.php database_module Parameter Local File Inclusion
Greymatter 1.3 Multiple Vulnerabilities
CVSTrac chdir() chroot Jail Escape
FuseTalk index.cfm txForumID Variable SQL Injection
DB4Web Server Debug Mode TCP Port Scanning Proxy
Winmail Server Webmail Unspecified Vulnerability
Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass
Netscape Enterprise Default Administrative Password
Claroline Software Detection
e_Board index2.cgi message Parameter Traversal Arbitrary File Access
Advanced Guestbook index.php entry Parameter SQL Injection
WF-Chat User Account Disclosure
Mailman Detection
The Includer includer.cgi Arbitrary Command Execution
WebAdmin < 3.2.5 Multiple Vulnerabilities
e107 Detection
IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure
Trend Micro InterScan VirusWall catinfo CGI Overflow
Inktomi Search MS-DOS Device Name Request Path Disclosure
Tripwire for Webpages Installation Disclosure
Simple PHP Blog install05.php blog_language Parameter Local File Inclusion
Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion
VICIDIAL Call Center Suite admin.php SQL Injection
PHP-Fusion 4.01 Multiple Vulnerabilities
Viralator CGI Script Arbitrary Command Execution
MapServer Multiple Remote Vulnerabilities
Xylogics Annex Terminal Service ping CGI Program DoS
CGI::Session File Driver CGISESSID Cookie Traversal Authentication Bypass
YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities
Microsoft Outlook Web Access (OWA) Anonymous Access
Free Articles Directory index.php page Parameter Remote File Inclusion
Comersus BackOffice comersus_backoffice_menu.asp Multiple Variable SQL Injection
SLMail WebMail Multiple Remote Overflows
Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval
YaBB 1 Gold < 1.3.2 Multiple Input Validation Vulnerabilities
Backup Files Disclosure
MailMarshal Spam Quarantine Interface Arbitrary Account Password Retrieval
Infinity CGI Exploit Scanner Multiple Vulnerabilities
phpGroupWare index.php Addressbook XSS
Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion
phpMyAdmin setup.php save Action Arbitrary PHP Code Injection
Centreon include/doc/get_image.php img Variable Traversal Arbitrary File Access
XMB Forum < 1.9.2 Multiple Vulnerabilities
MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities
Microsoft ASP.NET Application Tracing trace.axd Information Disclosure
WebLogic Servlets Multiple Vulnerabilities
Coppermine Photo Gallery Detection
PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection
Pligg < 9.9.5 Multiple Remote Vulnerabilities
sawmill allows the reading of the first line of any file
FCKeditor for PHP-Nuke Arbitrary File Upload
Invision Power Board ssi.php f Parameter SQL Injection
MaxWebPortal memKey Parameter SQL Injection
iisPROTECT Encoded URL Authentication Bypass
Kayako LiveResponse Multiple Input Validation Vulnerabilities
Exhibit Engine styles.php toroot Parameter Remote File Inclusion
man2web Multiple Scripts Arbitrary Command Execution
WebAdmin < 3.2.6 MDaemon Account Hijacking
PHP < 5.2.9 Multiple Vulnerabilities
HotOpenTickets Privilege Escalation
wwwwais QUERY_STRING Parameter Remote Overflow
Philboard philboard_admin.ASP Authentication Bypass
GWExtranet gwextranet/scp.dll Multiple Variable Traversal Local File Inclusion
NOCC <= 1.0 Multiple Vulnerabilities
Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass
PowerPortal index.php index_page Parameter SQL Injection
Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload
DUforum Multiple Scripts SQL Injection
Finger CGI Remote Information Disclosure
MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
Pligg evb/check_url.php url Parameter SQL Injection
SocialEngine Blog Plugin category_id Parameter SQL Injection
IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities
Advanced Poll admin/index.php Session Identifier Replay Authentication Bypass
PT News Unauthorized Administrative Access
phpMyAdmin Detection
ViewVC Direct Request CVSROOT Information Disclosure
SPIP < 1.8.2-g Multiple Vulnerabilities
Achievo class.atkdateattribute.js.php config_atkroot Variable Remote File Inclusion
XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal
phpBB <= 2.0.11 Multiple Vulnerabilities
Limbo weblinks.html.php catid Parameter SQL Injection
Horde Horde_Image::factory driver Argument Local File Inclusion
phpLDAPadmin Anonymous Bind Security Bypass Vulnerability
phpWebSite index.php hub_dir Parameter Local File Inclusion
Tivoli Directory Server ldacgi.exe Template Variable Traversal Arbitrary File Access
Moodle filter/tex/texed.php pathname Parameter Remote Command Execution
Mantis < 0.17.5 Multiple Vulnerabilities
Apache Struts devMode Information Disclosure
ocPortal index.php req_path Parameter Remote File Inclusion
Acajoom Component for Joomla! <= 3.2.6 Backdoor
Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access
Shop-Script admin.php Admin Panel Security Bypass
Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc)
Invision Power Board Dragoran Portal Module index.php site Parameter SQL Injection
Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access
TWiki bin/configure image Parameter Traversal Arbitrary File Access/Execution
Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion
Plogger plog-download.php checked[] Parameter SQL Injection
Icecast XSL Parser Multiple Vulnerabilities (OF, ID)
phpBB Multiple Module phpbb_root_path Parameter Remote File Inclusion
osTicket <= 1.3.1 Multiple Vulnerabilities
Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure
Symantec Web Security (SWS) Multiple Vulnerabilities
Loudblog < 0.42 template Parameter Traversal
Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF)
PHPix index.phtml Multiple Parameter Arbitrary Command Execution
phpBB <= 2.0.13 Multiple Vulnerabilities
dotProject docs/ Directory Multiple Script Information Disclosure
NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing
Stadtaus Gaestebuch-Script index.php include_files Variable Remote File Inclusion
ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities
IRIX wrap CGI Traversal Arbitrary Directory Listing
P-Synch Password Management Multiple Vulnerabilities
WordPress WP-Forum forum_feed.php thread Parameter SQL Injection
ATutor Password Reminder SQL Injection
Novell Teaming Login User Account Enumeration Weakness
PHP-Update blog.php Variable Overwriting Arbitrary Code Execution
RunCMS <= 1.2 Multiple Vulnerabilities
csSearch csSearch.cgi setup Parameter Arbitrary Command Execution
YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution
PHPWebAdmin for hMailServer Multiple File Inclusions
3Com Network Supervisor Traversal Arbitrary File Access
EGroupWare Multiple Vulnerabilities (SQLi, ID)
PHP-Nuke Detection
IBM WebSphere snoopservlet Path Disclosure
Web Wiz check_user.asp txtUserName Parameter SQL Injection
ProductCart Multiple Scripts SQL Injection
Simplicity oF Upload download.php language Parameter Local File Inclusion
PSCS VPOP3 messagelist.html msglistlen Parameter DoS
BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Variable Remote File Inclusion
CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access
Apache Struts < 2.0.12 / 2.1.3 Dispatcher Directory Traversal
CVSTrac Ticket Title Arbitrary Command Execution
Woltlab Burning Board verify_email Function SQL Injection
Siteman Page User Database Privilege Escalation
XOOPS Article Module article.php id Parameter SQL Injection
Moodle < 1.4.3 Multiple Vulnerabilities
Microsoft IIS idq.dll Traversal Arbitrary File Access
Netwin Netauth netauth.cgi Traversal Arbitrary File Access
Serendipity exit.php Multiple Parameter SQL Injection
Microsoft IIS ASP::$DATA ASP Source Disclosure
Sun Server Console Authentication Bypass
Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion
Basilix Webmail Attachment Crafted POST Arbitrary File Access
WoltLab Burning Board Lite wbb_userid Variable PHP Unset SQL Injection
yappa-ng index.php album Parameter Local File Inclusion
TIPS MailPost Multiple Remote Vulnerabilities
X7 Chat help/index.php help_file Parameter Local File Inclusion
GuppY < 4.5.6a Multiple Vulnerabilities
Carello E-Commerce Carello.dll Command Execution
ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion
phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution
Loudblog backend_settings.php Multiple Parameter Remote File Inclusion
Expose for Joomla! (com_expose) uploadimg.php Arbitrary File Upload Code Execution
OpenBiblio < 0.5.2 Multiple Scripts Local File Inclusion
MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities
Webmin / Usermin Null Byte Filtering Vulnerabilities
Web Site sitemap.xml File and Directory Disclosure
Stronghold swish Search Script Information Disclosure
Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion
CVSTrac CVSROOT/passwd Arbitrary Account Deletion
MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion
MPM Guestbook Pro top.php Traversal Arbitrary File Access
XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)
PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
Trac Ticket Query Module group Parameter SQL Injection
DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQL Injection
osTicket Form Field Modification File Upload Size Restriction Bypass
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
Mambo Open Source Tar.php Remote File Inclusion
MyBB forumdisplay.php sortby Parameter Arbitrary PHP Code Execution
Joomla! components/com_user/models/reset.php Reset Token Validation Forgery
Exhibit Engine list.php Multiple Parameter SQL Injection
PHProxy Detection
Sambar Server /session/sendmail Arbitrary Mail Relay
Glimpse HTTP aglimpse Arbitrary Command Execution
Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution
Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure
Mini SQL w3-msql Arbitrary Directory Access
JamMail jammail.pl mail Parameter Arbitrary Command Execution
Webman I-Mall i-mall.cgi Arbitrary Command Execution
osCommerce Customer Testimonials customer_testimonials.php testimonial_id Parameter SQL Injection
cPanel FrontPage Extension Multiple Vulnerabilities
RunCMS Multiple Script lid Parameter SQL Injection
paFileDB includes/search.php categories Parameter SQL Injection
Mailgust Password Reminder email Field SQL Injection
ADOdb tmssql.php do Variable Arbitrary PHP Function Execution
Gallery < 2.0.3 Multiple Remote Vulnerabilities (XSS, Traversal)
Horde Help Viewer Arbitrary Code Execution
phpBB Knowledge Base Module kb.php cat Parameter SQL Injection
LDU Software/Version Detection
MyReview Admin.php email Parameter SQL Injection
Vignette StoryServer TCL Server Crash Information Disclosure
Advanced Poll info.php Remote Information Disclosure
A1Stats Multiple Script Traversal Arbitrary File Access
Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access
PAJAX < 0.5.2 Multiple Vulnerabilities
PHP-Ping index.php pingto Parameter Arbitrary Code Execution
Gallery init.php Authentication Bypass
phpBB Cash_Mod admin_cash.php Arbitrary Command Execution
nBill component for Joomla! index.php cid Parameter SQL Injection
Plogger plog-admin-functions.php config Parameter Remote File Inclusion
vCard define.inc.php match Parameter Remote File Inclusion
Mambo Site Server Multiple Vulnerabilities
phpWebSite index.php Search Module SQL Injection
Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities
MyBB member.php uid Parameter SQL Injection
Master Index search.cgi Traversal Arbitrary File/Directory Access
ZABBIX Web Interface Detection
Moodle lib/kses.php kses_bad_protocol_once Function Arbitrary PHP Code Execution
Sambar Server /sysadmin Default Accounts
eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
IlohaMail Unspecified Vulnerability
4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion
IceWarp Multiple Script Remote File Inclusion
Serendipity XML-RPC for PHP Remote Code Injection
phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion Vulnerability
Ruby on Rails Routing Code URL Code Evaluation DoS
Mobius DocumentDirect ddicgi.exe Long GET Request Overflow
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection
myGallery mygallerybrowser.php myPath Parameter Remote File Inclusion
IMP Software Detection
phpBannerExchange Template Class Local File Inclusion
LiteCommerce SQL Injection Vulnerabilities
Informix SQL Web DataBlade Module Traversal Arbitrary File Access
phpMyAdmin grab_globals.lib.php subform Variable Traversal Local File Inclusion
EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion
WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access
Simple PHP Blog comments.php Traversal Arbitrary File Access
ExtremeZ-IP File and Print Server Zidget/HTTP Server Traversal Arbitrary File Access
AutomatedShops WebC.cgi Installation Detection
phpCOIN < 1.2.2 2005-12-13 Fix-File Multiple Vulnerabilities
Horde Chora Software Detection
PHPNews news.php prevnext Parameter SQL Injection
BlackBoard Internet Newsboard System checkdb.inc.php libpath Variable Remote File Inclusion
aspWebAlbum album.asp SQL Injection
WordPress index.php cat Parameter Local File Inclusion
Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation
Blazix Trailing Character JSP Source Disclosure
MediaWiki JSON Callback Crafted API Request Information Disclosure
Extent RBS Web Server Image Parameter Traversal Arbitrary File Access
Matt Wright textcounter.pl Arbitrary Command Execution
Moodle Detection
ProductCart Multiple Vulnerabilities
Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access
Apache Tomcat TroubleShooter Servlet Information Disclosure
Simple Machines Forum Validation Code Prediction Arbitrary Password Reset
miniBB bb_func_txt.php pathToFiles Variable Remote File Inclusion
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
Sun Java System Identity Manager Account Disclosure
Plumtree Portal Default Credentials
PostNuke <= 0.760 RC2 Multiple Vulnerabilities
phpMyAdmin import_blacklist Variable Overwriting
Webmin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
XOOPS Multiple Modules spaw_control.class.php spaw_root Parameter Remote File Inclusion
PHP-Fusion Database Backup Disclosure
Monkey HTTP Daemon < 0.9.1 Multiple Vulnerabilities
Phorum Detection
Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)
Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Variable SQL Injection
PatchLink Update Server proxyreg.asp Arbitrary Proxy Manipulation
Jaws BlogModel.php path Parameter Remote File Inclusion
Joomla! CMS com_search Component default_results.php searchword Variable Remote Command Execution
RunCMS Detection
Mailman Utils.py Spoofed Log Entry Injection
Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities
F-Secure Policy Manager Path Disclosure
CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi)
vBulletin Detection
Ultimate PHP Board users.dat Multiple Vulnerabilities
Squirrelcart index.php Multiple Parameter SQL Injection
Stoc'an Shopping Cart shop.plx page Parameter Arbitrary Command Execution
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
JRun Multiple Sample Files Remote Information Disclosure
pluck < 4.5.3 Multiple Local File Include Vulnerabilities
CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion
AWOL helperfunction.php includedir Parameter Remote File Inclusion
ArGoSoft Mail Server Pro <= 1.8.7.6 Multiple Vulnerabilities (XSS, Traversal, Priv Esc)
DUware Multiple Products type.asp iType Parameter SQL Injection
Interspire ArticleLive Multiple Remote Vulnerabilities (XSS, Auth Bypass)
PMOS Help Desk form.php Arbitrary Code Execution
SIR GNUBoard Remote File Inclusion
Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS)
HP Instant TopTools hpnst.exe CGI DoS
e107 ePing Plugin doping.php Arbitrary Code Execution
TYPO3 spell-check-logic.php userUid Parameter Arbitrary Command Execution
CVSTrac Text Output Formatter SQL Injection DoS
PHP3 Error Message Physical Path Disclosure
Nuked-Klan function execution
Nag Detection
imageVue < 16.2 Multiple Vulnerabilities
Pages Pro filenote Parameter Traversal Arbitrary File Modification
Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)
Pixelpost index.php parent_id Parameter SQL Injection
PHP < 4.3.8 Multiple Vulnerabilities
Namazu < 2.0.14 Multiple Vulnerabilities
Drupal Comment Function Arbitrary Code Execution
e107 email.php Arbitrary Mail Relay
Maia Mailguard login.php lang Parameter Local File Inclusion
PHP-Calendar includes/search.php Multiple Parameter SQL Injection
SiteScope Web Service Unpassworded Access
phpMyFAQ index.php action Variable Local File Inclusion
osTicket <= 1.2.7 Multiple Vulnerabilities
Newbb_plus Module for RunCMS Client-Ip Header SQL Injection
SiteEnable Multiple Input Validation Vulnerabilities
JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID)
DokuWiki Detection
OpenNMS Web Console Default Credentials
Land Down Under HTTP Referer Header SQL Injection
Clever Copy connect.inc Direct Request Information Disclosure
phpWebSite <= 0.10.1 Multiple Vulnerabilities
AntiBoard antiboard.php Multiple Parameter SQL Injection
LifeType rss.php profile Parameter Traversal Arbitrary File Access
Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities
SquirrelMail S/MIME Plug-in Remote Command Execution
TYPO3 < 3.5.0 Multiple Vulnerabilities
Microsoft IIS newdsn.exe Arbitrary File Creation
Savant Web Server cgitest.exe Overflow
phpBB < 2.0.11 Multiple Vulnerabilities
CafeLog B2 Multiple Script Remote File Inclusion
Docebo GLOBALS Variable Overwrite Remote File Inclusion
Basilix Webmail .class / .inc Direct Request Remote Information Disclosure
PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion
Drupal XML-RPC for PHP Remote Code Injection
YaPiG < 0.95b Multiple Vulnerabilities
Looking Glass Multiple Vulnerabilities
WordPress check_ajax_referer() Function SQL Injection
VHCS login.php check_login() Function Authentication Bypass
CVSTrac history.c history_update Function Overflow
Website Baker REMEMBER_KEY Cookie SQL Injection
PhpWebGallery comments.php sort_by Parameter SQL Injection
PHP-Nuke sql_debug Information Disclosure
Matt Wright guestbook.pl Arbitrary Command Execution
Netscape PSCOErrPage.htm errPagePath Parameter Traversal Arbitrary File Access
Hosting Controller HCDiskQuoteService.csv Direct Request Information Disclosure
XAMPP Example Pages Detection
Joomla! < 1.0.11 Multiple Vulnerabilities
PHPNews auth.php path Parameter Remote File Inclusion
Sambar Server Multiple Script Arbitrary Code Execution
FtpLocate flsearch.pl fsite Parameter Remote File Inclusion
Ipswitch WhatsUp Gold <= 8.04 Multiple Vulnerabilities
phpWebSite < 0.9.x Multiple Vulnerabilities
Apache Tomcat source.jsp Arbitrary Directory Listing
Invision Power Board ipchat.php root_path Parameter Remote File Inclusion
SimpleChat Information Disclosure
XOOPS Detection
LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities
phpGroupWare Unspecified Remote File Inclusion
IceWarp Web Mail Multiple Flaws (3)
Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay
Geeklog User Comment Retrieval SQL Injection
Microsoft IIS global.asa Remote Information Disclosure
Open Virtual Desktop Detection
Sympa wwsympa.fcgi Unauthorised List Creation
VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution
Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing
osTicket setup.php Accessibility
Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities (Cmd Exec, Traversal)
Ipswitch WhatsUp Professional Login.asp Multiple Field SQL Injection
DUclassmate Multiple Scripts SQL Injection
NETFile FTP/Web Server Directory Traversal Arbitrary File Access
SiteMinder smpwservicescgi.exe Arbitrary Site Redirect
LinPHA <= 1.0 Multiple Vulnerabilities
Pluck update.php Remote Privilege Escalation
Netquery <= 3.1 Multiple Vulnerabilities
BasiliX login.php3 username Variable Arbitrary Command Execution
PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access
Sawmill < 7.1.6 Multiple Vulnerabilities
Nukestyles.com viewpage.php Addon for PHP-Nuke File Variable Traversal Arbitrary File Access
BugPort Attached File Handling Unspecified Issue
SimpleBoard / Joomlaboard Multiple Script sbp Parameter Remote File Inclusion
CVSTrac Invalid Ticket DoS
Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more)
SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access
WebCalendar send_reminders.php includedir Parameter Remote File Inclusion
NetWin CWmail.exe Item Parameter Remote Overflow
my_gallery Plugin for e107 dload.php file Parameter Arbitrary File PHP Source Disclosure
Owl < 0.74.0 Multiple Vulnerabilities
Calendarix Multiple Vulnerabilties (SQLi, XSS)
AppServ appserv/main.php appserv_root Variable Remote File Inclusion
SquirrelMail < 1.45 Multiple Vulnerabilities
Horde Turba Detection
FlexCast Server Terminal Authentication Unspecified Remote Issue
Web Server /cgi-bin Shell Access
MailEnable HTTPMail Service Authorization Header Remote Overflow
Sphider configset.php settings_dir Parameter Remote File Inclusion
CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion
Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS
Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion
Sympa Malformed Content-Type Header Remote DoS
Coppermine imageObjectIM.class.php Command Execution Vulnerabilities
Pixelpost index.php Multiple Parameter SQL Injection
WebSpeed Messenger Administration Utility Unauthenticed Access
Geronimo Console Default Credentials
Movable Type mt-load.cgi Privilege Escalation
Openfire Admin Console Remote Privilege Escalation
AngelineCMS loadkernel.php installPath Variable Remote File Inclusion
Roxen Web Server Counter Module Crafted Request Saturation DoS
Samba Web Administration Tool (SWAT) Detection
CVSweb Detection
Basilix Webmail id Variable SQL Injection
WordPress < 0.72 RC1 Multiple Vulnerabilities
phpMyFAQ < 1.5.2 Multiple Vulnerabilities
Adobe Breeze Directory Traversal Arbitrary File Access
Adobe Connect Enterprise Server Information Disclosure
Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval
Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc)
MailEnable Professional HTTPMail GET Request Remote Overflow
OpenX fc.php MAX_type Parameter Traversal Local File Inclusion
Guestbook tr3.a Password Disclosure
FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
Zen Cart password_forgotten.php admin_email Parameter SQL Injection
bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)
JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Traversal Arbitrary File Manipulation
VP-ASP shopsearch SQL injection (SQLi)
phpList <= 2.10.8 Variable Overwriting
/doc Directory Browsable?
getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities
Snitz Forums 2000 register.asp Email Parameter SQL Injection (banner check)
WordPress Trackback Charset Decoding SQL Injection
BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS)
Geeklog Detection
eggBlog index.php eggblogpassword Variable Cookie SQL Injection
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
iWebNegar Multiple Scripts SQL Injection
Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD)
e107 e107_cookie Parameter SQL Injection
CVSTrac Detection
PHP-Nuke Network Tools Add-On Arbitrary Command Execution
Microsoft IIS Multiple Vulnerabilities (MS02-018)
Oreon lang/index.php file Parameter Remote File Inclusion
popper_mod PHP Administration Script Authentication Bypass
Trend Micro ControlManager < 3.0 SP5 Multiple Vulnerabilities
phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion
OmniHTTPd imagemap.exe CGI Remote Overflow
ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities
Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
CVSTrac filediff Arbitrary Remote Code Execution
TYPO3 jumpUrl Mechanism Information Disclosure
MyBB global.php Global Variable Overwrite
Nucleus CMS < 3.15 Multiple Vulnerabilities
phpBB < 2.0.17 Nested BBCode URL Tags Cross-Site Scripting Vulnerability
HP OpenView Network Node Manager Multiple Scripts Remote Command Execution
IdealBB Multiple Vulnerabilities (XSS, SQLi, more)
MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite
Microsoft ASP.NET Malformed File Request Path Disclosure
Cacti < 0.8.6f Multiple Vulnerabilities (Priv Esc, Cmd Exe)
Way-board way-board.cgi db Parameter Arbitrary File Access
phpMyAdmin export.php what Parameter Traversal Arbitrary File Access
Sendcard sendcard.php id Parameter SQL Injection
Linksys WVC54GCA Wireless-G /img/main.cgi Information Disclosure Vulnerability
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities
WebCalendar < 1.0.2 Multiple Vulnerabilities
Moodle index.php tag Parameter SQL Injection
EZPhotoSales Multiple Configuration Files Remote Information Disclosure
CubeCart Detection
AWStats migrate Parameter Arbitrary Command Execution
Zanfi CMS Lite index.php inc Parameter Remote File Inclusion
Mnogosearch search.cgi Multiple Parameter Remote Overflows
Directory Browsing Enabled?
FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution
PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read
LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
PHP-Fusion extract() Global Variable Overwriting
Microsoft BizTalk Server Multiple Remote Vulnerabilities
Help Center Live class/auth.php check_logout Function Admin Authentication Bypass
SimpleFAQ Component for Joomla! aid Parameter SQL Injection
PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities
LifeType index.php articleId Parameter SQL Injection
CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution
ArGoSoft Mail Server Multiple Traversals
paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection
IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal)
vBulletin includes/init.php Unspecified Vulnerability
Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities
Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion
ModernBill <= 4.3.0 Multiple Vulnerabilities
Photopost PHP Pro photo Parameter SQL Injection
Jaws language Parameter Multiple Local File Includes
Moodle < 1.5.3 Multiple SQL Injection Vulnerabilities
Drupal Software Detection
MailScan WebAdministrator Cookie Authentication Bypass
WEBrick Encoded Traversal Arbitrary CGI Source Disclosure
MODx < 0.9.1a Multiple Vulnerabilities
ht://Dig htsearch Multiple Vulnerabilities
vBulletin calendar.php eventid Variable SQL Injection
Big Brother bb-hostsvc.sh HOSTSVC Parameter Traversal Arbitrary File Access
Wordtrans-web exec_wordtrans Function Arbitrary Command Execution
NewsScript newsscript.pl mode Parameter Privilege Escalation
Moodle LaTeX Information Disclosure
SalesLogix eViewer slxweb.dll Request Remote DoS
Cacti index.php/sql.php Login Action login_username Variable SQL Injection
US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure
PHP Surveyor Multiple Vulnerabilities
boastMachine users.inc.php File Extension Validation Arbitrary File Upload
Sympa wwsympa Invalid LDAP Password Remote DoS
ClearSpace Detection
ACal embed/day.php path Variable Remote File Inclusion
NextApp Echo XML External Entity Handling Privilege Escalation
WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion
Simple Form Subject Tags Arbitrary Mail Relay
JBrowser Multiple Vulnerabilities (Auth Bypass, Traversal)
LifeType for Drupal (pLog) index.php albumId Parameter SQL Injection
phpMyConferences menus.inc.php lvc_include_dir Parameter Remote File Inclusion
toendaCMS < 0.6.2.1 Multiple Vulnerabilities
ADOdb Lite adodb-perf-module.inc.php last_module Variable Arbitrary Code Execution
PostNuke <= 0.760 RC4b Multiple Vulnerabilities
ICQ Web Front Service guestbook.cgi DoS
WebSPIRS webspirs.cgi Traversal Arbitrary File Access
Chipmunk Forum Multiple SQL Injections
Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection
cPanel guestbook.cgi template Variable Arbitrary Command Execution
phpBB <= 2.0.12 Multiple Vulnerabilities
CuteNews Detection
LimeSurvey sUser Variable SQL Injection
WebSpeed Workshop Arbitrary Command Execution
RaidenHTTPD workspace.php ulang Parameter Local File Inclusion
Horde Chora CVS Viewer diff Utility Arbitrary Command Execution
phpFormGenerator Arbitrary File Upload
PayPal Store Front index.php page Parameter Remote File Inclusion
Coppermine Photo Gallery displayimage.php SQL injection
PhpDig config.php relative_script_path Parameter Remote File Inclusion
FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution
Hosting Controller Multiple Script ForumID Parameter SQL Injection
ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure
OpenEMR C_FormEvaluation.class.php fileroot Parameter Remote File Inclusion
Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS)
TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow (2)
Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
Java (.java / .class) Source Code Disclosure
Zenphoto rss.php albumnr Parameter SQL Injection
phpBB Advanced GuestBook addentry.php phpbb_root_path Variable Remote File Inclusion
iXmail Multiple Script Arbitrary File Manipulation
i-Gallery <= 3.3 Multiple Vulnerabilities
AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation
RunCMS Remote Arbitrary File Upload Vulnerability
phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution
ShopCartCGI Multiple Script Traversal Arbitrary File Access
ashNews 0.83 Multiple Vulnerabilities
PHP < 5.2.1 Multiple Vulnerabilities
Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access
Sitecore CMS < 5.3.2 rev. 090212 Web Service Security Database Information Disclosure
Horde go.php url Parameter Arbitrary File Access
Allaire JRun Crafted Request WEB-INF Forced Directory Listing
BroadBoard Multiple Script SQL Injection
Wikka wikka.php Local File Inclusion
XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion
Calendarix calendar.php Multiple Parameter SQL Injection
Microsoft IIS advsearch.asp Direct Request DoS
Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)
Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion
Moodle moodledata/sessions/ Session Files Remote Information Disclosure
Aventail ASAP Platform Management Console Detection
Squid cachemgr.cgi Proxied Port Scanning
iXmail index.php password Parameter SQL injection
BLNews objects.inc.php4 Server[path] Variable Remote File Inclusion
BulletScript MailList bsml.pl Information Disclosure
INL ulog-php port.php proto Parameter SQL Injection
Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure
Firefly Media Server Limited Directory Traversal Admin Credential Disclosure
Nimda Worm Infected HTML File Detection
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution
WebAPP apage.cgi f Parameter Arbitrary Command Execution
AMember Multiple Script config[root_dir] Parameter Remote File Inclusion
JBoss %00 Request JSP Source Disclosure
cPanel Backup File Local Disclosure
KorWeblog < 1.6.2 Multiple Vulnerabilities
PHPCatalog id Parameter SQL Injection
IRIX pfdisplay.cgi Arbitrary File Access
vTiger < 4.5a2 Multiple Vulnerabilities
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution
MyBB misc.php fid Parameter SQL Injection
Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation
phpList cline Parameter Array Remote File Inclusion
Mantis manage_user_create.php CSRF New User Creation
PHP/FI php.cgi Traversal Arbitrary File Access
Bugzilla Multiple Remote Command Execution
PHP < 5.2.5 Multiple Vulnerabilities
phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)
Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities
phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion
Mantis < 0.19.3 Multiple Vulnerabilities
GForge top/topusers.php offset Parameter SQL Injection
Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access
XOOPS Dictionary Module print.php id Parameter SQL Injection
ePolicy Orchestrator Local Information Disclosure Vulnerability
WowBB <= 1.61 Multiple Vulnerabilities
w-Agora 4.1.6a Multiple Input Validation Vulnerabilities
Contenido contenido/classes/class.inuse.php Multiple Variable Remote File Inclusion
Hosting Controller Software Detection
myphpPageTool /doc/admin/index.php ptinclude Parameter Remote File Inclusion
Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution
XEROX CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008)
WebCalendar login.php webcalendar_session Cookie SQL Injection
PHP Support Tickets index.php Multiple Parameter SQL Injection
Coppermine Photo Gallery < 1.3.2 Multiple SQL Injections
Sambar Server cgitest.exe Remote Overflow
PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities
Profense Web Application Firewall Default Credentials
WebSite Pro Malformed URL Path Disclosure
RoundCube Webmail bin/html2text.php Post Request Remote PHP Code Execution
Cacti < 0.8.6e Multiple Vulnerabilities (SQLi, RFI)
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
RiSearch show.pl Arbitrary File Access
IBM WebSphere Application Server %20 Request Source Disclosure
SquirrelMail < 1.4.6 Multiple Vulnerabilities
HP System Management Homepage < 3.0.1.73 Multiple Flaws
phpWebFTP index.php language Parameter Local File Inclusion
Forum51/Board51/News51 Users Disclosure
@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion
ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval
WordPress blog.header.php Multiple Parameter SQL Injection
TrackerCam Multiple Remote Vulnerabilities
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution
Jinzora Multiple Script include_path Parameter Remote File Inclusion (2)
Informix webdriver CGI Unauthenticated Database Access
Multiple Server Crafted Request WEB-INF Directory Information Disclosure
NetworkActiv Web Server Crafted Filename Request Script Source Disclosure
AsteriDex callboth.php Multiple Variable CRLF Injection Arbitrary Command Execution
Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities
XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion
Cacti copy_cacti_user.php template_user Variable SQL Injection
Webmin / Usermin miniserv.pl Arbitrary File Disclosure
Ingo Foldername Arbitrary Command Execution
IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities
phpList Detection
Dream4 Koobi CMS index.php area Parameter SQL Injection
TextPortal Default Passwords
Coppermine Photo Gallery index.php file Parameter Local File Inclusion
Trend Micro InterScan Web Security Suite Default Credentials
Silent-Storm Portal Multiple Input Validation Vulnerabilities
Upload Lite upload.cgi Arbitrary File Upload
PHP < 3.0 mylog.html/mlog.html Arbitrary File Access
SimpGB guestbook.php quote Parameter SQL Injection
TikiWiki jhot.php Arbitrary File Upload
phpCOIN <= 1.2.1b Multiple Vulnerabilities
Moodle < 1.3.3 Multiple Vulnerabilities
Axis Storpoint CD Admin Authentication Bypass
Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc)
XAMPP < 1.4.14 Multiple Vulnerabilities
Sun Java ASP Server Default Admin Password
Zen Cart products_id[] Array SQL Injection
Kebi Academy Home Page Administration file Parameter Traversal Arbitrary File Access
phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities
WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities
phpMyAdmin < 2.5.2 Multiple Vulnerabilities
X7 Chat index.php day Parameter SQL Injection
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access
Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities
PHP Multiple Image Processing Functions File Handling DoS
Mambo < 4.6.5 mos_user_template Local File Inclusion
Ignite Gallery Component for Joomla! index.php gallery Parameter SQL Injection
Novell GroupWise WebAccess Error Handler Authentication Bypass
Coppermine Photo Gallery album Password Cookie SQL Injection
PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection
Qualiteam X-Cart Multiple Vulnerabilities
QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection
Matt Wright FormHandler.cgi Arbitrary File Access
Asterisk Recording Interface (ARI) misc/audio.php recording Variable Traversal Arbitrary File Access
DotNetNuke Upgrade Process validationkey Generation Weakness Privilege Escalation
ExoPHPDesk faq.php id Variable SQL Injection
Multiple Vendor view_source CGI Traversal Arbitrary File Access
Zen Cart ipn_main_handler.php custom SQL Injection
Dokeos < 1.6.4 / 2.0.3 Multiple Scripts Remote File Inclusion
Microsoft IIS search.asp Direct Request DoS
CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection
PhpDig < 1.8.5 Unspecified Vulnerability
MailEnable HTTPMail Service Content-Length Header Overflow
Gallery save_photos.php Arbitrary Command Execution
Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure
EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion
Gallery HTTP Global Variables File Inclusion
paFileDB <= 3.1 Multiple Vulnerabilities (2)
Apache mod_jk Long URL Worker Map Stack Overflow
ActualAnalyzer Lite style Variable Traversal Local File Inclusion
Invision Power Board sources/post.php qpid Parameter SQL Injection
Goscript go.cgi Arbitrary Command Execution
Seditio plug.php pag_sub Parameter SQL Injection
gigCalendar Component for Joomla! gigcal_gigs_id Parameter SQL Injection
Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing
vBulletin <= 3.0.9 Multiple Vulnerabilities
SquirrelMail Multiple Remote Vulnerabilities
phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities
OpenWebMail < 1.90 Multiple Vulnerabilities
CubeCart < 3.0.13 Multiple Remote Vulnerabilities (LFI, SQLi, XSS)
PHPX admin/index.php username Parameter SQL Injection
PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access
XOOPS 1.0 RC1 Multiple Vulnerabilities
DUamazon Pro Multiple Scripts SQL Injection
SilverStream Database Structure Disclosure
PHPNews auth.php Multiple Parameter SQL Injection
ServletExec 4.1 / JRun ISAPI Multiple DoS
DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)
FlatNuke index.php id Variable Traversal Arbitrary File Access
SHOUTcast Server Filename Handling Format String
IceWarp Web Mail Multiple Flaws (2)
iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read
vTiger CRM Directory File Disclosure
XOOPS WF-Section Module print.php articleid Parameter SQL Injection
Coppermine Photo Gallery include/functions.inc.php _data Cookie lang Variable Traversal Local File Inclusion
Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access
Mini SQL CGI content-length Field Remote Overflow
ZPanel 2.0 Multiple Script Remote File Inclusion
Exponent CMS index.php view Variable Local File Inclusion
Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID)
Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access
PostNuke Members_List Module Information Disclosure
Adobe Document Server File URI Resource Access Issue
Super Guestbook superguestconfig Admin Password Disclosure
ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal)
AWStats is Openly Accessible
CubeCart index.php cat_id Parameter SQL Injection
WowBB view_user.php Multiple Parameter SQL Injection
Jinzora name Parameter Local File Inclusion
J Walk Application Server Encoded Traversal Arbitrary File Disclosure
Packeteer Web Management Interface Detection
Dune Web Server GET Request Remote Overflow
Home Free search.cgi Traversal Arbitrary File Access
Web Server /cgi-bin Perl Interpreter Access
Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion
AWStats Referrer Arbitrary Command Execution Vulnerability
Jinzora Multiple Script include_path Parameter Remote File Inclusion
HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access
phpWebSite Image Announcement Upload Arbitrary Command Execution
SPiD lang.php lang_path Remote File Inclusion
BASE Multiple Script BASE_path Parameter Remote File Inclusion
SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure
CuteNews Debug Info Disclosure
JRun Web Server (JWS) GET Request Traversal Arbitrary File Access
BizMail bizmail.cgi Arbitrary Mail Relay
SilverNews < 2.0.4 Multiple Vulnerabilities
phpBB up.php Arbitrary File Upload
Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution
Bitweaver wiki/edit.php suck_url Variable Traversal Source Code Disclosure
ping.asp CGI Arbitrary Command Execution
Drupal Unspecified Privilege Escalation
GuppY inc/includes.inc selskin Parameter Traversal Local File Inclusion
Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution
phpWebThings Multiple Scripts SQL Injection
IBM Websphere Commerce Database Update Information Disclosure
Ipswitch WhatsUp Professional Crafted Header Authentication Bypass
MediaWiki Multiple Remote Vulnerabilities
X-News Password MD5 Hash Authentication Bypass
Gallery Install Log Local Information Disclosure
Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass
HotNews Multiple Script Remote File Inclusion
RunCMS xoopsOption Parameter Local File Inclusion
EasyWeb FileManager pathtext Traversal Arbitrary File/Directory Access
Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution
cPanel <= 9.1.0 Multiple Vulnerabilities
Icecast list_directory Function Traversal File/Directory Enumeration
Ocean12 ASP Guestbook Manager Database Download
OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness
Joomla! < 1.0.11 Unspecified Remote Code Execution
OpenCms < 6.2.2 Multiple Vulnerabilities
osCommerce shopping_cart.php id Array Parameters SQL Injection
w-Agora index.php site Parameter Traversal Arbitrary File Access
SquirrelMail < 1.4.18 map_yp_alias Function Remote Code Execution
CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval
E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion
Adcycle build.cgi Remote Password Disclosure
PGPMail.pl detection
PostNuke <= 0.760 RC4a Multiple Vulnerabilities
NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation
Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities
Horde Turba status.php Path Disclosure
Netscape Enterprise Server Default Files Present
PHP < 4.2.x mail Function CRLF Injection
Nuked-Klan index.php user_langue Parameter Traversal Arbitrary File Access
phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities
Web Site Cross-Domain Policy File Detection
ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI)
phpBB viewtopic.php highlight Parameter SQL Injection
IRIX webdist.cgi Arbitrary Command Execution
WordPress Cookie cache_lastpostdate Parameter PHP Code Injection
WP-Lytebox pg Parameter Local File Inclusion
PHPNews sendtofriend.php SQL Injection
Limbo CMS index.php Itemid Variable Arbitrary Command Execution
eLDAPo index.php Cleartext Password Disclosure
phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification
PHP < 5.2.6 Multiple Vulnerabilities
TalentSoft Web+ webplus.exe Path Disclosure
Mantis < 1.0.0rc2 Multiple Vulnerabilities
ASP-Rider verify.asp username Parameter SQL Injection
MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF)
PPA functions.inc.php ppa_root_path Variable File Inclusion
paNews Detection
CoolForum Multiple Vulnerabilities (SQLi, XSS)
EGroupWare Software Detection
XOOPS xoopsConfig[language] Parameter Local File Inclusion (DSECRG-08-040)
XOOPS Articles Module print.php id Parameter SQL Injection
Mozilla Bonsai Mutiple Flaws (Auth Bypass, XSS, Cmd Exec, PD)
Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Remote Vulnerabilities (LFI, SQLi)
phpMyFAQ < 1.6.10 Multiple Script Arbitrary File Upload
Openfire AuthCheck Authentication Bypass
Sniplets Plugin for WordPress execute.php text Parameter Arbitrary Command Execution
phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)
htgrep hdr Parameter Arbitrary File access
IBM Lotus Domino Web Server $defaultNav Information Disclosure
Sympa Detection
Sun ONE (iPlanet) Application Server Detection
ELOG Web LogBook global Denial of Service
PostNuke Detection
CopperExport XP_Publish.PHP SQL Injection Vulnerability
Easy File Sharing Web Server ACL Bypass
Snitz Forums 2000 3.4.03 Multiple Vulnerabilities
Verity UltraSeek 3.1.x Malformed URL Remote DoS
Alibaba alibaba.pl Arbitrary Command Execution
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities
Claroline claro_init_local.inc.php extAuthSource[newUser] Variable Remote File Inclusion
PHP 5.2.7 magic_quotes_gpc Security Bypass
Serendipity < 0.7.0beta3 Multiple Vulnerabilities
NETFile Default Credentials
myEvent Multiple Remote Vulnerabilities
ASP.NET DEBUG Method Enabled
Xaraya Software/Version Detection
Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)
ASPrunner 2.4 Multiple Vulnerabilities
DokuWiki config_cascade Parameter Remote File Inclusion
Digital Scribe login.php SQL Injection
P-News p-news.php Name Field Privilege Escalation
Merak Webmail / IceWarp Web Mail 5.2.8 Multiple Vulnerabilties
PostNuke Sections Module Information Disclosure
Plain Old Webserver URI Traversal Arbitrary File Access
Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion
Aprox PHP Portal index.php Arbitrary File View
News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access
Metertek pagelog.cgi Traversal Arbitrary File Access
Mort Bay Jetty URL Multiple Slash Character Information Disclosure
WebGUI user profile Unspecified Vulnerability
Symantec Mail Security for SMTP Admin Center Default Credentials
Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
SimpleBBS users disclosure
Microsoft Outlook Web Access (OWA) Version Detection
OTRS SOAP Interface Unauthenticated Object Manipulation
IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access
CubeCart < 2.0.6 settings.inc.php Multiple Script XSS
Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval
RiSearch show.pl Open Proxy Relay
ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
WordPress query.php is_admin() Function Information Disclosure
HP OpenView Network Node Manager Multiple CGI Remote Overflows
TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities
Invision Gallery index.php st Parameter SQL Injection
MyBB HTTP Header CLIENT-IP Field SQL Injection
Resin viewfile Servlet Arbitrary File Disclosure
FAQManager Arbitrary File Reading Vulnerability
YaBB SE Cookie Authentication Bypass
YaNC yanc.html.php listid Parameter SQL Injection
WebCalendar Login Error Message User Account Enumeration
EATON MGE Network Shutdown Module < 3.20 Authentication Bypass / Command Execution
AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc)
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)
paNews 2.0.4b Multiple Input Validation Vulnerabilities
Sympa wwsympa do_search_list Overflow DoS
ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal)
phpMyWebHosting Authentication SQL Injection
CakePHP vendors.php file Variable Traversal Arbitrary File Access
InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation
Gallery Zipcart Module Arbitrary File Disclosure
Site Sift Listings detail.php id Parameter SQL Injection
DCP-Portal Multiple Script Path Disclosure
WordPress 2.1.1 Multiple Script Backdoor
HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610)
Movable Type < 3.2 Multiple Vulnerabilities
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities
Invision Power Board index.php Members Action st Parameter SQL Injection
MAILNEWS mailnews.cgi Arbitrary Command Execution
N/X Web Content Management Multiple Script Remote File Inclusion
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access
Apache Tomcat Directory Listing and File disclosure
PHP-Fusion Detection
MyBB Detection
UBB.threads editpost.php Number Parameter SQL Injection
CitrusDB Static id_hash Admin Authentication Bypass
/perl Directory Browsable?
MyBB comma Cookie SQL Injection
4D WebSTAR Tomcat Plugin Remote Buffer Overflow
Bharat Mediratta Gallery includedir Parameter Remote File Inclusion
Zen Cart Detection
Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation
WordPress AdServe adclick.php id Parameter SQL Injection
UBB.threads doeditconfig Arbitrary Command Injection
miniPortail admin.php Cookie Manipulation Privilege Escalation
CGI Generic Remote File Inclusion Vulnerability
CuteNews search.php files_arch Array Arbitrary File Access
vBulletin authorize.php x_invoice_num Variable SQL Injection
dotCMS Multiple Script id Parameter Traversal Local File Inclusion
PmWiki < 2.1.21 Global Variables Overwriting
Multiple Vendor test-cgi Arbitrary File Access
Mantis Detection
OmniPro HTTPd 2.08 Encoded Space Request Script Source Disclosure
phpList <= 2.6.3 Multiple Vulnerabilities
IlohaMail Multiple External Programs Arbitrary Command Execution
RaidenHTTPD check.php SoftParserFileXml Parameter Remote File Inclusion
Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access
TWiki ImageGalleryPlugin Shell Command Injection
Miva htmlscript Traversal Arbitrary File Access
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities
ServerView Servername Parameter Arbitrary Command Execution
TorrentTrader download.php id Parameter SQL Injection
Zen Cart password_forgotten.php Admin Access Bypass
PostNuke Rating System DoS
ActivePerl findtar Sample Script Remote Command Execution
Help Center Live osTicket Module Multiple Unspecified SQL Injections
PHPLinks Multiple Input Validation Vulnerabilities
Justice Guestbook 1.3 Multiple Vulnerabilities
PHP TopSites setup.php Administration Authentication Bypass
Easy File Sharing Web Server Information Disclosure
MaxWebPortal <= 1.35 Multiple Vulnerabilities
PALS Library System WebPALS pals-cgi Multiple Vulnerabilities
Geeklog SEC_authenticate Function SQL Injection
TUTOS < 1.2 Multiple Input Validation Vulnerabilities
SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion
Joomla! index.php mosConfig_absolute_path Parameter Remote File Inclusion
paFileDB SQL injection
CherryPy staticFilter Traversal Arbitrary File Access
osTicket Attachment Handling File Upload Arbitrary Code Execution
PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion
Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration
Listserv < 14.5 Multiple Buffer Overflows
Ocean12 ASP Calendar Administrative Access
SAP Internet Graphics Server (IGS) Traversal Arbitrary File Access
cfWebStore Multiple Vulnerabilities (SQLi, XSS)
ASG-Sentry CGI Detection
Bugzilla < 2.16.7 / 2.18.0rc3 Multiple Information Disclosures
Mantis < 0.19.1 Multiple Vulnerabilities
.svn/entries Disclosed via Web Server
eFiction < 2.0.2 Multiple Remote Vulnerabilities (SQLi, XSS, Disc)
Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution
HP System Management Homepage (SMH) on Windows Namazu lang Parameter Traversal Arbitrary File Access
EDIMAX EW-7205APL Wireless AP Default Password Check
Original inc/exif.inc.php exif_prog Parameter Arbitrary Command Execution
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access
Mambo MOStlyCE Mambot Arbitrary File Rename
Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass
miniBB index.php user Variable SQL Injection
Listserv < 14.3-2005a Multiple Vulnerabilities
web-app.org WebAPP Encoded Request .dat File Disclosure
MondoSearch MsmMask.exe Arbitrary Script Source Disclosure
MediaWiki Detection
Centreon fileOreonConf Parameter File Include Vulnerabilities
Help Center Live module.php file Parameter Local File Inclusion
IRIX handler CGI Arbitrary Command Execution
Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution
CubeCart <= 2.0.6 Multiple SQL Injections
paFileDB sessions Directory Admin Hashed Password Disclosure
Axis 2400 Network Camera Multiple Vulnerabilities
Tenable Security Center Default Credentials
php-proxima autohtml.php Arbitrary File Retrieval
WebCalendar includes/functions.php noSet Variable Overwrite
Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion
Goollery < 0.04b Multiple Vulnerabilities
Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cookie SQL Injection
Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation
Pinnacle ShowCenter Skin DoS
BEA WebLogic SSIServlet Invocation Source Code Disclosure
WordPress wp-login.php HTTP Response Splitting
Emulive Server4 Authentication Bypass
Easy Address Book Web Server Query Remote Format String
Redhat Stronghold status / info Request Information Disclosure
WebCalendar assistant_edit.php Unauthorized Access
zml.cgi Directory Traversal
MailEnable HTTPMail Service Authorization Header Handling Remote DoS
PBLang < 4.66z Multiple Vulnerabilities
Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure
IlohaMail Configuration Scripts Remote Disclosure
OpenBB index.php CID Parameter SQL Injection
IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection
PHP iCalendar Multiple Script Remote File Inclusion
Web Server Generic 3xx Redirect
GTcatalog index.php custom Parameter Remote File Inclusion
Thunderstone Software Texis Nonexistent File Request Path Disclosure
Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
HSWeb HTTP Server /cgi Directory Request Path Disclosure
Macallan Mail Solution Web Interface Multiple Vulnerabilities (Auth Bypass, DoS)
PHP Mail Function Header Spoofing
rot13sj.cgi Arbitrary File Access
Dolphin Multiple Scripts Remote File Inclusion
PunBB search.php old_searches Parameter SQL Injection
EZsite Forum Discloses Passwords to Remote Users


Les derniers commentaires publiés sur SecuObs (6-25):
- Vidéo : P. Kleissner Stoned Bootkit preview, full at BH 09 Las Vegas
- SSTIC 2009 Challenge vs Metasm
- Vidéo : Password cracking with L0phtcrack 6
- DLL injection by modifying an executable file
- reverse shell from SQLi with 1 HTTP request, no extra channel to upload initial
- Hackers crack ColdFusion
- Vidéo : Hiding Files with NTFS Alternative Data Streams
- Whitepaper Understanding and using RFID
- phpMyAdmin exploited in masses
- Update: PyLoris 1.8
- ESRT @dougburks - Richard Bejtlich's Wireshark 12 Tutorial
- ESRT @Carlos_Perez @joswr1ght WPA2-PSK cracker Cowpatty 46 with less teh suck
- ESRT @dougburks Synjunkie on DNS BackTrack 4 tools Fierce and DNSRecon
- Draft 2 of OVAL Version 5.6 Now Available
- Microsoft Gazelle browser : A layperson explanation
- ESRT @bytz @developerworks Analysis Tool for Java data race and deadlock connect
- ESRT @bytz @unixmen New Kernel Vulnerabilities Affect Ubuntu 6.06, 8.04 and 8.10
- ModSecurity Denial of Service
- OpenFlow 0.9.0 RC1 has been released
- ESRT @davegball Tool to detect Metasploit Meterpreter anti-forensics tactics


SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Archives Failles Secunia :
- SA35687 Gentoo update for mod_security
- SA35686 Gentoo update for libwmf
- SA35699 Red Hat update for ruby
- SA35697 Red Hat update for pidgin
- SA35688 Ubuntu update for nagios2 and nagios3

Archives Mailing Full Disclosure :
- Full-disclosure Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products
- Full-disclosure Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability
- Full-disclosure Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
- Full-disclosure Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
- Full-disclosure SSANZ - Server Systems Administration NZ.

Archives Mailing Bugtraq :
- Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products
- Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability
- Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
- Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
- Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome
- SECURITY DSA 1825-1 New nagios2/nagios3 packages fix arbitrary code execution

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :