Vulnerability Name CVE Vulnerability checks added in
advertisement
Vulnerability Name
CVE
WordPress wp-includes/comment.php Send Trackbacks Field
CVE-2010-4257
SQL Injection
WPtouch Plugin for Wordpress wp-content/plugins/wptouch/
include/adsense-new.php wptouch_settings Parameter XSS
BugTracker.NET edit_bug.aspx pcd Parameter XSS
CVE-2010-3266
Pandora FMS operation/agentes/networkmap.php layout
CVE-2010-4278
Parameter Arbitrary Command Injection
ZyXEL P-660R-T1 /Forms/home_1 script HomeCurrent_Date
Parameter XSS
Pandora FMS ajax.php id_group Parameter SQL Injection
CVE-2010-4280
Pandora FMS operation/agentes/estado_agente.php group_id
CVE-2010-4280
Parameter SQL Injection
Pandora FMS ajax.php page Parameter Remote File Inclusion
CVE-2010-4281
Pandora FMS ajax.php Page Parameter Traversal Arbitrary File
CVE-2010-4282
Access
Pandora FMS pandora_diag.php argv[1] Parameter Remote File
CVE-2010-4283
Inclusion
Eclime create_account.php country Parameter SQL Injection
D-Link DIR-615 tools_admin.php Unspecified Access Restriction
Bypass
BugTracker.NET edit_comment.aspx bug_id Parameter XSS
CVE-2010-3266
BugTracker.NET edit_customfield.aspx default_name Parameter
CVE-2010-3266
XSS
BugTracker.NET edit_user_permissions2.aspx id Parameter XSS CVE-2010-3266
BugTracker.NET bugs.aspx qu_id Parameter SQL Injection
CVE-2010-3267
BugTracker.NET delete_query.aspx row_id Parameter SQL
CVE-2010-3267
Injection
BugTracker.NET edit_bug.aspx Multiple Parameter SQL Injection CVE-2010-3267
BugTracker.NET massedit.aspx bug_list Parameter SQL Injection CVE-2010-3267
Etomite manager/actions/static/document_data.static.action.php
id Parameter Traversal Arbitrary File Access
Web Wiz NewsPad database/NewsPad.mdb Direct Request
CVE-2009-5019
Database Disclosure
RV Dealer Website search.asp selStock Parameter SQL Injection CVE-2010-4362
RV Dealer Website showAlllistings.asp orderBy Parameter SQL
CVE-2010-4362
Injection
AWStats awredir.pl Unspecified Arbitrary Site Redirect
CVE-2009-5020
Etomite manager/index.php location Parameter XSS
Orbis CMS fileman_file_upload.php Unrestricted File Upload
CVE-2010-4313
Arbitrary PHP Code Execution
AWStats on Windows awstats.cgi configdir Parameter Crafted
CVE-2010-4368,2010-4367
Share Config File Arbitrary Command Execution
Real Estate Single / Multi Agent Listing System resulttype.asp
probe Parameter SQL Injection
Digital-goods seller (DGS) shoppingcart.asp d Parameter SQL
Injection
Contenido cms/front_content.php idart Parameter XSS
Real Estate Single / Multi Agent Listing System city.asp probe
Parameter SQL Injection
Cars Ads Package processview.asp key Parameter SQL Injection
phpRechnung user/info.php Multiple Parameter XSS
eSyndiCat Directory Software suggest-category.php title
CVE-2010-4504
Parameter XSS
Vulnerability
checks added in
2010
DynPG CMS in _rights.php giveRights_UserId Parameter SQL
Injection
DynPG CMS languages.inc.php Direct Request Path Disclosure
Register Plus Plugin for Wordpress dash_widget.php Direct
Request Path Disclosure
Register Plus Plugin for Wordpress register-plus.php Direct
Request Path Disclosure
eSyndiCat Directory Software suggest-listing.php title Parameter
XSS
MODx manager/index.php Multiple Parameter XSS
XOOPS xNews Module modules/xnews/article.php URI XSS
DotNetNuke Install/InstallWizard.aspx __VIEWSTATE Parameter
XSS
IceWarp Server webmail/basic/index.html _c Parameter Traversal
Arbitrary File Access
Aigaion indexlight.php ID Parameter SQL Injection
News Module for XOOPS modules/news/article.php URI XSS
GetSimple CMS admin/changedata.php post-title Parameter XSS
pfSense pkg_edit.php id Parameter XSS
pfSense pkg.php xml Parameter XSS
pfSense status_graph.php if Parameter XSS
pfSense interfaces.php if Parameter XSS
Processing Embed Plugin for Wordpress wp-content/plugins/
wordpress-processing-embed/data/popup.php pluginurl
Parameter XSS
Exponent CMS podcast.php module Parameter Traversal Local
File Inclusion
Safe Search Plugin for WordPress wp-content/plugins/wp-safesearch/wp-safe-search-jx.php v1 Parameter XSS
WWWThreads play.php act Parameter XSS
Injader login.php Multiple Parameter SQL Injection
Twitter Feed Plugin for WordPress wp-content/plugins/wp-twitterfeed/magpie/scripts/magpie_debug.php url Parameter XSS
phpRechnung include/phprechnung.inc.php Multiple Function
Authentication Bypass
PhpMyAdmin error.php BBcode Tag XSS
PhpMyAdmin error.php Multiple Parameter HTML Injection
IceWarp Server webmail/basic/minimizer/index.php script
Parameter Traversal Arbitrary File Access
IceWarp Server webmail/basic/ Multiple Parameter XSS
IceWarp Server admin/login.html username Parameter XSS
Exponent CMS rss.php module Parameter Traversal Local File
Inclusion
JE Messenger Component for Joomla! controllers/compose.php
Arbitrary File Upload
Zimplit CMS zimplit.php file Parameter XSS
Zimplit CMS English_manual_version_2.php client Parameter
XSS
phpRechnung user/edit.php Multiple Parameter XSS
phpRechnung user/delete.php Multiple Parameter XSS
phpRechnung user/new.php Multiple Parameter XSS
phpRechnung user/search.php Multiple Parameter XSS
phpRechnung user/help.php Multiple Parameter XSS
phpRechnung message/new.php Multiple Parameter XSS
phpRechnung message/search.php Multiple Parameter XSS
phpRechnung message/help.php Multiple Parameter XSS
phpRechnung user/list.php Multiple Parameter XSS
phpRechnung message/list.php Multiple Parameter XSS
phpRechnung config/list.php Multiple Parameter XSS
CVE-2010-4400
CVE-2010-4401
CVE-2010-4403
CVE-2010-4403
CVE-2010-4504
CVE-2010-4514
CVE-2010-4503
CVE-2010-4412
CVE-2010-4412
CVE-2010-4412
CVE-2010-4412
CVE-2010-4518
CVE-2010-4505
CVE-2010-4480
CVE-2010-4513
CVE-2010-4513
phpRechnung message/info.php Multiple Parameter XSS
phpRechnung message/edit.php Multiple Parameter XSS
phpRechnung message/delete.php Multiple Parameter XSS
phpRechnung config/info_company.php Multiple Parameter XSS
phpRechnung config/info_pdf.php Multiple Parameter XSS
phpRechnung config/info.php Multiple Parameter XSS
phpRechnung config/edit.php Multiple Parameter XSS
phpRechnung user/edit.php userID Parameter SQL Injection
phpRechnung user/info.php userID Parameter SQL Injection
phpRechnung message/edit.php messageID Parameter SQL
Injection
phpRechnung message/info.php messageID Parameter SQL
Injection
phpRechnung config/edit.php settingID Parameter SQL Injection
phpRechnung position/edit.php posID Parameter SQL Injection
phpRechnung position/info.php posID Parameter SQL Injection
phpRechnung invoice/posedit.php tmpPosID Parameter SQL
Injection
phpRechnung invoice/info.php invoiceID Parameter SQL Injection
phpRechnung posgroup/info.php posgroupID Parameter SQL
Injection
phpRechnung cashbook/info.php cashbookID Parameter SQL
Injection
phpRechnung syslog/info.php syslogID Parameter SQL Injection
phpRechnung methodofpayment/info.php methodofpayID
Parameter SQL Injection
phpRechnung cashbook/info.php cashbookID Parameter SQL
Injection
phpRechnung offer/info.php offerID Parameter SQL Injection
phpRechnung offer/print_pdf.php offerID Parameter SQL Injection
Snitz Forums 2000 members.asp M_NAME Parameter XSS
BizDir bizdir.cgi f_srch Parameter XSS
SilverStripe modules/sapphire/trunk/core/model/
MySQLDatabase.php showqueries Parameter SQL Command
Disclosure
Orion Network Performance Monitor MapView.aspx Title
Parameter XSS
Orion Network Performance Monitor NodeDetails.aspx NetObject
Parameter XSS
Orion Network Performance Monitor InterfaceDetails.aspx
NetObject Parameter XSS
Orion Network Performance Monitor CustomChart.aspx
ChartName Parameter XSS
Snitz Forums 2000 members.asp M_NAME Parameter SQL
Injection
Lantern CMS 7-home-page.asp signupemail Parameter XSS
Lantern CMS 11-login.asp intPassedLocationID Parameter XSS
Docebo Announcements doceboLms/index.php description
Parameter XSS
Ronny CMS modules/menu/admin/include/menu.php name
parameter XSS
Ronny CMS modules/system/admin/blocksadmin/
blocksadmin.php btitle Parameter XSS
Ronny CMS modules/pages/admin/include/pages.php pdesc
Parameter XSS
PluXml /core/admin/profil.php infos Parameter XSS
PluXml /core/admin/parametres_base.php title Parameter XSS
PluXml /core/admin/statique.php content Parameter XSS
SilverStripe sapphire/trunk/core/model/Translatable.php locale
Parameter SQL Injection
SilverStripe sapphire/silverstripe_version Version Information
Disclosure
SilverStripe sapphire/core/control/RequestHandler.php URI XSS
phpMyFAQ inc/Faq.php getTopTen Method Trojaned Distribution
phpMyAdmin phpinfo.php Direct Request Authentication Bypass
FreeNAS quixplorer/index.php lang Parameter Traversal Local
File Inclusion
Mitel Audio and Web Conferencing (AWC) awcuser/cgi-bin/vcs xsl
Parameter Arbitrary Command Injection
Hycus CMS user/1/hregister.html Multiple Parameter SQL
Injection
ManageEngine OpManager reports/Availability.do viewCount
Parameter XSS
ImpressCMS modules/content/admin/content.php quicksearch_
ContentContent Parameter XSS
Calibre site-packages/calibre/library/server/content.py URL
Traversal Arbitrary File Access
Habari system/admin/dash_additem.php additem_form
Parameter XSS
Openfiler admin/system.html device Parameter XSS
Mura CMS admin/view/layouts/template.cfm fusebox.ajax
Parameter XSS
Mura CMS default/includes/email/inc_email.cfm rsEmail.site
Parameter XSS
PmWiki pmwiki.php from Parameter XSS
BlogCFC tags/podlayout.cfm ATTRIBUTES.TITLE Parameter
XSS
MantisBT admin/upgrade_unattended.php db_type Parameter
XSS
JE Auto Component for Joomla! index.php view Parameter
Traversal Local File Inclusion
Accept Signups Plugin for WordPress wp-content/plugins/acceptsignups/accept-signups_submit.php email Parameter XSS
Symantec Endpoint Protection Manager Reporting Module fw_
charts.php Remote Code Execution
BLOG:CMS action.php body Parameter XSS
BLOG:CMS admin/index.php Multiple Parameter XSS
IntegraXor /open file_name Parameter Traversal Arbitrary File
Access
Easy Online Shop content.php kat Parameter SQL Injection
Immo Makler news.php id Parameter SQL Injection
MHP Downloadshop view_item.php ItemID Parameter SQL
Injection
Texas Rankem rankem.asp Multiple Parameter SQL Injection
Oto Galeri Sistemi carsdetail.asp arac Parameter SQL Injection
RTShop productDetail.asp id Parameter SQL Injection
MyBB member.php url Parameter XSS
Radius Manager admin.php Multiple Parameter XSS
Pay Pal Shop Digital view_item.php ItemID Parameter SQL
Injection
Projekt Shop details.php ts Parameter SQL Injection
Download Center admin/login.php Name Parameter SQL
Injection
Mafya Oyun Scrpti profil.php id Parameter SQL Injection
Oto Galeri Sistemi twohandscars.asp marka Parameter SQL
Injection
MyBB newreply.php posthash Parameter XSS
ImpressCMS editors/tinymce/jscripts/plugins/
xoopsimagemanager/xoopsimagebrowser.php Image Category
Creation
CVE-2010-4558
CVE-2010-4481
CVE-2010-4612
CVE-2010-4616
CVE-2010-4607
CVE-2010-4348
CVE-2010-0114
CVE-2010-4598
CVE-2010-4615
CVE-2010-4522
CVE-2010-4275
CVE-2010-4619
CVE-2010-4615
CVE-2010-4522
BlogCFC tags/textarea.cfm attributes.class Parameter XSS
BlogCFC tags/getpods.cfm URL XSS
BlogCFC includes/pods/subscribe.cfm Multiple Parameter XSS
BlogCFC index.cfm Multiple Parameter XSS
BlogCFC search.cfm URL XSS
BlogCFC stats.cfm URL XSS
BlogCFC statsbyyear.cfm URL XSS
TheHostingTool admin/index.php Arbitrary Parameter SQL
Injection
PHP Shopping product.php cat Parameter SQL Injection
Realty Classifieds gmap.php id Parameter SQL Injection
MyBB search.php keywords Parameter SQL Injection
MyBB private.php keywords Parameter SQL Injection
Embedded Video Plugin for Wordpress wp-admin/post.php
content Parameter XSS
Html-edit CMS index.php error Parameter XSS
CMS WebManager-Pro /admin/files.php Arbitrary File Upload
AltConstructor index search Parameter XSS
Calibre browse/search query Parameter XSS
BLOG:CMS admin/libs/ADMIN.php Multiple Admin Function
CSRF
Square CMS post.php id Parameter SQL Injection
OpenEMR interface/patient_file/summary/immunizations.php
Multiple Parameter XSS
OpenEMR interface/patient_file/summary/pnotes_full.php note
Parameter XSS
OpenEMR interface/patient_file/summary/add_edit_issue.php
issue Parameter SQL Injection
OpenEMR interface/main/calendar/index.php pc_facility
Parameter SQL Injection
OpenEMR interface/patient_file/summary/demographics.php set_
pid Parameter SQL Injection
OpenEMR interface/patient_file/summary/immunizations.php
administered_by_id Parameter SQL Injection
OpenEMR interface/patient_file/summary/pnotes_full.php Multiple
Parameter SQL Injection
Hycus CMS user/1/hlogin.html usr_email Parameter SQL
Injection
Hycus CMS user/1/forgotpass.html useremail Parameter SQL
Injection
Hycus CMS search/1.html q Parameter SQL Injection
Pligg register.php Multiple Parameter XSS
JobAppr post.php form_id Parameter SQL Injection
JobAppr post.php Multiple Parameter XSS
MantisBT admin/upgrade_unattended.php db_type Parameter
Traversal Local File Inclusion
MantisBT admin/upgrade_unattended.php db_type Parameter
Path Disclosure
Pligg search.php Unspecified XSS
Coppermine Photo Gallery help.php Multiple Parameter XSS
Easy Portal Modules/Administrative/ShowPhotos/
ShowImages.aspx id Parameter SQL Injection
Coppermine Photo Gallery searchnew.php picfile_* Parameter
XSS
Habari system/admin/dash_status.php status_data[] Parameter
XSS
PrestaShop contact-form.php URL XSS
PrestaShop sitemap.php URL XSS
PrestaShop order.php URL XSS
CVE-2010-4277
CVE-2010-4610
CVE-2010-4612
CVE-2010-4612
CVE-2010-4612
CVE-2010-4350
CVE-2010-4349
CVE-2010-4607
PrestaShop search.php URL XSS
PrestaShop category.php URL XSS
PrestaShop manufacturer.php URL XSS
PrestaShop product.php URL XSS
PrestaShop new-products.php URL XSS
PrestaShop best-sales.php URL XSS
PrestaShop prices-drop.php URL XSS
PrestaShop supplier.php URL XSS
PrestaShop authentication.php URL XSS
PrestaShop password.php URL XSS
PrestaShop 404.php URL XSS
LiveZilla server.php livezilla Parameter XSS
Ero Auktion item.php id Parameter SQL Injection
Academic Web Tools browse.php a_code Parameter XSS
Hycus CMS admin.php site Parameter Traversal Local File
Inclusion
PHP-addressbook group.php group_name Parameter SQL
Injection
TorrentTrader blocks-edit.php name Parameter XSS
DD-WRT Info.live.htm Direct Access Information Disclosure
digiSHOP cart.php id Parameter SQL Injection
TorrentTrader backend/smilies.php Multiple Parameter XSS
TorrentTrader torrents.php parent_check Parameter SQL
Injection
TorrentTrader torrents-search.php Multiple Parameter SQL
Injection
cforms Plugin for WordPress wp-content/plugins/cforms/lib_
ajax.php Multiple Parameter XSS
XWiki Watch xwiki/bin/viewrev/Main/WebHome rev Parameter
XSS
Douran Portal security/DeviceInfo.aspx Direct Request Path
Disclosure
Kandidat CMS admin/edit.php title POST Parameter XSS
WSN Links search.php Multiple Parameter SQL Injection
MemHT Portal /admin/pages/articles/index.php nome Parameter
XSS
MemHT Portal /admin/pages/users/index.php adm_sito
Parameter XSS
MemHT Portal admin/pages/configuration/index.php copyright
Parameter XSS
Pay Roll - Time Sheet and Punch Card Application With Web
Interface login.asp Multiple Parameter SQL Injection
Dolphin gzip_loader.php file Parameter Arbitrary File Access
Site2Nite Business e-Listings detail.asp ID Parameter SQL
Injection
Site2Nite Vacation Rental (VRBO) Listings detail.asp ID
Parameter SQL Injection
Online Work Order Suite Professional Edition process.asp
password Parameter SQL Injection
XWiki Watch xwiki/bin/view/Blog rev Parameter XSS
XWiki Watch xwiki/bin/register/XWiki/Register Multiple Parameter
XSS
SweetRice as/index.php Password Reset Token Validation Issue
Esvon Classifieds pdo.inc.php sql Parameter SQL Injection
Plesk Small Business Manager login_up.php3 passwd Parameter
XSS
Zen Cart includes/initsystem.php loader_file Parameter Traversal
Arbitrary File Access
FeedList Plugin for WordPress wp-content/plugins/feedlist/
handler_image.php i Parameter XSS
CVE-2010-4276
CVE-2010-4614
CVE-2010-4613
CVE-2010-4633
CVE-2010-3977
CVE-2010-4006
CVE-2010-4186
WP Survey And Quiz Tool Plugin for WordPress create.php
action Parameter XSS
jRSS Widget Plugin for WordPress proxy.php url Parameter
Traversal Arbitrary File Access
DB Toolkit Plugin for WordPress wp-content/plugins/db-toolkit/
data_form/fieldtypes/file/scripts/uploadify.php Arbitrary File
Upload
Vodpod Video Gallery Plugin for WordPress wp-content/plugins/
vodpod-video-gallery/vodpod_gallery_thumbs.php gid Parameter
XSS
Mahara blocktype/groupviews/theme/raw/groupviews.tpl
Unspecified Parameter XSS
SEO Tools Plugin for WordPress wp-content/plugins/seoautomatic-seo-tools/feedcommander/get_download.php file
Parameter Traversal Arbitrary File Access
DeluxeBB pm.php Cookie Manipulation Authentication Bypass
Juniper IVE OS meeting_testjava.cgi DSID HTTP Header XSS
pfSense graph.php Multiple Parameter XSS
IBM Omnifind Login Page /opt/IBM/es/lib/libffq.cryptionjni.so
Java_com_ibm_es_oss_CryptionNative_ESEncrypt Function
Password Field Overflow
IBM Omnifind Multiple Admin Function CSRF
Pootle local_apps/pootle_store/views.py match_names
Parameter XSS
Microsoft Forefront Unified Access Gateway (UAG) Signurl.asp
XSS
WeBid confirm.php id Parameter XSS
WeBid includes/messages.inc.php lan Parameter Traversal
Arbitrary File Access
KaiBB staff/index.php user Parameter XSS
eBlog topics.php id Parameter SQL Injection
eXV2 CMS manual/caferss/example.php rssfeedURL Parameter
XSS
eXV2 CMS modules/news/archive.php sumb Parameter XSS
eXV2 CMS modules/news/topics.php sumb Parameter XSS
eXV2 CMS modules/contact/index.php sumb Parameter XSS
4site CMS catalog/index.shtml cat Parameter SQL Injection
CakePHP cake/libs/controller/components/security.php
unserialize() PHP Code Execution
Chameleon Social Networking forum_new_topic.php Multiple
Parameter XSS
6kbbs ajaxmember.php Multiple Parameter XSS
WordPress Event Registration Plugin Events Page event_id
Parameter SQL Injection
LuCI modules/admin-core/luasrc/view/sysauth.htm Unspecified
XSS
e107 forum_admin.php GET Request SQL Injection
BPowerHouse BPRealestate admin/admin_checklogin.aspx
rpPassword Parameter SQL Injection
BPowerHouse BPConferenceReporting checklogin.aspx passw
Parameter SQL Injection
IBM OmniFind ESAdmin/collection.do command Parameter XSS
BPowerHouse BPDirectory AdminLogin.aspx tbPassword
Parameter SQL Injection
BPowerHouse BPAffiliateTracking adminlogin.asp txtpas
Parameter SQL Injection
IBM OmniFind ESSearchApplication/palette.do HTML Source
Code Admin Credentials Remote Disclosure
DServe dserve.exe Multiple Parameter XSS
Eclipse Help Server help/index.jsp URI XSS
Eclipse Help Server help/advanced/content.jsp URI XSS
CVE-2010-3871
CVE-2010-3894
CVE-2010-3891
CVE-2010-3936
CVE-2010-4155
CVE-2010-4155
CVE-2010-4155
CVE-2010-4155
CVE-2010-4152
CVE-2010-4366
CVE-2010-3890
CVE-2010-3897
openEngine cms/website.php template Parameter XSS
openEngine cms/website.php template Parameter Traversal
Arbitrary File Access
JSupport Component for Joomla! administrator/index.php alpha
Parameter SQL Injection
ClanSphere mods/gallery/print_now.php Multiple Parameter XSS
ClanSphere index.php where Parameter XSS
SAP NetWeaver Open SQL Monitors OpenSQLMonitors/servlet/
ConnectionMonitorServlet connid Parameter XSS
ACC IMoveis imoveis.php id Parameter SQL Injection
CVE-2010-4273
Collabtive managechat.php chatstart[USERTOID] Cookie SQL
CVE-2010-4269
Injection
Cisco Unified Videoconferencing (UVC) Multiple Products goform/
websXMLAdminRequestCgi.cgi username Field Arbitrary Shell
CVE-2010-3037
Command Injection
eBlog sections.php id Parameter SQL Injection
eBlog pages.php id Parameter SQL Injection
eBlog search.php keyword Parameter SQL Injection
WonderCMS files/password File Direct Request Credentials
Disclosure
CompactCMS News Module id Parameter SQL Injection
Camtron / TecVoz CMNC-200 IP Camera Admin Interface URI
CVE-2010-4231
Traversal Arbitrary File Access
Douran Portal DesktopModules/Gallery/OrderForm.aspx itemtitle
Parameter XSS
KaiBB staff/index.php a Parameter SQL Injection
6kbbs ajaxadmin.php tids[] Parameter SQL Injection
6kbbs ajaxmember.php msgids[] Parameter SQL Injection
The Bug Genie modules/search/search.php scope Parameter
XSS
The Bug Genie modules/search/search_stripped.php scope
Parameter XSS
SAP NetWeaver Open SQL Monitors OpenSQLMonitors/servlet/
CatalogBufferMonitorServlet reqTableColumns Parameter XSS
IceBB admin/index.php s Parameter SQL Injection
vtiger CRM phprint.php lang_crm Parameter Traversal Local File
CVE-2010-3910
Inclusion
vtiger CRM graph.php current_language Parameter Traversal
CVE-2010-3910
Local File Inclusion
Phire CMS phire/login.php Multiple Parameter XSS
ViArt Shop ads.php Multiple Parameter XSS
ViArt Shop article.php category_id Parameter XSS
ViArt Shop articles.php category_id Parameter XSS
ViArt Shop basket.php rp Parameter XSS
ViArt Shop shipping_calculator.php postal_code Parameter XSS
ViArt Shop products.php filter Parameter SQL Injection
Phire CMS phire/forgot.php email Parameter XSS
Phire CMS phire/content/pages.php Multiple Parameter SQL
Injection
Phire CMS phire/core/process/add.page.php Multiple Parameter
SQL Injection
Phire CMS phire/core/process/add.section.php Multiple
Parameter SQL Injection
Phire CMS phire/core/process/add.template.php Multiple
Parameter SQL Injection
Phire CMS phire/core/process/edit.section.php Multiple
Parameter SQL Injection
Phire CMS phire/core/process/edit.template.php template_name
Parameter SQL Injection
Phire CMS phire/core/process/remove.sections.php rm_sects[]
Parameter SQL Injection
Phire CMS phire/core/process/remove.users.php rm_users[]
Parameter SQL Injection
Phire CMS phire/core/process/edit.page.php page_url Parameter
SQL Injection
S-Cms viewforum.php id Parameter SQL Injection
ViArt Shop search.php Multiple Parameter XSS
ViArt Shop ads_search.php s_sds Parameter XSS
TinyWebGallery admin/index.php Multiple Parameter XSS
Apache Tomcat Manager manager/html/sessions Multiple
CVE-2010-4172
Parameter XSS
SimpLISTic Mailing List Manager email.cgi email Parameter XSS
MCG GuestBook gb.cgi Multiple Parameter XSS
CVE-2010-4358
TinyWebGallery i_frames/i_tags.php Multiple Parameter XSS
TinyWebGallery i_frames/i_kommentar.php twg_name
Parameter XSS
TinyWebGallery i_frames/i_info.php Multiple Parameter XSS
TinyWebGallery i_frames/i_login.php Multiple Parameter XSS
TinyWebGallery i_frames/i_optionen.php Multiple Parameter XSS
TinyWebGallery i_frames/i_privatelogin.php Multiple Parameter
XSS
TinyWebGallery i_frames/i_rate.php Multiple Parameter XSS
TinyWebGallery i_frames/i_search.php Multiple Parameter XSS
TinyWebGallery i_frames/i_slideshowjquery.php Multiple
Parameter XSS
TinyWebGallery i_frames/i_titel.php Multiple Parameter XSS
TinyWebGallery i_frames/i_top_tags.php Multiple Parameter XSS
FreeTicket contact.php Multiple Parameter SQL Injection
CVE-2010-4363
Register Plus Plugin for WordPress wp-login.php Multiple
Parameter XSS
Big Truck Broker news_default.asp txtSiteId Parameter SQL
CVE-2010-4356
Injection
SiteEngine comments.php module Parameter SQL Injection
CVE-2010-4357
Jurpopage url-gateway.php url Parameter XSS
CVE-2010-4361
Easy Banner member.php Multiple Parameter SQL Injection
Authentication Bypass
phpMyAdmin Database Search libraries/common.lib.php tag_
CVE-2010-4329
params Parameter XSS
Zen Cart option_name_manager.php option_order_by Parameter
SQL Injection
Barracuda Spam & Virus Firewall cgi-mod/view_help.cgi locale
Parameter Traversal Arbitrary File Access
Evaria ECMS admin/poll.php config Parameter Traversal
Arbitrary File Access
PhpMyShopping detail_article.php P Parameter XSS
Hastymail2 lib/htmLawed.php Unspecified Background Attributes
XSS
SurgeMail SurgeWeb /surgeweb username_ex Parameter XSS CVE-2010-3201
jCart jcart/jcart-gateway.php jcart_checkout_page Parameter
Arbitrary Site Redirect
jCart jcart/jcart-relay.php my-item-name POST Parameter XSS
PhpMyShopping detail_article.php P Parameter SQL Injection
SmarterMail Main/frmStoredFiles.aspx path Parameter XSS
AD-EDIT2 commons/search.cgi q Parameter XSS
CVE-2010-2367
AD-EDIT2 admin/search.cgi q Parameter XSS
CVE-2010-2367
SmarterMail UserControls/Popups/frmAddFileStorageFolder.aspx
edit Parameter XSS
SmarterMail Main/Calendar/frmEvent.aspx SubjectBox_
SettingText Parameter XSS
TYPO3 typo3/sysext/cms/tslib/class.tslib_fe.php jumpURL
Parameter Traversal Arbitrary File Access
MantisBT manage_plugin_uninstall.php Plugin Name XSS
MantisBT core/cfdefs/cfdef_standard.php Custom Field Value
XSS
MantisBT print_all_bug_page_word.php Project / Category Name
XSS
MantisBT core/summary_api.php Summary Field XSS
phpCAS client.php Callback Function PGTiou Parameter
Traversal Arbitrary File Overwrite
phpCAS client.php Callback Function PGTiou Parameter XSS
FAQMasterFlex faq.php category_id Parameter SQL Injection
SquirrelMail plugins/vkeyboard/vkeyboard.php passformname
Parameter XSS
Elxis CMS administrator/index2.php Multiple Parameter XSS
Xweblog oku.asp makale_id Parameter SQL Injection
Xweblog arsiv.asp tarih Parameter SQL Injection
Site2Nite Auto e-Manager detail.asp ID Parameter SQL Injection
BaconMap doadd.php type Parameter SQL Injection
PHPYun search.php provinceid Parameter SQL Injection
Visual Synapse HTTP Server URI Traversal Arbitrary File Access
Zuitu ajax/coupon.php id Parameter SQL Injection
OverLook title.php frame Parameter XSS
PHPYun resumeview.php e Parameter SQL Injection
TYPO3 typo3/sysext/em/mod1/class.em_index.php Unspecified
Traversal Arbitrary File Access
TYPO3 typo3/contrib/RemoveXSS/RemoveXSS.php Unspecified
XSS
BaconMap updatelist.php filepath Parameter Traversal Local File
Inclusion
FAQMasterFlex faq_admin.php category Parameter SQL
Injection
Collabtive manageuser.php User Field XSS
Collabtive manageajax.php y Parameter XSS
Collabtive thumb.php pic Parameter XSS
CMS Made Simple lib/translation.functions.php default_cms_lang
Parameter Traversal Local File Inclusion
Chipmunk Pwngame authenticate.php username Parameter SQL
Injection
Chipmunk Pwngame pwn.php ID Parameter SQL Injection
MG User-Fotoalbum Module for PHP-Fusion infusions/mg_user_
fotoalbum_panel/mg_user_fotoalbum.php album_id Parameter
SQL Injection
Parallels Small Business Panel smb/app/available/id/apscatalog
category Parameter XSS
Parallels Small Business Panel smb/file/index/type/external folder
Parameter XSS
TWiki bin/view rev Parameter XSS
Netbiter webSCADA WS100/WS200 cgi-bin/read.cgi page
Parameter Traversal Arbitrary File Access
Avactis Shopping Cart product-list.php HTTP User-Agent Header
SQL Injection
TWiki bin/login Multiple Parameter XSS
PluXml core/admin/article.php content Parameter XSS
Elxis CMS administrator/index2.php id Parameter SQL Injection
Kisisel Radyo Script sevvo/eco23.mdb Direct Request Database
Disclosure
SAP BusinessObjects CrystalReports/viewrpt.cwr URI apstoken
Parameter TCP Connection Remote Information Disclosure
Kisisel Radyo Script radyo.asp Id Parameter SQL Injection
CVE-2010-3714
CVE-2010-3303
CVE-2010-3303
CVE-2010-3303
CVE-2010-3763
CVE-2010-3692
CVE-2010-3690
CVE-2010-3743
CVE-2010-3715
CVE-2010-2797
CVE-2010-3841
CVE-2010-3841
CVE-2010-3982
Netbiter webSCADA WS100/WS200 cgi-bin/read.cgi file
Parameter Absolute Path Arbitrary File Access
Netbiter webSCADA WS100/WS200 cgi-bin/read.cgi Unspecified
Arbitrary File Upload
phpCheckZ chart.php id Parameter SQL Injection
PhreeBooks includes/addons/PhreeHelp/leftframe.php search_
field Parameter XSS
PhreeBooks modules/services/pages/popup_shipping/js_
include.php form Parameter XSS
PhreeBooks includes/addons/PhreeHelp/leftframe.php search_
field Parameter SQL Injection
PhreeBooks includes/addons/PhreeHelp/index.php idx Parameter
SQL Injection
PhreeBooks soap/application_top.php db Parameter Traversal
Arbitrary File Access
Pecio CMS index.php term Parameter XSS
IBM Tivoli Access Manager for e-business ivt/ivtserver parm1
Parameter XSS
Jamb CMS admin.php Multiple Admin Function CSRF
YUI build/charts/assets/charts.swf Unspecified XSS
YUI build/uploader/assets/uploader.swf Unspecified XSS
YUI build/swfstore/swfstore.swf Unspecified XSS
IBM Tivoli Access Manager for e-business ibm/wpm/acl method
Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/domain
method Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/group
method Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/gso method
Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/gsogroup
method Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/os method
Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/pop method
Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/rule method
Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/user method
Parameter XSS
IBM Tivoli Access Manager for e-business ibm/wpm/webseal
method Parameter XSS
NinkoBB users.php Multiple Parameter XSS
Symantec IM Manager IMAdminScheduleReport.asp email
Parameter SQL Injection
DZCP inc/bbcode.php language Parameter Traversal Local File
Inclusion
Symantec IM Manager IMAdminReportTrendRun.asp groupList
Parameter SQL Injection
Symantec IM Manager rdpageimlogic.aspx Multiple Parameter
SQL Injection
Symantec IM Manager SummaryReportGroup.lgx Multiple
Parameter SQL Injection
Symantec IM Manager LoggedInUsers.lgx Multiple Parameter
SQL Injection
Symantec IM Manager DetailReportGroup.lgx Unspecified
Parameter SQL Injection
FrontAccounting gl/inquiry/journal_inquiry Multiple Parameter
SQL Injection
AlstraSoft E-Friends chat/updatePage.php lang Parameter
Traversal Arbitrary File Access
CVE-2010-0112
CVE-2010-0112
CVE-2010-0112
CVE-2010-0112
CVE-2010-0112
CVE-2010-0112
AlstraSoft E-Friends tribe.php Arbitrary File Upload
AContent /editor/edit_content.php body_text Parameter XSS
Serendipity include/functions_entries.inc.php serendipity[body]
Parameter XSS
4images admin/plugins/migrate_keywords.php URI XSS
4images admin/plugins/clear_cache.php URI XSS
NuSOAP nusoap.php Unspecified Parameter XSS
CVE-2010-3070
Visinia image.axd picture Parameter Traversal Arbitrary File
Access
Pecio CMS pec_templates/nova-blue/post.php template
CVE-2010-3204
Parameter Remote File Inclusion
Pecio CMS pec_templates/nova-blue/article.php template
CVE-2010-3204
Parameter Remote File Inclusion
Pecio CMS pec_templates/nova-blue/blog.php template
CVE-2010-3204
Parameter Remote File Inclusion
Pecio CMS pec_templates/nova-blue/home.php template
CVE-2010-3204
Parameter Remote File Inclusion
DiY-CMS modules/guestbook/blocks/control.block.php lang
CVE-2010-3206
Parameter Remote File Inclusion
DiY-CMS includes/general.functions.php getFile Parameter
CVE-2010-3206
Remote File Inclusion
Seagull fog/lib/pear/Config/Container.php includeFile Parameter
CVE-2010-3209
Remote File Inclusion
Seagull fog/lib/pear/HTML/QuickForm.php includeFile Parameter
CVE-2010-3209
Remote File Inclusion
Seagull fog/lib/pear/DB/NestedSet.php driverpath Parameter
CVE-2010-3209
Remote File Inclusion
Seagull fog/lib/pear/DB/NestedSet/Output.php path Parameter
CVE-2010-3209
Remote File Inclusion
Multi-lingual E-Commerce System inc/checkout2-CYM.php
CVE-2010-3210
include_path Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/checkout2-EN.php include_
CVE-2010-3210
path Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/checkout2-FR.php include_
CVE-2010-3210
path Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/cat-FR.php include_path
CVE-2010-3210
Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/cat-EN.php include_path
CVE-2010-3210
Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/cat-CYM.php include_path
CVE-2010-3210
Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/checkout1-CYM.php
CVE-2010-3210
include_path Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/checkout1-EN.php include_
CVE-2010-3210
path Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/checkout1-FR.php include_
CVE-2010-3210
path Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/prod-CYM.php include_
CVE-2010-3210
path Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/prod-EN.php include_path
CVE-2010-3210
Parameter Remote File Inclusion
Multi-lingual E-Commerce System inc/prod-FR.php include_path
CVE-2010-3210
Parameter Remote File Inclusion
MicroNetSoft RV Dealer Website detail.asp vehicletypeID
Parameter SQL Injection
MicroNetSoft Rental Property Management Website detail.asp
ad_ID Parameter SQL Injection
DMXReady Members Area Manager membersareamanager.asp
Multiple Parameter XSS
DMXready Polling Booth Manager inc_pollingboothmanager.asp
QuestionID Parameter SQL Injection
BlueCMS comment.php X-Forwarded-For Header SQL Injection
Simple Management for BIND main.php username Parameter
SQL Injection
Softbiz Article Directory Script articles/article_details.php sbiz_id
Parameter SQL Injection
chillyCMS Login Module core/showsite.php name Parameter XSS
Rainbow Portal app_support/FCK.filemanager/imagegallery.aspx
Multiple Parameter XSS
MySource Matrix char_map.php Multiple Parameter XSS
DynPage content/dynpage_load.php file Parameter Traversal
Arbitrary File Access
Weborf instance.c modURL Function Traversal Arbitrary File
Access
Horde Application Framework util/icon_browser.php subdir
Parameter XSS
chillyCMS Login Module core/showsite.php name Parameter SQL
Injection
zenphoto zp-core/admin.php Multiple Parameter XSS
zenphoto zp-core/full-image.php a Parameter SQL Injection
phpMyAdmin Setup Script setup/frames/index.inc.php Server
Name XSS
ColdGen ColdOfficeView index.cfm Multiple Parameter SQL
Injection
ColdGen ColdUserGroup index.cfm LibraryID Parameter SQL
Injection
ColdGen ColdCalendar index.cfm EventID Parameter SQL
Injection
IP.Board admin/sources/classes/bbcode/custom/defaults.php
BBCode XSS
ColdGen ColdBookmarks index.cfm BookmarkID Parameter SQL
Injection
Beehive Forum index.php webtag Parameter XSS
Beehive Forum admin.php webtag Parameter XSS
Beehive Forum logon.php webtag Parameter XSS
Beehive Forum pm.php webtag Parameter XSS
Beehive Forum post.php webtag Parameter XSS
Rainbow Portal DesktopModules/Blog/BlogView.aspx Multiple
Parameter XSS
Rainbow Portal DesktopModules/MileStones/MilestonesEdit.aspx
Multiple Parameter XSS
Rainbow Portal DesktopModules/Contacts/ContactsEdit.aspx
Multiple Parameter XSS
Rainbow Portal DesktopModules/Announcements/
AnnouncementsEdit.aspx Title Parameter XSS
Rainbow Portal DesktopModules/EnhancedLinks/
EnhancedLinksEdit.aspx Multiple Parameter XSS
Rainbow Portal DesktopModules/Documents/
DocumentsEdit.aspx Multiple Parameter XSS
SmarterStats UserControls/Popups/frmHelp.aspx url Parameter
XSS
Member Management System admin/index.asp REF_URL
Parameter XSS
Elastix core/extensions_batch/libs/download_csv.php Direct
Request Extension Configuration Disclosure
ProductCart AffiliateLogin.asp redirectUrl Parameter XSS
Car Portal include/images.php y Parameter XSS
PowerStore Products_Results.php totalRows_WADAProducts
Parameter XSS
CubeCart modules/gateway/WorldPay/return.php Multiple
Parameter XSS
CVE-2010-3306
CVE-2010-3263
CVE-2010-3424
CVE-2010-3425
CVE-2010-3421
CVE-2010-3418
CVE-2010-3420
ES Simple Download download.php file Parameter Traversal
Arbitrary File Access
Comlantis Visitors Google Map Module for Joomla! modules/
mod_visitorsgooglemap/map_data.php lastMarkerID Parameter
SQL Injection
FestOS artists.php theme Parameter Traversal Local File
Inclusion
FestOS contacts.php theme Parameter Traversal Local File
Inclusion
FestOS applications.php theme Parameter Traversal Local File
Inclusion
FestOS entertainers.php theme Parameter Traversal Local File
Inclusion
FestOS exhibitors.php theme Parameter Traversal Local File
Inclusion
FestOS foodvendors.php theme Parameter Traversal Local File
Inclusion
FestOS performanceschedule.php theme Parameter Traversal
Local File Inclusion
FestOS sponsors.php theme Parameter Traversal Local File
Inclusion
FestOS winners.php theme Parameter Traversal Local File
Inclusion
FestOS foodvendors.php category Parameter XSS
FestOS admin/do_login.php username Parameter SQL Injection
FestOS festos_z_dologin.php Multiple Parameter SQL Injection
Symphony CMS articles/a-primer-to-symphony-2s-default-theme/
fields[website] Parameter XSS
Open Classifieds content/contact.php subject Parameter XSS
PaysiteReviewCMS search.php q Parameter XSS
Mailman HTMLFormatter.py List Description Field XSS
MyHobbySite admin/index.php Multiple Parameter SQL Injection
IBM Proventia Network Mail Security System Local Management
Interface pvm_messagestore.php date1 Parameter XSS
IBM Proventia Network Mail Security System Local Management
Interface pvm_user_management.php userfilter Parameter XSS
IBM Proventia Network Mail Security System Local Management
Interface sys_tools.php ping Parameter XSS
IBM Proventia Network Mail Security System Local Management
Interface pvm_cert_commaction.php action Parameter XSS
IBM Proventia Network Mail Security System Local Management
Interface pvm_cert_serveraction.php action Parameter XSS
IBM Proventia Network Mail Security System Local Management
Interface pvm_smtpstore.php action Parameter XSS
IBM Proventia Network Mail Security System Local Management
Interface sla/index.php l Parameter XSS
IBM Proventia Network Mail Security System Local Management
Interface sla/index.php l Parameter Traversal Arbitrary File
Access
PaysiteReviewCMS image.php image Parameter XSS
XSE Shopping Cart Default.aspx id Parameter XSS
XSE Shopping Cart SearchResults.aspx type Parameter XSS
Mailman listinfo.py List Description Field XSS
eshtery CMS catlgsearch.aspx Unspecified Form Criteria Field
SQL Injection
eshtery CMS adminlogin.aspx Unspecified Form Username SQL
Injection
ATutor mods/_core/editor/delete_content.php cid Parameter XSS
QuickShare URI Traversal Arbitrary File Access
AContent home/course/course_property.php copyright POST
Parameter XSS
CVE-2010-3456
CVE-2010-3457
CVE-2010-3427
CVE-2010-3089
CVE-2010-0152
CVE-2010-0152
CVE-2010-0152
CVE-2010-0152
CVE-2010-0152
CVE-2010-0152
CVE-2010-0152
CVE-2010-0154
CVE-2010-3465
CVE-2010-3465
CVE-2010-3089
CVE-2010-3404
CVE-2010-3404
CVE-2010-3488
AChecker checker/index.php uri Parameter XSS
CVE-2010-3455
Mollify backend/plugin/Registration/index.php confirm Parameter
CVE-2010-3462
XSS
NetArt Media Real Estate Portal AGENTS/index.php id Parameter CVE-2010-3607
XSS
Santafox admin/manager_users.class.php Multiple Admin
CVE-2010-3464
Function CSRF
mojoPortal ProfileView.aspx User ID Parameter XSS
CVE-2010-3602
phpmyfamily inc/passwdform.inc.php reason Parameter XSS
SantaFox modules/search/search.class.php search Parameter
CVE-2010-3463
XSS
phpmyfamily mail.php referer Parameter XSS
phpmyfamily track.php person Parameter XSS
phpmyfamily my.php pwdEmail Parameter SQL Injection
phpmyfamily track.php email Parameter SQL Injection
phpmyfamily passthru.php transcript Parameter SQL Injection
phpmyfamily passthru.php transcript Parameter Traversal
Arbitrary File Deletion
mojoPortal Services/FileService.ashx Multiple Admin Function
CVE-2010-3603
CSRF
NetArt Media Real Estate Portal AGENTS/index.php Multiple
CVE-2010-3606
Parameter Traversal Local File Inclusion
AContent home/search.php search_text Parameter XSS
AContent home/search.php search_text Parameter SQL Injection
ATutor mods/_core/editor/edit_content_folder.php cid Parameter
XSS
UseBB rss.php Forum / Topic Feed Access Restriction Bypass
eNdonesia Publisher Module mod.php artid Parameter SQL
CVE-2010-3461
Injection
E-Xoopport Samsara modules/sections/index.php secid
CVE-2010-3467
Parameter SQL Injection
Symphony CMS about/ send-email[recipient] Parameter XSS
CVE-2010-3457
Symphony CMS about/ send-email[recipient] Parameter SQL
CVE-2010-3458
Injection
Group-Office modules/notes/json.php category_id Parameter SQL
CVE-2010-3428
Injection
Haudenschilt Family Connections CMS familynews.php current_
CVE-2010-3419
user_id Parameter Remote File Inclusion
Haudenschilt Family Connections CMS settings.php current_
CVE-2010-3419
user_id Parameter Remote File Inclusion
e107 _admin/wmessage.php Unspecified Parameter SQL
Injection
Digital Workroom netautor/napro4/home/login2.php goback
CVE-2010-3489
Parameter XSS
e107 _admin/download.php Unspecified Parameter SQL Injection
SmarterMail UserControls/Popups/frmHelp.aspx url Parameter
XSS
YelloSoft Pinky URL Traversal Arbitrary File Access
CVE-2010-3487
SmarterMail UserControls/Popups/frmDeleteConfirm.aspx folder
Parameter XSS
SmarterMail UserControls/Popups/frmEventGroup.aspx Multiple
Parameter XSS
SmarterMail Main/Alerts/frmAlerts.aspx bygroup Parameter XSS
Primitive CMS cms_write.php Direct Request Arbitrary Entry
CVE-2010-3483
Creation
LightNEasy LightNEasy.php Multiple Parameter SQL Injection
CVE-2010-3484,2010-3485
Hotel Booking System Multiple Products admin/adminlogin_
confirm.asp Multiple Parameter SQL Injection Authentication
Bypass
TimeTrack Component for Joomla! index.php ct_id Parameter
SQL Injection
FreePBX admin/config.php Multiple Parameter SQL Injection
SmarterMail FileStorageUpload.ashx name Parameter Traversal
CVE-2010-3486
Arbitrary File Access
Banner Exchange Script click.php targetid Parameter SQL
CVE-2009-5003
Injection
BoutikOne list.php page Parameter SQL Injection
CVE-2010-3479
Primitive CMS cms_write.php Multiple Parameter SQL Injection CVE-2010-3482
wpQuiz admin.php Multiple Parameter SQL Injection
CVE-2010-3608
Authentication Bypass
wpQuiz user.php Multiple Parameter SQL Injection Authentication
CVE-2010-3608
Bypass
Alternative PHP Cache (APC) Extension for PHP apc.php
CVE-2010-3294
Unspecified Parameter XSS
phplist /lists/admin/index.php forgotpassword Parameter SQL
Injection
Entrans search.php query Parameter XSS
FreePBX System Recordings Component admin/config.php
CVE-2010-3490
usersnum Parameter Traversal Arbitrary File Upload
Entrans main.php Multiple Parameter SQL Injection
Entrans list.php edit Parameter XSS
Entrans lookup.php query_lookup Parameter XSS
Entrans search.php query Parameter SQL Injection
Entrans lookup.php query_lookup Parameter SQL Injection
Mura CMS tasks/render/file/ FILEID Parameter Traversal Arbitrary
CVE-2010-3468
File Access
Tiki Wiki CMS Groupware tiki-edit_wiki_section.php type
Parameter XSS
Tiki Wiki CMS Groupware tiki-adminusers.php Admin Password
Manipulation CSRF
Tiki Wiki CMS Groupware tiki-jsplugin.php language Parameter
Traversal Local File Inclusion
iBrowser ibrowser.php lang Parameter Traversal Local File
Inclusion
PBBoard admin.php username Parameter SQL Injection
Open Text ECM livelink/livelink Multiple Parameter XSS
Open Text ECM livelinkdav/nodes/OOB_DAVWindow.html
Multiple Parameter XSS
Horde IMP fetchmailprefs.php fm_id Parameter XSS
ArtGK CMS /cms/classes/CForm.php content Parameter XSS
ArtGK CMS cms/classes/CAction.php _a[0][vars][head]
Parameter XSS
CMS WebManager-Pro c.php id Parameter SQL Injection
Horde Gollem view.php file Parameter XSS
MODx manager/index.php modahsh Parameter XSS
MODx manager/controllers/default/resource/tvs.php class_key
Parameter Traversal Local File Inclusion
WebSiteAdmin ADMIN/login.php lng Parameter Traversal Local
CVE-2010-3688
File Inclusion
CMS WebManager-Pro c.php url Parameter Arbitrary Site
Redirect
webSPELL asearch.php search Parameter SQL Injection
webSPELL clanwars_details.php cwID Parameter SQL Injection
webSPELL contact.php Unspecified Parameter Arbitrary Email
Address Injection
webSPELL shoutbox_content.php Unspecified Parameter SQL
Injection
Visites Component for Joomla! core/include/myMailer.class.php
CVE-2010-2918
mosConfig_absolute_path Parameter Remote File Inclusion
AJ HYIP MERIDIAN news.php id Parameter SQL Injection
CVE-2010-2916
AJ HYIP PRIME welcome.php id Parameter SQL Injection
CVE-2010-2915
Gmail-Lite compose.php Arbitrary Mail Relay
Cetera eCommerce cms/index.php Multiple Parameter XSS
Cetera eCommerce cms/templates/search.php sobject Parameter
XSS
Cetera eCommerce cms/templates/bannerlist.php Multiple
Parameter XSS
Cetera eCommerce cms/templates/banner.php errorMessage
Parameter XSS
kwebkitpart webkitpart.cpp Nonexistent Domain Name XSS
QtDemoBrowser webview.cpp Nonexistent Domain Name XSS
NextGEN Smooth Gallery Plugin for WordPress wp-content/
plugins/nextgen-smooth-gallery/nggSmoothFrame.php galleryID
Parameter SQL Injection
RaidenTUNES music_out.php p Parameter XSS
MantisBT manage_proj_cat_add.php name Parameter XSS
Piwik misc/redirectToUrl.php url Parameter Arbitrary Site Redirect
Cisco Wireless Control System webacs/QuickSearchAction.do
searchText Parameter XSS
Intellinet Pro Series Network Camera main_configure.cgi user_
auth_level Cookie Manipulation Authentication Bypass
Hulihan BXR /user/update Arbitrary Admin User Creation CSRF
MoinMoin action/SlideShow.py Unspecified Parameter XSS
MoinMoin action/anywikidraw.py Unspecified Parameter XSS
MoinMoin action/language_setup.py Unspecified Parameter XSS
MoinMoin action/LikePages.py Unspecified Parameter XSS
MoinMoin action/chart.py Unspecified Parameter XSS
MoinMoin action/userprofile.py Unspecified Parameter XSS
IBM WebSphere Service Registry and Repository
ServiceRegistry/HelpSearch.do searchTerm Parameter XSS
DiamondList user/main/update_user Admin Password
Manipulation CSRF
IBM WebSphere Service Registry and Repository
ServiceRegistry/QueryWizardProcessStep1.do queryItems[0]
.value Parameter XSS
DT Centrepiece search.asp searchFor Parameter XSS
Open Blog application/modules/admin/controllers/users.php
Admin Privilege Escalation CSRF
Partenaires Module for Nuked-Klan modules/Partenaires/clic.php
id Parameter SQL Injection
Cisco Wireless Control System searchClientAction.do
Unspecified Parameter XSS
Cisco Wireless Control System switchGeneralAction.do
Unspecified Parameter XSS
PHPFinance group.php tname Parameter XSS
PHPFinance setup.php Multiple Parameter Arbitrary PHP Code
Execution
Tycoon Baseball Script index.php game_id Parameter SQL
Injection
cgTestimonial Component for Joomla! components/com_
cgtestimonial/video.php url Parameter XSS
cgTestimonial Component for Joomla! components/com_
cgtestimonial/cgtestimonial.php Arbitrary File Upload
cgTestimonial Component for Joomla! administrator/components/
com_cgtestimonial/testimonial.php Arbitrary File Upload
Allinta languageselect.asp Multiple Parameter XSS
FuseTalk usersearchresults.cfm keyword Parameter XSS
Play Framework public/ Traversal Arbitrary File Access
Allinta menucodeAE.asp i Parameter XSS
Allinta faqAE.asp i Parameter XSS
Allinta templatesAE.asp i Parameter SQL Injection
CVE-2009-4976
CVE-2009-4975
CVE-2010-2574
CVE-2010-2986
CVE-2010-2970
CVE-2010-2970
CVE-2010-2970
CVE-2010-2969
CVE-2010-2969
CVE-2010-2969
CVE-2010-2985
CVE-2010-3024
CVE-2010-2985
CVE-2010-3026,2010-3030
CVE-2010-2987
CVE-2010-2987
CVE-2010-3027
Allinta contentAE.asp i Parameter SQL Injection
Hulihan Amethyst /admin/update_user/ Arbitrary User
Manipulation CSRF
Hulihan Amethyst admin/update_settings site[setting_title]
Parameter XSS
Hulihan Amethyst admin/update post[title] Parameter XSS
DT Centrepiece login.asp c Parameter XSS
DT Centrepiece register.asp user Parameter XSS
DT Centrepiece Predictable URL Arbitrary User Registration
Hulihan BXR settings/update_settings setting[site_title]
Parameter XSS
Hulihan BXR search/show_results search[query] Parameter XSS
Hulihan BXR file/do_the_upload tag_1 Parameter XSS
Hulihan BXR folder/list order_by Parameter SQL Injection
Pligg CMS storyrss.php title Parameter SQL Injection
Pligg CMS story.php title Parameter SQL Injection
Pligg CMS groupadmin.php role Parameter SQL Injection
ServletExec servlet/pagecompile._admin._help._helpContent_
xjsp page Parameter Traversal Arbitrary File Access
Squirrelmail Login Page functions/imap_general.php 8-bit
Character Password Disk Exhaustion Remote DoS
Onyx admin/settings/update script Multiple Parameter XSS
KnowledgeTree search2/ajax/metadata.php Authentication
Bypass
Hulihan Mystic /admin/change_password Admin Password
Manipulation CSRF
CMS Source index.php Multiple Parameter XSS
WP-UserOnline Plugin for WordPress Multiple Script Direct
Request Path Disclosure
iScripts SocialWare event/function.php Arbitrary File Upload
iScripts MultiCart refund_request.php orderid Parameter SQL
Injection
BBS E-Market Professional /becommunity/community/index.php
Multiple Parameter XSS
DCP-Portal /common/components/editor/insert_image.php Image
Parameter XSS
MODx /install/connection.collation.php database_collation
Parameter XSS
Pligg install/install1.php language Parameter XSS
CMSQLite /admin/helper/createNewCategory.php Multiple
Parameter SQL Injection
CMSQLite /admin/editArticle.php id Parameter SQL Injection
CMSQLite /admin/helper/deleteArticle.php id Parameter SQL
Injection
CMSQLite /admin/editMenu.php langId Parameter XSS
Gekko Web Builder /admin/index.php app Parameter XSS
Taggon CMS slideShow.html Multiple Parameter XSS
phpwcms phpwcms.php calendardate Parameter XSS
Pixie CMS /admin/index.php Multiple Parameter XSS
Spitfire tpl_edit_action.php value[headline] Parameter XSS
Theeta CMS userarticle.php start Parameter SQL Injection
Theeta CMS /userblogs/userarticle.php blogid Parameter XSS
Theeta CMS /admin/configuration/configuretransact.php Multiple
Parameter XSS
Campsite /admin/system_pref/do_edit.php f_site_title Parameter
XSS
DiamondList /user/main/update_settings setting[site_title]
Parameter XSS
DiamondList /user/main/update_category category[description]
Parameter XSS
CVE-2010-2577
CVE-2010-2577
CVE-2010-3013
CVE-2010-2813
CVE-2010-3023
CVE-2010-3023
Open Blog application/modules/admin/controllers/pages.php
CVE-2010-3025
content Parameter XSS
Open Blog application/modules/admin/controllers/posts.php
CVE-2010-3025
excerpt Parameter XSS
dotDefender /search q Parameter XSS
Asterisk Recording Interface voicemail.module selected7
Parameter Arbitrary File Access
NuralStorm Webmail book.php Arbitrary User Addressbook
Disclosure
NuralStorm Webmail book_include.php BGCOLOR Parameter
XSS
NuralStorm Webmail maintenance.php UPLOAD_DIR Parameter
Arbitrary File Deletion
NuralStorm Webmail problems.php Arbitrary Mail Relay
NuralStorm Webmail settings.php Arbitrary File Write
Asterisk Recording Interface voicemail.module preg_match
Function Path Disclosure
Asterisk Recording Interface page.ampusers.php Administrative
Action CSRF
Asterisk Recording Interface recording_popup.php date
Parameter XSS
SimpGB guestbook.php Multiple Field XSS
iOffice index.pl parametre Parameter Arbitrary Command
Execution
ServletExec servlet/pagecompile._admin._userMgt_xjsp Precompiled JSP Page Admin Authentication Bypass
KnowledgeTree Web Service Document Upload Manager
ktwebservice/KTUploadManager.inc.php Arbitrary File Upload
Zomplog users.php message Parameter XSS
Onyx admin/categories/update category[description] Parameter
XSS
iScripts SocialWare manage_music.php Arbitrary File Upload
iScripts SocialWare manage_videos.php Arbitrary File Upload
iScripts SocialWare album.php Arbitrary File Upload
iScripts SocialWare manage_networks.php Arbitrary File Upload
iScripts SocialWare event_thereactive.php id Parameter SQL
Injection
iScripts SocialWare event_create2.php SQL Injection
iScripts SocialWare function.php Id Parameter SQL Injection
iScripts SocialWare phpinfo.php Information Disclosure
iScripts SocialWare popups/photos.php Arbitrary File Upload
SimpGB /admin/usered.php Multiple Field XSS
DCP-Portal /modules/newsletter/insert_image.php Image
Parameter XSS
DCP-Portal /php/editor.php Image Parameter XSS
DCP-Portal /modules/gallery/view_img.php Multiple Parameter
XSS
DCP-Portal /modules/tips/show_tip.php newsId Parameter XSS
123 Flash Chat URI Traversal Arbitrary File Access
Ezyweb loginvalid.php Multiple Parameter SQL Injection
Pimcore admin/page/save/task/publish data Parameter CSRF
CMSQLite admin/mediaAdmin.php Content-Type Header
Arbitrary File Upload
PHPKick statistics.php gameday Parameter SQL Injection
CVE-2010-3029
InterPhoto Gallery InterPhoto.thumbnail.php file Parameter
Traversal Arbitrary File Access
Ezyweb insert.image.php Arbitrary PHP File Upload
Zomplog category.php message Parameter XSS
Zomplog entry.php message Parameter XSS
Zomplog newentry.php message Parameter XSS
Zomplog comments.php message Parameter XSS
Zomplog newpage.php message Parameter XSS
Zomplog page.php message Parameter XSS
Zomplog settings.php message Parameter XSS
Zomplog changeclothes.php message Parameter XSS
Zomplog settings_theme.php message Parameter XSS
Zomplog themes.php message Parameter XSS
Zomplog plugins.php message Parameter XSS
CMS Source manage.php subtarget Parameter XSS
CMS Source index.php Multiple Parameter SQL Injection
CMS Source index.php target Parameter Traversal Arbitrary File
Access
CMS Source manage.php target Parameter Traversal Arbitrary
File Access
CMSQLite admin/mediaAdmin.php Arbitrary Administrative Action
Login Bypass
Mollify backend/r.php Base64 Encoded Path Arbitrary File Access
InterPhoto Gallery mydesk.upload.php Arbitrary File Upload
Free Simple CMS themes/default/index.php Multiple Parameter
Remote File Inclusion
SAP Netweaver wsnavigator Component explorer/help.jsp title
Parameter XSS
phpMyAdmin setup.php Configuration File Arbitrary PHP Code
CVE-2010-3055
Injection
phpMyAdmin db_search.php field_str Parameter XSS
CVE-2010-3056
MC Content Manager article.php root Parameter XSS
MAXdev MD-Pro modules.php sid Parameter XSS
netStartEnterprise previeweventdetail.aspx id Parameter SQL
Injection
Cacti templates_import.php XML Template name Element XSS CVE-2010-2545
phpMyAdmin db_sql.php delimiter Parameter XSS
CVE-2010-3056
phpMyAdmin db_structure.php sort Parameter XSS
CVE-2010-3056
phpMyAdmin js/messages.php db Parameter XSS
CVE-2010-3056
phpMyAdmin server_databases.php sort_by Parameter XSS
CVE-2010-3056
phpMyAdmin server_privileges.php Multiple Parameter XSS
CVE-2010-3056
phpMyAdmin setup/config.php DefaultLang Parameter XSS
CVE-2010-3056
phpMyAdmin sql.php Multiple Parameter XSS
CVE-2010-3056
phpMyAdmin tbl_replace.php fields[multi_edit][] Parameter XSS CVE-2010-3056
phpMyAdmin tbl_sql.php Unspecified Parameter XSS
CVE-2010-3056
Atlassian JIRA Enterprise ViewIssue.jspa returnUrl Parameter
XSS
Cetera eCommerce banner.php bannerId Parameter SQL
Injection
Cetera eCommerce bannerlist.php page Parameter SQL
Database Structure Disclosure
e107 submitnews.php submitnews_title Parameter XSS
FuseTalk categories.aspx FTVAR_SORT Parameter XSS
Zoph photos.php Multiple Parameter XSS
Zoph photo.php Multiple Parameter XSS
Zoph photos.php _date-op Parameter SQL Injection
Zoph photo.php _off Parameter SQL Injection
Atlassian JIRA Enterprise ConfigureReport.jspa reportKey
Parameter Information Disclosure
Download-Engine spaw_script.js.php Multiple Parameter Remote
File Inclusion
Cacti on Red Hat High Performance Computing (HPC)
CVE-2010-2544
utilities.php filter Parameter XSS
Mapbender extensions/datepicker/datepicker.php Multiple
Parameter XSS
Mapbender php/mod_layerMetadata.php id Parameter XSS
Mapbender php/mod_printView1.php Multiple Parameter XSS
Mapbender php/nestedSets.php Multiple Parameter XSS
Mapbender php/mod_showGuiName.php gui_id Parameter XSS
Mapbender php/mod_getStyles.php getStyle Parameter XSS
Mapbender php/mod_evalArea.php length Parameter XSS
Mapbender php/mod_evalArea.php srs Parameter SQL Injection
Mapbender php/mod_saveWKT.php Multiple Parameter SQL
Injection
Download-Engine spaw_control.config.php Multiple Parameter
Remote File Inclusion
MC Content Manager static.php page Parameter XSS
MC Content Manager /cms URI XSS
MC Content Manager /cms URI SQL Injection
Target CMS php/lib/admin.php id Parameter SQL Injection
phpMyAdmin libraries/common.lib.php Unspecified Parameter
XSS
phpMyAdmin libraries/database_interface.lib.php Unspecified
Parameter XSS
phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified
Parameter XSS
phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified
Parameter XSS
phpMyAdmin libraries/db_info.inc.php Unspecified Parameter
XSS
phpMyAdmin libraries/sanitizing.lib.php Unspecified Parameter
XSS
phpMyAdmin libraries/sqlparser.lib.php Unspecified Parameter
XSS
Mihalism Multi Host users.php return Parameter XSS
Cacti cdef.php Unspecified Parameter XSS
Cacti data_input.php Unspecified Parameter XSS
Cacti data_queries.php Unspecified Parameter XSS
Cacti data_sources.php Unspecified Parameter XSS
Cacti data_templates.php Unspecified Parameter XSS
Cacti gprint_presets.php Unspecified Parameter XSS
Cacti graph.php Unspecified Parameter XSS
Cacti graphs_new.php Unspecified Parameter XSS
Cacti graphs.php Unspecified Parameter XSS
Cacti graph_templates_inputs.php Unspecified Parameter XSS
Cacti graph_templates_items.php Unspecified Parameter XSS
Cacti graph_templates.php Unspecified Parameter XSS
Cacti graph_view.php Unspecified Parameter XSS
Cacti host.php Unspecified Parameter XSS
Cacti host_templates.php Unspecified Parameter XSS
Cacti lib/functions.php Unspecified Parameter XSS
Cacti lib/html_form.php Unspecified Parameter XSS
Cacti lib/html_form_template.php Unspecified Parameter XSS
Cacti lib/html.php Unspecified Parameter XSS
Cacti lib/html_tree.php Unspecified Parameter XSS
Cacti lib/rrd.php Unspecified Parameter XSS
Cacti rra.php Unspecified Parameter XSS
Cacti tree.php Unspecified Parameter XSS
Cacti user_admin.php Unspecified Parameter XSS
Mihalism Multi Host users.php album_title Parameter Arbitrary
PHP Code Injection
BugTracker.NET search.aspx Custom Field Parameter SQL
Injection
CVE-2010-3056
CVE-2010-3056
CVE-2010-3056
CVE-2010-3056
CVE-2010-3056
CVE-2010-3056
CVE-2010-3056
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-2545
CVE-2010-3188
Prometeo CMS categoria.php ID Parameter SQL Injection
Kontakt Formular kontaktformular/formmailer.php script_pfad
Parameter Traversal Local File Inclusion
CMS & News Script light news_system/news_base.php script_
pfad Parameter Remote File Inclusion
PHP Gästebuch Script guestbook/gbook.php script_pfad
Parameter Local File Inclusion
phpBugTracker attachment.php bugid Parameter SQL Injection
phpBugTracker attachment.php add_attachment() Function
Arbitrary File Upload
Target CMS php/template/content.php content Parameter SQL
Injection
Target CMS php/template/forum.php index Parameter SQL
Injection
Target CMS php/template/blog.php id Parameter SQL Injection
Target CMS target.php template Parameter Traversal Local File
Inclusion
Target CMS php/lib/admin.php name Parameter Traversal Local
File Inclusion
Target CMS php/lib/admin.php Multiple Parameter XSS
Relay relay.php fileid Parameter SQL Injection
Relay /management/index.php Multiple Parameter SQL Injection
Relay /management/index.php email Parameter XSS
Relay relay.html Multiple Field XSS
Relay relay.php Multiple Parameter XSS
Relay /management/index.php Multiple Parameter XSS
Relay relay.php fileid Parameter Error Message XSS
Mereo mereo.exe Crafted HTTP Request Remote DoS
Wiccle Web Builder ajax.php post_text Parameter XSS
CVE-2010-3208
Serendipity Remember me Feature include/functions_
config.inc.php Unspecified Parameter XSS
CF Image Hosting Script upload/data/settings.cdb Direct Request
Credentials Disclosure
CF Image Hosting Script inc/config.php lang Parameter Traversal
Local File Inclusion
SnortReport nmap.php target Parameter Arbitrary Command
Execution
Accessories Me PHP Affiliate Script browse.php Go Parameter
CVE-2009-4985
SQL Injection
Belavir Plug-in for WordPress belavir.php Installation Path
Disclosure
CMS RedAks /search/ Controller Multiple Parameter XSS
CMS RedAks /search/ Controller search_area Parameter SQL
Injection
Scribe CMS copy_folder.php path Parameter XSS
Scribe CMS template_admin.php orig_t_id Parameter XSS
Scribe CMS administrate_file.php f Parameter XSS
Zoph php/page.inc.php Multiple Unspecified Parameters XSS
AutoHoster compareplans.php planid Parameter SQL Injection
CyberMatch profile.php id Parameter SQL Injection
bitweaver wiki/rankings.php style Parameter Traversal Local File
Inclusion
EasySnaps add_comments.php comment Parameter SQL
CVE-2010-2624
Injection
ReserveLogic packagedetails.php pid Parameter SQL Injection
SupportDesk client_chat.php username Parameter XSS
Zoph php/notify.php Multiple Unspecified Parameters XSS
Zoph php/person.inc.php Multiple Unspecified Parameters XSS
Zoph php/person.php Multiple Unspecified Parameters XSS
Zoph php/photo_search.inc.php Multiple Unspecified Parameters
XSS
Zoph php/place.inc.php Multiple Unspecified Parameters XSS
Zoph php/places.php Multiple Unspecified Parameters XSS
Zoph php/search.php Multiple Unspecified Parameters XSS
Zoph php/user.php Multiple Unspecified Parameters XSS
Zoph php/util.inc.php Multiple Unspecified Parameters XSS
EasySnaps greetings.php begin Parameter SQL Injection
CVE-2010-2624
EasySnaps tags_details.php values Parameter SQL Injection
CVE-2010-2624
AdaptCMS inc/smarty/libs/init.php sitepath Parameter Remote
CVE-2010-2618
File Inclusion
PHP Bible Search bible.php chapter Parameter XSS
CVE-2010-2617
PHP Bible Search bible.php chapter Parameter SQL Injection
CVE-2010-2616
i-netsolution Job Search Engine show_search_result.php
CVE-2010-2611
keyword Parameter SQL Injection
ForumCMS search/results keyword Parameter XSS
Simple:Press Plugin for WordPress profile/ahah/sf-ahah-profilesave.php uid Parameter User Profile Manipulation
Simple:Press Plugin for WordPress library/sf-primitives.php sf_
esc_int() Function XSS
PortalApp login.asp Multiple Parameter XSS
Novell Identity Manager ForgotPassword.jsp Return to Calling
Page Parameter XSS
WP-UserOnline Plugin for WordPress wp-content/plugins/wpuseronline/wp-useronline.php Installation Path URI XSS
Novell Identity Manager forgotUser.do Multiple Parameter XSS
Ubiquiti NanoStation stainfo.cgi ifname Arbitrary Shell Command
Execution
phpaaCMS show.php id Parameter SQL Injection
CVE-2010-2719
phpaaCMS list.php id Parameter SQL Injection
CVE-2010-2720
NetworX group_connections_list_popup.php group_id Parameter
XSS
Realtor Classifieds System search.php c Parameter SQL Injection
nuBuilder productionnu2/nuedit.php f Parameter XSS
CVE-2010-2849
nuBuilder productionnu2/fileuploader.php dir Parameter Traversal
CVE-2010-2850
Local File Inclusion
SIDA University System Portal/Research/ResearchPlan/
UserStart.aspx TBox_Email Parameter SQL Injection
Scripts Directory Software search.php s Parameter SQL Injection
Scripts Directory Software login.php Multiple Parameter SQL
Injection Authentication Bypass
NetworX upload.php File Upload Arbitrary PHP Code Execution
Auto Dealer Software info.php id Parameter SQL Injection
Home Classifieds Software search.php c Parameter SQL
Injection
Events Directory Software search.php c Parameter SQL Injection
Orbis CMS admin/editors/text/editor-body.php s Parameter XSS CVE-2010-2669
Home Classifieds Software articlesdetails.php id Parameter SQL
Injection
Views Module for Drupal modules/views/includes/ajax.inc views_
ajax_autocomplete_user() Function Permission Weakness
Username Disclosure
Events Directory Software articlesdetails.php id Parameter SQL
Injection
General Classifieds Ads Software search.php c Parameter SQL
Injection
General Classifieds Ads Software articlesdetails.php id
Parameter SQL Injection
General Classifieds Ads Software browse.php pcat Parameter
SQL Injection
Auto Classifieds Software articlesdetails.php id Parameter SQL
Injection
Auto Classifieds Software info.php id Parameter SQL Injection
Auction Software confirm.php id Parameter SQL Injection
Auction Software articlesdetails.php id Parameter SQL Injection
TornadoStore precios.php3 marca Parameter SQL Injection
TornadoStore control/abm_list.php3 where Parameter SQL
Injection
TornadoStore login_registrese.php3 Multiple Parameter XSS
TornadoStore precios.php3 rubro Parameter XSS
TornadoStore recomenda_articulo.php3 arti Parameter XSS
TornadoStore control/abm_det.php3 Multiple Parameter XSS
TornadoStore control/abm_list.php3 tit Parameter XSS
Podcast Generator download.php filename Parameter Traversal
Arbitrary File Access
Pligg login.php username Parameter SQL Injection
IBM BladeCenter Advanced Management Module private/
cindefn.php Multiple Parameter XSS
Internet DM Specialist Bed and Breakfast pages.php pp_id
Parameter SQL Injection
IBM BladeCenter Advanced Management Module power_
management_policy_options.php URI XSS
IBM BladeCenter Advanced Management Module private/power_
module.php URI XSS
IBM BladeCenter Advanced Management Module private/pm_
temp.php URI XSS
IBM BladeCenter Advanced Management Module private/blade_
leds.php URI XSS
IBM BladeCenter Advanced Management Module private/ipmi_
bladestatus.php SLOT Parameter XSS
IBM BladeCenter Advanced Management Module private/file_
management.php DIR Parameter Traversal Arbitrary File Access
IBM BladeCenter Advanced Management Module private/sdc.tgz
Logging Information Disclosure
Sandbox global.php sandbox_pass Parameter SQL Injection
Sandbox admin.php a Parameter Arbitrary File Access
Sandbox admin_modules/posts.php Arbitrary File Upload
Sandbox modules/blog.php Arbitrary File Upload
osCSS admin/currencies.php page Parameter XSS
LISTSERV wa.exe T Parameter XSS
Sijio gallery/index.php parent Parameter SQL Injection
eSitesBuilder forget.php e_mail Parameter XSS
Belavir Plug-in for WordPress my-md5.txt File Information
Disclosure
TheHostingTool /admin Multiple CSRF
TheHostingTool /includes/ajax.php CSRF
InterPhoto Gallery mydesk.edit.php User Password Change
CSRF
RunCms modules/headlines/magpierss/scripts/magpie_
debug.php url Parameter XSS
LifeType admin.php Admin User Creation CSRF
CSSTidy css_optimiser.php url Parameter XSS
Download Manager Module for CMS Made Simple modules/
DownloadManager/lib/simple-upload/example.php Arbitrary File
Upload
FireStats Plugin for WordPress firestats/php/page-tools.php
Information Disclosure
FireStats Plugin for WordPress wp-admin/index.php fs_javascript
Parameter XSS
CVE-2010-1327
CVE-2010-1327
CVE-2010-1328
CVE-2010-1328
CVE-2010-1328
CVE-2010-1328
CVE-2010-1328
CVE-2010-2654
CVE-2010-2623
CVE-2010-2654
CVE-2010-2654
CVE-2010-2654
CVE-2010-2654
CVE-2010-2654
CVE-2010-2655
CVE-2010-2656
CVE-2010-2856
CVE-2010-2723
CVE-2010-2696
CVE-2010-2852
FireStats Plugin for WordPress firestats/php/window-new-editsite.php site_id Parameter XSS
FireStats Plugin for WordPress firestats/php/window-addexcluded-ip.php edit Parameter XSS
FireStats Plugin for WordPress firestats/php/window-addexcluded-url.php edit Parameter XSS
Diem Content Management Framework dmCore Script text
Parameter XSS
Diem Content Management Framework Page Metas Managing
Script value Parameter XSS
TotalCalendar config.php inc_dir Parameter Remote File
Inclusion
Online Guestbook Pro ogp_show.php display Parameter SQL
Injection
BrotherScripts Recipe Website recipedetail.php id Parameter
SQL Injection
i-Net Enquiry Management Script viewaddedenquiry.php id
Parameter SQL Injection
Event Horizon modfile.php Multiple Parameter SQL Injection
SimpNews news.php Multiple Parameter XSS
Edge PHP Clickbank Affiliate Marketplace Script index.php
search Parameter XSS
WebDM CMS cont_form.php cf_id Parameter SQL Injection
2daybiz Custom Business Card Script login.php login_email
Parameter SQL Injection
Mortgage and Amortization Calculator Script mortgage_
amort.php Multiple Parameter XSS
OlyKit eBay Clone Script 2010 showcategory.php cid Parameter
SQL Injection
CruxPA login.php txtusername Parameter XSS
CruxPA newtodo.php todo Parameter XSS
CruxPA newtelephone.php Unspecified Parameter XSS
CruxPA newappointment.php Multiple Parameter XSS
CruxCMS manager/login.php txtusername Parameter XSS
PsNews ndetail.php id Parameter SQL Injection
PsNews print.php id Parameter SQL Injection
TCW PHP Album photos/index.php album Parameter XSS
TCW PHP Album photos/index.php album Parameter SQL
Injection
Spitfire site/tpl_demo.php URI XSS
ViArt CMS admin/admin_articles.php s Parameter XSS
GetSimple CMS admin/image.php i Parameter XSS
Juniper IVE dana-na/auth/url_default/welcome.cgi u Parameter
XSS
ConPresso CMS mod_search/index.php Multiple Parameter XSS
Pligg search.php URI XSS
FestOS /admin/do_snippets_edit.php contents Parameter XSS
DSite CMS admin/plugin.php button_name Parameter XSS
FestOS /admin/do_pages_edit.php title Parameter XSS
GetSimple CMS admin/log.php log Parameter XSS
GetSimple CMS admin/theme-edit.php Multiple Parameter XSS
GetSimple CMS admin/backup-edit.php id Parameter XSS
GetSimple CMS admin/template/error_checking.php Multiple
Parameter XSS
GetSimple CMS admin/template/header.php title Parameter XSS
GetSimple CMS admin/index.php userid Parameter XSS
GetSimple CMS admin/inc/404-mailer.php LANG Parameter
Traversal Arbitrary File Access
GetSimple CMS admin/inc/contactform.php LANG Parameter
Traversal Arbitrary File Access
CVE-2009-4928
CVE-2009-4935
CVE-2010-2670
CVE-2010-2855
CVE-2010-2858
CVE-2010-2700
CVE-2010-2689
CVE-2010-2718
CVE-2010-2718
CVE-2010-2718
CVE-2010-2718
CVE-2010-2717
CVE-2010-2716
CVE-2010-2716
CVE-2010-2715
CVE-2010-2714
GetSimple CMS admin/inc/ajax.php dir Parameter Traversal
Arbitrary Directory Listing
Spitfire site/tpl_demo.php search Parameter XSS
Spitfire cms/login/error.php URI XSS
Spitfire cms/edit/cont_index.php name Parameter XSS
Spitfire cms/edit/index.php name Parameter XSS
Spitfire cms/edit/tpl_backup_action.php text Parameter XSS
Spitfire cms/edit/tpl_user_settings_action.php text Parameter
XSS
Spitfire cms/edit/tpl_welcome_action.php text Parameter XSS
Spitfire cms/edit/tpl_ticket_action.php text Parameter XSS
Spitfire cms/edit/tpl_system_settings_action.php text Parameter
XSS
Spitfire cms/edit/tpl_show_history_action.php text Parameter
XSS
Spitfire cms/edit/tpl_show_changes_action.php text Parameter
XSS
Spitfire cms/edit/tpl_show_archive_action.php text Parameter
XSS
Spitfire cms/edit/tpl_set_ticket_action.php text Parameter XSS
Spitfire cms/edit/tpl_list_settings_action.php text Parameter XSS
Spitfire cms/edit/tpl_il8n_settings_action.php text Parameter XSS
Spitfire cms/edit/tpl_element_settings_action.php text Parameter
XSS
Spitfire cms/edit/tpl_compare_action.php text Parameter XSS
Spitfire cms/edit/tpl_user_management_action.php text
Parameter XSS
Spitfire site/cont_index.php Multiple Parameter XSS
Group-Office modules/comments/json.php comment_id
Parameter SQL Injection
Guruscript Freelancer Marketplace Script post_project.php
Multiple Parameter XSS
Subrion Auto Classifieds Script autos/submit.php auto_title
Parameter XSS
DeDeCMS rss.php _Cs Parameter SQL Injection
Calendarix Advanced cal_cat.php limit Parameter SQL Injection
Pre SoftClones Marketing Management System admin/login.aspx
Multiple Parameter SQL Injection
Xinha plugins/ExtendedFileManager/backend.php mode
Parameter XSS
Kryn CMS kryn/User.class.php Failed Login Log XSS
TopManage SAP Web Module OLK /olk/c_p/searchCart.asp
Multiple Field SQL Injection
JTalk HTTP Server Traversal Arbitrary File Access
InterScan Web Security Virtual Appliance /servlet/
com.trend.iwss.gui.servlet.MetricSetting Multiple Parameter XSS
Kryn CMS usersAdminEdit.class.php Multiple Admin Function
CSRF
InterScan Web Security Virtual Appliance /login_account_add_
modify.jsp desc Parameter XSS
NQcontent admin/index.cfm login POST Parameter XSS
PHP Chat Module for 123 Flash Chat login_chat.php select_db
Parameter Traversal Local File Inclusion
MyBB Advanced Stats on Index/Portal Plugin newthread.php
subject Parameter XSS
LILDBI-WEB e/admin/uploader.php Arbitrary File Upload
ZeeAdbox bannerclick.php bnnnerid Parameter SQL Injection
myLinksDump Plugin for WordPress myLDlinker.php url
CVE-2010-2924
Parameter SQL Injection
Group-Office modules/gnupg/json.php fingerprint Parameter
Arbitrary Shell Command Injection
SimpNews news.php lang Parameter Error Message Path
Disclosure
Music Manager Component for Joomla! album.php cid Parameter
Traversal Arbitrary File Access
Event Horizon modfile.php Multiple Parameter XSS
ArtForms Component for Joomla! assets/captcha/includes/alikon/
playcode.php l Parameter Traversal Arbitrary File Access
NewsOffice news_show.php n-cat Parameter XSS
Private Messaging Extension for PunBB misc.php message_id
Parameter SQL Injection
SyndeoCMS starnet/index.php Multiple Parameter XSS
PHPKIT pk/include.php searchtext Parameter XSS
AKY Blog default.asp id Parameter SQL Injection
SAP NetWeaver System Landscape Directory Component
paramhelp.jsp helpstring Parameter XSS
nuBuilder productionnu2/report.php GLOBALS[StartingDirectory]
Parameter Remote File Inclusion
Zabbix frontends/php/include/classes/class.curl.php Multiple
Parameter XSS
MediaWiki profileinfo.php Unspecified Parameter XSS
TotalCalendar box_display.php box Parameter Traversal
Arbitrary File Access
Lanai Core modules/backup/download.php f Parameter Traversal
Arbitrary File Access
Lanai Core info.php Direct Request Information Disclosure
TotalCalendar rss.php selectedCal Parameter SQL Injection
Scripts Directory Software info.php id Parameter SQL Injection
Scripts Directory Software articlesdetails.php id Parameter SQL
Injection
SPIP prive/informer_auteur_fonctions.php var_login Parameter
XSS
EasyManage CMS cms_show_image.php id Parameter SQL
Injection
EasyManage CMS cms_show_download.php id Parameter SQL
Injection
Smart Douran CMS Download.aspx filename Parameter
Traversal Arbitrary File Download
Visitor Logger banned.php VL_include_path Parameter Traversal
Local File Inclusion
TCExam admin/code/tce_functions_tcecode_editor.php Arbitrary
File Upload
e107 usersettings.php loginname Parameter Blacklist Weakness
SQL Injection
JV2 Folder Gallery gallery.php lang_file Parameter Remote File
Inclusion
ConPresso firma.php id Parameter SQL Injection
MoinMoin PageEditor.py template Parameter XSS
Snipe Gallery view.php cfg_admin_path Parameter Remote File
Inclusion
Snipe Gallery image.php cfg_admin_path Parameter Remote File
Inclusion
Snipe Gallery search.php cfg_admin_path Parameter Remote
File Inclusion
Snipe Gallery admin/index.php cfg_admin_path Parameter
Remote File Inclusion
Snipe Gallery admin/gallery/index.php cfg_admin_path
Parameter Remote File Inclusion
Snipe Gallery admin/gallery/view.php cfg_admin_path Parameter
Remote File Inclusion
CVE-2010-2859
CVE-2010-2857
CVE-2010-2854
CVE-2010-2848
CVE-2010-2844
CVE-2010-2922
CVE-2010-2904
CVE-2010-2790
CVE-2009-4974
CVE-2009-4960
CVE-2009-4961
CVE-2009-4973
CVE-2010-2905
CVE-2010-2906
CVE-2010-2146
CVE-2010-2153
CVE-2010-2098
CVE-2010-2127
CVE-2010-2124
CVE-2010-2126
CVE-2010-2126
CVE-2010-2126
CVE-2010-2126
CVE-2010-2126
CVE-2010-2126
Snipe Gallery admin/gallery/gallery.php cfg_admin_path
Parameter Remote File Inclusion
Snipe Gallery admin/gallery/image.php cfg_admin_path
Parameter Remote File Inclusion
Snipe Gallery admin/gallery/crop.php cfg_admin_path Parameter
Remote File Inclusion
DDLCMS thanks.php skin Parameter Traversal Local File
Inclusion
ZoneCheck zc/publisher/html.rb Multiple Parameter XSS
ClearSite docs.php cs_base_path Parameter Remote File
Inclusion
ClearSite include/admin/device_admin.php cs_base_path
Parameter Remote File Inclusion
Cyberhost default.asp id Parameter SQL Injection
ProMan elisttasks.php _SESSION[userLang] Parameter
Traversal Local File Inclusion
ProMan managepmanagers.php _SESSION[userLang]
Parameter Traversal Local File Inclusion
ProMan manageusers.php _SESSION[userLang] Parameter
Traversal Local File Inclusion
ProMan helpfunc.php _SESSION[userLang] Parameter Traversal
Local File Inclusion
ProMan managegroups.php _SESSION[userLang] Parameter
Traversal Local File Inclusion
ProMan manageprocess.php _SESSION[userLang] Parameter
Traversal Local File Inclusion
ProMan manageusersgroups.php _SESSION[userLang]
Parameter Traversal Local File Inclusion
ProMan _center.php page Parameter Remote File Inclusion
HazelPress Lite login.php Multiple Parameter SQL Injection
Authentication Bypass
Project Man login.php Multiple Parameter SQL Injection
Authentication Bypass
My Little Forum contact.php id Parameter SQL Injection
Open Education System (OES) forum/admin.php CONF_
INCLUDE_PATH Parameter Remote File Inclusion
Open Education System (OES) plotgraph/index.php CONF_
INCLUDE_PATH Parameter Remote File Inclusion
Open Education System (OES) admin_user/mod_admuser.php
CONF_INCLUDE_PATH Parameter Remote File Inclusion
Open Education System (OES) ogroup/mod_group.php CONF_
INCLUDE_PATH Parameter Remote File Inclusion
Search Log Component for Joomla! administrator/index.php
search Parameter SQL Injection
Gigya Socialize Plugin for Wordpress wp-content/plugins/gigyasocialize-for-wordpress/views/widget/widget-not-connected.php
URI
DJ-ArtGallery Component for Joomla! administrator/index.php cid
[] Parameter SQL Injection
DJ-ArtGallery Component for Joomla! administrator/index.php cid
[] Parameter XSS
Gigya Socialize Plugin for Wordpress wp-content/plugins/gigyasocialize-for-wordpress/views/widget/widget-not-logged-in.php
URI
log1 CMS /admin/engine/save_file.php content Parameter XSS
iScripts eSwap search.php txtHomeSearch Parameter XSS
iScripts EasyBiller viewhistorydetail.php planid Parameter SQL
Injection
PHP Car Hire Script group.php id Parameter SQL Injection
e107 bbcode/php.bb Access Control Check Weakness Arbitrary
PHP Code Execution
CVE-2010-2126
CVE-2010-2126
CVE-2010-2126
CVE-2010-2155
CVE-2010-2145
CVE-2010-2145
CVE-2010-2142
CVE-2010-2138
CVE-2010-2138
CVE-2010-2138
CVE-2010-2138
CVE-2010-2138
CVE-2010-2138
CVE-2010-2138
CVE-2010-2137
CVE-2010-2135
CVE-2010-2134
CVE-2010-2133
CVE-2010-2132
CVE-2010-2132
CVE-2010-2132
CVE-2010-2132
CVE-2010-2099
CubeCart index.php shipKey Parameter SQL Injection
MCLogin System login_index.php myusername Parameter SQL
Injection
Rayzz Photoz members/profileCommentsResponse.php
profileCommentTextArea Parameter XSS
odCMS _main/index.php Page Parameter XSS
odCMS _members/index.php Page Parameter XSS
odCMS _forum/index.php Page Parameter XSS
odCMS _docs/index.php Page Parameter XSS
odCMS _announcements/index.php Page Parameter XSS
log1 CMS db/uploaded/ Verification Error Arbitrary File Upload
Nuggetz CMS /nuggetz/admin/ajaxsave.php pagevalue
Parameter CSRF
Webmedia Explorer /includes/folder.class.php readme Parameter
CSRF
FlatnuX CMS verify.php body Parameter XSS
FlatnuX CMS News Module /sections/00_News/section.php head
Parameter XSS
e107 contact.php Arbitrary PHP Command Execution
JV2 Folder Gallery popup_slideshow.php Multiple Parameter
Local File Inclusion
DS-Syndicate for Joomla! feed_id Parameter Path Disclosure
Zabbix events.php nav_time Parameter SQL Injection
GetSimple CMS /admin/components.php val[] Parameter XSS
RuubikCMS index.php description Parameter XSS
360 Web Manager webpages-form-led-edit.php IDFM Parameter
SQL Injection
360 Web Manager /menu/sub-menu-led-01.php IDM Parameter
XSS
Juniper IVE OS Web Interface /dana/nc/ncrun.cgi DSSignInURL
Parameter XSS
McAfee UTM Firewall /cgi-bin/cgix/help page Parameter XSS
Juniper IVE OS Web Interface homepage.cgi Location Parameter
Arbitrary Site Redirect
Groones Simple Contact Form contact.php abspath Parameter
Remote File Inclusion
ArtDesign CMS news.php id Parameter SQL Injection
GR Board page.php theme Parameter Remote File Inclusion
DS-Syndicate for Joomla! feed_id Parameter SQL Injection
DS-Syndicate for Joomla! feed_id Parameter Traversal Arbitrary
File Overwrite
Arab Portal members.php by Parameter SQL Injection
IgnitionSuite Web CMS Mailing List Arbitrary User Unsubscribe
Dijitals CMS login/ Multiple Parameter XSS
Virtual Real Estate Manager listing_detail.asp Lid Parameter SQL
Injection
Netvolution CMS default.asp artID Parameter SQL Injection
SchoolMation schoolmv2/html/studentmain.php session
Parameter XSS
Science Fair In A Box winners.php type Parameter XSS
Dijitals CMS /contact/6/ Multiple Parameter XSS
AWCM header.php awcm_lang Cookie Parameter Traversal
Local File Inclusion
PG eLMS Pro subscribe.php course_id Parameter SQL Injection
Science Fair In A Box winners.php type Parameter SQL Injection
PG eLMS Pro error.php msg Parameter XSS
Pay Per Minute Video Chat Script index_ie.php page Parameter
SQL Injection
CVE-2010-1931
CVE-2010-2344
CVE-2010-2344
CVE-2010-2344
CVE-2010-2344
CVE-2010-2344
CVE-2010-2288
CVE-2010-2290
CVE-2010-2289
CVE-2010-2340
CVE-2010-2354,2010-2355,2010-2356
CVE-2010-2355,2010-2354,2010-2356
CVE-2010-2257
Wing FTP Server Admin Interface admin_loginok.html POST
Request XSS
Linksys WAP54Gv3 Debug_command_page.asp Multiple
Parameter Shell Metacharacter Arbitrary Command Execution
Linksys WAP54Gv3 debug.cgi Multiple Parameter Shell
Metacharacter Arbitrary Command Execution
WMS-CMS default.asp Multiple Parameter SQL Injection
CuteSITE CMS add_user.php user_id Parameter SQL Injection
CuteSITE CMS main.php fld_path Parameter XSS
PRTG Traffic Grapher login.htm url Parameter XSS
MODx manager/index.php Multiple Parameter SQL Injection
WMS-CMS printpage.asp Multiple Parameter SQL Injection
WMS-CMS default.asp Multiple Parameter XSS
VU Web Visitor Analyst redir.asp Multiple Parameter SQL
Injection Authentication Bypass
Yamamah themes/default/download.php download Parameter
Traversal Arbitrary File Access
Email Image Upload output.php Traversal Arbitrary File Upload
Arbitrary PHP Code Execution
Collabtive managechat.php uid Parameter SQL Injection
Zincksoft Property Listing Script view.php PID Parameter SQL
Injection
Parallels System Automation servlet/Help locale Parameter
Traversal Local File Inclusion
DaLogin new.php id Parameter SQL Injection
DaLogin new.php Multiple Parameter XSS
PunBB profile.php Multiple Parameter XSS
Accoria Web Server loadstatic.cgi name Parameter Traversal
Arbitrary File Access
Accoria Web Server authcfg.cgi User Account Creation CSRF
Accoria Web Server loadstatic.cgi desc Parameter XSS
Accoria Web Server httpdcfg.cgi name Parameter XSS
Accoria Web Server servercfg.cgi dns Parameter XSS
Microsoft Windows Help and Support Center sysinfo/
sysinfomain.htm svr Parameter XSS
nginx Encoded Traversal Sequence Memory Corruption Remote
DoS
Joke Website Script search.php keyword Parameter XSS
Nakid CMS modules/catalog/upload_photo.php core[system_
path] Parameter Remote File Inclusion
e-Book Store Website Script search.php keyword Parameter SQL
Injection
Joke Website Script search.php keyword Parameter SQL
Injection
PHPCityPortal cms_data.php page Parameter XSS
phpBazar picturelib.php cat Parameter Remote File Inclusion
ardeaCore ardeaCore/lib/core/ardeaInit.php pathForArdeaCore
Parameter Remote File Inclusion
Membership Site Script view.php id Parameter SQL Injection
Daily Inspirational Quotes Script tellafriend.php id Parameter SQL
Injection
Travel Website Script / Easy Travel Portal tour_packages.asp
country Parameter SQL Injection
Document Library view_group.asp intGroupID Parameter SQL
Injection
2daybiz Online Classified Script headersearch.php sid Parameter
XSS
2daybiz Network Community Script scrapbook.php id Parameter
XSS
CVE-2010-2428
CVE-2010-2261
CVE-2010-2261
CVE-2010-2317
CVE-2010-2317
CVE-2010-2316
CVE-2010-2338
CVE-2010-2334
CVE-2009-4894
CVE-2010-2269
CVE-2010-2268
CVE-2010-2267
CVE-2010-2267
CVE-2010-2267
CVE-2010-2265
CVE-2010-2266
CVE-2010-2358
CVE-2010-2318
CVE-2010-2315
2daybiz Network Community Script view_photo.php alb
Parameter XSS
Moodle blog/index.php Unspecified Parameter XSS
Moodle lib/weblib.php Unspecified Parameter XSS
Moodle report/overview/report.php attemptid Parameter Quiz
Report Deletion CSRF
Xataface Search Function Dataface/templates/Dataface_Main_
Template.html XSS
Banner Management trackads.php id Parameter SQL Injection
EZPX Photoblog system/application/views/public/
commentform.php tpl_base_dir Parameter Remote File Inclusion
Subdreamer CMS admin/pages.php categoryids[] Parameter
SQL Injection
Getaphpsite Job Search content.php topic Parameter SQL
Injection
DMXReady Online Notebook Manager
onlinenotebookmanager.asp ItemID Parameter SQL Injection
2daybiz Job Search Engine Script show_search_result.php
keyword Parameter SQL Injection
PG eLMS Pro subscribe.php course_id Parameter XSS
Getaphpsite Top Sites Script category.php cat Parameter SQL
Injection
2daybiz Video Community Portal Script video.php videoid
Parameter XSS
IBM WebSphere ILOG JRules faces/explore/explore.jsp URI XSS
IBM WebSphere ILOG JRules faces/compose/compose.jsp URI
XSS
IBM WebSphere ILOG JRules faces/home.jsp scripts URI XSS
2daybiz Social Community Software admin/index.php Multiple
Parameter SQL Injection
Ultimate PHP Board admin_restore.php Access Restriction
Bypass
Site2Nite Boat Classifieds printdetail.asp ID Parameter SQL
Injection
Jamroom forum.php post_id Parameter XSS
Site2Nite Boat Classifieds detail.asp ID Parameter SQL Injection
osCMax admin/articles.php articles_description[] Parameter XSS
2daybiz Photo Sharing Script freesearch.php search Parameter
XSS
2daybiz Job Site Script view_current_job.php jid Parameter SQL
Injection
2daybiz Freelance Script project_details.php pid Parameter SQL
Injection
2daybiz Matrimonial Script customprofile.php id Parameter SQL
Injection
2daybiz Photo Sharing Script freesearch.php search Parameter
SQL Injection
2daybiz Job Site Script show_search_more.php job_iid
Parameter SQL Injection
2daybiz Job Site Script show_search_result.php left_cat
Parameter SQL Injection
2daybiz Real Estate Portal Script viewpropertydetails.php id
Parameter SQL Injection
2daybiz Web Template category.php keyword Parameter XSS
OpenEMR new_comprehensive_save.php Multiple Parameter
XSS
2daybiz Multi Level Marketing Software viewnews.php nwsid
Parameter SQL Injection
Novell iManager /nps/servlet/webacc/ Multiple Parameter
Overflow
CVE-2010-2229
CVE-2010-2230
CVE-2010-2231
CVE-2010-2341
CVE-2010-2339
CVE-2010-2342
CVE-2010-2356
CVE-2010-2458
CVE-2010-2433
CVE-2010-2433
CVE-2010-2433
CVE-2010-2463
CVE-2010-2512
CVE-2010-2509
CVE-2010-2511
CVE-2010-1929
Novell iManager /nps/servlet/webacc/ Tree Parameter Off-by-One
CVE-2010-1930
DoS
2daybiz Web Template memberlogin.php password Parameter
CVE-2010-2509
XSS
2daybiz Web Template customize.php tid Parameter SQL
CVE-2010-2510
Injection
2daybiz B2B Portal companyinfo.php id Parameter SQL Injection
Ultimate PHP Board admin_restore.php file Parameter Traversal
Arbitrary File Access
Bigforum forum.php id Parameter SQL Injection
Trend Micro InterScan Web Security Virtual Appliance login_
account_add_modify.jsp New Admin Addition CSRF
AneCMS Blog modules/blog/index.php comment Parameter XSS CVE-2010-2437
AneCMS Blog modules/blog/index.php PATH_INFO Parameter
CVE-2010-2436
SQL Injection
2daybiz Video Community Portal Script user-profile.php userid
CVE-2010-2508
Parameter SQL Injection
Cimy Counter Plugin for WordPress wp-content/plugins/cimycounter/cc_redirect.php fn Parameter Arbitrary Site Redirect
Bilder Upload Script processing.php Arbitrary File Upload
2daybiz Custom T-Shirt Design Script products_details.php sbid
Parameter SQL Injection
TaskFreak logout.php tznMessage Parameter XSS
CVE-2010-1520
PTCPay GeN4 buyupg.php upg Parameter SQL Injection
2daybiz Video Community Portal Script video.php videoid
CVE-2010-2459
Parameter SQL Injection
Shareasale Script merchant_product_list.php merchant_id
CVE-2010-2460
Parameter SQL Injection
Overstock storecat.php store Parameter SQL Injection
CVE-2010-2461
iScripts VisualCaster playVideo.php product_id Parameter SQL
Injection
OroHYIP withdraw_money.php id Parameter SQL Injection
CVE-2010-2462
oBlog article.php comment=new Action Remote DoS
CVE-2009-4904
oBlog admin/write.php Multiple Parameter XSS
CVE-2009-4908
oBlog admin/groups.php Multiple Parameter XSS
CVE-2009-4908
oBlog admin/blogroll.php Multiple Parameter XSS
CVE-2009-4908
oBlog admin/settings.php Multiple Parameter XSS
CVE-2009-4908
MetInfo search/search.php searchword Parameter XSS
2daybiz E-mail Portal Script php121_editname.php uid Parameter
XSS
oBlog admin/index.php HTTP Request Brute Force Password
CVE-2009-4909
Guessing Weakness
2daybiz Custom T-Shirt Design Script designview.php designid
Parameter SQL Injection
2daybiz Custom T-Shirt Design Script products.php pid
Parameter SQL Injection
ARSC Really Simple Chat base/dereferer.php arsc_link
Parameter Remote File Inclusion
Rent vs. Buy Calculator Script rent_v_buy.php Multiple Parameter
XSS
PageDirector CMS siteadmin/adduser.php Access Restriction
Bypass
PageDirector CMS result.php sub_catid Parameter SQL Injection
ARSC Really Simple Chat base/admin/login.php arsc_message
Parameter XSS
TaskFreak login.php password Parameter SQL Injection
CVE-2010-1521
2daybiz E-mail Portal Script php121_editname.php uid Parameter
SQL Injection
Grafik CMS admin/admin.php Multiple Parameter XSS
LIOOSYS CMS news.php id Parameter SQL Injection
Miyabi CGI Tools SEO Links index.pl fn Parameter Arbitrary
Command Injection
YPNinc PHP Realty Script dpage.php docID Parameter SQL
Injection
Linksys WAP54Gv3 debug.cgi data1 Parameter XSS
CVE-2010-2506
Website Baker admin/login/index.php username Parameter XSS
TopManage OLK clientes.asp Multiple Parameter SQL Injection
Website Baker admin/preferences/details.php display_name
Parameter XSS
Website Baker modules/form/save_field.php title Parameter XSS
Website Baker admin/preferences/details.php Multiple Parameter
SQL Injection
Website Baker admin/pages/add.php Multiple Parameter SQL
Injection
Website Baker admin/pages/settings2.php Multiple Parameter
SQL Injection
Website Baker admin/pages/sections.php Multiple Parameter
SQL Injection
Website Baker admin/modules/details.php file Parameter
Traversal File Enumeration
Website Baker admin/templates/details.php file Parameter
Traversal File Enumeration
Website Baker admin/preferences/details.php language
Parameter Traversal Arbitrary File Access
Website Baker admin/languages/details.php code Parameter
Traversal Arbitrary File Access
Website Baker admin/pages/settings2.php template Parameter
Traversal Arbitrary File Access
Website Baker admin/pages/add.php type Parameter Traversal
Arbitrary File Access
Bugzilla Search.pm Boolean Chart Search Crafted URL TimeCVE-2010-1204
tracking Remote Information Disclosure
Grafik CMS admin/admin.php id Parameter SQL Injection
CKForms Component for Joomla! models/ckforms.php
CkformsModelCkforms::saveData() Method Arbitrary File Upload
Geeklog Forum createtopic.php URI XSS
openMairie openCimetiere obj/autorisation.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCatalogue scr/soustab.php dsn[phptype]
CVE-2010-1999
Parameter Traversal Arbitrary File Access
Campsite javascript/tinymce/plugins/campsiteattachment/
CVE-2010-1867
attachments.php article_id Parameter SQL Injection
JobPost type.asp iType Parameter SQL Injection
CVE-2010-1727
NIBE RCU 11 Heat Pump cgi-bin/read.cgi page Parameter
Directory Traversal Arbitrary File Access
openMairie openAnnuaire obj/annuaire.class.php path_om
CVE-2010-1921
Parameter Remote File Inclusion
openMairie openAnnuaire obj/droit.class.php path_om Parameter
CVE-2010-1921
Remote File Inclusion
openMairie openAnnuaire obj/collectivite.class.php path_om
CVE-2010-1921
Parameter Remote File Inclusion
openMairie openAnnuaire obj/profil.class.php path_om Parameter
CVE-2010-1921
Remote File Inclusion
openMairie openAnnuaire obj/direction.class.php path_om
CVE-2010-1921
Parameter Remote File Inclusion
openMairie openAnnuaire obj/service.class.php path_om
CVE-2010-1921
Parameter Remote File Inclusion
openMairie openAnnuaire obj/directiongenerale.class.php path_
CVE-2010-1921
om Parameter Remote File Inclusion
openMairie openAnnuaire obj/utilisateur.class.php path_om
CVE-2010-1921
Parameter Remote File Inclusion
openMairie openAnnuaire scr/soustab.php dsn[phptype]
CVE-2010-1920
Parameter Directory Traversal Arbitrary File Access
KrM Haber d_atabase/Krmdb.mdb Direct Request Database
CVE-2010-1736
Disclosure
B2B Gold Script product.html id Parameter SQL Injection
CVE-2010-1744
Mesut Manset Haber admin/admin_haber.asp Authentication
Bypass
NolaPro nporderitemremote.php linenum Parameter XSS
Scratcher projects.php show Parameter XSS
CVE-2010-1742
NolaPro example.php file Parameter XSS
Scratcher projects.php id Parameter SQL Injection
CVE-2010-1743
openMairie openCimetiere obj/courrierautorisation.class.php
CVE-2010-1944
path_om Parameter Remote File Inclusion
openMairie openCimetiere obj/droit.class.php path_om Parameter
CVE-2010-1944
Remote File Inclusion
openMairie openCimetiere obj/profil.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/temp_defunt_
sansemplacement.class.php path_om Parameter Remote File
CVE-2010-1944
Inclusion
openMairie openCimetiere obj/utils.class.php path_om Parameter
CVE-2010-1944
Remote File Inclusion
openMairie openCimetiere obj/cimetiere.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/defunt.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/emplacement.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/tab_emplacement.class.php path_
CVE-2010-1944
om Parameter Remote File Inclusion
openMairie openCimetiere obj/temp_emplacement.class.php
CVE-2010-1944
path_om Parameter Remote File Inclusion
openMairie openCimetiere obj/voie.class.php path_om Parameter
CVE-2010-1944
Remote File Inclusion
openMairie openCimetiere obj/collectivite.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/defunttransfert.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/entreprise.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/temp_autorisation.class.php path_
CVE-2010-1944
om Parameter Remote File Inclusion
openMairie openCimetiere obj/travaux.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/zone.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/courrier.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/dossier.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/plans.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/temp_defunt.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
openMairie openCimetiere obj/utilisateur.class.php path_om
CVE-2010-1944
Parameter Remote File Inclusion
PHP-Quick-Arcade Arcade.php phpqa_user_c Parameter SQL
CVE-2010-1661
Injection
PHP-Quick-Arcade acpmoderate.php id Parameter SQL Injection CVE-2010-1661
NolaPro sidemenu.php menutitle Parameter XSS
NolaPro checkfile.php Local File Information Disclosure
NIBE RCU 11 Heat Pump cgi-bin/exec.cgi script Parameter
Command Injection
Mango Blog post.cfm URI XSS
ecoCMS admin.php p Parameter XSS
KubeBlog kubeblog/adm/users_add.php CSRF
PHP-Quick-Arcade acpmoderate.php serv Parameter XSS
Gallo core/includes/gfw_smarty.php config[gfwroot] Parameter
Remote File Inclusion
Moodle Wiki Module mod/wiki/view.php add_to_log Function SQL
Injection
Moodle lib/form/selectgroups.php Form Element SQL Injection
Moodle user/view.php Course Profile Page Username Disclosure
Moodle weblib.php fix_non_standard_entities Function XSS
Simply Classifieds classified/new_cats.php description Field XSS
Zeroboard lib.php Crafted Parameter Name Arbitrary PHP Code
Execution
WHMCompleteSolution submitticket.php deptid Parameter SQL
Injection
Piwigo register.php Multiple Parameter XSS
Free Realty agentadmin.php Multiple Parameter SQL Injection
Authentication Bypass
PostNuke modules.php sid Parameter SQL Injection
CF Image Host upload.php File Upload Arbitrary PHP Code
Execution
Active Calendar test.php URI XSS
Cumulus Tagcloud Extension for TYPO3 typo3conf/ext/t3m_
cumulus_tagcloud/pi1/tagcloud.swf tagcloud Parameter XSS
Blogumus tagcloud.swf tagcloud Parameter XSS
ezContents CMS admin/adminlogin.php login Parameter SQL
Injection
xbtit include/functions.php userlogin() Function uid Cookie SQL
Injection
vBulletin validator.php Arbitrary File / Directory Disclosure
eWebeditor upload.asp dir Parameter Traversal Arbitrary
Directory Disclosure
IdeaCMS FCKeditor connector.asp Arbitrary File Upload
Factux admin_modif.php lang Parameter Traversal Local File
Inclusion
AzDGDatingMedium bad.php Unspecified Parameter XSS
GetSimple CMS download.php file Parameter Traversal Arbitrary
File Access
Factux admin.php lang Parameter Traversal Local File Inclusion
Factux article_new.php lang Parameter Traversal Local File
Inclusion
Factux article_update.php lang Parameter Traversal Local File
Inclusion
Factux backup.php lang Parameter Traversal Local File Inclusion
Factux backup_timeout.php lang Parameter Traversal Local File
Inclusion
Factux bon_suite.php lang Parameter Traversal Local File
Inclusion
Factux ca_annee.php lang Parameter Traversal Local File
Inclusion
ShareTronix header.php page_title Parameter HTML Injection
ezContents CMS bannerclick.php id Parameter SQL Injection
ezContents CMS comments.php article Parameter SQL Injection
ezContents CMS control.php Multiple Parameter SQL Injection
ezContents CMS headeruserdata.php Multiple Parameter SQL
Injection
ezContents CMS login.php Multiple Parameter SQL Injection
CVE-2010-1662
CVE-2010-1737
CVE-2010-1615
CVE-2010-1615
CVE-2010-1617
CVE-2010-1619
CVE-2009-4834
CVE-2010-1702
CVE-2010-1707
CVE-2010-1708
CVE-2010-1713
ezContents CMS menu.php Multiple Parameter SQL Injection
ezContents CMS module.php Multiple Parameter SQL Injection
ezContents CMS modules/diary/m_diaryform.php DiaryID
Parameter SQL Injection
ezContents CMS modules/diary/showdiary.php Multiple
Parameter SQL Injection
ezContents CMS modules/diary/showdiarydetail.php diaryid
Parameter SQL Injection
ezContents CMS modules/gallery/m_galleryform.php galleryID
Parameter SQ Injection
ezContents CMS modules/gallery/showgallerydetails.php
galleryid Parameter SQL Injection
ezContents CMS modules/links/m_linksform.php GuestbookID
Parameter SQL Injection
ezContents CMS modules/guestbook/m_guestbookform.php
LinkID Parameter SQL Injection
ezContents CMS modules/modfunctions.php topgroupname
Parameter SQL Injection
ezContents CMS modules/news/m_news.php NewsID Parameter
SQL Injection
ezContents CMS modules/news/shownewsdetails.php newsid
Parameter SQL Injection
ezContents CMS modules/poll/m_pollform.php PollID Parameter
SQL Injection
ezContents CMS modules/poll/m_polloptiondel.php PollOptionID
Parameter SQL Injection
ezContents CMS modules/poll/m_polloptions.php PollID
Parameter SQL Injection
ezContents CMS modules/poll/m_polloptionsform.php
PollOptionID Parameter SQL Injection
ezContents CMS modules/reviews/m_reviewsform.php reviewsID
Parameter SQL Injection
ezContents CMS modules/reviews/showreviewdetails.php
reviewsid Parameter SQL Injection
ezContents CMS printer.php article Parameter SQL Injection
ezContents CMS rateit.php article Parameter SQL Injection
ezContents CMS selectsite.php Site Parameter SQL Injection
ezContents CMS selecttheme.php Theme Parameter SQL
Injection
ezContents CMS showcontents.php Multiple Parameter SQL
Injection
ezContents CMS showdetails.php contentname Parameter SQL
Injection
ezContents CMS userinfo.php topgroupname Parameter SQL
Injection
ezContents CMS comments.php Authentication Bypass
Billwerx RC request_account.php primary_number Parameter
SQL Injection
GuppY newsletter.php lng Parameter SQL Injection
EC21 Clone offers_buy.php id Parameter SQL Injection
Alibaba Clone Platinum offers_buy.php id Parameter SQL
Injection
Tirzen Framework (TZN) tzn_mysql.php Username Parameter
SQL Injection Authentication Bypass
Basic Analysis And Security Engine (BASE) base_ag_
common.php Unspecified Parameter SQL Injection
Simply Classifieds edit_advert.php CSRF
AzDGDatingMedium ban.php Unspecified Parameter XSS
AzDGDatingMedium bedroom.php Unspecified Parameter XSS
AzDGDatingMedium birthday.php Unspecified Parameter XSS
AzDGDatingMedium mail.php Unspecified Parameter XSS
CVE-2010-1741
CVE-2010-1740
CVE-2010-1726
CVE-2010-1725
CVE-2010-1583
CVE-2009-4838
AzDGDatingMedium send.php Unspecified Parameter XSS
AzDGDatingMedium stat.php Unspecified Parameter XSS
AzDGDatingMedium links.php Unspecified Parameter XSS
AzDGDatingMedium login.php Unspecified Parameter XSS
AzDGDatingMedium photos.php Unspecified Issue
DynPG CMS counter.php DefineRootToTool Parameter Remote
CVE-2010-1299
File Inclusion
leaftec cms article.php id Parameter SQL Injection
OSSIM control_panel/alarm_console.php URI XSS
OSSIM vulnmeter/first/index.php URI XSS
OSSIM nagios/index.php sensor Parameter Arbitrary Site
Redirect
Easy File Sharing Web Server files.sdb File List Disclosure
Seccubus get_report.pl type Parameter Traversal Arbitrary File
Access
Zabbix PHP Frontend api_jsonrpc.php user Parameter SQL
CVE-2010-1277
Injection
Sheedravi CMS advancedsearch.aspx txtAdvancedkeyword
Parameter SQL Injection Authentication Bypass
Advenced Management For Services Sites admincp/global.php
Authentication Bypass
Solutive CMS products_by_cat.php cat_id Parameter SQL
Injection
MassMirror Uploader upload.php MM_ROOT_DIRECTORY
Parameter Remote File Inclusion
Uiga Proxy include/template.php content Parameter Remote File
CVE-2010-1528
Inclusion
Profi Einzelgebots Auktions System auktion_text.php id_auk
Parameter SQL Injection
Nodesforum erase_user_data.php _nodesforum_path_from_
CVE-2010-1351
here_to_nodesforum_folder Parameter Remote File Inclusion
AjaXplorer plugins/access.ssh/checkInstall.php destServer
Parameter Shell Metacharacter Arbitrary Command Execution
Vor und Rückwärts Auktions System auktionen.php id_auk
Parameter SQL Injection
Mahara lib/user.php username Parameter SQL Injection
CVE-2010-0400
MassMirror Uploader upload_progress.php MM_ROOT_
DIRECTORY Parameter Remote File Inclusion
Solutive CMS product_detail.php id Parameter SQL Injection
Solutive CMS news_content.php id Parameter SQL Injection
Nodesforum pre_output.php _nodesforum_code_path Parameter
CVE-2010-1351
Remote File Inclusion
FreePHPBlogSoftware default_theme.php phpincdir Parameter
Remote File Inclusion
PhotoPost vBGallery profile.php Multiple Parameter SQL Injection
McAfee Email Gateway admin/queuedMessage.do Multiple
Parameter XSS
NextGEN Gallery Plugin for WordPress wp-content/plugins/
CVE-2010-1186
nextgen-gallery/xml/media-rss.php mode Parameter XSS
EASY Enterprise DMS epctrl.jsp Multiple Parameter XSS
SafeSHOP admin/system-alert.asp errMsg Parameter XSS
ShopSystem view_image.php id Parameter SQL Injection
Edimax AR-7084gA Forms/adv_nat_virsvr_1 Unspecified CSRF
DynPG CMS plugins/DPGguestbook/guestbookaction.php
CVE-2010-1299
PathToRoot Parameter Remote File Inclusion
DynPG CMS backendpopup/popup.php get_popUpResource
CVE-2010-1299
Parameter Remote File Inclusion
Pulse CMS view.php f Parameter Traversal Arbitrary File Access CVE-2010-1298
Gnat-TGP includes/tgpinc.php DOCUMENT_ROOT Parameter
CVE-2010-1272
Remote File Inclusion
WebMaid CMS cContactus.php com Parameter Traversal
Arbitrary File Access
WebMaid CMS cGuestbook.php com Parameter Traversal
Arbitrary File Access
WebMaid CMS cArticle.php com Parameter Traversal Arbitrary
File Access
WebMaid CMS template/babyweb/index.php Multiple Parameter
Remote File Inclusion
WebMaid CMS template/calm/footer.php Multiple Parameter
Remote File Inclusion
WebMaid CMS template/calm/top.php menu Parameter Remote
File Inclusion
WebMaid CMS template/wm025/footer.php Multiple Parameter
Remote File Inclusion
Garage Sale post.php Ad Posting Arbitrary File Upload
xbtit include/functions.php uid Cookie SQL Injection
Vanilla definitions.php Multiple Parameter Remote File Inclusion
Teamsite Hack Plugin for WoltLab Burning Board ts_other.php
userid Parameter XSS
Axon Virtual PBX /extensioninstruction id Parameter XSS
Axon Virtual PBX /logdelete file Parameter Traversal Arbitrary File
Deletion
Axon Virtual PBX /logprop file Parameter Traversal Arbitrary File
Access
openUrgence Vaccin collectivite.class.php path_om Parameter
Directory Traversal Remote File Inclusion
TYPO3 Tip-A-Friend Extension class.tx_tipafriend.php
Unspecified Parameter XSS
openMairie openStock scr/soustab.php dsn[phptype] Parameter
Traversal Local File Inclusion
openMairie openTel gen/obj/droit.class.php dsn[phptype]
Parameter Remote File Inclusion
openMairie openTel gen/obj/profil.class.php dsn[phptype]
Parameter Remote File Inclusion
openMairie openTel gen/obj/utilisateur.class.php dsn[phptype]
Parameter Remote File Inclusion
Webessence CMS webessence/admin/media.php type
Parameter XSS
Multi Profit Websites page.php id Parameter Traversal Arbitrary
File Access
Uiga FanClub admin/admin_login.php Multiple Parameter SQL
Injection
Media In Spot CMS view/lang/index.php page Parameter
Directory Traversal Local File Inclusion
Siestta carga_foto_al.php usuario Parameter XSS
FAQEngine attachs.php path_faqe Parameter Remote File
Inclusion
FAQEngine backup.php path_faqe Parameter Remote File
Inclusion
FAQEngine badwords.php path_faqe Parameter Remote File
Inclusion
FAQEngine categories.php path_faqe Parameter Remote File
Inclusion
FAQEngine changepw.php path_faqe Parameter Remote File
Inclusion
FAQEngine colorchooser.php path_faqe Parameter Remote File
Inclusion
FAQEngine colorwheel.php path_faqe Parameter Remote File
Inclusion
FAQEngine dbfiles.php path_faqe Parameter Remote File
Inclusion
CVE-2010-1267
CVE-2010-1267
CVE-2010-1267
CVE-2010-1266
CVE-2010-1266
CVE-2010-1266
CVE-2010-1266
CVE-2010-1337
CVE-2010-1339
CVE-2010-1467
CVE-2010-1366
CVE-2010-1711
CVE-2010-1360
CVE-2010-1360
CVE-2010-1360
CVE-2010-1360
CVE-2010-1360
CVE-2010-1360
CVE-2010-1360
CVE-2010-1360
FAQEngine diraccess.php path_faqe Parameter Remote File
CVE-2010-1360
Inclusion
FAQEngine faq.php path_faqe Parameter Remote File Inclusion CVE-2010-1360
FAQEngine kb.php path_faqe Parameter Remote File Inclusion CVE-2010-1360
FAQEngine stats.php path_faqe Parameter Remote File Inclusion CVE-2010-1360
TANDBERG Video Communication Server Web Admin Interface
CVE-2009-4511
helppage.php page Parameter Traversal Arbitrary File Access
TANDBERG Video Communication Server Admin Web Console
secure.php Crafted HTTP Cookie: tandberg_login= Header
CVE-2009-4509
Authentication Bypass
Siestta login.php idioma Parameter Traversal Local File Inclusion CVE-2010-1710
MyBB usercp2.php CSRF
openUrgence Vaccin injection.class.php path_om Parameter
CVE-2010-1467
Directory Traversal Remote File Inclusion
openUrgence Vaccin utilisateur.class.php path_om Parameter
CVE-2010-1467
Directory Traversal Remote File Inclusion
openUrgence Vaccin droit.class.php path_om Parameter
CVE-2010-1467
Directory Traversal Remote File Inclusion
openUrgence Vaccin laboratoire.class.php path_om Parameter
CVE-2010-1467
Directory Traversal Remote File Inclusion
openUrgence Vaccin vaccin.class.php path_om Parameter
CVE-2010-1467
Directory Traversal Remote File Inclusion
openUrgence Vaccin effetsecondaire.class.php path_om
CVE-2010-1467
Parameter Directory Traversal Remote File Inclusion
openUrgence Vaccin medecin.class.php path_om Parameter
CVE-2010-1467
Directory Traversal Remote File Inclusion
openUrgence Vaccin individu.class.php path_om Parameter
CVE-2010-1467
Directory Traversal Remote File Inclusion
openUrgence Vaccin profil.class.php path_om Parameter
CVE-2010-1467
Directory Traversal Remote File Inclusion
openUrgence Vaccin src/soustab.php dsn[phptype] Parameter
CVE-2010-1466
Directory Traversal Local File Inclusion
EASY Enterprise DMS dlc_printLB.jsp dlcFileId Parameter XSS
Tiny Java Web Server (TJWS) snoop.jsp Path Disclosure
REDAXO redaxo/include/addons/version/pages/index.inc.php
REX[INCLUDE_PATH] Parameter Remote File Inclusion
dl_stats view_file.php id Parameter SQL Injection
CVE-2010-1498
openMairie openScrutin obj/droit.class.php path_om Parameter
Remote File Inclusion
REDAXO redaxo/include/addons/import_export/pages/
index.inc.php REX[INCLUDE_PATH] Parameter Remote File
Inclusion
dl_stats download.php id Parameter SQL Injection
CVE-2010-1498
dl_stats download_proc.php id Parameter XSS
CVE-2010-1497
e107 e107_plugins/content/content_manager.php content_
CVE-2010-0997
heading Parameter XSS
MusicBox genre_artists.php id Parameter SQL Injection
CVE-2010-1499
RJ-iTop Network Vulnerabilities Scan System roleManager.jsp id
Parameter SQL Injection
CMS Ariadna detResolucion.php Multiple Parameter SQL
Injection
openMairie openReglement obj/accompagnants.class.php path_
om Parameter Remote File Inclusion
openMairie openTel soustab.php dsn[phptype] Parameter
Directory Traversal Local File Inclusion
Tip-A-Friend Extension for TYPO3 class.tx_tipafriend.php URI
XSS
openMairie openRegistreCIL /obj/autorisation_normale.class.php
path_om Parameter Directory Traversal Remote File Inclusion
e107 e107_admin/banner.php click_url Parameter SQL Injection
CactuShop in _invoice.asp Multiple Parameter XSS
CVE-2010-1486
phpThumb() phpThumb.php fltr[] Parameter Arbitrary Shell
CVE-2010-1598
Command Execution
Elastix help/frameRight.php id_nodo Parameter Traversal
CVE-2010-1492
Arbitrary File Access
Two-Step External Links Module for vBulletin externalredirect.php
url Parameter XSS
openMairie openRegistreCIL /obj/collectivite.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/dossier.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/norme_simplifiee.class.php
path_om Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/registre.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/autorisation_unique.class.php
path_om Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/demande_avis.class.php path_
om Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/droit.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/organisme.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/service.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/categorie_donnee.class.php
path_om Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/destinataire.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/profil.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/tabdyn_visu.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/categorie_personne.class.php
path_om Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/dispense.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/modificatif.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/reference.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /obj/utilisateur.class.php path_om
Parameter Directory Traversal Remote File Inclusion
openMairie openRegistreCIL /scr/soustab.php dsn[phptype]
Parameter Directory Traversal Local File Inclusion
Huawei EchoLife HG520c AutoRestart.html Unrestricted Access
DoS
Cacti templates_export.php export_item_id Parameter SQL
CVE-2010-1431
Injection
Portfolio Component for Joomla! /includes/phpthumb/
phpThumb.php src Parameter Directory Traversal Arbitrary File
Access
LightNEasy File Manager install1.php Unauthenticated Software
Reinstallation
LightNEasy File Manager /plugins/filemanager/get_file.php
language Parameter Directory Traversal Local File Inclusion
LightNEasy File Manager Plugin /plugins/filemanager/get_file.php
file Parameter Directory Traversal Arbitrary File Access
FlashCard cPlayer.php id Parameter XSS
Memorial Web Site Script show_memorial.php id Parameter SQL
Injection
GetSimple CMS admin/components.php URI XSS
In-portal FCKeditor Arbitrary /core/editor/editor/filemanager/
connectors/php/config.php File Upload
openMairie openReglement obj/centre.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/collectivite.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/doc_identite.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/dossier.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/droit.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/motif_retour.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/mention.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/motif_cni.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/profil.class.php path_om
Parameter Remote File Inclusion
openMairie openReglement obj/titre_presente_enf.class.php
path_om Parameter Remote File Inclusion
openMairie openReglement obj/utilisateur.class.php path_om
Parameter Remote File Inclusion
BandSite CMS adminpanel/index.php Unrestricted File Upload
Arbitrary PHP Code Execution
BandSite CMS members.php memid Parameter SQL Injection
MojoBlog Component for Joomla! wp-comments-post.php
mosConfig_absolute_path Parameter Remote File Inclusion
MojoBlog Component for Joomla! wp-trackback.php mosConfig_
absolute_path Parameter Remote File Inclusion
NukeHall admin/modules/blocks.php spaw_root Parameter
Remote File Inclusion
NukeHall admin/modules/messages.php spaw_root Parameter
Remote File Inclusion
NukeHall admin/modules/stories.php spaw_root Parameter
Remote File Inclusion
GetSimple CMS admin/resetpassword.php URI XSS
GetSimple CMS admin/settings.php URI XSS
GetSimple CMS admin/support.php URI XSS
GetSimple CMS admin/theme-edit.php URI XSS
GetSimple CMS admin/theme.php URI XSS
GetSimple CMS admin/archive.php URI XSS
GetSimple CMS admin/edit.php URI XSS
GetSimple CMS admin/image.php URI XSS
GetSimple CMS admin/log.php URI XSS
GetSimple CMS admin/pages.php URI XSS
GetSimple CMS admin/upload.php URI XSS
GetSimple CMS admin/changedata.php Referer Header XSS
openMairie openScrutin obj/collectivite.class.php path_om
Parameter Remote File Inclusion
openMairie openScrutin obj/utilisateur.class.php path_om
Parameter Remote File Inclusion
openMairie openScrutin obj/courrier.class.php path_om
Parameter Remote File Inclusion
openMairie openScrutin obj/profil.class.php path_om Parameter
Remote File Inclusion
openMairie openScrutin scr/soustab.php dsn[phptype] Parameter
Directory Traversal Local File Inclusion
openMairie openComInterne scr/soustab.php dsn[phptype]
Directory Traversal Arbitrary File Access
CVE-2009-4793
CVE-2009-4792
CVE-2009-4789
CVE-2009-4789
CVE-2009-4779
CVE-2009-4779
CVE-2009-4779
openMairie openCourrier scr/soustab.php dsn[phptype]
Parameter Directory Traversal Arbitrary File Access
NKInFoWeb loadorder.php id_sp Parameter SQL Injection
CVE-2010-1599
openMairie openFoncier obj/action.class.php path_om Parameter
Remote File Inclusion
openMairie openPresse scr/soustab.php dsn[phptype] Parameter
Directory Traversal Arbitrary File Access
openMairie openPlanning gen/obj/categorie.class.php path_om
Parameter Remote File Inclusion
NCT Jobs Portal Script isearch.php Multiple Parameter SQL
CVE-2010-1605
Injection
Ektron CMS400.NET WorkArea/reterror.aspx info Parameter XSS
G5-Scripts Guestbook PHP guestbook.php Multiple Parameter
XSS
NCT Jobs Portal Script admin_login.php Multiple Parameter SQL
CVE-2010-1604
Injection
MantisBT manage_tags_page.php Real Name Field XSS
Web Wiz Forums post_message_form.asp FID Parameter
CVE-2003-1176
Arbitrary Forum Access
EZ-Blog Unspecified PHP Script Request Authentication
CVE-2009-4801
Weakness Arbitrary Post Manipulation
EPay Enterprise shop.php cid Parameter SQL Injection
iNetScripts Free Upload Script index2.php Arbitrary File Upload
Webessence CMS webessence/admin/media_new_do.php
Arbitrary File Upload
Webessence CMS webessence/oembed.php id Parameter XSS
G5-Scripts Auto-Img-Gallery upload.cgi user Parameter XSS
CVE-2010-1709
Infocus Real Estate Enterprise Edition system_member_
CVE-2010-1654
login.php Multiple Parameter SQL Injection Authentication Bypass
Zikula Application Framework ZLanguage.php lang Parameter
CVE-2010-1724
XSS
PowerEasy SiteWeaver User/User_ChkLogin.asp ComeUrl
CVE-2010-1655
Parameter XSS
2daybiz Advanced Poll Script login.php Multiple Parameter SQL
CVE-2010-1704
Injection
Help Center Live module.php file Parameter Directory Traversal
CVE-2010-1652
Arbitrary File Access
CCMS Gaming sendtofriend.php url Parameter XSS
CLScript Classifieds Script help-details.php hpId Parameter SQL
CVE-2010-1660
Injection
2daybiz Auction Script login.php username Parameter SQL
CVE-2010-1706
Injection
phpCDB firstvisit.php lang_global Parameter Traversal Local File
CVE-2010-1537
Inclusion
phpCDB newfolder.php lang_global Parameter Traversal Local
CVE-2010-1537
File Inclusion
phpCDB showfolders.php lang_global Parameter Traversal Local
CVE-2010-1537
File Inclusion
phpCDB newlang.php lang_global Parameter Traversal Local File
CVE-2010-1537
Inclusion
phpCDB showinnerfolder.php lang_global Parameter Traversal
CVE-2010-1537
Local File Inclusion
phpCDB writecode.php lang_global Parameter Traversal Local
CVE-2010-1537
File Inclusion
phpCDB showcode.php lang_global Parameter Traversal Local
CVE-2010-1537
File Inclusion
phpRAINCHECK print_raincheck.php id Parameter SQL Injection CVE-2010-1538
EPay Enterprise shop.htm cid Parameter SQL Injection
iScripts SocialWare includes/profile_save_widgets.php
txtWidgets Parameter Arbitrary File Upload
PHPhotoalbum upload.php Unrestricted File Upload Arbitrary
Code Execution
Simplicity oF Upload upload.php Unrestricted File Upload
Arbitrary PHP Code Execution
webMathematica MSP Script Direct Request Path Disclosure
Video Battle Script browse.html cat Parameter SQL Injection
Modelbook casting_view.php adnum Parameter SQL Injection
VP-ASP Shopping Cart shopsessionsubs.asp DNS Hostname
XSS
iScripts SocialWare album.php search Parameter XSS
2daybiz Advanced Poll Script admin/index.php pass Parameter
SQL Injection
2daybiz Advanced Poll Script index_search.php category
Parameter XSS
HP System Management Homepage (SMH) red2301.html
RedirectUrl Parameter Arbitrary Site Redirect
HP Systems Insight Manager getuiinfo servercert Parameter XSS
Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter
XSS
deV!Lz Clanportal thumbgen.php img Parameter Arbitrary Image
File Access
Webessence CMS webessence/comment_do.php itemid
Parameter SQL Injection
JBoss Enterprise Application Platform /web-console HTTP
Request Information Disclosure
openMairie openPlanning gen/obj/profil.class.php path_om
Parameter Remote File Inclusion
openMairie openPlanning gen/obj/collectivite.class.php path_om
Parameter Remote File Inclusion
openMairie openPlanning gen/obj/ressource.class.php path_om
Parameter Remote File Inclusion
openMairie openPlanning gen/obj/droit.class.php path_om
Parameter Remote File Inclusion
openMairie openPlanning gen/obj/utilisateur.class.php path_om
Parameter Remote File Inclusion
openMairie openPlanning gen/obj/planning.class.php path_om
Parameter Remote File Inclusion
openMairie openPlanning scr/soustab.php dsn[phptype]
Parameter Directory Traversal Arbitrary File Access
openMairie openFoncier obj/architecte.class.php path_om
Parameter Remote File Inclusion
openMairie openFoncier obj/avis.class.php path_om Parameter
Remote File Inclusion
openMairie openFoncier obj/bible.class.php path_om Parameter
Remote File Inclusion
openMairie openFoncier obj/blocnote.class.php path_om
Parameter Remote File Inclusion
openMairie openFoncier scr/soustab.php dsn[phptype] Parameter
Directory Traversal Arbitrary File Access
openMairie openCourrier obj/profil.class.php path_om Parameter
Remote File Inclusion
openMairie openCourrier obj/courrier.recherche.tab.class.php
path_om Parameter Remote File Inclusion
openMairie openCourrier obj/utilisateur.class.php path_om
Parameter Remote File Inclusion
openMairie openCourrier obj/emetteur.class.php path_om
Parameter Remote File Inclusion
openMairie openCourrier obj/tache.class.php path_om Parameter
Remote File Inclusion
openMairie openCourrier obj/droit.class.php path_om Parameter
Remote File Inclusion
CVE-2009-4819
CVE-2009-4818
CVE-2009-4812
CVE-2010-1701
CVE-2010-1705
CVE-2010-1590
CVE-2010-1704
CVE-2010-1703
CVE-2010-1586
CVE-2010-1036
CVE-2010-0817
CVE-2010-1428
openMairie openCourrier obj/collectivite.class.php path_om
Parameter Remote File Inclusion
openMairie openCourrier obj/dossier.class.php path_om
Parameter Remote File Inclusion
openMairie openCourrier obj/bible.class.php path_om Parameter
Remote File Inclusion
Ektron CMS400.NET workarea/medialist.aspx selectids
Parameter XSS
Ektron CMS400.NET /WorkArea Directory Permissions Multiple
Script Unauthenticated Access
Ektron CMS400.NET workarea/blankredirect.aspx Arbitrary Web
Page Redirection
MantisBT view_all_bug_page.php Real Name Field XSS
MantisBT tag_view_page.php Real Name Field XSS
MantisBT tag_update_page.php Real Name Field XSS
MantisBT view_user_page.php Real Name Field XSS
MantisBT bug_revision_view_page.php Real Name Field XSS
MantisBT manage_proj_page.php Real Name Field XSS
MantisBT manage_proj_edit_page.php Real Name Field XSS
MantisBT summary_page.php Real Name Field XSS
MantisBT adm_config_report.php Real Name Field XSS
MantisBT view_all_bug_page.php Column Value XSS
MantisBT permalink_page.php XSS
MantisBT view_filters_page.php Dropdown List XSS
All In One Control Panel (AIOCP) cp_html2xhtmlbasic.php page
Parameter Remote File Inclusion
DeDeCMS include/userlogin.class.php _SESSION[dede_admin_
id] Parameter Manipulation Authentication Bypass
Baykus Yemek Tarifleri Scripti oku.php id Parameter SQL
Injection
Baykus Yemek Tarifleri Scripti Admin/logpost.php Multiple
Parameter SQL Injection
ScriptsFeed Dating Software searchmatch.php Multiple
Parameter SQL Injection
ScriptsFeed Business Directory Software login.php Multiple
Parameter SQL Injection
Pre Classified Listings ASP signup.asp address Parameter XSS
DZ EROTIK Auktionshaus V4rgo news.php id Parameter SQL
Injection
Blax Blog admin/girisyap.php kadi Parameter SQL Injection
Authentication Bypass
Article Friendly index.php filename Parameter Traversal Local
File Inclusion
Oracle Siebel Loyalty Management loyalty_enu/start.swe URI
XSS
Uiga FanClub admin/admin_login.php Multiple Parameter XSS
Pre Classified Listings ASP signup.asp email Parameter SQL
Injection
Pre Classified Listings ASP detailad.asp siteid Parameter SQL
Injection
1024 CMS rss.php id Parameter SQL Injection
Uploadify uploadify.php Arbitrary File Upload Code Execution
PHP Trouble Ticket vedi_faq.php id Parameter SQL Injection
Arab Cart showimg.php id Parameter SQL Injection
Arab Cart showimg.php id Parameter XSS
WikyBlog include/WBmap.php langFile Parameter Remote File
Inclusion
Softbiz Jobs news_desc.php id Parameter SQL Injection
Auktionshaus Gelb news.php id Parameter SQL Injection
ARISg wflogin.jsp errmsg Parameter XSS
CVE-2009-4747
CVE-2010-1097
CVE-2010-1096
CVE-2010-1092
CVE-2010-1094
CVE-2010-1093
CVE-2010-1089
CVE-2010-0724
CVE-2010-0725
CVE-2010-0755
CVE-2010-0758
CVE-2010-0721
Oracle Siebel CRM htim_enu/start.swe URI XSS
DFD Cart your.order.php category Parameter XSS
DFD Cart admin/configure.php Settings Manipulation CSRF
iBoutique index.php key Parameter XSS
CVE-2010-0804
fipsForum _database/forumFips.mdb Direct Request Database
CVE-2010-0765
Disclosure
Dosya Yukle Script yukle.php File Upload Arbitrary PHP Code
Execution
Comptel Provisioning and Activation index.jsp error_msg_
parameter Parameter XSS
BBSXP AddPost.asp URI XSS
CVE-2010-1276
BBSXP AddTopic.asp URI XSS
CVE-2010-1276
BBSXP Admin_Default.asp URI XSS
CVE-2010-1276
BBSXP Bank.asp URI XSS
CVE-2010-1276
BBSXP Manage.asp URI XSS
CVE-2010-1276
BBSXP ShowPost.asp Multiple Parameter XSS
CVE-2010-1276,2010-1275
smartplugs showplugs.php domain Parameter SQL Injection
CVE-2010-1271
CA SiteMinder WebWorks Help wwhelp_entry.html Unspecified
CVE-2009-3731
Parameter XSS
CA SiteMinder WebWorks Help wwhelp/wwhimpl/api.htm
CVE-2009-3731
Unspecified Parameter XSS
CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/html/
CVE-2009-3731
frameset.htm Unspecified Parameter XSS
CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/scripts/
CVE-2009-3731
switch.js Unspecified Parameter XSS
CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/html/
CVE-2009-3731
bookmark.htm Unspecified Parameter XSS
Juniper Networks Secure Access editbk.cgi row Parameter XSS
BMW inventory.php viewID Parameter SQL Injection
Cru Content CMS cms/download.php file Parameter Traversal
Arbitrary File Access
Pre E-Learning Portal search_result.asp course_ID Parameter
CVE-2010-0954
SQL Injection
TrackWise TeamAccess TeamAccess/BatchEditProgress.html
URI XSS
Bigforum profil.php id Parameter SQL Injection
CVE-2010-0948
QuickCart admin.php sLogin Cookie XSS
Cute Editor for ASP.NET CuteSoft_Client/CuteEditor/Load.ashx
CVE-2009-4665
file Parameter Traversal Arbitrary File Access
Download Protect Framework/EmailTemplates.class.php
CVE-2009-4666
GLOBALS[RootPath] Parameter Remote File Inclusion
Download Protect Customers/
PDPEmailReplaceConstants.class.php GLOBALS[RootPath]
CVE-2009-4666
Parameter Remote File Inclusion
Download Protect Admin/ResellersManager.class.php GLOBALS
CVE-2009-4666
[RootPath] Parameter Remote File Inclusion
Restaurant Directory admin/admin_info/index.php Direct Request
CVE-2009-4675
Admin Password Manipulation
BBSMAX post.aspx action Parameter XSS
CVE-2010-0947
IBM Lotus Domino Help Component help/readme.nsf/Header
CVE-2010-0927
BaseTarget Parameter XSS
eclime login.php Multiple Parameter SQL Injection
eGroupWare login.php lang Parameter XSS
MediaWiki thumb.php Permission Check Weakness Restricted
CVE-2010-1190
Image Disclosure
Eshbel Priority marketgate/PriHtml.dll URI XSS
eGroupWare spellchecker.php spellchecker_lang Parameter
Arbitrary Shell Command Execution
eclime advanced_search_result.php keywords Parameter XSS
eclime admin/includes/version.php ex Parameter XSS
Employee Timeclock Software auth.php Multiple Parameter SQL
Injection
Employee Timeclock Software login_action.php Multiple
Parameter SQL Injection
ABB Forum fpdb/abb.mdb Direct Request Database Disclosure
MH Products Kleinanzeigenmarkt search.php c Parameter SQL
Injection
Jevci Siparis Formu siparis.mdb Direct Request Database
Download
Kandidat CMS media/upload.php contentcenter Parameter XSS
NUs Newssystem NUs.php id Parameter SQL Injection
IBM Multiple Products login.jsp Query String Arbitrary Site
Redirect Phishing Weakness
DWebPro start file Parameter Arbitrary Program Execution
ViewVC lib/viewvc.py Multiple Parameter XSS
ispCP Omega tools/filemanager/skins/mobile/
admin1.template.php net2ftp_globals[application_skinsdir]
Parameter Remote File Inclusion
Silentum Guestbook silentum_guestbook.php messageid
Parameter SQL Injection
MiniCWB language/en.inc.php LANG Parameter Remote File
Inclusion
MiniCWB language/hu.inc.php LANG Parameter Remote File
Inclusion
MiniCWB language/no.inc.php LANG Parameter Remote File
Inclusion
MiniCWB language/ro.inc.php LANG Parameter Remote File
Inclusion
MiniCWB language/ru.inc.php LANG Parameter Remote File
Inclusion
Eros Webkatalog start.php id Parameter SQL Injection
Natychmiast CMS a_index.php id_str Parameter XSS
Natychmiast CMS a_index.php id_str Parameter SQL Injection
dev4u CMS go_target.php kontent_id Parameter SQL Injection
phpCOIN mod.php mod Parameter Traversal Arbitrary File
Access
ATutor tools/polls/add.php Multiple Parameter XSS
Saskia's Shopsystem content.php id Parameter Traversal Local
File Inclusion
Tribisur modules/hayoo/index.php theme Parameter Traversal
Local File Inclusion
IBM ENOVIA SmarTeam WebEditor/Authentication/
LoginPage.aspx errMsg Parameter XSS
ATutor tools/groups/create_manual.php Multiple Parameter XSS
ATutor assignments/add_assignment.php Title Parameter XSS
Adult Portal Script profile.php user_id Parameter SQL Injection
Mole Group Multiple Products admin/admin.php user_id
Parameter Arbitrary Password Manipulation
DirectAdmin CMD_DB_VIEW name Parameter XSS
Geekhelps ADMP themes/colorvoid/footer.php style Parameter
Traversal Local File Inclusion
Geekhelps ADMP themes/default-green/footer.php style
Parameter Traversal Local File Inclusion
Geekhelps ADMP themes/default-orange/footer.php style
Parameter Traversal Local File Inclusion
Geekhelps ADMP themes/default/footer.php style Parameter
Traversal Local File Inclusion
MicroWorld eScan for Linux MWAdmin forgotpassword.php
uname Parameter Arbitrary Command Execution
RogioBiz PHP File Manager rbfminc/session.php Multiple
Parameter Authentication Bypass
CVE-2010-0122
CVE-2010-0122
CVE-2010-0939
CVE-2010-0965
CVE-2010-0715
CVE-2010-0736
CVE-2009-4687
CVE-2009-4693
CVE-2009-4693
CVE-2009-4693
CVE-2009-4693
CVE-2009-4693
CVE-2010-0964
CVE-2010-0949
CVE-2010-0950
CVE-2010-0951
CVE-2010-0953
CVE-2010-0971
CVE-2010-0957
CVE-2010-0958
CVE-2010-0959
CVE-2010-0971
CVE-2010-0971
CVE-2009-4673
CVE-2009-4674
CVE-2010-0967
CVE-2010-0967
CVE-2010-0967
CVE-2010-0967
Ninja RSS Syndicator Component for Joomla! components/com_
ninjarsssyndicator/ninjarsssyndicator.php Controller Parameter
Traversal Local File Inclusion
PHP Classifieds ad_click.php bid Parameter SQL Injection
deV!L'z Clanportal inc/config.php basePath Parameter Remote
File Inclusion
AdFreely common.inc.php LANG_CODE Parameter Traversal
Local File Inclusion
Web Wiz Forums pm_add_buddy.asp CSRF
Web Wiz Forums pm_buddy_list.asp CSRF
Web Wiz Forums pm_delete_buddy.asp CSRF
Web Wiz Forums pm_message.asp CSRF
Web Wiz Forums pm_delete_message.asp CSRF
Web Wiz Forums pm_inbox.asp CSRF
Web Wiz Forums includes/message_form_inc.asp CSRF
Web Wiz Forums pm_new_message.asp CSRF
Web Wiz Forums pm_new_message_form.asp CSRF
Web Wiz Forums file_manager.asp CSRF
Web Wiz Forums file_delete.asp CSRF
Web Wiz Forums file_upload.asp CSRF
Web Wiz Forums email_notify_subscriptions.asp CSRF
Web Wiz Forums email_notify_remove.asp CSRF
Web Wiz Forums email_notify.asp CSRF
Web Wiz Forums ajax_email_notify.asp CSRF
Web Wiz Forums new_post.asp CSRF
Web Wiz Forums edit_post.asp CSRF
Web Wiz Forums new_reply_form.asp CSRF
Web Wiz Forums new_poll_form.asp CSRF
Web Wiz Forums new_reply_form.asp CSRF
Web Wiz Forums new_topic_form.asp CSRF
Web Wiz Forums edit_post_form.asp CSRF
Web Wiz Forums forum_posts.asp CSRF
Trouble Ticket Express ttx.cgi fid Parameter Arbitrary Command
Execution
ParsCMS fa_default.asp id Parameter SQL Injection
ParsCMS en_default.asp id Parameter SQL Injection
Ziggurat Farsi CMS manager/textbox.asp id Parameter SQL
Injection
PhpKobo Address Book codelib/cfg/common.inc.php LANG_
CODE Parameter Traversal Local File Inclusion
PhpKobo Address Book staff/app/common.inc.php LANG_CODE
Parameter Traversal Local File Inclusion
osDate forum/adminLogin.php config[forum_installed] Parameter
Remote File Inclusion
osDate forum/userLogin.php config[forum_installed] Parameter
Remote File Inclusion
chillyCMS admin/index.php name Parameter XSS
PhpKobo Short URL url/app/common.inc.php LANG_CODE
Parameter Traversal Local File Inclusion
PhpKobo Real Estate Contact Form codelib/cfg/common.inc.php
LANG_CODE Parameter Traversal Local File Inclusion
PHPCityPortal external.php url Parameter Remote File Inclusion
PHPCityPortal video_show.php id Parameter SQL Injection
PHPCityPortal spotlight_detail.php id Parameter SQL Injection
PHPCityPortal real_estate_details.php id Parameter SQL
Injection
PHPCityPortal auto_details.php id Parameter SQL Injection
PhpMyLogon phpmylogon.php username Parameter SQL
Injection
CVE-2010-0966
CVE-2010-1057
CVE-2010-1054
CVE-2010-1054
CVE-2010-1058
CVE-2010-1059
CVE-2010-1055
CVE-2010-1055
CVE-2010-1061
CVE-2010-1062
CVE-2010-0975
CVE-2010-0974
CVE-2010-0974
CVE-2010-0974
CVE-2010-0974
CVE-2010-0970
Geekhelps ADMP bannershow.php click Parameter SQL Injection
Sahana Disaster Management System Authentication steam.php
Direct Request Authentication Bypass
Nensor CMS x/modules/javascript.php page Parameter Remote
File Inclusion
Multi Auktions Komplett System auktion.php id_auk Parameter
SQL Injection
ManageEngine ServiceDesk Plus WorkOrder.do woID Parameter
SQL Injection
Nensor CMS i.extranet.php sLoc Parameter Remote File
Inclusion
Nensor CMS login.php sLoc Parameter Remote File Inclusion
Dojo Toolkit dijit\tests\_testCommon.js theme Parameter XSS
Dojo Toolkit doh\runner.html Multiple Parameter XSS
PhpKobo Short URL codelib/cfg/common.inc.php LANG_CODE
Parameter Traversal Local File Inclusion
PhpKobo Short URL staff/app/common.inc.php LANG_CODE
Parameter Traversal Local File Inclusion
PhpKobo Real Estate Contact Form form/app/common.inc.php
LANG_CODE Parameter Traversal Local File Inclusion
PhpKobo Real Estate Contact Form staff/app/common.inc.php
LANG_CODE Parameter Traversal Local File Inclusion
SiteDone store/detail.php articleId Parameter SQL Injection
Allomani Songs & Clips login.php username Parameter SQL
Injection
Allomani Movies & Clips login.php username Parameter SQL
Injection
SimpleLoginSys checkuser.php username Parameter SQL
Injection Authentication Bypass
x10 Adult Media Script report.php id Parameter SQL Injection
Arab Portal modules/aljazeera/admin/setup.php module
Parameter Traversal Local File Inclusion
Netpet CMS confirm.php language Parameter Traversal Local
File Inclusion
Limny modules/user/forgotpw.php Comfirmation Code Prediction
Weakness
Limny modules/user/signup.php Verification Code Prediction
Weakness
Limny themes/gray/block.php Multiple Parameter XSS
Limny themes/gray/footer.php settings[version] Parameter XSS
Limny themes/gray/header.php Multiple Parameter XSS
Limny themes/gray/page.php Multiple Parameter XSS
Mini CMS RibaFS admin/login.php login Parameter SQL Injection
notsoPureEdit templates/template.php content Parameter
Remote File Inclusion
Teamsite Hack plugin for WoltLab Burning Board ts_other.php
userid Parameter SQL Injection
Online Community Site view-blog-full.php blid Parameter SQL
Injection
Online Community Site mem-play-song-cnt.php plid Parameter
SQL Injection
Online Community Site mem_videos-play-cnt.php vdoid
Parameter SQL Injection
Pay Per Watch & Bid Auktions System auktion.php id_auk
Parameter SQL Injection
vBulletin search.php query Parameter XSS
Pulse CMS includes/login.php Arbitrary PHP Code Execution
ABO.CMS c.php Multiple Parameter SQL Injection
Insky CMS insky/modules/city.get/city.get.php ROOT Parameter
Remote File Inclusion
Discuz! register.php Referer HTTP Header XSS
CVE-2010-0968
CVE-2010-1191
CVE-2010-1269,2010-1270
CVE-2010-1061
CVE-2010-1060
CVE-2010-1063
CVE-2010-1063
CVE-2009-4735
CVE-2009-4733
CVE-2009-4730
CVE-2009-4725
CVE-2009-4723
CVE-2010-1216
CVE-2010-0988
INVOhost site.php id Parameter SQL Injection
Insky CMS insky/modules/city.get/index.php ROOT Parameter
Remote File Inclusion
Insky CMS insky/modules/message2.send/message.send.php
ROOT Parameter Remote File Inclusion
Insky CMS insky/modules/message.send/message.send.php
ROOT Parameter Remote File Inclusion
Insky CMS insky/modules/pages.add/pages.add.php ROOT
Parameter Remote File Inclusion
INVOhost manuals.php search Parameter SQL Injection
Discuz! logging.php Referer HTTP Header XSS
Pulse CMS delete.php f Parameter Traversal Arbitrary File
Deletion
Pulse CMS view.php Multiple Parameter Arbitrary PHP Code
Execution
Direct News admin/menu.php rootpath Parameter Remote File
Inclusion
phpCMS download.php f Parameter Arbitrary File Access
Web Server Creator - Web Portal news/include/customize.php l
Parameter Traversal Arbitrary File Access
Web Server Creator - Web Portal news/form.php path Parameter
Remote File Inclusion
Jokes Complete Website joke.php id Parameter XSS
Jokes Complete Website results.php searchingred Parameter
XSS
AdvertisementManager cgi/index.php req Parameter Remote File
Inclusion
Tracking Requirements & Use Cases (TRUC) login_reset_
password_page.php error Parameter XSS
phpMySite contact.php Multiple Parameter XSS
SphereCMS archive.php view Parameter SQL Injection
Crawlability vBSEO Plugin for vBulletin vbseo.php vbseourl
Parameter Traversal Local File Inclusion
phpMDJ profil.php id Parameter SQL Injection
OpUtils Login.do isHttpPort Parameter SQL Injection
Aris agXchange ESM pages/ucschcancelproc.jsp returnpage
Parameter Arbitrary Site Redirect
PHP168 login.php content Parameter Arbitrary PHP Code
Execution
PSAtr news.asp id Parameter SQL Injection
AdFreely staff/file.php LANG_CODE Parameter Traversal Local
File Inclusion
Direct News library/lib.menu.php rootpath Parameter Remote File
Inclusion
Direct News admin/media/update_content.php adminroot
Parameter Remote File Inclusion
Direct News library/class.backup.php adminroot Parameter
Remote File Inclusion
Aris agXchange ESM pages/ucquerydetails.jsp QueryID
Parameter XSS
AssetsSoSimple supplier_admin.php Supplier Field XSS
Auto Manager admin.cgi Multiple Field XSS
Devana profile_view.php id Parameter SQL Injection
SiteX CMS photo.php albumid Parameter SQL Injection
N-13 News modules/login.php default_login_language Parameter
Traversal Local File Inclusion
Post Card choosecard.php catid Parameter SQL Injection
Date & Sex Vor und Rückwärts Auktions System auktion_text.php
id_auk Parameter SQL Injection
Open Web Analytics mw_plugin.php IP Parameter Traversal
Local File Inclusion
CVE-2010-0989
CVE-2010-0988
CVE-2010-1115
CVE-2010-1114
CVE-2010-1111
CVE-2010-1111
CVE-2010-1106
CVE-2010-1095
CVE-2010-1091
CVE-2010-1078
CVE-2010-1077
CVE-2010-1071
CVE-2010-1044
CVE-2010-1057
Xxasp ShareList.asp SearchCondition Parameter SQL Injection
Theeta CMS community/thread.php Multiple Parameter XSS
phpCollegeExchange searchend.php searchquery Parameter
SQL Injection
Theeta CMS community/forum.php Multiple Parameter XSS
Theeta CMS community/forum.php start Parameter SQL Injection
Theeta CMS community/thread.php start Parameter SQL
Injection
PHP Live! message_box.php x Parameter SQL Injection
PHP Live! request.php x Parameter SQL Injection
My Category Order Plugin for Wordpress wp-admin/post-new.php
parentID Parameter SQL Injection
TikiWiki CMS/Groupware searchlib.php $searchDate Parameter
SQL Injection
Winn ASP Guestbook data/guestbook.mdb Direct Request
Database Disclosure
Centreon main.php host_id Parameter SQL Injection
OXID eShop account_recommlist.php Multiple Parameter XSS
KimsQ _sys/_ext/module/chat/default/q/user.php path[home]
Parameter Remote File Inclusion
React Forum forum/list_message/index.php action Parameter
Traversal File Inclusion
Peik CMS phankshens.inc Direct Request Database Credentials
Disclosure
P30vel Hosting Script admin/nav.php Admin Section Restriction
Bypass
P30vel Hosting Script admin/setup/index.php Admin Section
Restriction Bypass
MoinMoin Despam.py Page Name XSS
KimsQ _sys/_ext/module/contentsbox/default/admin/config.php
path[home] Parameter Remote File Inclusion
KimsQ _sys/_ext/module/counter/default/admin/referer.php path
[module] Parameter Remote File Inclusion
KimsQ _sys/_ext/module/mbrinfo/default/q/info.php path[home]
Parameter Remote File Inclusion
KimsQ _sys/_ext/module/mbrinfo/default/q/log.php path[module]
Parameter Remote File Inclusion
KimsQ _sys/_ext/module/minibox/default/q/q.gallery.php path
[module] Parameter Remote File Inclusion
KimsQ _sys/_ext/module/minibox/default/q/q.profile.php path
[home] Parameter Remote File Inclusion
KimsQ _sys/_ext/module/survey/default/_admin.php path[module]
Parameter Remote File Inclusion
KimsQ _sys/_ext/skin/_skin/default_blog/comment.php bbs[skin]
Parameter Remote File Inclusion
KimsQ _sys/_ext/skin/_skin/default_board/comment.php bbs[skin]
Parameter Remote File Inclusion
KimsQ _sys/_ext/skin/_skin/default_gallery/comment.php bbs
[skin] Parameter Remote File Inclusion
KimsQ _sys/_ext/skin/_skin/default_webzine/comment.php bbs
[skin] Parameter Remote File Inclusion
phpunity.newsmanager misc/tell_a_friend/tell.php id Parameter
Traversal Arbitrary File Access
AutartiTarot Component for Joomla! administrator/index.php
controller Parameter Traversal Local File Inclusion
Casino Component for Joomla! index.php id Parameter SQL
Injection
magic-portal home.php id Parameter SQL Injection
PunBB forum/viewtopic.php pid Parameter XSS
NetArt Media Blog System blog.php note Parameter SQL
Injection
CVE-2009-4749
CVE-2009-4749
CVE-2009-4748
CVE-2010-1134
CVE-2009-4760
CVE-2010-1301
CVE-2010-0828
CVE-2010-0461
CVE-2010-0457
CVE-2010-0455
CVE-2010-0458
Cisco Secure Desktop (CSD) /translation POST Request XSS
CVE-2010-0440
WebCalendar users.php tab Parameter XSS
CVE-2010-0636
Hipergate common/errmsg.jsp Multiple Parameter XSS
CommonSpot utilities/longproc.cfm url Parameter XSS
CVE-2010-0468
JEvents Search Plugin for Joomla! eventsearch.php
CVE-2010-0635
plgSearchEventsearch::onSearch() Method SQL Injection
WebCalendar day.php URI XSS
CVE-2010-0636
WebCalendar month.php URI XSS
CVE-2010-0636
WebCalendar week.php URI XSS
CVE-2010-0636
Hipergate common/pwd_errmsg.jsp Multiple Parameter XSS
Hipergate admin/sql.htm Access Restriction Weakness Arbitrary
SQL Command Execution
trac-git PyGIT.py HTTP Request Arbitrary Shell Command
CVE-2010-0394
Injection
HP System Management Homepage smhui/getuiinfo servercert
CVE-2009-4185
Parameter XSS
UltraBB view_post.php post_id Parameter XSS
DA Mailing List System admloginchk.asp Multiple Parameter SQL
Injection Authentication Bypass
odlican.net CMS upload.php File Upload Arbitrary PHP Code
Execution
evalSMSI ajax.php query Parameter SQL Injection
CVE-2010-0614
Zen Time Tracking userlogin.php Multiple Parameter SQL
Injection Authentication Bypass
Testa OTMS admin/index.php Multiple Parameter SQL Injection
Uiga Business Portal blog/index.php noentryid Parameter SQL
Injection
Uiga Business Portal index2.php p Parameter SQL Injection
Uiga Business Portal blog/index.php textcomment Parameter
XSS
evalSMSI assess.php Comment Write XSS
CVE-2010-0615
evalSMSI ajax.php return Parameter XSS
CVE-2010-0617
VideoDB login.php error Parameter XSS
Sterlite SAM300 AX Router Forms/status_statistics_1 Stat_Radio
CVE-2010-0607
Parameter XSS
Gefest Web Home Server Unspecified Traversal Arbitrary File
Access
Coppermine Photo Gallery upload.php URI XSS
Limny uajax.php File Upload Arbitrary PHP Code Execution
osTicket ajax.php input Parameter SQL Injection
CVE-2010-0605
osTicket ajax.php f Parameter XSS
CVE-2010-0606
ARWScripts viewfile.php f Parameter Traversal Local File
CVE-2010-0613
Inclusion
phpMiniSite Script admin/index.php auth Cookie Manipulation
Authentication Bypass
myPHP Guestbook backup/backup.sql Access Restriction Bypass
Database Disclosure
Interspire Knowledge Manager admin/de/dialog/media_
manager.php roots["dRoot"] Parameter Direct Request Path
Disclosure
Interspire Knowledge Manager admin/de/colormenu.php sp
Parameter XSS
Interspire Knowledge Manager admin/de/dialog/
callback.snipshot.php GET Method Arbitrary PHP Code
Execution
Interspire Knowledge Manager admin/remote.php v Parameter
Arbitrary PHP Code Execution
Interspire Knowledge Manager admin/de/dialog/file_manager.php
p Parameter Arbitrary File Access
Accellion File Transfer Appliance web_client_user_guide.html
lang Parameter Traversal Arbitrary File Access
Trade Manager products.php cid Parameter SQL Injection
Baal Systems adminlogin.php Multiple Parameter SQL Injection
Authentication Bypass
JTL-Shop druckansicht.php s Parameter SQL Injection
AllVideos Plugin for Joomla! plugins/content/jw_allvideos/
includes/download.php file Parameter Traversal Arbitrary File
Access
Webee Comments Component for Joomla! index2.php articleId
SQL Injection
Katalog Stron Hurricane includes/moderation.php includes_
directory Parameter Remote File Inclusion
Free Joke Script viewjokes.php id Parameter SQL Injection
KDPics galeries.inc.php3 categories Parameter XSS
Copperleaf Photolog for WordPress cpl/cplphoto.php postid
Parameter SQL Injection
Portrait Campaign Manager default.aspx Multiple Parameter XSS
Portrait Campaign Manager defaultan.aspx Multiple Parameter
XSS
Portrait Campaign Manager login.aspx Multiple Parameter XSS
Portrait Campaign Manager webresource.axd Multiple Parameter
XSS
Portrait Campaign Manager msg/msg.aspx Multiple Parameter
XSS
ASPCode CMS default.asp Multiple Parameter XSS
Free Google Page Ranks pagerank.php url Parameter XSS
Netzbrett dump.php Direct Request Database Disclosure
ASPCode CMS default.asp User Account Creation / Deletion
CSRF
ASPCode CMS default.asp newsid Parameter SQL Injection
Auktionshaus news.php id Parameter SQL Injection
Erotik Auktionshaus news.php id Parameter SQL Injection
DUgallery /admin/edit.asp Direct Request Authentication Bypass
OmniDocs ForceChangePassword.jsp Unspecified Parameter
SQL Injection
Nikira Fraud Management System login/prompt message
Parameter XSS
Core Design Scriptegrator Plugin for Joomla! plugins/system/
cdscriptegrator/libraries/highslide/js/jsloader.php files[] Parameter
Remote File
OCS Inventory NG header.php login Parameter SQL Injection
OCS Inventory NG header.php Multiple Parameter XSS
Huawei HG510 rebootinfo.cgi Direct Request Remote DoS
Cisco Collaboration Server (CCS) webline/html/admin/wcs/
LoginPage.jhtml dest Parameter XSS
WSC CMS backoffice/login.asp Password Parameter SQL
Injection
Pulse CMS view.php f Parameter XSS
PortWise SSL VPN wa/auth reloadFrame Parameter XSS
Employee Timeclock Software add_user.php Admin User
Creation CSRF
vBulletin search.php URI XSS
Core Design Scriptegrator Plugin for Joomla! plugins/system/
cdscriptegrator/libraries/jquery/js/ui/jsloader.php file Parameter
Traversal
Core Design Scriptegrator Plugin for Joomla! plugins/system/
cdscriptegrator/libraries/jquery/js/jsloader.php files[] Parameter
Remote File
vBulletin sendmessage.php URI XSS
CVE-2009-4645
CVE-2010-0693
CVE-2010-0611
CVE-2010-0691
CVE-2010-0696
CVE-2009-4650
CVE-2010-0678
CVE-2010-0630
CVE-2010-0673
CVE-2010-0711
CVE-2010-0710
CVE-2010-0720
CVE-2010-0701
CVE-2010-0706
CVE-2010-0759
CVE-2010-0641
CVE-2010-0698
CVE-2010-0703
CVE-2010-0707
CVE-2010-0760
CVE-2010-0760
vBulletin showgroups.php URI XSS
vBulletin usercp.php URI XSS
vBulletin online.php URI XSS
vBulletin misc.php URI XSS
vBulletin memberlist.php URI XSS
vBulletin member.php URI XSS
vBulletin forumdisplay.php URI XSS
vBulletin inlinemod.php URI XSS
vBulletin newthread.php URI XSS
vBulletin private.php URI XSS
vBulletin profile.php URI XSS
vBulletin register.php URI XSS
vBulletin showthread.php URI XSS
vBulletin subscription.php URI XSS
vBulletin forum.php URI XSS
vBulletin faq.php URI XSS
vBulletin calendar.php URI XSS
Php Auktion Pro news.php id Parameter SQL Injection
CA Service Desk Tomcat host-manager/html/add name
Parameter XSS
Ero Auktion news.php id Parameter SQL Injection
SQL Reports Component for Joomla! administrator/components/
com_sqlreport/ajax/print.php user_id Parameter SQL Injection
SilverStripe jsparty/jquery/plugins/validate/demo/form.php user
Parameter XSS
geccBBlite rispondi.php postatoda Parameter XSS
geccBBlite scrivi.php postatoda Parameter XSS
WorkSimple data/secret.php Access Restriction Weakness
Information Disclosure
OI.Blogs loadStyles.php theme Parameter Traversal Local File
Inclusion
Just Another Guestbook jag/database.sql Direct Request
Database Disclosure
WSN Guest index.php orderlinks Parameter SQL Injection
StatCounteX path/stats.mdb Direct Request Database Disclosure
ZeusCMS admin/backup.sql Direct Request Database Disclosure
WorkSimple modules/uploader.php Access Restriction Weakness
File Upload
SilverStripe sapphire/main.php Multiple Parameter Debug Log
Disclosure
SilverStripe sapphire/core/control/Director.php memory_get_
peak_usage() Function Memory Disclosure
Softbiz Jobs and Recruitment Script admin/addad.php sbad_type
Parameter XSS
OI.Blogs javascript/loadScripts.php scripts Parameter Traversal
Local File Inclusion
LxBlog user_index.php item_type[] Parameter XSS
NETGEAR WNR2000 upg_restore.cgi Crafted Config File Upload
Admin Password Reset
Newbie CMS admin/index.php nb_logged Cookie Manipulation
Authentication Bypass
LxBlog user_index.php type Parameter SQL Injection
tDiary tb-send.rb Multiple Parameter XSS
Softbiz Link Directory Script showcats.php sbcat_id Parameter
SQL Injection
Article Friendly admin/index.php password Parameter SQL
Injection Authentication Bypass
BASIC-CMS pages/index.php nav_id Parameter XSS
CVE-2010-0722
CVE-2008-1947
CVE-2010-0723
CVE-2010-0753
CVE-2009-4649
CVE-2009-4649
CVE-2010-0665
CVE-2010-0672
CVE-2010-0674
CVE-2010-0681
CVE-2010-0695
Trixbox cisco/services/PhonecDirectory.php ID Parameter SQL
Injection
Website Baker framework/class.wb.php print_error() Function
Security Bypass
WebAdministrator Lite CMS download.php s Parameter SQL
Injection
vBulletin forumdisplay.php Remote DoS
rubrique rubrique.php id Parameter SQL Injection
Mereo Web Server Arbitrary File Content Disclosure
PHP preg_match() Function Path Disclosure
AlumniServer login.php E-Mail Field SQL Injection
AlumniServer Password.php resetpwemail Parameter SQL
Injection
Pyrmont V2 Plugin for WordPress results.php id Parameter SQL
Injection
Anything Digital Development JCal Pro Component for Joomla!
cal_popup.php mosConfig_absolute_path Parameter Remote File
Inclusion
F3Site mod/poll.php GLOBALS[nlang] Parameter Traversal Local
File Inclusion
F3Site mod/new.php GLOBALS[nlang] Parameter Traversal
Local File Inclusion
eWebquiz questions.asp QuizID Parameter SQL Injection
eWebquiz importquestions.asp QuizID Parameter SQL Injection
eWebquiz quiztakers.asp QuizID Parameter SQL Injection
Active Auction House wishlist.asp catid Parameter SQL Injection
Active Auction House links.asp linkid Parameter SQL Injection
phpInstantGallery admin.php PATH_INFO Parameter XSS
Acidcat CMS acidcat_3.mdb Direct Request Admin Credentials
Disclosure
Imagevue Gallery admin/upload.php path Parameter XSS
VisionGate login.php url Parameter XSS
BLOG:CMS libs/MEMBER.php Comment Body XSS
Hit Counter inc/login.php URI XSS
Hit Counter admin/index.php URI XSS
phpBannerExchange signupconfirm.php bannerurl Parameter
XSS
HLstatsX hlstats.php award Parameter SQL Injection
Rezervi include/mail.inc.php root Parameter Remote File
Inclusion
XOOPS modules/pm/readpmsg.php op Parameter XSS
IMAGIN scripts_ralcr/filesystem/writeToFile.php Multiple
Parameter Arbitrary File Creation
News Module for XOOPS include/notification_update.php not_list
Parameter SQL Injection
MS-Pro Portal Scripti galeri/database/db.mdb Direct Request
Database Disclosure
Pay Per Minute Video Chat Script admin/memberviewdetails.php
id Parameter XSS
AL-Athkat tell_friend.php link Parameter XSS
My Book World Edition Multiple Script lang Parameter XSS
DVBBS boardrule.php groupboardid Parameter SQL Injection
PHPope plugins/address/admin/index.php GLOBALS[config][dir]
[plugins] Parameter Remote File Inclusion
PHPope plugins/im/compose.php GLOBALS[config][dir]
[functions] Parameter Remote File Inclusion
PHPope plugins/cssedit/admin/index.php GLOBALS[config][dir]
[classes] Parameter Remote File Inclusion
Dating Agent PRO picture.php Multiple Parameter SQL Injection
Left 4 Dead Stats player.php steamid Parameter SQL Injection
CVE-2010-0702
CVE-2009-4424
CVE-2009-4431
CVE-2009-4435
CVE-2009-4435
CVE-2009-4436
CVE-2009-4436
CVE-2009-4436
CVE-2009-4437
CVE-2009-4437
CVE-2009-4446
CVE-2009-4470
CVE-2009-4472
CVE-2009-4472
CVE-2009-4472
F5 Data Manager DiagLogListActionBody.do logFile Parameter
Traversal Arbitrary File Access
PD Portal db/db.mdb Direct Request Database Disclosure
uF.Phpaw ardguest.php page Parameter XSS
Pay Per Minute Video Chat Script videos.php model Parameter
XSS
Webace CMS pfNewsDetail.php NewsId Parameter SQL Injection
LXR Cross Referencer /ident i Parameter XSS
CVE-2009-4497
uF.Phpaw contact.php Multiple Parameter XSS
uF.Phpaw admin/banner.php URI XSS
CNR Hikaye Portal db/hikaye.mdb Direct Request Database
Disclosure
KMSoft Guestbook db/db.mdb Direct Request Database
Disclosure
Dating Agent PRO picture.php subject Parameter XSS
Dating Agent PRO advance.php Multiple Parameter SQL
Injection
Dating Agent PRO login.php Multiple Parameter SQL Injection
MRWhois mrwhois.php type Parameter XSS
microTopic admin/utopic.php rating Parameter SQL Injection
Bandwidth Meter admin/view_by_name.php URI XSS
phpPowerCards pagenumber.inc.php Multiple Parameter XSS
CVE-2009-4469
microTopic admin/mysql.php rating Parameter SQL Injection
Bandwidth Meter admin/view_by_ip.php URI XSS
DeluxeBB misc.php page Parameter XSS
CVE-2009-4468
DeluxeBB misc.php page Parameter Error Message Path
CVE-2009-4466
Disclosure
Sun Java System Identity Manager (IDM) /idm/user/
changePassword.jsp resourceAccounts.password Parameter
Arbitrary Command Execution
DeluxeBB misc.php valemail Action Account Registration
CVE-2009-4467
Weakness
LineWeb admin/index.php op Parameter Traversal Local File
Inclusion
Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header
SQL Injection
F5 Data Manager DiagCaptureFileListActionBody.do capture
Parameter Traversal Arbitrary File Access
F5 Data Manager ViewSatReport.do ext Parameter Traversal
Arbitrary File Access
F5 Data Manager DiagCaptureFileListActionBody.do capture
Parameter Traversal Arbitrary File Access
F5 Data Manager ViewInventoryErrorReport.do fileName
Parameter Traversal Arbitrary File Access
Dog Pedigree Online Database details.php id Parameter SQL
Injection
Namad CMS SecureDownloads.aspx FileName Parameter
Traversal Arbitrary File Access
Jorp functions.php Unauthenticated Project / Task Manipulation
Mini CMS page.php id Parameter SQL Injection
CVE-2009-4540
IsolSoft Support Center newticket.php lang Parameter XSS
CVE-2009-4542
Logoshows BBS database/globepersonnel.mdb Direct Request
CVE-2009-4545
Database Disclosure
Logoshows BBS globepersonnel_login.asp Multiple Cookie
CVE-2009-4546
Admin Authentication Bypass
Survey Pro Module for Miniweb index.php campaign_id
CVE-2009-4551
Parameter SQL Injection
WebLeague profile.php name Parameter SQL Injection
CVE-2009-4560
WebLeague Admin/index.php Multiple Parameter SQL Injection
CVE-2009-4561
Authentication Bypass
RoseOnlineCMS modules/admincp.php admin Parameter
CVE-2009-4581
Traversal Local File Inclusion
Dictionary Module for XOOPS detail.php id Parameter SQL
CVE-2009-4582
Injection
Snitz Forums 2000 pop_send_to_friend.asp url Parameter XSS CVE-2009-4554
EcShop /admin/integrate.php Multiple Parameter Arbitrary
Command Execution
Flax Article Manager admin.php xadmin Cookie SQL Injection
PHP-Nuke Downloads Module modules.php query Parameter
XSS
iGallery streamfile.asp i Parameter Traversal Arbitrary File
Access
Geeklog /admin/install/index.php dbconfig_path Parameter XSS
Power Search svc/search.php uid Parameter XSS
Read excel upload.php File Upload Arbitrary PHP Code
CVE-2010-0279
Execution
TPO Duyuru Scripti duyuruyonetim.php kullanici Cookie Admin
Authentication Bypass
TPO Duyuru Scripti yonetim_giris.php kullaniciadi Parameter SQL
Injection
Couffin product.php id Parameter XSS
S-CMS plugin.php Multiple Parameter SQL Injection
AWCM db_backup.php Direct Request Database Disclosure
PHPDirector Game Edition games.php comment Parameter XSS
PHPDirector Game Edition header.php lang Parameter Traversal
Local File Inclusion
PHPDirector Game Edition games.php id Parameter SQL
Injection
PHPDug upcoming.php id Parameter XSS
Lebisoft zdefter db/lebisoft.mdb Direct Request Database
Disclosure
Erolife AjxGaleri VT db/ajxgaleri.mdb Direct Request Admin Panel
Credentials Disclosure
Sniggabo CMS search.php q Parameter XSS
Zeeways eBay Clone Auction Script product_desc.php id
Parameter SQL Injection
Obsession-Design Image-Gallery display.php folder Parameter
XSS
PPVChat registration/user.php Multiple Parameter XSS
PPVChat registration/model.php Multiple Parameter XSS
SurgeFTP cgi/surgeftpmgr.cgi Multiple Parameter XSS
E-membres db/bdEMembres.mdb Direct Request Database
Disclosure
Simple PHP Guestbook guestbook.php action Parameter XSS
D-Link DKVM-IP8 auth.asp nickname Parameter XSS
ProArcadeScript game.php id Parameter SQL Injection
PHP Calendars product_list.php cat Parameter SQL Injection
CVE-2010-0375
phpMyFAQ admin/index.php faqusername Parameter XSS
Splog post.php id Parameter SQL Injection
Splog display.php pCategory Parameter SQL Injection
Todoo Forum todooforum.php id_forum Parameter XSS
Active Calendar activecalendar.php Multiple Function XSS
Glitter Central Script submitlink.php catid Parameter XSS
CVE-2010-0320
CS-Cart admin.php Multiple Action CSRF
JVClouds3D Module for Joomla! tagcloud.swf tagcloud
Parameter XSS
LayoutCMS preview.php id Parameter SQL Injection
SBD Directory Software editors/logindialogue.php URI XSS
S-CMS admin.php plug Parameter Traversal Local File Inclusion
S-CMS plugin.php file Parameter Traversal Local File Inclusion
PHP Inventory index.php sup_id Parameter XSS
Mamboleto Component for Joomla! mamboleto.php mosConfig_
absolute_path Parameter Remote File Inclusion
Direct URL Module for xt:Commerce shop_content.php coID
Parameter SQL Injection
DokuWiki lib/plugins/acl/ajax.php ns Parameter Traversal
Arbitrary Directory Listing
Testlink lib/usermanagement/userInfo.php locale Parameter
Traversal Local File Inclusion
Xforum liste.php nbpageliste Parameter XSS
Testlink lib/usermanagement/usersView.php Multiple Parameter
XSS
DokuWiki lib/plugins/acl/ajax.php Access Control Rule
Authentication Bypass
Jamit Job Board jobs/index.php post_id Parameter XSS
Jetty JSP Dump Feature jsp/dump.jsp Query String XSS
SemanticScuttle tags.php/ URI SQL Injection
Zenoss Core zport/dmd/Events/getJSONEventsInfo Multiple
Parameter SQL Injection
PhPepperShop Webshop shop/USER_ARTIKEL_HANDLING_
AUFRUF.php darstellen Parameter XSS
Alibaba Clone cat_sell.php cid Parameter SQL Injection
Alibaba Clone gen_confirm.php errmsg Parameter XSS
CloneBid B2B Marketplace Script selloffers.php cid Parameter
SQL Injection
CloneBid B2B Marketplace Script buyoffers.php cid Parameter
SQL Injection
CloneBid B2B Marketplace Script products.php cid Parameter
SQL Injection
CloneBid B2B Marketplace Script profiles.php cid Parameter SQL
Injection
CloneBid B2B Marketplace Script signin.php errmsg Parameter
XSS
CloneBid B2B Marketplace Script gen_confirm.php errmsg
Parameter XSS
MySmartBB attach.php/ URI SQL Injection
Bits Video Script addvideo.php File Upload Arbitrary PHP Code
Execution
Thelia recherche.php motcle Parameter XSS
LetoDMS op/op.Login.php lang Parameter Traversal Local File
Inclusion
MySmartBB contactus.php/ URI SQL Injection
MySmartBB memberlist.php/ URI SQL Injection
MySmartBB misc.php/ URI SQL Injection
MySmartBB newreply.php/ URI SQL Injection
MySmartBB newtopic.php URI SQL Injection
MySmartBB pm.php URI SQL Injection
MySmartBB register.php/ URI SQL Injection
MySmartBB search.php/ URI SQL Injection
Bits Video Script search.php order Parameter XSS
Thelia panier.php ref Parameter XSS
Thelia produit.php ref Parameter XSS
SoftDirec library/delete_confirm.php id Parameter XSS
LookMer Music Portal dbmdb/LookMerSarkiMDB.mdb Direct
Request Database Disclosure
PHP MySpace modules/arcade/index.php gid Parameter SQL
Injection
JiangHu Inn Plugin for Discuz! forummission.php id Parameter
SQL Injection
CVE-2009-4596
CVE-2009-4604
CVE-2010-0321
CVE-2009-4610
CVE-2010-0366
CVE-2010-0365
CVE-2010-0377,2010-0381
CVE-2009-4621
Drunken:Golem Gaming Portal admin/admin_news_bot.php root_
CVE-2009-4622
path Parameter Remote File Inclusion
phpNagios menu.php conf[lang] Parameter Traversal Local File CVE-2009-4626
Inclusion
Moa Gallery sources/_template_parser.php p_filename
CVE-2009-4627
Parameter Traversal Arbitrary File Access
phpMyAdmin scripts/setup.php unserialize Function Multiple
CVE-2009-4605
Parameter CSRF
SAP BusinessObjects AdminTools/querybuilder/ie.jsp framework
Parameter XSS
Blaze Apps forum.aspx Multiple Parameter XSS
KloNews cat.php cat Parameter XSS
Blaze Apps default.aspx uxSearchTextBox Parameter SQL
Injection
Redatam+SP WebServer cgibin/RpWebEngine.exe/PortalAction
BASE Parameter XSS
Redatam+SP WebServer cgibin/RpWebEngine.exe BASE
Parameter Error Message Path Disclosure
VP-ASP Shopping Cart shopsessionsubs.asp REMOTE_HOST
Parameter Traversal Arbitrary File Access
Bits Video Script register.php File Upload Arbitrary PHP Code
CVE-2010-0366
Execution
PHP Calendars product_list.php cat Parameter XSS
CVE-2010-0376
Bits Video Script showcasesearch.php rowptem[template]
CVE-2010-0367
Parameter Remote File Inclusion
Bits Video Script showcase2search.php rowptem[template]
CVE-2010-0367
Parameter Remote File Inclusion
Marketplace Component for Joomla! index.php catid Parameter
CVE-2010-0374
XSS
Simple Internet Publishing System (SIPS) search.php config
[sipssys] Parameter Remote File Inclusion
Ocean CMS css.php Multiple Parameter Remote File Inclusion
FreePBX admin/config.php extdisplay Parameter SQL Injection
Kayako SupportSuite staff/index.php Multiple Parameter XSS
SilverStripe Forum Module forums/search/ Search Parameter
XSS
Novatel MiFi config.xml.sav Direct Request Information
Disclosure
e107 class2.php access-admin Cookie Admin Authentication
Backdoor
Simple Internet Publishing System (SIPS) readmore.php config
[sipssys] Parameter Remote File Inclusion
Simple Internet Publishing System (SIPS) search/submit.php
config[sipssys] Parameter Remote File Inclusion
Publique! cgi/cgilua.exe/sys/start.htm sid Parameter SQL Injection
Piwigo search.php Unspecified Parameter SQL Injection
Event Horizon downloadfiles.php Unspecified Parameter SQL
Injection
Event Horizon uploadfiles.php Unspecified Parameter SQL
Injection
Event Horizon sendfile.php Unspecified Parameter SQL Injection
cPanel login/index.php failurl Parameter HTTP Response
Splitting
SAP BusinessObjects AdminTools/querybuilder/logonform.jsp
framework Parameter XSS
SAP BusinessObjects CrystalReports/jsp/CrystalReport_View/
viewReport.jsp loc Parameter XSS
SAP BusinessObjects InfoViewApp/jsp/common/
actionNavFrame.jsp url Parameter XSS
SAP BusinessObjects PlatformServices/preferences.do service
Parameter XSS
Discuz! viewthread.php tid Parameter XSS
Enano CMS includes/comment.php Comment Submission
Interface SQL Injection
PHP Calendars intstall.php Direct Request Access Restriction
CVE-2010-0380
Bypass
Blink Blog login.php username Field SQL Injection Authentication
Bypass
Comtrend CT-507IT scvrtsrv.cmd srvName Parameter XSS
NovaBoard header.php nova_name Parameter SQL Injection
Geo++ GNCASTER admin.htm HTTP Basic Authentication
Weakness
Geeklog /admin/install/index.php dbconfig_path Parameter Path
Disclosure
Geeklog /admin/install/index.php dbconfig_path Parameter
Remote File Inclusion
Vulnerability Name
CVE
InterSystems Caché / Ensemble CSP Gateway
UtilConfigHome.csp GET Request Handling Remote Overflow
AlienForm2 alienform.cgi (af.cgi) _browser_out Parameter
Arbitrary Command Execution
D4J eZine Component for Joomla! class/php/d4m_ajax_
pagenav.php GLOBALS[mosConfig_absolute_path Parameter
CVE-2009-4094
Remote File
Agoko CMS admintools/editpage-2.php Multiple Parameter
CVE-2009-4106
Unrestricted File Upload Arbitrary PHP Code Execution
Simplog comments.php Multiple Parameter XSS
CVE-2009-4093
AlienForm2 alienform.cgi (af.cgi) Multiple Parameter XSS
AlienForm2 alienform.cgi (af.cgi) _browser_out Parameter Crafted
Traversal Arbitrary File Access
AlienForm2 alienform.cgi (af.cgi) _browser_out Parameter
Malformed Input Path Disclosure
Pligg admin/admin_config.php HTTP Referer Header XSS
SweetRice in _plugin/subscriber/inc/post.php root_dir Parameter
CVE-2009-4224
Remote File Inclusion
Theeta CMS blog/index.php start Parameter SQL Injection
SweetRice as/lib/news_modify.php root_dir Parameter Remote
CVE-2009-4224
File Inclusion
Uiga Church Portal admin/bible/biblegallery.php file_photo_name
Parameter XSS
Micronet SP1910 Network Access Controller loginpages/error_
CVE-2009-4234
user.shtml msg Parameter XSS
Pligg admin/admin_modules.php HTTP Referer Header XSS
Pligg delete.php HTTP Referer Header XSS
Pligg editlink.php HTTP Referer Header XSS
Pligg submit.php HTTP Referer Header XSS
Pligg submit_groups.php HTTP Referer Header XSS
Pligg user_add_remove_links.php HTTP Referer Header XSS
Pligg user_settings.php HTTP Referer Header XSS
Pligg pligg/login.php Arbitrary Site Redirect
Pligg pligg/user_settings.php Arbitrary Site Redirect
Elxis CMS includes/feedcreator.class.php filename Parameter
CVE-2009-4154
Traversal Arbitrary File Access
Eshopbuilde CMS home-f.asp sitebid Parameter SQL Injection
CVE-2009-4155
Eshopbuilde CMS opinions-f.asp sitebid Parameter SQL Injection CVE-2009-4155
Eshopbuilde CMS more-f.asp Multiple Parameter SQL Injection
CVE-2009-4155
Eshopbuilde CMS selectintro.asp Multiple Parameter SQL
CVE-2009-4155
Injection
Eshopbuilde CMS advcount.asp Multiple Parameter SQL Injection CVE-2009-4155
Eshopbuilde CMS advview.asp Multiple Parameter SQL Injection CVE-2009-4155
Eshopbuilde CMS dis_new-f.asp Multiple Parameter SQL
CVE-2009-4155
Injection
Ciamos CMS modules/pms/index.php module_path Parameter
CVE-2009-4156
Remote File Inclusion
WP-Cumulus Plug-in for WordPress wp-cumulus.php Direct
CVE-2009-4170
Request Path Disclosure
Interspire Knowledge Manager dialog/file_manager.php p
CVE-2009-4192
Parameter Traversal Arbitrary File Access
CuteNews search.php from_date_day Parameter Path Disclosure CVE-2009-4175
Vulnerability
checks added in
2009
Simplog comments.php Access Restriction Weakness Arbitrary
CVE-2009-4091
Comment Manipulation
Simplog user.php Password Change Request CSRF
CVE-2009-4092
e107 e107_admin/submitnews.php Unspecified Parameter XSS CVE-2009-4083
CuteNews Categories Module data/category.db.php Multiple Field
CVE-2009-4113,2009-4115
Arbitrary Code Execution
CuteNews Categories Module data/ipban.php add_ip Parameter
CVE-2009-4115
Arbitrary Code Execution
Quick.Cart admin.php Multiple Action CSRF
CVE-2009-4120
AROUNDMe components/core/connect.php language_path
CVE-2009-4264
Parameter Remote File Inclusion
EC-CUBE LC_Page_Admin_Customer_SearchCustomer.php
CVE-2009-4236
Access Restriction Bypass Remote Information Disclosure
LightNEasy FCKeditor Component config.php Access Restriction
Bypass Arbitrary File Upload
Achievo dispatch.php description Parameter XSS
Achievo dispatch.php File Upload Arbitrary Code Execution
Uiga Church Portal admin/lifegroups/lifegallery.php file_photo_
name Parameter XSS
Uiga Church Portal admin/minutes/minutesgallery.php file_photo_
name Parameter XSS
Uiga Church Portal admin/multimedia/multimediagallery.php file_
photo_name Parameter XSS
Uiga Church Portal admin/news/newsend.php checkbox
Parameter XSS
Uiga Church Portal admin/news/testing.php checkbox Parameter
XSS
Uiga Church Portal admin/news/userlist.php script[] Parameter
XSS
Uiga Church Portal admin/upload/userlist.php script[] Parameter
XSS
Uiga Church Portal head.php script[] Parameter XSS
Uiga Church Portal admin/photos/gallery.php file_name
Parameter XSS
Uiga Church Portal gallery.php file_name Parameter XSS
Uiga Church Portal admin/special.php Multiple Parameter XSS
Uiga Church Portal admin/template.php pagetitle Parameter XSS
Uiga Church Portal include/template.php pagetitle Parameter XSS
Uiga Church Portal anniv.php img Parameter XSS
Uiga Church Portal famday.php img Parameter XSS
Uiga Church Portal archivedetails.php Multiple Parameter XSS
Uiga Church Portal ar_det.php Multiple Parameter XSS
Uiga Church Portal exhortation.php Multiple Parameter XSS
Uiga Church Portal head2.php Multiple Parameter XSS
Uiga Church Portal template.php pagetitle Parameter XSS
Uiga Church Portal login2.php case Parameter XSS
Uiga Church Portal multimediagallery.php file_photo_name
Parameter XSS
Uiga Church Portal admin/user/modify.php error Parameter XSS
Uiga Church Portal admin/time_date.php id Parameter XSS
Uiga Church Portal admin/editevent.php Multiple Parameter XSS
Uiga Church Portal admin/calendar.php delete_id Parameter XSS
Uiga Church Portal admin/announcements/modifynews.php
Multiple Parameter XSS
Uiga Church Portal admin/photos/editcat.php Multiple Parameter
XSS
Uiga Church Portal admin/exhortation/exhoredit.php Multiple
Parameter XSS
Uiga Church Portal admin/photos/edit.php box Parameter XSS
Uiga Church Portal admin/bible/editcat.php Multiple Parameter
XSS
Uiga Church Portal admin/music/editcat.php Multiple Parameter
XSS
Uiga Church Portal admin/multimedia/editcat.php Multiple
Parameter XSS
Uiga Church Portal admin/lifegroups/editcat.php Multiple
Parameter XSS
Uiga Church Portal testimonisview.php id Parameter XSS
Uiga Church Portal admin/lifegroups/lifegroups.php delete
Parameter XSS
Uiga Church Portal admin/minutes/upload.php Multiple Parameter
XSS
Uiga Church Portal admin/multimedia/upload.php Multiple
Parameter XSS
Uiga Church Portal admin/music/music.php delete Parameter
XSS
Uiga Church Portal admin/news/uploadfile.php Multiple
Parameter XSS
Uiga Church Portal admin/photos/upload.php Multiple Parameter
XSS
Uiga Church Portal admin/login.php Multiple Parameter XSS
Uiga Church Portal testimoniesview.php Multiple Parameter XSS
Uiga Church Portal gallery.php URI XSS
Uiga Church Portal multimediagallery.php URI XSS
Uiga Church Portal library/functions.php Multiple Parameter XSS
Uiga Church Portal download.php id Parameter SQL Injection
Uiga Church Portal downloadlife.php id Parameter SQL Injection
Uiga Church Portal downloadminutes.php id Parameter SQL
Injection
Uiga Church Portal downloadmultimedia.php id Parameter SQL
Injection
Uiga Church Portal downloadmusic.php id Parameter SQL
Injection
Uiga Church Portal multimediagallery.php id Parameter SQL
Injection
Uiga Church Portal photoview.php id Parameter SQL Injection
Uiga Church Portal testimoniesview.php id Parameter SQL
Injection
Uiga Church Portal gallery.php id Parameter SQL Injection
Uiga Church Portal archivedetails.php view Parameter SQL
Injection
Uiga Church Portal events.php Multiple Parameter SQL Injection
Uiga Church Portal gallery.php offset Parameter SQL Injection
Uiga Church Portal multimediagallery.php offset Parameter SQL
Injection
Uiga Church Portal a_detail.php offset Parameter SQL Injection
Uiga Church Portal multimediaview.php media Parameter SQL
Injection
Uiga Church Portal music.php delete Parameter SQL Injection
Uiga Church Portal ar_det.php exhort Parameter SQL Injection
Uiga Church Portal admin/template.php content Parameter
Remote File Inclusion
Uiga Church Portal include/template.php content Parameter
Remote File Inclusion
Uiga Church Portal download.php Multiple Parameter Traversal
Arbitrary File Access
Uiga Church Portal downloadlife.php life_image Parameter
Traversal Arbitrary File Access
Uiga Church Portal downloadminutes.php min_image Parameter
Traversal Arbitrary File Access
Uiga Church Portal downloadmultimedia.php Multiple Parameter
Traversal Arbitrary File Access
Uiga Church Portal downloadmusic.php Multiple Parameter
Traversal Arbitrary File Access
Uiga Church Portal admin/bible/biblegallery.php Unspecified
Parameter SQL Injection
Uiga Church Portal admin/lifegroups/lifegallery.php Unspecified
Parameter SQL Injection
Uiga Church Portal admin/minutes/minutesgallery.php
Unspecified Parameter SQL Injection
Uiga Church Portal admin/multimedia/multimediagallery.php
Unspecified Parameter SQL Injection
Uiga Church Portal admin/news/mail.php Unspecified Parameter
SQL Injection
Uiga Church Portal admin/news/processUpload.php Arbitrary File
Upload
Uiga Church Portal admin/photos/gallery.php Unspecified
Parameter SQL Injection
Uiga Church Portal admin/upload/download.php Unspecified
Parameter SQL Injection
Uiga Church Portal admin/upload/processUpload.php Arbitrary
File Upload
Uiga Church Portal admin/user/download.php Unspecified
Parameter SQL Injection
Uiga Church Portal admin/user/processUpload.php Arbitrary File
Upload
Uiga Church Portal admin/news/error.php Arbitrary Shell
Command Execution
Uiga Church Portal special_event.php Multiple Parameter XSS
Uiga Church Portal multimediaview.php Direct Request
Authentication Bypass
Uiga Church Portal ar_det.php Direct Request Authentication
Bypass
Mantis view_all_bug_page.php tag_string Parameter XSS
Million Dollar Text Links admin.link.modify.php id Parameter SQL
Injection
GeN3 main_forum.php cat Parameter SQL Injection
Flashlight admin.php action Parameter Traversal Local File
Inclusion
Flashlight read.php id Parameter SQL Injection
moziloCMS admin/index.php Multiple Parameter XSS
Image Hosting Script DPI images.php date Parameter XSS
Moodle mod/glossary/showentry.php Glossary Entry Access
Restriction Weakness
Moodle mnet/lib.php MNET Interface Access Restriction
Weakness MNET Function Execution
e107 e107_admin/usersettings.php Unspecified Parameter XSS
e107 e107_admin/newpost.php Unspecified Parameter XSS
e107 e107_admin/banlist.php Unspecified Parameter XSS
e107 e107_admin/banner.php Unspecified Parameter XSS
e107 e107_admin/cpage.php Unspecified Parameter XSS
e107 e107_admin/download.php Unspecified Parameter XSS
e107 e107_admin/users_extended.php Unspecified Parameter
XSS
e107 e107_admin/frontpage.php Unspecified Parameter XSS
e107 e107_admin/links.php Unspecified Parameter XSS
e107 e107_admin/mailout.php Unspecified Parameter XSS
Viscacha editprofile.php Multiple Parameter XSS
Piwik core/Cookie.php unserialize() Multiple Method Arbitrary
PHP Code Execution
CVE-2009-4206
CVE-2009-4263
CVE-2009-4205
CVE-2009-4204
CVE-2009-4209
CVE-2009-4252
CVE-2009-4299
CVE-2009-4301
CVE-2009-4083
CVE-2009-4083
CVE-2009-4083
CVE-2009-4083
CVE-2009-4083
CVE-2009-4083
CVE-2009-4083
CVE-2009-4083
CVE-2009-4083
CVE-2009-4083
CVE-2009-4137
AlefMentor cource.php Multiple Parameter SQL Injection
klinza professional cms funzioni/lib/menulast.php LANG
Parameter Traversal Local File Inclusion
JiRo's Banner System eXperience (JBSX) files/login.asp Multiple
Parameter SQL Injection Authentication Bypass
PointComma includes/classes/pctemplate.php pcConfig
[smartyPath] Parameter Remote File Inclusion
phpBazar classified.php catid Parameter SQL Injection
phpBazar admin/admin.php Direct Request Admin Control Panel
Authentication Weakness
KR-Web adm/krgourl.php DOCUMENT_ROOT Parameter
Remote File Inclusion
Invision Power Board forum/index.php section Parameter
Traversal Local File Inclusion
Real Estate Portal realestate20/loginaction.php Multiple
Parameter SQL Injection Authentication Bypass
SweetRice as/lib/plugins.php plugin Parameter Traversal Local
File Inclusion
Active Bids default.asp catid Parameter SQL Injection
Invision Power Board forum/index.php starter Parameter SQL
Injection
Zen Cart extras/curltest.php url Parameter file:// Protocol Handler
Arbitrary File Disclosure
Zen Cart ipn_test_return.php Direct Request Path Disclosure
JBoss Web Console createSnapshot.jsp Multiple Parameter XSS
ZeeJobsite basic_search_result.php title Parameter XSS
TestLink login.php req Parameter XSS
JBoss Web Console createThresholdMonitor.jsp Multiple
Parameter XSS
Nuggetz CMS admin/ajaxsave.php Multiple Parameter Traversal
Arbitrary PHP Code Injection
oBlog article.php Multiple Parameter XSS
CuteNews search.php Multiple Parameter XSS
CuteNews register.php result Parameter XSS
PowerPhlogger dspStats.php edit Parameter XSS
TestLink lib/general/staticPage.php key Parameter XSS
TestLink lib/attachments/attachmentupload.php tableName
Parameter XSS
TestLink lib/events/eventviewer.php Multiple Parameter XSS
TestLink lib/results/resultsMoreBuilds_buildReport.php search_
notes_string Parameter XSS
TestLink lib/general/navBar.php targetTestCase Parameter SQL
Injection
TestLink lib/events/eventviewer.php logLevel Parameter SQL
Injection
TestLink lib/testcases/searchData.php summary Parameter XSS
The Next Generation of Genealogy Sitebuilding searchform.php
msg Parameter XSS
Acc Autos temp Directory Direct Request Database Credentials
Disclosure
eoCMS js/bbcodepress/bbcode-form.php BBCODE_path
Parameter Remote File Inclusion
ZeeLyrics searchresults_main.php keyword Parameter XSS
phpFaber CMS module.php mod Parameter XSS
Password Manager Pro ShowInContentAreaAction.do searchtext
Parameter XSS
WSCreator ADMIN/loginaction.php Email Parameter SQL
Injection
ZeeCareers basic_search_result.php title Parameter XSS
CVE-2009-4256
CVE-2009-4216
CVE-2009-4218
CVE-2009-4220
CVE-2009-4221
CVE-2009-4222
CVE-2009-4223
CVE-2009-4231
CVE-2009-4229
CVE-2009-4321
CVE-2009-4322
CVE-2009-2405
CVE-2009-4237
CVE-2009-2405
CVE-2009-4315
CVE-2009-4249,2009-4250
CVE-2009-4250
CVE-2009-4253
CVE-2009-4237
CVE-2009-4237
CVE-2009-4237
CVE-2009-4237
CVE-2009-4238
CVE-2009-4238
CVE-2009-4237
CVE-2009-4320
CVE-2009-4319
CVE-2009-4316
CVE-2009-4382
CVE-2009-4387
CVE-2009-4351
Rocomotion P Forum Pforum.php Unspecified Parameter
Traversal Arbitrary File Access
TestLink lib/testcases/searchData.php Multiple Parameter XSS
Ez Poll Hoster index.php pid Parameter XSS
NewsScript HB-NS admin.php Direct Request Admin Control
Panel Access
Advanced Image Hosting search.php text Parameter XSS
Horde Administration Interface admin/phpshell.php PATH_INFO
Parameter XSS
NewsScript HB-NS index.php topic Parameter XSS
VMware vCenter Lab Manager WebWorks Help Page wwhelp_
entry.html XSS
Digital Scribe showpic.php Multiple Parameter XSS
Real Estate Manager index.php lang Parameter XSS
Digital Scribe forgot.php email Parameter SQL Injection
Digital Scribe stuworkindiv.php ID Parameter SQL Injection
Digital Scribe stuworkdisplay.php ID Parameter SQL Injection
Mail Manager Pro admin.php Admin Password Manipulation
CSRF
iGaming CMS users.php User Account Creation CSRF
Linkster linkster.php CID Parameter SQL Injection
daloRADIUS daloradius-users/login.php error Parameter XSS
SitioOnline lista_articulos.php id_categoria Parameter SQL
Injection
Designs by JM CMS viewcontent.asp pageid Parameter SQL
Injection
SitioOnline detalle_articulo.php id_producto Parameter SQL
Injection
Fastgraf whois.cgi Domain Entry Arbitrary Command Execution
EEGShop shhr_inc.asp id Parameter SQL Injection
Mojo iWMS default.asp ERRMSG Parameter XSS
Recipe Script update_profile.php Email Address Manipulation
CSRF
GuestBookPro db/guestbook.mdb Direct Request Information
Disclosure
iSupport ticket_function.php Multiple Parameter XSS
MembersPro Multiple Products members.mdb Direct Request
Information Disclosure
Recipe Script adminpass.php Admin Password Manipulation
CSRF
Recipe Script send_email_users.php Email Transmission CSRF
Recipe Script admin/categories.php Multiple Parameter XSS
Recipe Script admin/all_comments.php Multiple Parameter XSS
Recipe Script admin/users.php Multiple Parameter XSS
Recipe Script admin/comments.php Multiple Parameter XSS
Recipe Script admin/menus.php Multiple Parameter XSS
Recipe Script admin/links.php Multiple Parameter XSS
Recipe Script admin/banners.php Multiple Parameter XSS
Family Connections profile.php member Parameter SQL Injection
Pre Hospital Management System department.php id Parameter
SQL Injection
Family Connections messageboard.php thread Parameter SQL
Injection
Family Connections settings.php theme Parameter Traversal
Local File Inclusion
Family Connections inc/upimages.php upfile Parameter File
Upload Arbitrary PHP Code Execution
Smart Statistics smart_statistics_admin.php name Parameter
XSS
CVE-2009-4383
CVE-2009-4237
CVE-2009-4384
CVE-2009-4262
CVE-2009-4266
CVE-2009-3701
CVE-2009-4348
CVE-2009-3731
CVE-2009-4318
CVE-2009-4347
CVE-2009-4433
Pre Hospital Management System login.php Multiple Parameter
SQL Injection Authentication Bypass
iSupport function.php which Parameter XSS
Oracle WebLogic Admin Console Default Credentials
OSSIM repository/repository_attachment.php id_document
Parameter SQL Injection
Matrimony Script admin/admin_staffs.php Arbitrary User Creation
CSRF
Sitecore Staging Module sitecore modules/staging/service/
api.asmx Multiple Parameter Authentication Bypass
D-Link DIR-615 apply.cgi Crafted HTTP Request Admin
Authentication Bypass
phpLDAPadmin cmd.php cmd Parameter Traversal Local File
Inclusion
Maxs Photo Album admin.php File Upload Arbitrary PHP Code
Execution
Pre Multi-Vendor Ecommerce Solution search.php search
Parameter XSS
Ez News Manager admin.php Admin Password Manipulation
CSRF
Pre Jobo.NET manager/login.aspx Multiple Parameter SQL
Injection Authentication Bypass
OSSIM sem/wcl.php uniqueid Parameter Arbitrary Shell
Command Injection
OSSIM sem/storage_graphs.php uniqueid Parameter Arbitrary
Shell Command Injection
OSSIM sem/storage_graphs2.php uniqueid Parameter Arbitrary
Shell Command Injection
OSSIM sem/storage_graphs3.php uniqueid Parameter Arbitrary
Shell Command Injection
OSSIM sem/storage_graphs4.php uniqueid Parameter Arbitrary
Shell Command Injection
OSSIM repository/repository_attachment.php id_document
Parameter Traversal Arbitrary File Upload
Moodle login/index_form.html HTTPS Port Link Weakness
Cleartext Credential Remote Disclosure
angelo-emlak veribaze/angelo.mdb Direct Request Admin
Credentials Disclosure
PacketFence admin/login.php username Parameter XSS
Saurus CMS classes/excel/class.writeexcel_workbook.inc.php
class_path Parameter Remote File Inclusion
8pixel.net Blog App_Data/sb.mdb Direct Request Database
Disclosure
Ignition comment.php blog Parameter Traversal Local File
Inclusion
Ignition view.php blog Parameter Traversal Local File Inclusion
Saurus CMS classes/excel/class.writeexcel_worksheet.inc.php
class_path Parameter Remote File Inclusion
cPanel frontend/x3/files/fileop.html fileop Parameter XSS
Ultimate Uploader for PHP upload.php File Upload Arbitrary PHP
Code Execution
Pre Hotels & Resorts Management System adminlogin_
confirm.asp Multiple Parameter SQL Injection
Absolute Shopping Cart latest_detail.asp prod_id Parameter SQL
Injection
Microsoft IIS ctss.idc table Parameter SQL Injection
JpGraph jpgraph.php GetURLArguments() Function XSS
ClarkConnect public/proxy.php url Parameter XSS
webMathematica webMathematica/MSP/ URL Parameter XSS
Active Business Directory searchadvance.asp search Parameter
XSS
CVE-2009-4433
CVE-2009-4375
CVE-2009-4367
CVE-2009-4427
CVE-2009-4372
CVE-2009-4372
CVE-2009-4372
CVE-2009-4372
CVE-2009-4372
CVE-2009-4374
CVE-2009-4302
CVE-2009-4426
CVE-2009-4426
CVE-2009-4422
CVE-2009-4464
The Uploader download_checker.php filename Parameter
Traversal Arbitrary File Access
SmartMedia Module for XOOPS folder.php categoryid ID XSS
Content Module for XOOPS modules/content/index.php id
Parameter SQL Injection
Ez Poll Hoster profile.php uid Parameter XSS
OpenX www/admin/ Unspecified Admin Authentication Bypass
Jax Guestbook guestbook.admin.php Direct Request Admin
Authentication Bypass
MYPS Plugin for MyBB myps.php username Parameter XSS
APC NMC Multiple Products Forms/login1 Multiple Parameter
XSS
Auto-Surf Traffic Exchange Script faq.php rid Parameter XSS
Auto-Surf Traffic Exchange Script register.php rid Parameter XSS
Horde Administration Interface admin/cmdshell.php PATH_INFO
Parameter XSS
Horde Administration Interface admin/sqlshell.php PATH_INFO
Parameter XSS
VMware vCenter Lab Manager WebWorks Help Page wwhelp/
wwhimpl/api.htm XSS
VMware vCenter Lab Manager WebWorks Help Page wwhelp/
wwhimpl/common/html/frameset.htm XSS
VMware vCenter Lab Manager WebWorks Help Page wwhelp/
wwhimpl/common/scripts/switch.js XSS
VMware vCenter Lab Manager WebWorks Help Page wwhelp/
wwhimpl/common/html/bookmark.htm XSS
OSSIM repository/repository_attachment.php Unrestricted File
Upload Arbitrary Code Execution
PHP-Calendar update08.php configfile Parameter Traversal Local
File Inclusion
PHP-Calendar update10.php configfile Parameter Traversal Local
File Inclusion
Ez Poll Hoster admin.php User Deletion CSRF
Venalsur Booking Centre Booking System for Hotels Group hotel_
tiempolibre_ext.php NoticiaID Parameter SQL Injection
SQL-Ledger am.pl Multiple Parameter Password Manipulation
CSRF
Simple PHP Blog languages_cgi.php blog_language1 Parameter
Traversal Local File Inclusion
Horde Xss.php Filter Bypass data:// URI XSS
PHP AjaxWhois whois.php domain Parameter XSS
Joomulus Module for Joomla! tagcloud_ell.swf tagcloud
Parameter XSS
LiveZilla map.php Multiple Parameter XSS
Hasta Blog yorumyaz.php id Parameter XSS
FreePBX admin/config.php tech Parameter XSS
Proverbs Web Calendar calendar.php month Parameter SQL
Injection
Joomulus Module for Joomla! tagcloud_eng.swf tagcloud
Parameter XSS
Joomulus Module for Joomla! tagcloud_por.swf tagcloud
Parameter XSS
Joomulus Module for Joomla! tagcloud_rus.swf tagcloud
Parameter XSS
Green Desktiny news_detail.php id Parameter SQL Injection
kandalf upper upper.php MIME Type File Upload Arbitrary PHP
Code Execution
FlatPress contact.php URI XSS
Proverbs Web Calendar calendar.php year Parameter XSS
Best Top List banner-upload.php File Upload Arbitrary PHP Code
Execution
CVE-2009-4359
CVE-2009-4360
CVE-2009-4384
CVE-2009-4447
CVE-2009-1798,2009-4406
CVE-2009-4460
CVE-2009-4460
CVE-2009-3701
CVE-2009-3701
CVE-2009-3731
CVE-2009-3731
CVE-2009-3731
CVE-2009-3731
CVE-2009-4373
CVE-2009-3702
CVE-2009-3702
CVE-2009-4385
CVE-2009-4386
CVE-2009-3580
CVE-2009-4421
CVE-2009-4363
CVE-2009-4450
CVE-2009-4458
CVE-2009-4456
CVE-2009-4451
CVE-2009-4461
FlatPress login.php URI XSS
FlatPress search.php URI XSS
cms-db admin/index.php langcode Parameter XSS
cms-db blogfeed.php langcode Parameter XSS
cms-db admin/users.php saved Parameter XSS
Best Top List out.php url Parameter XSS
phpFK PHP Forum ohne search.php search Parameter XSS
CommonSense CMS search.php q Parameter XSS
MySimpleFileUploader upload.php File Upload Arbitrary PHP
Code Execution
Esinti Web Design Gold Defter data/defter.mdb Direct Request
Database Disclosure
Helpdesk Pilot knowledgebase.php article_id Parameter SQL
Injection
phpAuction register.php Multiple Parameter XSS
Futility Forum message.mdb Direct Request Database Disclosure
Avatar Studio Module for PHP-Fusion avatar_studio.php Multiple
Parameter Traversal Local File Inclusion
Despe FreeCell solitaire.php Multiple Parameter XSS
dB Masters Links Directory admin.php admin_log Cookie
Manipulation Authentication Bypass
FlashChat phpinfo.php Direct Request Information Disclosure
iDevAffiliate signup.php payable Parameter XSS
PicMe admin/banner.php URI XSS
UranyumSoft Listing Service database/db.mdb Direct Request
Database Disclosure
I-Escorts Directory country_escorts.php country_id Parameter
SQL Injection
AproxEngine engine/inc/galerie_unlink.php datei Parameter
Arbitrary File Deletion
AproxEngine engine/inc/galerie_del_verz.php del_verz Parameter
Arbitrary Directory Deletion
Mura CMS go/default/blog/blog-post-with-flash-video/ txtName
Parameter SQL Injection
Mura CMS go/default/blog/blog-post-with-flash-video/ Multiple
Parameter XSS
Mura CMS default/includes/display_objects/sendtofriend/
index.cfm link Parameter XSS
Mura CMS go/default/blog/index.cfm returnURL Parameter XSS
Attachment Plugin for PunBB misc.php secure_str Parameter
SQL Injection
Cherokee Web Server URL Traversal Arbitrary File Access
Networking_Utils networking_utils.php Multiple Parameter Shell
Metacharacter Arbitrary File Access
AN HTTP aux.cgi Malformed HTTP Request Remote DoS
versatileBulletinBoard (vBB) activate.php uid Parameter Admin
Authentication Bypass
Click2Learn Ingenium Learning Management System config.txt
Direct Request Remote Admin Credential Disclosure
Active PHP Bookmarks (APB) add_bookmark.php auth_user_id
Parameter Manipulation Arbitrary User Bookmark Manipulation
Bookmark4U inc/config.php prefix Parameter Remote File
Inclusion
Bookmark4U inc/common.load.php prefix Parameter Remote File
Inclusion
Active PHP Bookmarks (APB) apb_common.php APB_
SETTINGS Parameter Remote File Inclusion
Active PHP Bookmarks (APB) apb_view_class.php APB_
SETTINGS Parameter Remote File Inclusion
e-Courier CMS home/index.asp UserGUID Parameter XSS
CVE-2009-4461
CVE-2009-4461
CVE-2009-3902
CVE-2002-1971
CVE-2003-1270
CVE-2003-1258
CVE-2002-1909
CVE-2003-1255
CVE-2003-1253
CVE-2003-1253
CVE-2003-1254
CVE-2003-1254
CVE-2009-3901
e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter
CVE-2009-3905
XSS
e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS CVE-2009-3905
e-Courier CMS home/your-register.asp UserGUID Parameter
CVE-2009-3905
XSS
e-Courier CMS home/main-whyregister.asp UserGUID Parameter
CVE-2009-3905
XSS
e-Courier CMS home/your.asp UserGUID Parameter XSS
CVE-2009-3905
AstroCam astrocam.cgi HTTP Request Shell Metacharacter
CVE-2002-1874
Arbitrary Command Execution
TeeKai Tracking Online data/userlog/log.txt Direct Request
CVE-2002-2058
Information Disclosure
CubeCart classes/session/cc_admin_session.php Multiple HTTP
Header ccAdmin Cookie Manipulation Admin Authentication
CVE-2009-3904
Bypass
Portili Multiple Products ajaxfilemanager/ajax_save_name.php
Multiple Parameter Arbitrary Directory Manipulation
Portili Multiple Products phpinfo.php Direct Request Information
Disclosure
Portili Multiple Products ajaxfilemanager/ajaxfilemanager.php
view Parameter XSS
Movable Type /mt/mt-check.cgi System Information Disclosure
CUPS Web Interface admin/ kerberos Parameter XSS
CVE-2009-2820
Axon Virtual PBX /logon Multiple Parameter XSS
CVE-2009-4038
Super Serious Stats user.php uid Parameter SQL Injection
CVE-2009-3961
XEROX Fiery Webtools summary.php select Parameter SQL
CVE-2009-3913
Injection
TFTgallery index.php album Parameter Traversal Arbitrary File
CVE-2009-3912
Access
TFTgallery settings.php sample Parameter XSS
CVE-2009-3911
WordPress /wp-includes/functions.php wp_check_filetype()
CVE-2009-3890
Function File Upload Arbitrary Code Execution
WordPress press-this.php Unspecified XSS
CVE-2009-3891
osCommerce Online Merchant Admin Console file_manager.php
Arbitrary File Manipulation
PEEL haut.php dirroot Parameter Remote File Inclusion
CVE-2002-2134
Software602 Web Server /admin/ Directory Direct Request
CVE-2002-2152
Privilege Escalation
Benjamin Lefevre Dobermann FORUM entete.php subpath
CVE-2002-2200
Parameter Remote File Inclusion
vBulletin member2.php perpage Parameter Error Message XSS CVE-2002-2235
Benjamin Lefevre Dobermann FORUM enteteacceuil.php subpath
CVE-2002-2200
Parameter Remote File Inclusion
Benjamin Lefevre Dobermann FORUM newtopic.php subpath
CVE-2002-2200
Parameter Remote File Inclusion
Mantis view_filters_page.php target_field Parameter XSS
CVE-2005-4238
PHD Help Desk area.php Multiple Parameter XSS
CVE-2009-4047
VirtualIQ Pro tvserver/user/user.do Multiple Parameter XSS
VirtualIQ Pro tvserver/server/user/setPermissions.jsp userId
Parameter XSS
VirtualIQ Pro tvserver/server/user/addDepartment.jsp Multiple
Parameter XSS
VirtualIQ Pro tvserver/server/inventory/inventoryTabs.jsp ID
Parameter XSS
VirtualIQ Pro tvserver/reports/virtualIQAdminReports.do
reportName Parameter XSS
PHD Help Desk solic_display.php q_registros Parameter XSS
CVE-2009-4047
PHD Help Desk area_list.php Multiple Parameter XSS
CVE-2009-4047
PHD Help Desk atributo.php URL Parameter XSS
CVE-2009-4047
PHD Help Desk atributo_list.php Multiple Parameter XSS
CVE-2009-4047
PHD Help Desk caso_insert.php URL Parameter XSS
e-Xoops viewcat.php Error Message Path Disclosure
phpBB auth.php Traversal Arbitrary PHP Code Execution
SunTrack newprofile.html title Parameter XSS
SunTrack signup/signup.html Multiple Parameter XSS
SunTrack contact.html Multiple Parameter XSS
Infinity cp/profile.php Multiple Parameter Admin Authentication
Bypass
phpMyBackupPro get_file.php view Parameter Arbitrary File
Access
Blahz-DNS listing/login.php Primary Name field XSS
PHP on Apache php.exe Direct Request Remote DoS
telepark.wiki ajax/deletePage.php Authentication Bypass Page
Deletion
telepark.wiki ajax/deleteComment.php Authentication Bypass
Comment Deletion
telepark.wiki getjs.php css Parameter Traversal Local File
Inclusion
telepark.wiki getcsslocal.php css Parameter Traversal Local File
Inclusion
telepark.wiki upload.php group Parameter Traversal Local File
Inclusion
telepark.wiki ajax/addComment.php Crafted File Name Arbitrary
PHP Code Execution
2wire Gateway Multiple Products Management Interface xslt page
Parameter Remote DoS
CubeCart includes/content/viewProd.inc.php productId Parameter
SQL Injection
TOPo in.php Error Message Path Disclosure
TOPo out.php Error Message Path Disclosure
Apple QuickTime / Darwin Streaming Server on Windows parse_
xml.cgi filename Parameter Traversal Arbitrary File Access
Apple Darwin Streaming Server parse_xml.cgi Traversal Error
Message File Enumeration
Telebid Auction Script allauctions.php aid Parameter SQL
Injection
PHP-Nuke modules.php uid Cookie SQL Injection
PHP-Stats admin.php Multiple Parameter Traversal Arbitrary File
Access
New 5 Star Rating rating.php det Parameter SQL Injection
Invision Power Board admin/applications/core/modules_public/
search/search.php search_term Parameter SQL Injection
Invision Power Board admin/applications/core/modules_public/
global/lostpass.php aid Parameter SQL Injection
Outreach Project Tool opt/forums/Forum_Include/index.php
CRM_path Parameter Remote File Inclusion
PHP Traverser assets/plugins/mp3_id/mp3_id.php GLOBALS
[BASE] Parameter Remote File Inclusion
Betsy CMS /admin/popup.php popup Parameter Traversal Local
File Inclusion
GForge help/tracker.php helpname Parameter XSS
NaSMail contrib/decrypt_headers.php Unspecified Parameter
XSS
Avaya Intuity Audix LX /cswebadm/diag/cgi-bin/sendrec.pl Multiple
Parameter Arbitrary Command Execution
WP-Cumulus Plugin for WordPress wp-content/plugins/wpcumulus/tagcloud.swf tagcloud Parameter XSS
Cacti lib/timespan_settings.php Multiple Parameter XSS
FrontAccounting (FA) gl/manage/bank_accounts.php Unspecified
Parameter SQL Injection
CVE-2009-4047
CVE-2005-0827
CVE-2003-1373
CVE-2009-3950
CVE-2009-3950
CVE-2009-3950
CVE-2009-3949
CVE-2009-4050
CVE-2002-2309
CVE-2009-4089
CVE-2009-4089
CVE-2009-4088
CVE-2009-4088
CVE-2009-4088
CVE-2009-4090
CVE-2009-3962
CVE-2009-4060
CVE-2003-1409
CVE-2003-1409
CVE-2003-1414
CVE-2003-1413
CVE-2009-4058
CVE-2003-1340
CVE-2006-1083
CVE-2009-3965
CVE-2009-3974
CVE-2009-3974
CVE-2009-4082
CVE-2009-4085
CVE-2009-4056
CVE-2009-3303
CVE-2009-4032
CVE-2009-4046
FrontAccounting (FA) gl/manage/currencies.php Unspecified
Parameter SQL Injection
FrontAccounting (FA) gl/manage/exchange_rates.php Unspecified
Parameter SQL Injection
FrontAccounting (FA) gl/manage/gl_account_types.php
Unspecified Parameter SQL Injection
FrontAccounting (FA) gl/manage/gl_accounts.php Unspecified
Parameter SQL Injection
FrontAccounting (FA) includes/db/audit_trail_db.inc Unspecified
Parameter SQL Injection
FrontAccounting (FA) includes/db/comments_db.inc Unspecified
Parameter SQL Injection
FrontAccounting (FA) includes/db/inventory_db.inc Unspecified
Parameter SQL Injection
FrontAccounting (FA) includes/db/manufacturing_db.inc
Unspecified Parameter SQL Injection
FrontAccounting (FA) includes/db/references_db.inc Unspecified
Parameter SQL Injection
Quick.CMS admin.php Content Deletion CSRF
OpenX banner-edit.php File Upload GIF Magic Number Arbitrary
PHP Code Execution
RADIO istek scripti estafresgaftesantusyan.inc Direct Request
MySQL Database Credentials Disclosure
Avaya Intuity Audix LX /cswebadm/diag/cgi-bin/nslookup.pl
Multiple Parameter Arbitrary Command Execution
Avaya Intuity Audix LX /cgi-bin/smallmenu.pl url Parameter XSS
Cacti graph.php Multiple Parameter XSS
Cacti include/top_graph_header.php Multiple Parameter XSS
Cacti lib/html_form.php Multiple Parameter XSS
Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File
Source Disclosure
Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass
Source Disclosure
eZ httpbench ezhttpbench.php AnalyseSite Parameter Arbitrary
File Access
TightAuction config.inc Direct Request Database Credentials
Disclosure
Active PHP Bookmarks (APB) head.php APB_SETTINGS
Parameter Remote File Inclusion
Bookmark4U inc/dbase.php prefix Parameter Remote File
Inclusion
IceWarp WebMail viewaction.html Arbitrary Directory Creation
PSArt news.asp id Parameter SQL Injection
WF-Chat !pwds.txt Direct Request Password Disclosure
WF-Chat !nicks.txt Direct Request Username Disclosure
WebCollection Plus s.dll d Parameter Traversal Arbitrary File
Access
E-theni find_theni_home.php phpinfo() Function Direct Request
Information Disclosure
Lyris ListManager scripts/message/message.tml Multiple
Parameter XSS
Moa Gallery sources/_error_funcs.php MOA_PATH Parameter
Remote File Inclusion
Moa Gallery sources/_integrity_funcs.php MOA_PATH Parameter
Remote File Inclusion
Moa Gallery sources/_template_component_admin.php MOA_
PATH Parameter Remote File Inclusion
Moa Gallery sources/_template_component_gallery.php MOA_
PATH Parameter Remote File Inclusion
Moa Gallery sources/_template_parser.php MOA_PATH
Parameter Remote File Inclusion
CVE-2009-4046
CVE-2009-4046
CVE-2009-4046
CVE-2009-4046
CVE-2009-4046
CVE-2009-4046
CVE-2009-4046
CVE-2009-4046
CVE-2009-4046
CVE-2009-4098
CVE-2009-4096
CVE-2009-4032
CVE-2009-4032
CVE-2009-4032
CVE-2002-1744
CVE-2002-1745
CVE-2002-1818
CVE-2002-1886
CVE-2003-1254
CVE-2003-1253
CVE-2005-1491
CVE-2003-1540
CVE-2003-1540
CVE-2003-1345
CVE-2003-1257
Moa Gallery sources/mod_gallery_funcs.php MOA_PATH
Parameter Remote File Inclusion
Moa Gallery sources/mod_image_funcs.php MOA_PATH
Parameter Remote File Inclusion
Moa Gallery sources/mod_tag_funcs.php MOA_PATH Parameter
Remote File Inclusion
Moa Gallery sources/mod_tag_view.php MOA_PATH Parameter
Remote File Inclusion
Moa Gallery sources/mod_upgrade_funcs.php MOA_PATH
Parameter Remote File Inclusion
Moa Gallery sources/mod_user_funcs.php MOA_PATH
Parameter Remote File Inclusion
Moa Gallery sources/page_admin.php MOA_PATH Parameter
Remote File Inclusion
Moa Gallery sources/page_gallery_add.php MOA_PATH
Parameter Remote File Inclusion
Moa Gallery sources/page_gallery_view.php MOA_PATH
Parameter Remote File Inclusion
Moa Gallery sources/page_image_add.php MOA_PATH
Parameter Remote File Inclusion
Moa Gallery sources/page_image_view_full.php MOA_PATH
Parameter Remote File Inclusion
Moa Gallery sources/page_login.php MOA_PATH Parameter
Remote File Inclusion
Moa Gallery sources/page_sitemap.php MOA_PATH Parameter
Remote File Inclusion
Kayako SupportSuite / eSupport modules/tickets/functions_
CVE-2009-3567
ticketsui.php Staff Control Panel XSS
I-Tech MMORPG Zone view_news.php news_id Parameter SQL
CVE-2009-3505
Injection
Loggix Project modules/downloads/lib/LM_Downloads.php
CVE-2009-3492
pathToIndex Parameter Remote File Inclusion
Loggix Project lib/Loggix/Module/Calendar.php pathToIndex
CVE-2009-3492
Parameter Remote File Inclusion
Loggix Project lib/Loggix/Module/Comment.php pathToIndex
CVE-2009-3492
Parameter Remote File Inclusion
Loggix Project lib/Loggix/Module/Rss.php pathToIndex Parameter
CVE-2009-3492
Remote File Inclusion
Loggix Project lib/Loggix/Module/Trackback.php pathToIndex
CVE-2009-3492
Parameter Remote File Inclusion
Lyris ListManager scripts/message/message_dialog.tml Multiple
Parameter XSS
Lyris ListManager read/attach_file.tml page Parameter XSS
Lyris ListManager read/attachment_too_large.tml page Parameter
XSS
Lyris ListManager read/confirm_file_attach.tml page Parameter
XSS
Lyris ListManager read/login/ndex.tml emailaddr Parameter XSS
Lyris ListManager read/login/sent_password.tml emailaddr
Parameter XSS
Lyris ListManager subscribe/subscribe list Parameter XSS
Lyris ListManager utilities/db/showsql max Parameter XSS
linkSpheric viewListing.php listID Parameter SQL Injection
CVE-2009-3510
Pilot Group eTraining courses_login.php cat_id Parameter XSS
CVE-2009-3513
Pilot Group eTraining news_read.php id Parameter XSS
CVE-2009-3513
Pilot Group eTraining lessons_login.php Multiple Parameter XSS CVE-2009-3513
d.net CMS dnet_admin/index.php Multiple Parameter SQL
CVE-2009-3514
Injection
d.net CMS dnet_admin/index.php type Parameter Traversal Local
CVE-2009-3515
File Inclusion
paFileDB pafiledb.php Multiple Parameter SQL Injection
Bugzilla process_bug.cgi Shell Metacharacter Arbitrary Command
Execution
Infonautics getdoc.cgi Crafted Request Document Payment
Phase Bypass
Novell eDirectory dhost/modules Error Message XSS
CONTENTCustomizer dialog.php Multiple Parameter Privileged
Action Access
SimpNews events.php link_date Parameter Error Message Path
Disclosure
Invision Power Board ips_kernel/class_upload.php Arbitrary File
Upload
Hyperic HQ mastheadAttach.do typeId Parameter XSS
Hyperic HQ Resource.do eid Parameter XSS
Hyperic HQ admin/user/UserAdmin.do u Parameter XSS
PHPGenealogy CoupleDB.php DataDirectory Parameter Remote
File Inclusion
Apache Open For Business Project (OFBiz) eCommerce/
ordermgr Multiple Field XSS
Apache Open For Business Project (OFBiz) ecommerce/control/
login Multiple Field XSS
Apache Open For Business Project (OFBiz) ecommerce/control/
viewprofile Multiple Field XSS
Snaps! Gallery admin/users.php Multiple Parameter Edit Action
Arbitrary Credential Modification
phpMyNewsletter admin/send_mod.php Admin Email
Authentication Bypass
phpMyNewsletter admin/index.php Unauthenticated Configuration
Modification
Apache Axis Invalid wsdl Request XSS
ezRecipe-Zee config/config.php cfg[prePath] Parameter Remote
File Inclusion
AfterLogic WebMail Pro history-storage.aspx Multiple Parameter
XSS
HP Multiple Products support_param.html/config Multiple
Parameter XSS
Apache Open For Business Project (OFBiz) /ecommerce/control/
keywordsearch SEARCH_STRING Parameter XSS
Apache JSPWiki /admin/SecurityConfig.jsp Direct Request
Information Disclosure
Apache JSPWiki Edit.jsp Multiple Parameter XSS
Apache JSPWiki Group.jsp group Parameter XSS
Apache JSPWiki preview.jsp action Parameter XSS
Apache JSPWiki Edit.jsp Multiple Parameter XSS
Apache JSPWiki PreviewContent.jsp Edited Text XSS
Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
Aktueldownload Haber Script rss.asp Multiple Parameter SQL
Injection
Apache Open For Business Project (OFBiz) /catalog/control/
createProduct internalName Parameter XSS
Apache Open For Business Project (OFBiz) /partymgr/control/
viewprofile partyId Parameter XSS
Apache Open For Business Project (OFBiz) /catalog/control/
EditProdCatalo prodCatalogId Parameter XSS
Apache Open For Business Project (OFBiz) /catalog/control/
EditProductConfigItem configItemId Parameter XSS
phpGraphy index.php pictures[] Parameter config.php Upload
Arbitrary Code Execution
NEXTWEB (i)Site login.asp Multiple Parameter SQL Injection
PhpMyAdmin db_create.php db Parameter XSS
PhpMyAdmin db_operations.php Multiple Parameter XSS
PhpMyAdmin querywindow.php Multiple Parameter XSS
CVE-2000-0421
CVE-2000-0288
CVE-2007-5817
CVE-2007-5128
CVE-2007-4913
CVE-2009-2897
CVE-2009-2897
CVE-2009-2897
CVE-2009-3541
CVE-2007-2715
CVE-2007-2372
CVE-2007-2371
CVE-2009-3694
CVE-2009-2684
CVE-2007-1016
CVE-2006-6966
CVE-2005-1834
CVE-2006-6942
CVE-2006-6942
CVE-2006-6942
PhpMyAdmin sql.php pos Parameter XSS
WordPress wp-admin/user-edit.php user_id Parameter Arbitrary
User Metadata Disclosure
Pixelated By Lev (PBL) Guestbook pblguestbook.php Multiple
Parameter XSS
Serendipity serendipity_config_local.inc.php Unspecified Issue
NEXTWEB (i)Site databases/Users.mdb Direct Request
Credentials Disclosure
ASP-DEv XM Forum forum.asp forum_title Parameter XSS
Docebo doceboLms/index.php word Parameter SQL Injection
Docebo doceboCore/index.php id_certificate Parameter SQL
Injection
X-Cart customer/home.php email Parameter XSS
Ajox Poll admin/managepoll.php Direct Request Admin
Authentication Bypass
Digitaldesign CMS autoconfig.dd Direct Request Database
Disclosure
petitforum liste.txt Direct Request Remote Information Disclosure
petitforum message.php connects Cookie Manipulation
Authentication Bypass
php-Board login.php [username].txt Direct Request User Account
Disclosure
YABSoft Mega File Hosting Script emaullinks.php moudi
Parameter XSS
Vivisimo Clustering Engine search query Parameter XSS
BS Counter file/stats.php page Parameter SQL Injection
Efront libraries/database.php path Parameter Remote File
Inclusion
Achievo dispatch.php title Parameter XSS
Achievo dispatch.php userid Parameter SQL Injection
BIRT birt-viewer/run __report Parameter XSS
Member Management System resend.asp ID Parameter SQL
Injection
Member Management System news_view.asp ID Parameter SQL
Injection
bloofoxCMS index.php search Parameter XSS
Zorum z_user_show.php class Parameter XSS
Authoria HR athcgi.exe script Parameter XSS
MyGuestbook admin_index.php Multiple Parameter XSS
MyGuestbook admin_pass.php Multiple Parameter XSS
MyGuestbook admin_modif.php Multiple Parameter XSS
MyGuestbook admin_suppr.php Multiple Parameter XSS
News Evolution backend.php neurl Parameter Remote File
Inclusion
News Evolution screen.php neurl Parameter Remote File
Inclusion
News Evolution admin/modules/comment.php neurl Parameter
Remote File Inclusion
Phorum read.php Multiple Parameter XSS
Script-Shed GuestBook config.asp Multiple Tag Handling XSS
Apache Open For Business Project (OFBiz) URI passThru
Parameter XSS
Apache Axis2 WSInsane xsd Parameter Traversal Arbitrary File
Disclosure
Apache Jetspeed default-page.psml URI XSS
Apache Beehive jpfScopeID Global Parameter XSS
Apache Solr analysis.jsp XSS
Apache MyFaces Trinidad LocaleInfoScriptlet XSS
Apache Solr schema.jsp Multiple Parameter XSS
CVE-2006-6942
CVE-2006-6016
CVE-2006-3617
CVE-2005-1449
CVE-2005-1835
CVE-2005-4256
CVE-2009-3592
CVE-2009-3596
CVE-2009-3597
CVE-2003-1423
CVE-2003-1424
CVE-2003-1401
CVE-2009-3647
CVE-2003-1519
CVE-2009-3659
CVE-2009-3660
CVE-2009-2733
CVE-2009-2734
CVE-2004-1843
CVE-2004-1843
CVE-2002-2350
CVE-2002-2348
CVE-2003-1241
CVE-2003-1241
CVE-2003-1241
CVE-2003-1241
CVE-2002-2249
CVE-2002-2249
CVE-2002-2249
CVE-2002-2340
CVE-2002-2339
Apache Hadoop browseDirectory.jsp XSS
Apache Hadoop tail.jsp XSS
Apache Hadoop browseBlock.jsp XSS
Apache Solr action.jsp XSS
Apache Solr get-file.jsp XSS
phpLinkat showcat.php catid Parameter XSS
CVE-2002-2321
phpLinkat addyoursite.php catid Parameter XSS
CVE-2002-2321
ClickCartPro admin_user.db Direct Request Credentials
CVE-2002-2310
Disclosure
Direct Web Remoting (DWR) Script Inclusion Error XSS
WordPress wp-trackbacks.php Character Set Conversion
CVE-2009-3622
Handling Remote DoS
StatsPlus stat.pl Multiple Header XSS
CVE-2002-2330
MySimpleNews users.php Multiple Parameter Arbitrary PHP Code
CVE-2002-2319
Injection
Mojo Mail mojo.cgi email Parameter XSS
CVE-2002-2193
phpBB search.php search_username Parameter XSS
CVE-2002-2255
Thatware auth.inc.php user Parameter SQL Injection
CVE-2002-2252
Linksys WVC11B Internet Video Camera main.cgi next_file
CVE-2004-2508
Parameter XSS
Achievo debugger.php config_atkroot Parameter Remote File
CVE-2009-3705
Inclusion
Battle Blog comment.asp comment Parameter XSS
CVE-2009-3719
Piwik ofc_upload_image.php Multiple Parameter File Upload
Arbitrary Code Execution
AjaxChat Component for Joomla! components/com_ajaxchat/
tests/ajcuser.php mosConfig_absolute_path Parameter Remote CVE-2009-3822
File Inclusion
Ebay Clone feedback.php user_id Parameter SQL Injection
CVE-2009-3712
Ebay Clone view_full_size.php item_id Parameter SQL Injection CVE-2009-3712
Ebay Clone classifide_ad.php item_id Parameter SQL Injection
CVE-2009-3712
Ebay Clone crosspromoteitems.php item_id Parameter SQL
CVE-2009-3712
Injection
Websense Email Security / Personal Email Manager web/msgList/
CVE-2009-3748
viewmsg/actions/msgAnalyse.asp Multiple Parameter XSS
Websense Email Security / Personal Email Manager web/msgList/
viewmsg/actions/msgForwardToRiskFilter.asp Multiple Parameter CVE-2009-3748
XSS
Websense Email Security / Personal Email Manager web/msgList/
CVE-2009-3748
viewmsg/viewHeaders.asp Multiple Parameter XSS
AgoraCart protected/manager.cgi Setting Manipulation CSRF
WWWeBBB Forum page.cgi URI Traversal Arbitrary File Access CVE-2002-2085
MySimpleNews admin.html Cleartext Admin Password Disclosure CVE-2002-2143
IBM Rational RequisitePro ReqWeb Help Feature ReqWebHelp/
CVE-2009-3730
advanced/workingSet.jsp operation Parameter XSS
IBM Rational RequisitePro ReqWeb Help Feature ReqWebHelp/
CVE-2009-3730
basic/searchView.jsp Multiple Parameter XSS
WoltLab Burning Board (wbboard) reply.php message Parameter
CVE-2002-2021
CSRF
PHP-Nuke phptonuke.php filnavn Parameter XSS
CVE-2002-1995
vBulletin global.php Multiple Parameter XSS
CVE-2002-1922
paFileDB pafiledb.php id Parameter XSS
CVE-2002-1929
Amiro.CMS _admin/plugins_wizard.php status_message
CVE-2009-3803
Parameter XSS
WoltLab Burning Board (wbboard) profile.php message
CVE-2002-2021
Parameter CSRF
Boxalino boxalino/client/desktop/default.htm url Parameter
CVE-2009-1479
Traversal Arbitrary File Access
DM Albums Plugin for WordPress dm-albums/wp-dm-albumsajax.php Direct Request Album Folder Deletion
Vivvo CMS files.php file Parameter Traversal Arbitrary File
Access
W3Mail viewAttachment.cgi file Parameter Traversal Arbitrary File
Access
DM Albums Plugin for WordPress dm-albums/wp-dm-albumsajax.php delete_album Parameter Traversal Arbitrary Folder
Deletion
f2html.pl File Name Parameter SQL Injection
Aquonics File Manager source.php URI Traversal Arbitrary File
Access
TinyHTTPD URI Traversal Arbitrary File Execution
x-stat x_stat_admin.php phpinfo Action XSS
x-stat x_stat_admin.php Multiple Method Information Disclosure
X-News x_news.php md5_password Cookie Replay Admin
Authentication Bypass
acWEB Web Server URI XSS
Perception LiteServe Indexed Folder dir Request XSS
acWEB Web Server MS-DOS Device Request Remote DoS
TBmnetCMS index.php content Parameter XSS
Opial home.php genres_parent Parameter XSS
Opial home.php genres_parent Parameter SQL Injection
Opial register.php User Image Unrestricted File Upload Arbitrary
Code Execution
phpBMS modules/bms/invoices_discount_ajax.php id Parameter
SQL Injection
phpBMS dbgraphic.php f Parameter SQL Injection
phpBMS advancedsearch.php tid Parameter SQL Injection
phpBMS modules\base\myaccount.php PATH_INFO Parameter
XSS
phpBMS phpbms\modules\base\modules_view.php PATH_INFO
Parameter XSS
phpBMS phpbms\modules\base\tabledefs_options.php PATH_
INFO Parameter XSS
phpBMS phpbms\modules\base\adminsettings.php PATH_INFO
Parameter XSS
Citrix XenCenterWeb XenServer Resource Kit config/edituser.php
username Parameter XSS
Citrix XenCenterWeb XenServer Resource Kit console.php
Multiple Parameter XSS
Citrix XenCenterWeb XenServer Resource Kit forcerestart.php
Multiple Parameter XSS
Citrix XenCenterWeb XenServer Resource Kit forcesd.php
Multiple Parameter XSS
Citrix XenCenterWeb XenServer Resource Kit login.php
username Parameter SQL Injection
Citrix XenCenterWeb XenServer Resource Kit config/
changepw.php username Parameter CSRF
Citrix XenCenterWeb XenServer Resource Kit hardstopvm.php
stop_vmname Parameter CSRF
Citrix XenCenterWeb XenServer Resource Kit config/
writeconfig.php pool1 Parameter PHP Code Injection
phpBMS footer.php Direct Request Path Disclosure
phpBMS header.php Direct Request Path Disclosure
phpBMS advancedsearch.php Direct Request Path Disclosure
phpBMS choicelist.php Direct Request Path Disclosure
PhpBB privmsg.php mode Parameter HTTP Response Splitting
PhpBB login.php redirect Parameter HTTP Response Splitting
PerlDesk pdesk.cgi lang Parameter Error Message Path
Disclosure
RunCms modules/forum/post.php pid Parameter SQL Injection
CVE-2009-3787
CVE-2002-2399
CVE-2002-2383
CVE-2002-1815,2002-1926
CVE-2002-1819
CVE-2002-2044
CVE-2002-2045
CVE-2002-2046
CVE-2002-2171
CVE-2002-2192
CVE-2002-2421
CVE-2009-3747
CVE-2009-3751
CVE-2009-3752
CVE-2009-3753
CVE-2009-3754
CVE-2009-3754
CVE-2009-3754
CVE-2009-3755
CVE-2009-3755
CVE-2009-3755
CVE-2009-3755
CVE-2009-3757
CVE-2009-3757
CVE-2009-3757
CVE-2009-3757
CVE-2009-3758
CVE-2009-3759
CVE-2009-3759
CVE-2009-3760
CVE-2009-3756
CVE-2009-3756
CVE-2009-3756
CVE-2009-3756
CVE-2004-2054
CVE-2004-2054
CVE-2004-1677
CVE-2009-3804
oMail-webmail omail.pl checklogin Function Password Field
Arbitrary Command Execution
Protector System blocker.php URI SQL Injection
ZAP addentry.cgi Entry Field XSS
E-Guest E-Guest_sign.pl Multiple Parameter XSS
pWins Webserver URI Traversal Arbitrary File Access
123tkShop function_describe_item1.inc.php Unspecified
Parameter SQL Injection
123tkShop function_foot_1.inc.php $designNo Parameter
Traversal Arbitrary File Access
PHProjekt Crafted $PHP_SELF Parameter Authentication Bypass
PHP-Nuke functions.php user Parameter SQL Injection
PHP-Nuke mainfile.php cookiedecode Function XSS
JAF CMS config.php show Parameter Error Message Path
Disclosure
VocalTec VGW4/8 Gateway URI Traversal Authentication Bypass
OpenDocMan add.php last_message Parameter XSS
OpenDocMan toBePublished.php Multiple Parameter XSS
OpenDocMan index.php last_message Parameter XSS
OpenDocMan admin.php last_message Parameter XSS
OpenDocMan category.php PATH_INFO Parameter XSS
OpenDocMan department.php PATH_INFO Parameter XSS
OpenDocMan profile.php PATH_INFO Parameter XSS
OpenDocMan rejects.php PATH_INFO Parameter XSS
OpenDocMan search.php PATH_INFO Parameter XSS
OpenDocMan user.php Multiple Parameter XSS
OpenDocMan view_file.php PATH_INFO Parameter XSS
Web_Links Module for PHP-Nuke modules.php cid Parameter
Error Message Path Disclosure
MyBulletinBoard (MyBB) usercp.php Multiple Parameter SQL
Injection
HAMweather hwadmin.cgi Direct Request Admin Authentication
Bypass
phpBBmod phpinfo.php phpinfo Function Remote Information
Disclosure
Killer Protection vars.inc Direct Request Credentials Disclosure
Ultimate PHP Board (UPB) users.dat Direct Request Credential
Disclosure
Caucho Resin view_source.jsp URI Traversal Arbitrary File
Access
Caucho Resin HelloServlet Direct Request Path Disclosure
Matt Wright FormMail FormMail.pl Multiple Field Newline Injection
Arbitrary Mail Relay
PhpWebGallery isadmin.php photo_login Cookie Manipulation
Admin Authentication Bypass
GenCMS show.php p Parameter Traversal Local File Inclusion
GenCMS admin/pages/SiteNew.php Template Parameter
Traversal Local File Inclusion
Greenwood PHP Content Manager include/processor.php
content_path Parameter Traversal Local File Inclusion
CGIScript.net csGuestbook csGuestbook.cgi setup Parameter
Arbitrary Perl Code Execution
CGIScript.net csLiveSupport csLiveSupport.cgi setup Parameter
Arbitrary Perl Code Execution
CGIScript.net csChat-R-Box csChatRBox.cgi setup Parameter
Arbitrary Perl Code Execution
CGIScript.net csNews Professional (csNewsPro) csNewsPro.cgi
setup Parameter Arbitrary Perl Code Execution
Mobilelib GOLD myhtml.php GLOBALS[page] Parameter
Traversal Arbitrary File Access
CVE-2004-1993
CVE-2004-1961
CVE-2002-2377
CVE-2002-2376
CVE-2002-2256
CVE-2002-2168
CVE-2002-2167
CVE-2002-1757
CVE-2004-1929
CVE-2004-1930
CVE-2004-1504
CVE-2004-1814
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2009-3789
CVE-2003-1468
CVE-2005-4199
CVE-2002-2356
CVE-2002-2349
CVE-2002-2335
CVE-2002-2322
CVE-2002-1987
CVE-2002-1990
CVE-2002-1771
CVE-2002-2064
CVE-2009-3825
CVE-2009-3825
CVE-2009-3824
CVE-2002-1750
CVE-2002-1751
CVE-2002-1752
CVE-2002-1753
CVE-2009-3823
BookLibrary Component for Joomla! doc/releasenote.php
mosConfig_absolute_path Parameter Remote File Inclusion
RunCMS modules/contact/index.php op[] Parameter Error
Message Path Disclosure
RunCMS userinfo.php uid[] Parameter Error Message Path
Disclosure
MyBulletinBoard (MyBB) calendar.php Multiple Parameter SQL
Injection
MyBulletinBoard (MyBB) showthread.php rating Parameter SQL
Injection
RunCMS modules/forum/post.php forum Parameter SQL Injection
RunCMS modules/forum/class/class.permissions.php forum_id
Parameter SQL Injection
DedeCMS feedback_js.php arcurl Parameter SQL Injection
Amiro.CMS /_admin/index.php loginname Parameter XSS
Amiro.CMS /_admin/index.php loginname Error Message Path
Disclosure
Amiro.CMS /news status_message Parameter XSS
Amiro.CMS /comment status_message Parameter XSS
Amiro.CMS /forum status_message Parameter XSS
Amiro.CMS /blogs status_message Parameter XSS
Amiro.CMS /tags status_message Parameter XSS
Amiro.CMS _admin/forum.php status_message Parameter XSS
Amiro.CMS _admin/discussion.php status_message Parameter
XSS
Amiro.CMS _admin/guestbook.php status_message Parameter
XSS
Amiro.CMS _admin/blog.php status_message Parameter XSS
Amiro.CMS _admin/news.php status_message Parameter XSS
Amiro.CMS _admin/srv_updates.php status_message Parameter
XSS
Amiro.CMS _admin/srv_backups.php status_message Parameter
XSS
Amiro.CMS _admin/srv_twist_prevention.php status_message
Parameter XSS
Amiro.CMS _admin/srv_tags.php status_message Parameter
XSS
Amiro.CMS _admin/srv_tags_reindex.php status_message
Parameter XSS
Amiro.CMS _admin/google_sitemap.php status_message
Parameter XSS
Amiro.CMS _admin/sitemap_history.php status_message
Parameter XSS
Amiro.CMS _admin/srv_options.php status_message Parameter
XSS
Amiro.CMS _admin/locales.php status_message Parameter XSS
FTLS.org Guestbook guestbook.cgi Multiple Parameter XSS
Geeklog comment.php cid Parameter XSS
Geeklog profiles.php uid Parameter XSS
Geeklog users.php uid Parameter XSS
D-Forum header.php3 my_header Parameter Remote File
Inclusion
D-Forum footer.php3 my_footer Parameter Remote File Inclusion
WEB-ERP logicworks.ini Direct Request Database Credentials
Disclosure
NETGEAR FM114P Web Configuration Interface port Parameter
Traversal Arbitrary File Access
Truegalerie upload.php file Cookie Manipulation Arbitrary File
Access
CVE-2009-3817
CVE-2009-3815
CVE-2009-3815
CVE-2005-4199
CVE-2005-4199
CVE-2009-3813
CVE-2009-3813
CVE-2009-3806
CVE-2009-3803
CVE-2009-3802
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2009-3803
CVE-2003-1348
CVE-2003-1347
CVE-2003-1347
CVE-2003-1347
CVE-2003-1406
CVE-2003-1406
CVE-2003-1383
CVE-2003-1427
CVE-2003-1489
Rlaj whois.cgi Domain Name Field Shell Metacharacter Arbitrary
CVE-2002-1854
Remote Command Execution
MyNewsGroups myarticles.php Newsgroup Post Subject XSS
CVE-2002-1853
MyNewsGroups search.php Newsgroup Post Subject XSS
CVE-2002-1853
MyNewsGroups stats.php Newsgroup Post Subject XSS
CVE-2002-1853
MyNewsGroups standard.lib.php Newsgroup Post Subject XSS
CVE-2002-1853
Ultimate PHP Board (UPB) register.php Case Sensitive Admin
CVE-2002-1820
Account Name Spoofing
Microsoft Office SharePoint Server Team Services _layouts/
CVE-2009-3830
download.aspx Multiple Parameter ASP.NET Source Disclosure
Basic Analysis And Security Engine base_local_rules.php
Unspecified Parameter XSS
Basic Analysis And Security Engine base_local_rules.php
Unspecified Parameter Local File Inclusion
iFdate members_search.php name Parameter SQL Injection
CVE-2008-7114
WeBid logs/cron.log Direct Request Information Disclosure
CVE-2008-7118
WeBid item.php id Parameter SQL Injection
CVE-2008-7119
Hot Links SQL-PHP news.php id Parameter SQL Injection
CVE-2008-7120
Basic PHP Events Lister admin/reset.php Admin Password Reset
CVE-2009-3168
Weakness
Rock Band CMS news.php Multiple Parameter SQL Injection
CVE-2009-3252
Prime Quick Style Addon for phpBB root/includes/prime_quick_
CVE-2009-3052
style.php prime_quick_style Parameter SQL Injection
Beex news.php navaction Parameter XSS
CVE-2009-3057
Beex partneralle.php navaction Parameter XSS
CVE-2009-3057
Alqatari Q R Script lesson.php id Parameter SQL Injection
CVE-2009-3061
Property Watch email.php videoid Parameter XSS
CVE-2009-3066
Property Watch login.php redirect Parameter XSS
CVE-2009-3066
OCS Inventory NG machine.php systemid Parameter SQL
CVE-2009-3042
Injection
@lex Poll setup.php language_setup Parameter XSS
CVE-2008-7141
@lex Guestbook setup.php language_setup Parameter XSS
CVE-2008-7140
@lex Guestbook index.php test Parameter XSS
CVE-2008-7140
EasyImageCatalogue thumber.php dir Parameter XSS
CVE-2008-7133
EasyImageCatalogue describe.php d Parameter XSS
CVE-2008-7133
EasyImageCatalogue addcomment.php d Parameter XSS
CVE-2008-7133
Specimen Image Database taxonservice.php dir Parameter
CVE-2008-7152
Remote File Inclusion
WeBid eledicss.php file Parameter Arbitrary CSS File Modification CVE-2008-7117
NetRisk admin/change_submit.php Direct Request Arbitrary User
CVE-2008-7155
Password Modification
CMS400.NET ekformsiframe.aspx Multiple Parameter XSS
Xstate Real Estate page.html pid Parameter SQL Injection
FreeSchool /biblioteca/bib_form.php CLASSPATH Parameter
Remote File Inclusion
PHP Live! message_box.php deptid Parameter SQL Injection
CVE-2009-3062
Xstate Real Estate home.html URL Parameter XSS
Xstate Real Estate lands.html URL Parameter XSS
Ve-EDIT editor/edit_htmlarea.php highlighter Parameter Remote
CVE-2009-3065
File Inclusion
Ve-EDIT debugger/debug_php.php _GET[filename] Parameter
CVE-2009-3064
Traversal Local File Inclusion
Joker Board editform.php notice Parameter XSS
CVE-2009-3060
Joker Board core/edit_user_message.php edit_user_message
CVE-2009-3060
Parameter XSS
Joker Board inc/head.inc.php user_title Parameter XSS
CVE-2009-3060
Joker Board core/select.php Unspecified Parameter SQL Injection CVE-2009-3059
Joker Board top_add.inc.php city Parameter SQL Injection
CVE-2009-3059
KingCMS include/engine/content/elements/menu.php CONFIG
CVE-2009-3056
[AdminPath] Parameter Remote File Inclusion
DataLife Engine engine/api/api.class.php dle_config_api
CVE-2009-3055
Parameter Remote File Inclusion
EkinBoard backup.php _groups[] Parameter Admin Authentication
CVE-2008-7156
Bypass
Docebo class/class.conf_fw.php Direct Request Path Disclosure CVE-2008-7154
Docebo class.module/class.event_manager.php Direct Request
CVE-2008-7154
Path Disclosure
Docebo lib/lib.domxml5.php Direct Request Path Disclosure
CVE-2008-7154
Docebo menu/menu_over.php Direct Request Path Disclosure
CVE-2008-7154
Docebo class/class.conf_cms.php Direct Request Path Disclosure CVE-2008-7154
Docebo lib/lib.compose.php Direct Request Path Disclosure
CVE-2008-7154
Docebo modules/chat/teleskill.php Direct Request Path
CVE-2008-7154
Disclosure
Docebo class/class.admin_menu_cms.php Direct Request Path
CVE-2008-7154
Disclosure
FreeSchool /biblioteca/bib_pldetails.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/bib_plform.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/bib_plsearchc.php CLASSPATH
Parameter Remote File Inclusion
FreeSchool /biblioteca/bib_plsearchs.php CLASSPATH
Parameter Remote File Inclusion
FreeSchool /biblioteca/bib_save.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/bib_searchc.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/bib_searchs.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/edi_form.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/edi_save.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/gen_form.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/gen_save.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/lin_form.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/lin_save.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/luo_form.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/luo_save.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/sog_form.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /biblioteca/sog_save.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /calendario/cal_insert.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /calendario/cal_save.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /calendario/cal_saveactivity.php CLASSPATH
Parameter Remote File Inclusion
FreeSchool /circolari/cir_save.php CLASSPATH Parameter
Remote File Inclusion
FreeSchool /modulistica/mdl_save.php CLASSPATH Parameter
Remote File Inclusion
Ticket Support Script ticket.php Multiple Extension Arbitrary File
Upload
Silurus Classifieds wcategory.php ID Parameter SQL Injection
CVE-2009-3082
Uploader Module for XOOPS index.php filename Parameter
CVE-2008-7178
Traversal Arbitrary File Access
Facil CMS modules.php modload Parameter Traversal Arbitrary
CVE-2008-7176
File Access
Lightweight news portal (LNP) admin.php Multiple Action Direct
CVE-2008-7172
Request Admin Authentication Bypass
Lightweight news portal (LNP) show_photo.php photo Parameter
CVE-2008-7171
XSS
Lightweight news portal (LNP) show_potd.php potd Parameter
CVE-2008-7171
XSS
Lightweight news portal (LNP) admin.php Current Question Field
CVE-2008-7171
XSS
Page Manager upload.php Unrestricted File Upload Arbitrary
CVE-2008-7167
Code Execution
ChartDirector for .NET chart.aspx cacheid Parameter Arbitrary
File Access
Telephone Directory 2008 del_query1.php id Parameter Arbitrary
CVE-2008-7180
Contact Deletion
Butterfly Organizer category-delete.php tablehere Parameter
CVE-2008-7181
Arbitrary Category Deletion
Butterfly Organizer delete.php mytable Parameter Arbitrary
CVE-2008-7181
Account Deletion
Ticket Support Script admin.php Multiple Parameter SQL Injection
EVA CMS index.php eva[caminho] Parameter Remote File
CVE-2008-7183
Inclusion
OBOphiX fonctions_racine.php chemin_lib Parameter Remote
CVE-2009-3174
File Inclusion
QuarkMail get_message.cgi tf Paramater Traversal Arbitrary File
CVE-2009-3124
Access
Download System mSF (dsmsf) Module for PHP-Fusion
CVE-2009-3119
screen.php view_id Parameter SQL Injection
Silurus Classifieds category.php ID Parameter SQL Injection
CVE-2009-3117
Coppermine Photo Gallery update.php Direct Request
CVE-2008-7186
Information Disclosure
Coppermine Photo Gallery include/slideshow.inc.php Direct
CVE-2008-7187
Request Path Disclosure
An image gallery navigation.php path Parameter Traversal
CVE-2009-3366
Arbitrary Directory Listing
iDesk download.php cat_id Parameter SQL Injection
Accommodation Hotel Booking Portal Script hotel.php hotel_id
Parameter SQL Injection
Buy Dating Site profile.php s_r Parameter XSS
CVE-2009-3355
An image gallery main.php Multiple Parameter XSS
CVE-2009-3367
Match Agency BiZ edit_profile.php important Parameter XSS
CVE-2009-3359
Holiday Rental Manager review.php link_id Parameter SQL
Injection
ClipShare siteadmin/useredit.php uid Parameter Arbitrary Profile
CVE-2008-7188
Modification
Tourismscripts Bus Script faq.php sitetext_id Parameter SQL
Injection
Accommodation Hotel Booking Portal Script details.php hotel_id
Parameter SQL Injection
Accommodation Hotel Booking Portal Script roomtypes.php
hotel_id Parameter SQL Injection
Match Agency BiZ report.php pid Parameter XSS
CVE-2009-3359
SZNews sznews/printnews.php3 id Parameter Remote File
CVE-2009-3362
Inclusion
Advanced Comment System admin.php ACS_path Parameter
Remote File Inclusion
Holiday Rental Manager search.php cat_id1 Parameter XSS
Datemill photo_view.php return Parameter XSS
CVE-2009-3360
Tourismscripts Bus Script aboutus.php sitetext_id Parameter SQL
Injection
Advanced Comment System index.php ACS_path Parameter
Remote File Inclusion
Datemill photo_search.php st Parameter XSS
CVE-2009-3360
Datemill search.php st Parameter XSS
CVE-2009-3360
PortalXP calendar.php id Parameter SQL Injection
CVE-2009-3148
PortalXP news.php id Parameter SQL Injection
CVE-2009-3148
PortalXP links.php id Parameter SQL Injection
CVE-2009-3148
PortalXP assignments.php assignment_id Parameter SQL
CVE-2009-3148
Injection
TimeSheet actions/downloadFile.php fileName Parameter
CVE-2009-3151
Traversal Arbitrary File Access
BBS E-Market Professional becommunity/community/index.php
CVE-2009-3152
Multiple Parameter XSS
x10 MP3 Automatic Search Engine includes/video_ad.php pic_id
CVE-2009-3153
Parameter XSS
x10 MP3 Automatic Search Engine linkvideos_listing.php
CVE-2009-3153
category Parameter XSS
x10 MP3 Automatic Search Engine templates/header1.php id
CVE-2009-3153
Parameter XSS
x10 MP3 Automatic Search Engine video_listing.php key
CVE-2009-3153
Parameter XSS
x10 MP3 Automatic Search Engine adult/video_listing.php key
CVE-2009-3153
Parameter XSS
Almond Classifieds Component for Joomla! index.php replid
CVE-2009-3154
Parameter SQL Injection
simplePHPWeb admin/files.php Unspecified Admin Authentication
CVE-2009-3158
Bypass
Multi Website Default URI search Parameter XSS
CVE-2009-3162
Bugzilla token.cgi HTTP Referer Header URL Password
CVE-2009-3166
Disclosure
Graffiti CMS __utility/Telligent_Editor/editor/filemanager/browser/
default/browser.html File Upload Arbitrary Code Execution
Image voting index.php show Parameter SQL Injection
CVE-2009-3356
Gazelle CMS user.php user Parameter XSS
CVE-2009-3171
Gazelle CMS search.php lookup Parameter XSS
CVE-2009-3171
The Rat CMS admin/add_album.php Unrestricted File Upload
CVE-2009-3173
Arbitrary Code Execution
Gazelle CMS renew.php user Parameter Password Reset
CVE-2009-3180
Weakness
Gazelle CMS admin/settemplate.php customizetemplate
CVE-2009-3181
Parameter Traversal Arbitrary File Overwrite
Gazelle CMS admin/editor/filemanager/browser.html Unrestricted
CVE-2009-3182
File Upload Arbitrary Code Execution
Model Agency Manager PRO view.php user_id Parameter SQL
CVE-2009-3175
Injection
Model Agency Manager PRO photos.php user_id Parameter SQL
CVE-2009-3175
Injection
Model Agency Manager PRO motm.php user_id Parameter SQL
CVE-2009-3175
Injection
Model Agency Manager PRO forum_message.php id Parameter
CVE-2009-3175
SQL Injection
Aurora CMS add-ons/modules/sysmanager/plugins/
install.plugin.php AURORA_MODULES_FOLDER Parameter
CVE-2009-3365
Remote File Inclusion
AJchat directory.php s Parameter SQL Injection
CVE-2008-7210
RunCMS system/admin.php rank_title Parameter XSS
CVE-2008-7222
Ardguest ardguest.php page Parameter XSS
HotWeb Rentals details.asp PropId Parameter SQL Injection
CVE-2009-3343
PaoBacheca scrivi.php URI XSS
PaoLink scrivi.php URI XSS
CVE-2009-3320
Elite Gaming Ladders ladders.php platform Parameter SQL
CVE-2009-3314
Injection
phpPollScript /php/init.poll.php include_class Parameter Remote
CVE-2009-3312
File Inclusion
RADactive I-Load WebCoreModule.ashx File Upload Absolute
Path Disclosure
LWS php User Base include/unverified.inc.php template
CVE-2008-7240
Parameter Traversal Local File Inclusion
All In One Control Panel (AIOCP) cp_html2txt.php page
CVE-2009-3220
Parameter Remote File Inclusion
Crazy Star Plugin for Discuz! plugin.php fmid Parameter SQL
CVE-2009-3185
Injection
FMyClone editComments.php comp Parameter SQL Injection
CVE-2009-3313
FMyClone edit.php id Parameter SQL Injection
CVE-2009-3313
phpfreeBB permalink.php id Parameter SQL Injection
CVE-2009-3208
RADactive I-Load WebcodeModule.ashx Multiple Parameter XSS
RADactive I-Load WebCoreModule.ashx Traversal Arbitrary File
Access
Infinity Script Default URI options[style_dir] Parameter Traversal
CVE-2009-3211
Arbitrary File Access
Uebimiau Webmail system_admin/admin.ucf Direct Request User
CVE-2009-3199
Database Disclosure
PAD Site Scripts rss.php cat Parameter XSS
CVE-2009-3191
PAD Site Scripts list.php search Parameter SQL Injection
CVE-2009-3190
PAD Site Scripts opml.php cat Parameter XSS
CVE-2009-3191
PAD Site Scripts rss.php cat Parameter SQL Injection
CVE-2009-3190
Three Pillars Help Desk admin/login.php uid Parameter SQL
Injection Authentication Bypass
FanUpdate show-cat.php listingid Parameter SQL Injection
CVE-2009-3308
PHP Pro Bid auction_details.php auction_id Parameter SQL
CVE-2009-3336
Injection
LiveStreet include/ajax/blogInfo.php asd Parameter XSS
CVE-2009-3256
WX-Guestbook sign.php sName Parameter XSS
CVE-2009-3328
WX-Guestbook login.php USERNAME Parameter SQL Injection
CVE-2009-3327
Authentication Bypass
WX-Guestbook search.php QUERY Parameter SQL Injection
CVE-2009-3327
Check Point Connectra /Login/Login vpid_prefix Parameter XSS
LiveStreet update/update_0.1.2_to_0.2.php Unprivileged DROP
CVE-2009-3261
TABLE Operation Weakness
BPLawyerCaseDocument employee.aspx cat Parameter SQL
Injection
Alibaba Clone offers_buy.php id Parameter SQL Injection
DDL CMS header.php wwwRoot Parameter Remote File Inclusion CVE-2009-3331
Vastal I-Tech DVD Zone view_mag.php mag_id Parameter SQL
Injection
Vastal I-Tech Toner Cart show_series_ink.php id Parameter SQL
Injection
CF Shopkart index.cfm itemid Parameter SQL Injection
CVE-2009-3309
DDL CMS submitted.php wwwRoot Parameter Remote File
CVE-2009-3331
Inclusion
BPowerHouse BPStudents students.php test Parameter SQL
Injection
BPowerHouse BPHolidayLettings search.aspx Multiple Parameter
SQL Injection
BPowerHouse BPMusic music.php music_id Parameter SQL
Injection
BPowerHouse BPGames game.php game_id Parameter SQL
Injection
Vastal I-Tech Share Zone view_news.php id Parameter SQL
Injection
Vastal I-Tech Agent Zone view_listing.php id Parameter SQL
Injection
HBcms php/update_article_hits.php article_id Parameter SQL
Injection
Zope /Examples/FileLibrary/addFile Empty Upload Error Message
Path Disclosure
Zope /Examples/db/ExampledbBrowseReport Description Field
XSS
Zope /Examples/ShoppingCart/addItems Quantity Field XSS
Zope /Examples/ShoppingCart/addItems Information Disclosure
koeSubmit Component for Mambo koesubmit.php mosConfig_
absolute_path Parameter Remote File Inclusion
DDL CMS submit.php wwwRoot Parameter Remote File Inclusion
DDL CMS autosubmitter/index.php wwwRoot Parameter Remote
File Inclusion
BPowerHouse BPGames main.php cat_id Parameter SQL
Injection
ProdLer include/prodler.class.php sPath Parameter Remote File
Inclusion
BAROSmini include/common_functions.php baros_path
Parameter Remote File Inclusion
BAROSmini include/lib/lib_users.php main_path Parameter
Remote File Inclusion
BAROSmini include/lib/lib_stats.php main_path Parameter
Remote File Inclusion
BAROSmini include/lib/lib_slots.php main_path Parameter
Remote File Inclusion
Vastal I-Tech DVD Zone view_mag.php mag_id Parameter XSS
OpenSiteAdmin pages/pageHeader.php path Parameter Remote
File Inclusion
Nephp Publisher admin/index.php Username Parameter SQL
Injection Authentication Bypass
IBM Lotus Connections /profiles/html/simpleSearch.do name
Parameter XSS
FSphp lib/FSphp.php FSPHP_LIB Parameter Remote File
Inclusion
FSphp lib/navigation.php FSPHP_LIB Parameter Remote File
Inclusion
FSphp lib/pathwrite.php FSPHP_LIB Parameter Remote File
Inclusion
OSSIM repository/repository_document.php id_document
Parameter SQL Injection
ClearSite include/header.php cs_base_path Parameter Remote
File Inclusion
e107 email.php HTTP Referer Header XSS
PHP-IPNMonitor index.php maincat_id Parameter SQL Injection
AlphaUserPoints Component for Joomla! frontend/assets/ajax/
checkusername.php username2points Parameter SQL Injection
OSSIM repository/repository_links.php id_document Parameter
SQL Injection
OSSIM repository/repository_editdocument.php id_document
Parameter SQL Injection
OSSIM policy/getpolicy.php group Parameter SQL Injection
OSSIM host/newhostgroupform.php name Parameter SQL
Injection
CVE-2009-3333
CVE-2009-3331
CVE-2009-3331
CVE-2009-3324
CVE-2009-3323
CVE-2009-3323
CVE-2009-3323
CVE-2009-3323
CVE-2009-3317
CVE-2009-3315
CVE-2009-3307
CVE-2009-3307
CVE-2009-3307
CVE-2009-3439
CVE-2009-3306
CVE-2009-3444
CVE-2009-3361
CVE-2009-3342
CVE-2009-3439
CVE-2009-3439
CVE-2009-3439
CVE-2009-3439
OSSIM graphs/alarms_events.php Access Restriction Weakness
CVE-2009-3441
Information Disclosure
OSSIM host/draw_tree.php Access Restriction Weakness
CVE-2009-3441
Information Disclosure
Hotel Booking Reservation System Component for Joomla!
CVE-2009-3357
longDesc.php Multiple Parameter SQL Injection
Mobile login.php username Parameter SQL Injection
CVE-2009-3430
OSSIM net/modifynetform.php name Parameter SQL Injection
CVE-2009-3439
MaxWebPortal forum.asp Multiple Parameter SQL Injection
CVE-2009-3436
FlatPress login.php user Parameter Local File Inclusion
Activedition activedition/aelogin.asp Multiple Parameter XSS
Live Chat Component for Joomla! getChatRoom.php last
CVE-2008-6883,2008-6881
Parameter SQL Injection
VehicleManager Component for Joomla! toolbar_ext.php
CVE-2009-2633
mosConfig_absolute_path Parameter Remote File Inclusion
MediaLibrary Component for Joomla! toolbar_ext.php mosConfig_
CVE-2009-2634
absolute_path Parameter Remote File Inclusion
The Ticket System admin.php id Parameter SQL Injection
CVE-2009-2639
RealEstateManager Component for Joomla! toolbar_ext.php
CVE-2009-2635
mosConfig_absolute_path Parameter Remote File Inclusion
BookLibrary Component For Joomla! toolbar_ext.php mosConfig_
CVE-2009-2637
absolute_path Parameter Remote File Inclusion
Profile Manager Basic cgi/admin.cgi pmadm Cookie SQL Injection CVE-2009-2640
School Data Navigator app_and_readme/navigator/index.php
CVE-2009-2641
page Parameter Remote File Inclusion
GnuDIP cgi-bin/gnudip.cgi username Parameter SQL Injection
justVisual CMS system/pageTemplate.php fs_jVroot Parameter
Remote File Inclusion
justVisual CMS system/utilities.php fs_jVroot Parameter Remote
File Inclusion
justVisual CMS sites/site/pages/index.php fs_jVroot Parameter
Remote File Inclusion
justVisual CMS pages/contact.php fs_jVroot Parameter Remote
File Inclusion
PPScript shop.htm cid Parameter SQL Injection
Uploaderr upload.php image/jpeg Content Type File Upload
Arbitrary PHP Code Execution
ArticleFriend Script search_advance.php SearchWd Parameter
XSS
Bugzilla show_bug.cgi Hidden Product Names Disclosure
Live Chat Component for Joomla! getChat.php last Parameter
CVE-2008-6881
SQL Injection
Live Chat Component for Joomla! getSavedChatRooms.php last
CVE-2008-6881
Parameter SQL Injection
Live Chat Component for Joomla! xmlhttp.php Open HTTP Proxy CVE-2008-6882
TT Web Site Manager tt/index.php tt_name Parameter SQL
Injection Authentication Bypass
Pre Classified Listings detailad.asp siteid Parameter SQL Injection CVE-2008-6887
Pre Classified Listings signup.asp address Parameter XSS
CVE-2008-6888
QuickDev 4 PHP download.php file Parameter Traversal Arbitrary
File Access
SimpleSiteAdministration checkuser.php username Parameter
SQL Injection Authentication Bypass
ASP Forum Script messages.asp message_id Parameter SQL
CVE-2008-6890
Injection
ASP Forum Script new_message.asp forum_id Parameter XSS
CVE-2008-6891
ASP Forum Script messages.asp forum_id Parameter XSS
CVE-2008-6891
Multi Website index.php Browse Parameter SQL Injection
Elgg _css/js.php js Parameter Traversal Arbitrary File Access
wp-Table for WordPress wptable-tinymce.php ABSPATH
Parameter Remote File Inclusion
SmarterTrack frmKBSearch.aspx search Parameter XSS
Silurus Classifieds category.php URI XSS
Simple Search search.cgi terms Parameter XSS
Django core/servers/basehttp.py Admin Media Handler Static
Media File Traversal Abitrary File Access
SmarterTrack frmTickets.aspx email address Parameter XSS
AccessoriesMe PHP Affiliate Script search.php Keywords
Parameter XSS
Silurus Classifieds wcategory.php URI XSS
Silurus Classifieds search.php keywords Parameter XSS
AccessoriesMe PHP Affiliate Script browse.php SearchIndex
Parameter XSS
signkorn Guestbook admin/admin.php qc Parameter XSS
photokorn search.php Multiple Parameter SQL Injection
I-Escorts Agency / Directory escorts_search.php Multiple
Parameter SQL Injection
MyBackup down.php filename Parameter Traversal Arbitrary File
Access
OpenNews admin.php username Parameter SQL Injection
Authentication Bypass
AJ Auction Pro index.php txtkeyword Parameter XSS
photokorn admin/admin.php qc Parameter XSS
Omnistar Recruiter resume_register.php job2 Parameter XSS
OpenNews admin.php Multiple Parameter Arbitrary PHP Code
Execution
2532|Gigs settings.php language Parameter Traversal Local File
Inclusion
2532|Gigs deleteuser.php language Parameter Traversal Local
File Inclusion
2532|Gigs mini_calendar.php language Parameter Traversal
Local File Inclusion
2532|Gigs manage_venues.php language Parameter Traversal
Local File Inclusion
2532|Gigs manage_gigs.php language Parameter Traversal
Local File Inclusion
PHP Photo Vote login.php page Parameter XSS
PHP Easy Shopping Cart subitems.php name Parameter XSS
PHP Forum Hoster Portal postthread.php Multiple Parameter XSS
LM Starmail paidbanner.php ID Parameter SQL Injection
Questions Answered admin/index.php user Parameter SQL
Injection Authentication Bypass
SlideShowPro Director p.php a Parameter Traversal Arbitrary File
Access
Application for Incident Response Teams (AIRT) incident.php
status Parameter XSS
LM Starmail home.php page Parameter Remote File Inclusion
Application for Incident Response Teams (AIRT) users.php User
Addition CSRF
PHP Forum Hoster Portal manageforum.php Multiple Parameter
Arbitrary File Deletion
AvailScript Article Script addpen.php Unrestricted File Upload
Arbitrary Code Execution
2532|Gigs upload_flyer.php Unrestricted File Upload Arbitrary
Code Execution
Facil Helpdesk kbase/kbase.php URI XSS
SupportDesk shownews.php URI XSS
PHPCityPortal login.php Multiple Parameter SQL Injection
Authentication Bypass
CVE-2009-2659
CVE-35965
CVE-2009-2735
CVE-2009-2736
CVE-2008-6901
CVE-2008-6901
CVE-2008-6901
CVE-2008-6901
CVE-2008-6901
CVE-2009-2931
CVE-2008-6900
CVE-2008-6902
Answer Me answers.php q_id Parameter XSS
ViArt Helpdesk products.php category_id Parameter XSS
Online Work Order Suite Lite Edition default.asp show Parameter
XSS
ViArt CMS forums.php category_id Parameter XSS
Yahoo Answers Clone questiondetail.php questionid Parameter
XSS
IsolSoft Support Center newticket.php lang Parameter Traversal
Local File Inclusion
IsolSoft Support Center rempass.php lang Parameter Traversal
Local File Inclusion
CMS Made Simple modules/Printing/output.php url Parameter
Arbitrary File Access
Alkacon OpenCms jsptemplates/help_head.jsp homelink
Parameter XSS
ViArt Helpdesk article.php category_id Parameter XSS
ViArt Helpdesk product_details.php category_id Parameter XSS
ViArt Helpdesk reviews.php category_id Parameter XSS
ViArt Helpdesk forum.php forum_id Parameter XSS
ViArt Helpdesk products_search.php search_category_id
Parameter XSS
ViArt CMS forum.php forum_id Parameter XSS
ViArt CMS forum_topic_new.php forum_id Parameter XSS
Online Work Order Suite Lite Edition report.asp show Parameter
XSS
Online Work Order Suite Lite Edition login.asp go Parameter XSS
ZEEJOBSITE editresume_next.php Unrestricted File Upload
Arbitrary Code Execution
ZEEPROPERTY viewprofile.php Unrestricted File Upload
Arbitrary Code Execution
ZEEPROPERTY view_prop_details.php propid Parameter XSS
ExoPHPDesk admin.php user Parameter SQL Injection
Authentication Bypass
Alkacon OpenCms system/workplace/editors/editor.jsp homelink
Parameter XSS
Alkacon OpenCms system/workplace/views/explorer/explorer_
files.jsp homelink Parameter XSS
WordPress wp-login.php key Parameter Remote Administrator
Password Reset
TaskDriver profileedit.php auth Cookie Manipulation Admin
Authentication Bypass
Fantastico De Luxe Module for cPanel
autoinstall4imagesgalleryupgrade.php scriptpath_show
Parameter Traversal Local File Inclusion
Zenphoto function.php Request Logging Feature XSS
WebHosting Control Panel login.asp Multiple Parameter SQL
Injection Authentication Bypass
MauryCMS Editors/fckeditor/editor/filemanager/browser/default/
browser.html Direct Request Arbitrary File Upload
Crossday Discuz! Board member.php Arbitrary User Credential
Reset
JBLOG admin.php jblog_authkey Parameter SQL Injection
ViewVC viewvc.py view Parameter XSS
Chavoosh CMS ContentArchive.aspx Cat_id Parameter SQL
Injection
SAP NetWeaver Application Server UDDI Client /uddiclient/
process TModel Key Parameter XSS
Alwasel show.php id Parameter SQL Injection
AJ Auction Pro admin/user.php Direct Request Authentication
Bypass
Elicio campaignpage.cfm c_campaignid Parameter SQL Injection
CVE-2008-6913
CVE-2008-6914
CVE-2008-6915
CVE-2008-6917
CVE-2009-2762
CVE-2008-6919
CVE-2008-6926
CVE-2008-6925
CVE-2008-6950
CVE-2008-6951
CVE-2008-6957
CVE-2009-2932
CVE-2008-6966
Plume CMS manager/index.php m Parameter SQL Injection
Plume CMS manager/tools.php id Parameter SQL Injection
Neuron News /patch Default URI Multiple Parameter XSS
CVE-2007-6541
MAXcms includes/InstantSite/inc.is_root.php is_projectPath
Parameter Remote File Inclusion
MAXcms classes/class.Tree.php GLOBALS[thCMS_root]
Parameter Remote File Inclusion
MAXcms includes/inc.thcms_admin_mediamanager.php
GLOBALS[thCMS_root] Parameter Remote File Inclusion
MAXcms modul/mod.rssreader.php GLOBALS[thCMS_root]
Parameter Remote File Inclusion
MAXcms classes/class.tasklist.php is_path Parameter Remote
File Inclusion
MAXcms classes/class.thcms.php is_path Parameter Remote File
Inclusion
MAXcms classes/class.thcms_content.php is_path Parameter
Remote File Inclusion
MAXcms classes/class.thcms_modul_parent.php is_path
Parameter Remote File Inclusion
MAXcms classes/class.thcms_page.php is_path Parameter
Remote File Inclusion
MAXcms classes/class.thcsm_user.php is_path Parameter
Remote File Inclusion
MAXcms includes/InstantSite/class.Tree.php is_path Parameter
Remote File Inclusion
MAXcms classes/class.thcms_modul.php thCMS_root Parameter
Remote File Inclusion
MAXcms includes/inc.page_edit_tasklist.php thCMS_root
Parameter Remote File Inclusion
MAXcms includes/inc.thcms_admin_overview_backup.php
thCMS_root Parameter Remote File Inclusion
MAXcms includes/inc.thcms_edit_content.php thCMS_root
Parameter Remote File Inclusion
MAXcms modul/class.thcms_modul_parent_xml.php thCMS_root
Parameter Remote File Inclusion
MAXcms modul/mod.cmstranslator.php thCMS_root Parameter
Remote File Inclusion
MAXcms modul/mod.download.php thCMS_root Parameter
Remote File Inclusion
MAXcms modul/mod.faq.php thCMS_root Parameter Remote File
Inclusion
MAXcms modul/mod.guestbook.php thCMS_root Parameter
Remote File Inclusion
MAXcms modul/mod.html.php thCMS_root Parameter Remote
File Inclusion
MAXcms modul/mod.menu.php thCMS_root Parameter Remote
File Inclusion
MAXcms modul/mod.news.php thCMS_root Parameter Remote
File Inclusion
MAXcms modul/mod.newsticker.php thCMS_root Parameter
Remote File Inclusion
MAXcms modul/mod.rss.php thCMS_root Parameter Remote File
Inclusion
MAXcms modul/mod.search.php thCMS_root Parameter Remote
File Inclusion
MAXcms modul/mod.sendtofriend.php thCMS_root Parameter
Remote File Inclusion
MAXcms modul/mod.sitemap.php thCMS_root Parameter
Remote File Inclusion
MAXcms modul/mod.tagdoc.php thCMS_root Parameter Remote
File Inclusion
MAXcms modul/mod.template.php thCMS_root Parameter
Remote File Inclusion
MAXcms modul/mod.test.php thCMS_root Parameter Remote
File Inclusion
MAXcms modul/mod.text.php thCMS_root Parameter Remote
File Inclusion
MAXcms modul/mod.upload.php thCMS_root Parameter Remote
File Inclusion
MAXcms modul/mod.users.php fm_includes_special Parameter
Remote File Inclusion
MAXcms includes/inc.thcms_admin_dirtree.php thCMS_root
Parameter Arbitrary File Access
MAXcms includes/file_manager/special.php fm_includes_special
Parameter Remote File Inclusion
Spiceworks /search query Parameter XSS
Piwigo comments.php items_number Parameter SQL Injection
Radiator radacct.cgi Cross-user Detail Disclosure
GarageSales Script visitor/view.php key Parameter XSS
PHPArcadeScript linkout.php id Parameter SQL Injection
PHP Paid 4 Mail Script paidbanner.php ID Parameter SQL
Injection
Naroun ADSL-Tools members_general_info_print.asp nick
Parameter Arbitrary Account Access
2FLY Gift Delivery System 2fly_gift.php gameid Parameter SQL
Injection
Really Simple CMS (RSCMS) plugings/pagecontent.php PT
Parameter Traversal Local File Inclusion
ProjectButler pda_projects.php offset Parameter Remote File
Inclusion
AJ Auction Pro store.php id Parameter SQL Injection
The Rat CMS login.php Multiple Parameter SQL Injection
Authentication Bypass
CBAuthority main.php id Parameter SQL Injection
PHP eMail Manager remove.php ID Parameter SQL Injection
Mobilelib GOLD cp/auth.php adminName Parameter SQL
Injection
Mobilelib GOLD artcat.php cat Parameter SQL Injection
Mobilelib GOLD show.php catid Parameter SQL Injection
ULoKI PHP Forum search.php term Parameter XSS
Stiva Forum forum.php id Parameter XSS
Autonomous LAN Party include/_bot.php master[currentskin]
Parameter Remote File Inclusion
Stiva Forum include_forum.php id Parameter XSS
SkaLinks Exchange Script admin/register.php Direct Request
Admin Authentication Bypass
Adobe ColdFusion Server administrator/logviewer/searchlog.cfm
startRow Parameter XSS
Adobe ColdFusion Server wizards/common/_logintowizard.cfm
Query String XSS
Adobe ColdFusion Server wizards/common/_
authenticatewizarduser.cfm Query String XSS
Adobe ColdFusion Server administrator/enter.cfm Query String
XSS
Adobe JRun Application Server Management Console logging/
logviewer.jsp logfile Parameter Traversal Arbitrary File Access
WP-Syntax Plugin for Wordpress test/index.php test_filter[wp_
head] Array Parameter Arbitrary PHP Code Execution
Easy Advertiser stats.cgi Arbitrary Command Execution
Wordpress wp-admin/ Multiple Script Direct Request Remote
Privilege Escalation
Arab Portal forum.php qc Parameter SQL Injection
CVE-2009-2933
CVE-2009-2778
CVE-2009-2775
CVE-2009-2774
CVE-2009-2915
CVE-2009-2792
CVE-2009-2791
CVE-2008-7003
CVE-2009-2788
CVE-2009-2788
CVE-2009-2788
CVE-2008-7010
CVE-2009-1872
CVE-2009-1872
CVE-2009-1872
CVE-2009-1872
CVE-2009-1873
CVE-2009-2852
CVE-2009-2854,2009-2853
CVE-2009-2781
SoftBiz Dating Script cat_products.php cid Parameter SQL
Injection
Videos Broadcast Yourself videoint.php UploadID Parameter SQL
Injection
vtiger CRM RSS Feed Addition CSRF
vtiger CRM graph.php module Parameter Traversal Local File
Inclusion
vtiger CRM phprint.php action Parameter XSS
DJCalendar DJcalendar.cgi TEMPLATE Parameter Traversal
Arbitrary File Access
PHP-Lance show.php language Parameter Traversal Arbitrary
File Access
PHP-Lance advanced_search.php in Parameter Traversal
Arbitrary File Access
Pixaria Gallery pixaria.image.php file Parameter Traversal
Arbitrary File Access
PHP News login.php Multiple Parameter SQL Injection
Authentication Bypass
Elvin buglist.php Multiple Parameter XSS
Elvin createaccount.php Multiple Parameter XSS
Basilic allpubs.php idAuthor Parameter SQL Injection
Feindt Computerservice News (News-Script) newsadmin.php
action Parameter Remote File Inclusion
Article System forms.php INCLUDE_DIR Parameter Remote File
Inclusion
Article System issue_edit.php INCLUDE_DIR Parameter Remote
File Inclusion
Article System client.php INCLUDE_DIR Parameter Remote File
Inclusion
Article System classes.php INCLUDE_DIR Parameter Remote
File Inclusion
AR Memberscript usercp_menu.php script_folder Parameter
Remote File Inclusion
PHP DocWriter examples/index.php script Parameter Remote File
Inclusion
AvailScript Jobs Portal Script editlogo.php Unrestricted File
Upload Arbitrary Code Execution
AJ Classifieds admin/home.php Direct Request Admin
Authentication Bypass
Fresh Email Script url.php tmp_sid Parameter Remote File
Inclusion
AJ Square Free Polling Script admin/include/newpoll.php ques
Parameter SQL Injection
ZTE ZXDSL 831 II Modem Multiple Script Direct Request
Authentication Bypass
TGS Content Management index.php previous_page Parameter
XSS
DS CMS DetailFile.php nFileId Parameter SQL Injection
PHP Competition System show_matchs.php day Parameter SQL
Injection
PHP Competition System persons.php pageno Parameter SQL
Injection
Adobe Flex SDK express-install Templates index.template.html
Query String XSS
Pre Real Estate Listings profile.php Unrestricted File Upload
Arbitrary Code Execution
Ed Charkows SuperCharged Linking browse.php id Parameter
SQL Injection
Netgear WNR2000 cgi-bin/ Multiple Script Direct Request
Authentication Bypass
CVE-2009-2790
CVE-2009-2924
CVE-2009-2925
CVE-2009-2923
CVE-2009-2923
CVE-2009-2922
CVE-2009-2921
CVE-2009-2920
CVE-2009-2920
CVE-2009-2881
CVE-2007-2708
CVE-2007-0314
CVE-2007-0314
CVE-2007-0314
CVE-2007-0314
CVE-2006-6590
CVE-2006-4912
CVE-2008-7021
CVE-2008-7041
CVE-2008-7042
CVE-2008-7044
CVE-2009-2928
CVE-2009-2927
CVE-2009-2926
CVE-2009-2926
CVE-2009-1879
CVE-2008-7052
NatterChat admin/home.asp Direct Request Admin Authentication
CVE-2008-7047
Bypass
NatterChat login.asp Multiple Parameter SQL Injection
CVE-2008-7049
Authentication Bypass
ITechBids feedback.php user_id Parameter SQL Injection
fotoshow pro results.php category Parameter SQL Injection
ITechBids category.php cate_id Parameter SQL Injection
ITechBids news.php id Parameter SQL Injection
ITechBids itechd.php productid Parameter SQL Injection
ICY BOX NAS userHandler.cgi login Parameter Admin
CVE-2008-7081
Authentication Bypass
Pie RSS Module lib/action/rss.php lib Parameter Remote File
CVE-2008-7073
Inclusion
All Club CMS accms.dat Direct Request Database Credentials
CVE-2008-7069
Disclosure
Radvision SCOPIA scopia/entry/index.jsp page Parameter XSS
CVE-2009-2965
PageTree CMS admin/plugins/Online_Users/main.php GLOBALS
CVE-2008-7067
[PT_Config][dir][data] Parameter Remote File Inclusion
EMO Breeder Manager video.php idd Parameter SQL Injection
Ocean12 FAQ Manager Pro admin/o12faq.mdb Direct Request
CVE-2008-7063
Database Disclosure
BandSite CMS adminpanel/logout.php Forced Logout CSRF
CVE-2008-7058
BandSite CMS merchandise.php type Parameter XSS
CVE-2008-7057
BandSite CMS adminpanel/phpmydump.php Direct Request
CVE-2008-7056
Database Disclosure
ezContents module.php link Parameter Traversal Local File
CVE-2008-7055
Inclusion
TGS Content Management cms/index.php Multiple Parameter
CVE-2009-2929
SQL Injection
CAcert analyse.php X.509 Certificate CN Field XSS
CVE-2008-7017
Chipmunk Topsites authenticate.php username Parameter SQL
CVE-2008-7071
Injection Authentication Bypass
Buildbot status/web/waterfall.py Unspecified Parameter XSS
CVE-2009-2959
CuteFlow pages/edituser.php Direct Request Admin
CVE-2009-2960
Authentication Bypass
SmartyPaginate Addon for Smarty SmartyPaginate.class.php next
Parameter XSS
OpenAutoClassifieds listings.php start_zip Parameter SQL
Injection
Wap-motor gallery/gallery.php image Parameter Traversal
Arbitrary File Access
phpSANE save.php file_save Parameter Remote File Inclusion
PHP Calendars search.php search Parameter XSS
Stand Alone Arcade gamelist.php cat Parameter XSS
DigiOz Guestbook search.php search_term Parameter XSS
VideoGirls forum.php t Parameter XSS
Auction RSS Content Script rss.php id Parameter XSS
Affiliate Master search.php search Parameter XSS
VideoGirls profile.php profile_name Parameter XSS
VideoGirls view.php p Parameter XSS
Pirates of The Caribbean index.php Multiple Parameter SQL
Injection
OpenForum profile.php Crafted Request Authentication Bypass CVE-2008-7066
TGS Content Management cms/frontpage_ception.ph Multiple
CVE-2009-2929
Parameter SQL Injection
kobo krb5.py Admin Interface Arbitrary User Authentication
BaBB antworten.php Post Reply Authentication Bypass
OpenAutoClassifieds search.php start_zip Parameter SQL
Injection
OpenAutoClassifieds useredit.php Crafted File Upload Arbitrary
Code Execution
OpenAutoClassifieds paycalc.php interest Parameter Path
Disclosure
OpenAutoClassifieds xml_zone_data.php filter Parameter SQL
Injection
BaBB antworten.php code Parameter Traversal Arbitrary PHP
Code Execution
MiniPort@l menu.php skiny Parameter Remote File Inclusion
ASPBB topic.asp TID Parameter SQL Injection
ASPBB forum.asp FORUM_ID Parameter SQL Injection
ASPBB profile.asp PROFILE_ID Parameter SQL Injection
phpCOIN coin_includes/db.php $_CCFG[_PKG_PATH_DBSE]
Parameter Traversal Arbitrary File Access
ForumPal FE login.asp Password Parameter SQL Injection
Authentication Bypass
AjaxPortal install/di.php pathtoserverdata Parameter Remote File
Inclusion
NETGEAR DG632 cgi-bin/webcm nextpage Parameter Traversal
Arbitrary Directory Listing
Member Awards Mod for Simple Machines Forum Sources/
Profile.php id Parameter SQL Injection
BIGACE Web CMS index.php cmd Parameter Traversal Local
File Inclusion
NETGEAR DG632 cgi-bin/firmwarecfg HTTP POST Request DoS
4images includes/functions.php Unspecified Parameter XSS
TGS Content Management login.php Multiple Parameter XSS
Zoph search.php _off Parameter XSS
Virtue Online Test Generator text.php tid Parameter SQL Injection
Virtue Online Test Generator text.php tid Parameter XSS
cPanel frontend/x3/stats/lastvisit.html domain Parameter
Traversal Arbitrary File Access
dedecms member/uploads_edit.php Unrestricted File Upload
Arbitrary Code Execution
Empire CMS e/tool/gbook/ URI bid Parameter SQL Injection
Extensible-BioLawCom CMS (X-BLC) include/get_read.php
section Parameter SQL Injection
CWGuestBook Module for MDPro modules.php rid Parameter
SQL Injection
Opial admin/index.php Multiple Parameter SQL Injection
Pre ASP Job Board Employee/emp_login.asp msg Parameter
XSS
Fantastico for cPanel index.php sup3r Parameter Traversal
Arbitrary File Access
Database Query Component for Joomla! classes/DBQ/admin/
common.class.php mosConfig_absolute_path Parameter Remote
File
Rentventory index.php product Parameter SQL Injection
Opial albumdetail.php albumid Parameter SQL Injection
V-webmail includes/pear/Mail/RFC822.php CONFIG[pear_dir]
Parameter Remote File Inclusion
V-webmail includes/pear/Net/Socket.php CONFIG[pear_dir]
Parameter Remote File Inclusion
V-webmail includes/pear/XML/Parser.php CONFIG[pear_dir]
Parameter Remote File Inclusion
V-webmail includes/pear/XML/Tree.php CONFIG[pear_dir]
Parameter Remote File Inclusion
V-webmail includes/pear/Mail/mimeDecode.php CONFIG[pear_
dir] Parameter Remote File Inclusion
V-webmail includes/pear/Console/Getopt.php CONFIG[pear_dir]
Parameter Remote File Inclusion
CVE-2006-4770
CVE-2005-4259
CVE-2005-4259
CVE-2005-4259
CVE-2005-4212
CVE-2009-2366
CVE-2009-2262
CVE-2009-2258
CVE-2009-2385
CVE-2009-2379
CVE-2009-2256
CVE-2009-2380
CVE-2008-6839
CVE-2008-6838
CVE-2009-2392
CVE-2009-2391
CVE-2009-2275
CVE-2009-2270
CVE-2009-2269
CVE-2009-2310
CVE-2009-2307
CVE-2009-2340,2009-2388
CVE-2008-6847
CVE-2008-6843
CVE-2008-6841
CVE-2009-2339
CVE-2009-2341
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
V-webmail includes/pear/System.php CONFIG[pear_dir]
Parameter Remote File Inclusion
V-webmail includes/pear/Log.php CONFIG[pear_dir] Parameter
Remote File Inclusion
V-webmail includes/pear/File.php CONFIG[pear_dir] Parameter
Remote File Inclusion
V-webmail includes/prepend.php CONFIG[pear_dir] Parameter
Remote File Inclusion
V-webmail includes/cachedConfig.php CONFIG[pear_dir]
Parameter Remote File Inclusion
V-webmail includes/prepend.php CONFIG[includes] Parameter
Remote File Inclusion
V-webmail includes/email.list.search.php CONFIG[includes]
Parameter Remote File Inclusion
Huawei D100 /en/lan_status_adv.asp Direct Request Information
Disclosure
Huawei D100 /en/wlan_basic_cfg.asp Direct Request Information
Disclosure
Huawei D100 /en/lancfg.asp Direct Request Information
Disclosure
radware AppWall Web Application Firewall (WAF) Management/
Directory Multiple .inc File Direct Request Source Code
Disclosure
Passwd Module for Horde passwd/main.php backend Parameter
XSS
CMME admin.php username Parameter XSS
IBM Lotus Domino ?ReadDesign Request Design Element
Disclosure
CMS Chainuk admin/admin_menu.php menu Parameter
Traversal Local File Inclusion
CMS Chainuk admin/admin_edit.php id Parameter Traversal
Local File Inclusion
CMS Chainuk admin/admin_delete.php id Parameter Traversal
Arbitrary File Deletion
CMS Chainuk admin/admin_delete.php id Parameter Error
Message Path Disclosure
CMS Chainuk admin_settings.php menu Parameter Arbitrary
PHP Code Injection
CMS Chainuk admin_new.php title Parameter Arbitrary PHP
Code Injection
KerviNet Forum add_voting.php v_variant1 Parameter XSS
KerviNet Forum topic.php forum Parameter SQL Injection
Axesstel MV 410R cgi-bin/sysconf.cgi RESTORE=RESTORE
Query String Remote DoS
Jobbr co-profile.php emp_id Parameter SQL Injection
Tausch Ticket Script suchauftraege_user.php userid Parameter
SQL Injection
Siteframe CMS phpinfo.php Direct Request Information
Disclosure
Ebay Clone category.php cate_id Parameter SQL Injection
FCKeditor _samples Directory Multiple Unspecified XSS
Tausch Ticket Script vote.php descr Parameter SQL Injection
KerviNet Forum message.php topic Parameter SQL Injection
KerviNet Forum message.php topic Parameter XSS
Ebay Clone search.php mode Parameter XSS
SAP MaxDB webdbm Multiple Parameter XSS
SAP BusinessObjects Crystal Reports viewreport.asp Multiple
Parameter XSS
AIST NetCat modules/poll/index.php PollID Parameter SQL
Injection
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
CVE-2008-6840
CVE-2009-2274
CVE-2009-2274
CVE-2009-2274
CVE-2009-2301
CVE-2009-2360
CVE-2009-2342
CVE-2009-2333
CVE-2009-2333
CVE-2009-2333
CVE-2009-2332
CVE-2009-2331
CVE-2009-2331
CVE-2009-2327
CVE-2007-6727
CVE-2009-2321
CVE-2009-2427
CVE-2009-2428
CVE-2009-2443
CVE-2009-2423
CVE-2009-2324
CVE-2009-2428
CVE-2009-2326
CVE-2009-2326
CVE-2009-2424
CVE-2008-6853
PHP Link Directory (phpLD) page.php name Parameter SQL
CVE-2008-6851
Injection
Axesstel MV 410R cgi-bin/sysconf.cgi XSS
CVE-2009-2322
WordPress admin.php page Parameter Arbitrary Plugin
CVE-2009-2334
Configuration Disclosure
WordPress wp-settings.php Direct Request Path Disclosure
CVE-2009-2432
Online Guestbook Pro ogp_show.php Multiple Parameter XSS
CVE-2009-2441,2009-2447,2009-2448
Alibaba Clone category.php IndustryID Parameter SQL Injection CVE-2009-2439
Linea21 public/index.php search Parameter XSS
CVE-2009-2442
Clear Content image.php url Parameter Traversal Local File
Inclusion
Clear Content thumb.php url Parameter Traversal Local File
Inclusion
NetFlow Analyzer jspui/index.jsp Multiple Parameter XSS
Universe CMS vnews.php id Parameter SQL Injection
Nwahy Dir admin/admininfo.php username Cookie Manipulation
Authentication Bypass
Nwahy Articles admin/admininfo.php username Cookie
Manipulation Authentication Bypass
Related Sites Plugin for Wordpress BTE_RW_webajax.php guid
CVE-2009-2383
Parameter SQL Injection
FormMailer formmailer.admin.inc.php BASE_DIR[jax_formmailer]
CVE-2009-2378
Parameter Remote File Inclusion
Mr.Saphp Arabic Script Mobile SMSPages cat.php CatID
CVE-2009-2394
Parameter SQL Injection
Virtue Online Test Generator admin/index.php Admin
CVE-2009-2393
Authentication Bypass
Alibaba Clone supplier/view_contact_details.php SellerID
CVE-2009-2439
Parameter SQL Injection
Censura censura.php itemid Parameter SQL Injection
CVE-2009-2593
Elvin createaccount.php Multiple Parameter SQL Injection
MyMsg Profile.php uid Parameter SQL Injection
MorcegoCMS fichero.php Query String SQL Injection
Top Paidmailer home.php page Parameter Remote File Inclusion
mimeTeX mimetex.cgi Multiple Tags Arbitrary Code Execution
CVE-2009-1382
Phenotype CMS _phenotype/admin/login.php user SQL Injection
Censura productSearch.html q Parameter XSS
CVE-2009-2595
PHP AdminPanel modules/datagrid/scripts/download.php dir
Parameter Traversal Arbitrary File Access
ToyLog read.php idm Parameter SQL Injection
Swinger Club Portal start.php id Parameter SQL Injection
Swinger Club Portal start.php go Parameter Remote File Inclusion
Elvin buglist.php Multiple Parameter SQL Injection
mathTeX mathtex.cgi getdirective Function dpi Tag Arbitrary Code
CVE-2009-1383
Execution
OnePound Shop products.php id Parameter SQL Injection
LogRover login.asp Multiple Parameter SQL Injection
Authentication Bypass
ADbNewsSender maillinglist/admin/change_config.php path_to_
CVE-2009-2449
lang Parameter Traversal Local File Inclusion
ADbNewsSender setup/index.php path_to_lang Parameter
CVE-2009-2444
Traversal Local File Inclusion
MyPHPDating page.php page_id Parameter SQL Injection
CVE-2009-2436
Virtualmin left.cgi dom Parameter XSS
Admin News Tools system/download.php fichier Parameter
CVE-2009-2557
Traversal Arbitrary File Access
eCardMAX resource/games/ephotohunt/ephotohunt.php cat
Parameter XSS
eCardMAX survey_result.php sid Parameter XSS
eCardMAX resource/games/memory/memory.php cat Parameter
XSS
ScriptsEz Easy Image Downloader main.php id Parameter XSS
Meeting Room Booking System (MRBS) report.php typematch
Parameter SQL Injection
ILIAS ilias.php Multiple Parameter Information Disclosure
Good/Bad Vote vote.php id Parameter Traversal Local File
Inclusion
Ultimate Poll Script clr Parameter XSS
Oracle BEA WebLogic Server WLS Console Package consolehelp.portal searchQuery Parameter XSS
Oracle Database Secure Enterprise Search /search/query/search
search_p_groups Parameter XSS
Good/Bad Vote vote.php id Parameter XSS
zenphoto zp-core/admin.php from Parameter XSS
Community CMS view.php article_id Parameter SQL Injection
Zabbix Multiple Frontend profile.php Admin Password Reset
CSRF
com_bookjoomlas for Joomla! sub_commententry.php SQL
Injection
SASPCMS admin/default.asp SQL Injection Authentication
Bypass
Exjune Guestbook /admin/exdb.mdb Direct Request Remote
Database Disclosure
AdaptBB inc/attach.php id Parameter SQL Injection
Loggix modules/comment/post.php refer_id Parameter SQL
Injection
Dynamic Flash Forum config.inc Direct Request Database
Credentials Disclosure
Super Simple Blog Script comments.php entry Parameter SQL
Injection
Super Simple Blog Script comments.php entry Parameter
Traversal Arbitrary File Access
Battle Blog admin/authenticate.asp UserName Parameter SQL
Injection
Jobline Component for Joomla! components/com_jobline/
jobline.php search Parameter SQL Injection
Freelancers placebid.php id Parameter XSS
RadBids Gold index.php fid Parameter SQL Injection
HUBScript single_winner1.php bid_id Parameter XSS
LittleSite.php index.php file Parameter Traversal Local File
Inclusion
ClanTiger Clan CMS /modules/custompages.php slug Parameter
SQL Injection
ClanTiger Clan CMS /module/login.php E-mail Field SQL Injection
Authentication Bypass
Dynamic Flash Forum login.php Username Field SQL Injection
Authentication Bypass
Dynamic Flash Forum viewprofile.php userID Parameter SQL
Injection
Dynamic Flash Forum viewmessage.php threadID Parameter
SQL Injection
Dynamic Flash Forum viewthreads.php boardID Parameter SQL
Injection
HUBScript phpinfo.php Direct Request Information Disclosure
AdaptBB attach.php File Upload Arbitrary Code Execution
SASPCMS db/menu.mdb Direct Request User Database
Disclosure
SASPCMS default.asp q Parameter XSS
WysGui CMS settings.php admin_pages Cookie SQL Injection
CVE-2009-2551
CVE-2009-1975
CVE-2009-1968
CVE-2009-2553
CVE-2009-2552
CVE-2009-2554
Addonics NAS Adapter bts.cgi Multiple Parameter Remote
Overflow DoS
MixedCMS mod.php mod Parameter Traversal Arbitrary File
Access
Juniper Netscreen ScreenOS about.html Information Disclosure
Freelancers post_resume.php jobid Parameter XSS
PHP Scripts Now Hangman index.php letters Parameter XSS
Netrix CMS admin/cikkform.php Direct Request Restriction
Bypass
MyWeight user_addfood.php date Parameter XSS
MyWeight user_forgot_pwd_form.php info Parameter XSS
MyWeight user_login.php Multiple Parameter XSS
EZArticles articles.php title Parameter XSS
RadBids Gold storefront.php mode Parameter XSS
GejoSoft photos/tags URI XSS
DragDropCart assets/js/ddcart.php sid Parameter XSS
Programs Rating rate.php id Parameter XSS
YourFreeWorld Ultra Classifieds listads.php Multiple Parameter
XSS
Real Time Currency Exchange rates.php Amount Parameter XSS
EZWebSearch results.php language Parameter XSS
Multi-lingual E-Commerce System database.inc Direct Request
Database Credential Disclosure
Multi-lingual E-Commerce System product_image.php File
Upload Arbitrary Code Execution
MixedCMS isadmin Parameter Manipulation Authentication
Bypass
MixedCMS DocMan.php path Parameter Traversal Arbitrary
Directory Listing
AdQuick account.php red_url Parameter XSS
PHP Scripts Now Multiple Products bios.php rank Parameter SQL
Injection
PHP Scripts Now Riddles /riddles/list.php catid Parameter SQL
Injection
MCshoutbox admin_login.php loginerror Parameter XSS
MCshoutbox scr_login.php Multiple Parameter SQL Injection
Authentication Bypass
DragDropCart includes/ajax/getstate.php prefix Parameter XSS
DragDropCart search.php search Parameter XSS
DragDropCart login.php redirect Parameter XSS
DragDropCart productdetail.php product Parameter XSS
PHP Scripts Now Astrology celebrities.php day Parameter XSS
PHP Scripts Now Hangman index.php n Parameter SQL Injection
Programs Rating postcomments.php id Parameter XSS
YourFreeWorld Ultra Classifieds subclass.php cname Parameter
XSS
mathTeX mathtex.cgi Multiple Unspecified Overflows
PHP Scripts Now Multiple Products bios.php rank Parameter SQL
Error Message XSS
PHP Scripts Now Riddles /riddles/results.php searchquery
Parameter XSS
Virtualmin link.cgi XSS
Virtualmin link.cgi Arbitrary Site Proxy
Paypal Shopping Cart Script index.php txtkeywords Parameter
XSS
Paypal Shopping Cart Script index.php cid Parameter SQL
Injection
Classified Linktrader Script addlink.php slctCategories Parameter
SQL Injection
CVE-2009-2586
CVE-2009-2587
CVE-2009-2587
CVE-2009-2587
CVE-2009-2587
CVE-2009-2587
CVE-2009-2460
Zabbix Multiple Frontend scripts.php Arbitrary Command
Execution CSRF
Zabbix Multiple Frontend scripts_exec.php Arbitrary Command
Execution CSRF
Snitz Forums 2000 register.asp Email Parameter SQL Injection
ILIAS ilias.php obj_id Parameter Arbitrary Favorite Link
Manipulation
Hotscripts Type PHP Clone Script feedback.php msg Parameter
CVE-2009-2588
XSS
MyDLstore Pixel Ad Script users/payment.php order_id Parameter
SQL Injection
CJ Dynamic Poll Pro admin/admin_index.php URI XSS
phpGroupWare addressbook/csv_import.php csvfile Parameter
Arbitrary File Access
phpDirectorySource search.php st Parameter XSS
Meta Search Engine Script index.php url Parameter Traversal
Arbitrary File Access
Hotscripts Type PHP Clone Script lostpassword.php msg
CVE-2009-2588
Parameter XSS
Hutscripts PHP Website Script feedback.php msg Parameter XSS CVE-2009-2589
Hutscripts PHP Website Script lostpassword.php msg Parameter
CVE-2009-2589
XSS
Hutscripts PHP Website Script showcategory.php cid Parameter
CVE-2009-2590
SQL Injection
phpGroupWare login.php passwd Parameter SQL Injection
phpGroupWare login.php phpgw_* Parameter XSS
phpGroupWare addressbook/inc/class.uiXport.inc.php conv_type
Parameter Traversal Local File Inclusion
phpDirectorySource search.php st Parameter SQL Injection
Admin News Tools system/message.php Direct Request
CVE-2009-2558
Message Post Authentication Bypass
KerviNet Forum admin/edit_user.php del_user_id Parameter
CVE-2009-2328
Admin Authentication Bypass
RaidenHTTPD raidenhttpd-admin/menu.php ulang Parameter
Traversal Arbitrary File Access
Clone2009 product_desc.php id Parameter SQL Injection
The BLOB Blog System bpost.php postid Parameter XSS
RaidenHTTPD raidenhttpd-admin/workspace.php ulang
Parameter XSS
Clone2009 showcategory.php cid Parameter SQL Injection
Clone2009 gallery.php cid Parameter SQL Injection
EditTag edittag.cgi file Parameter Encoded Traversal Arbitrary
CVE-2003-1351
File Access
MiniTwitter rss.php user Parameter SQL Injection
CVE-2009-2573
AWCM a.php a Parameter Traversal Local File Inclusion
AWCM login.php name Parameter SQL Injection Authentication
Bypass
AWCM control/login.php username Parameter SQL Injection
Authentication Bypass
XAMPP security/xamppsecurity.php SERVER Superglobal Array
CVE-2008-6499
Variable Spoofing
Linksys WVC54GCA IP Camera pass_wd.htm Cleartext
CVE-2009-1560
Password / Keys Disclosure
Linksys WVC54GCA IP Camera Wsecurity.htm Cleartext
CVE-2009-1560
Password / Keys Disclosure
Active Web Mail popaccounts.aspx TabOpenQuickTab1
CVE-2008-6873
Parameter SQL Injection
Active Web Mail addressbook.aspx TabOpenQuickTab1
CVE-2008-6873
Parameter SQL Injection
Active Web Mail emails.aspx TabOpenQuickTab1 Parameter SQL
CVE-2008-6873
Injection
Oramon Oracle Database Monitoring Tool config/oramon.ini
Direct Request Database Credentials Disclosure
Web File Explorer body.asp file Parameter Arbitrary Remote Code
Execution
MTCMS WYSIWYG Editor install.cgi Unspecified XSS
Private Message System (PMS) Module for PunBB include/pms/
functions_navlinks.php pun_user[language] Parameter Traversal
Arbitrary
Private Message System (PMS) Module for PunBB include/pms/
header_new_messages.php pun_user[language] Parameter
Traversal
Private Message System (PMS) Module for PunBB include/pms/
profile_send.php pun_user[language] Parameter Traversal
Arbitrary File
Private Message System (PMS) Module for PunBB include/pms/
viewtopic_PM-link.php pun_user[language] Parameter Traversal
Arbitrary
eAccelerator encoder.php File Copy Remote Command
Execution
Apartment Search Script listtest.php r Parameter XSS
Aktueldownload Haber Script HaberDetay.asp id Parameter SQL
Injection
Matt Wright FormHandler.cgi reply_message_attach Attachment
Parameter Arbitrary File Access
Pheap settings.php lpref Parameter Remote File Inclusion
Apartment Search Script editimage.php Crafted Upload Arbitrary
Code Execution
PG Roommate Finder Solution quick_search.php part Parameter
XSS
PG Roommate Finder Solution viewprofile.php part Parameter
XSS
Almond Classifieds Component for Joomla! components/com_
aclassf/gmap.php addr Parameter XSS
Scripteen Free Image Hosting Script header.php Multiple Cookie
Parameter SQL Injection
XZero Community Classifieds index.php Multiple Parameter XSS
Flashden Guestbook phpinfo.php Direct Request PHP
Configuration Disclosure
PG MatchMaking Script browse_ladies.php URL XSS
SaphpLesson admin/login.php cp_username Parameter SQL
Injection Authentication Bypass
SkaDate admin/auth.php URL Parameter XSS
SkaDate file_uploader.php URL Parameter XSS
MyAnnonces Module for E-Xoopport index.php lid Parameter SQL
Injection
PHPJunkYard GBook guestbook.php mes_id Parameter SQL
Injection
Censura censura.php itemid Parameter XSS
autoDealer Auto1/type.asp iType Parameter SQL Injection
autoDealer auto2/type.asp iType Parameter SQL Injection
PG MatchMaking Script browse_men.php URL XSS
PG MatchMaking Script search.php URL XSS
PG MatchMaking Script services.php URL XSS
Inout Adserver ppc-add-keywords.php id Parameter SQL Injection
68 Classifieds category.php cat Parameter XSS
VS PANEL results.php Cat_ID Parameter SQL Injection
Ultimate Regnow Affiliate (URA) rss.php cat Parameter SQL
Injection
Celepar module for Xoops modules/qas/aviso.php codigo
Parameter SQL Injection
CVE-2008-6869
CVE-2009-1314
CVE-2008-6448
CVE-2008-6308
CVE-2008-6308
CVE-2008-6308
CVE-2008-6308
CVE-2009-2353
CVE-2008-6683
CVE-2007-1015
CVE-1999-1051
CVE-2006-4621
CVE-2008-6684
CVE-2009-2648
CVE-2009-2591
CVE-2009-2592
CVE-2009-2594
CVE-2008-6874
CVE-2008-6874
PHP Paid 4 Mail Script home.php page Parameter Remote File
Inclusion
Smart ASP Survey showresult.asp catid Parameter SQL Injection
dompdf dompdf.php input_file Parameter Traversal Arbitrary File
Access
68 Classifieds login.php goto Parameter XSS
68 Classifieds searchresults.php page Parameter XSS
68 Classifieds toplistings.php page Parameter XSS
68 Classifieds viewlisting.php view Parameter XSS
68 Classifieds viewmember.php member Parameter XSS
GarageSalesJunkie visitor/view.php key Parameter SQL Injection
Automatic Image Upload with Thumbnails Module for PunBB
uploadimg_view.php id Parameter SQL Injection
PHP Melody upload_avatar.php File Upload Arbitrary PHP Code
Execution
Limny includes/functions.php username Parameter SQL Injection
Authentication Bypass
Cisco Wireless LAN Controllers (WLCs) /screens/frameset.html
Malformed Authorization Header Remote DoS
Surveys Module in MDPro modules.php pollID Parameter SQL
Injection
MyFusion infusions/last_seen_users_panel/last_seen_users_
panel.php settings[locale] Parameter Traversal Local File
Inclusion
amoCourse Component for Joomla! index.php catid Parameter
SQL Injection
Zen Help Desk admin.asp Multiple Parameter SQL Injection
Authentication Bypass
Celepar module for Xoops modules/qas/imprimir.php codigo
Parameter SQL Injection
Celepar module for Xoops modules/qas/categoria.php cod_
categoria Parameter SQL Injection
Celepar module for Xoops modules/qas/categoria.php Multiple
Parameter XSS
Celepar module for Xoops modules/qas/index.php Multiple
Parameter XSS
Celepar module for Xoops modules/quiz/cadastro_usuario.php
URI XSS
Webboard view.php topic Parameter Traversal Arbitrary File
Access
Tukanas Classifieds Script index.php b Parameter SQL Injection
Reputation Plugin for PunBB reputation.php poster Parameter
SQL Injection
TimeSheet include/timesheet.php config[include_dir] Remote File
Inclusion
PHP Open Classifieds Script buy.php page Parameter XSS
TinyBrowser upload.php Multiple Parameter XSS
Pao-Link login.php login_ok Parameter Authentication Bypass
Model Agency Manager PRO photos.php album Parameter SQL
Injection
x10 Adult Media Script video_ad.php pic_id Parameter XSS
x10 MP3 Automatic Search Engine embed.php name Parameter
XSS
ReviewPost PHP Pro showproduct.php date Parameter XSS
Reputation Plugin for PunBB include/reputation/rep_profile.php
pun_user[language] Parameter Traversal Local File Inclusion
XOOPS modules/pm/viewpmsg.php op Parameter XSS
WebStatCaffe visitorduration.php nodayshow Parameter SQL
Injection
Miniweb directory/index.php URI XSS
Miniweb eventscalendar/index.php URI XSS
CVE-2009-1164
CVE-2009-2618
CVE-2009-2611
CVE-2009-2609
CVE-2009-2604
CVE-2009-2600
Miniweb faqmanager/index.php URI XSS
Miniweb forum/index.php URI XSS
Miniweb myamazon/index.php URI XSS
Miniweb onlinestore/index.php URI XSS
Miniweb sitebuilder/index.php URI XSS
Miniweb publisher/index.php URI XSS
Miniweb surveypro/index.php URI XSS
Miniweb jobboard/index.php URI XSS
Miniweb mediaalbum/index.php URI XSS
Miniweb blogwriter/index.php URI XSS
Miniweb classifiedads/index.php URI XSS
Miniweb publisher/index.php Multiple Parameter SQL Injection
Miniweb surveypro/index.php campaign_id Parameter SQL
Injection
MUJE CMS admin.php _class Parameter Traversal Local File
Inclusion
CMSphp modules.php mod_file Parameter Traversal Local File
Inclusion
dit.cms menus/left_rightslideopen/index.php sitemap Parameter
Traversal Local File Inclusion
Orbis CMS admin/fileman_file_download.php fn Parameter
Traversal Arbitrary File Access
Orbis CMS admin/fileman_file_delete.php fn Parameter Traversal
Arbitrary File Deletion
CMSphp modules.php name Parameter XSS
PHP Open Classifieds Script contact.php id Parameter XSS
PHP Open Classifieds Script tellafriend.php id Parameter XSS
dit.cms menus/side_pullout/index.php sitemap Parameter
Traversal Local File Inclusion
dit.cms menus/side_slideopen/index.php sitemap Parameter
Traversal Local File Inclusion
dit.cms menus/top_dropdown/index.php sitemap Parameter
Traversal Local File Inclusion
dit.cms menus/topside/index.php sitemap Parameter Traversal
Local File Inclusion
dit.cms menus/left_rightslideopen/index.php path Parameter
Remote File Inclusion
dit.cms menus/side_pullout/index.php path Parameter Remote
File Inclusion
dit.cms menus/side_slideopen/index.php path Parameter Remote
File Inclusion
dit.cms menus/simple/index.php path Parameter Remote File
Inclusion
dit.cms menus/top_dropdown/index.php path Parameter Remote
File Inclusion
dit.cms menus/topside/index.php path Parameter Remote File
Inclusion
x10 Adult Media Script linkvideos_listing.php category Parameter
XSS
x10 Adult Media Script templates/header1.php id Parameter XSS
x10 Adult Media Script video_listing.php key Parameter XSS
AlmondSoft Multiple Classifieds Products gmap.php addr
Parameter XSS
x10 MP3 Automatic Search Engine info.php name Parameter
XSS
x10 MP3 Automatic Search Engine lyrics.php id Parameter XSS
Pao Bacheca Guestbook login.php login_ok Parameter
Authentication Bypass
Pao-Liber login.php login_ok Parameter Authentication Bypass
Traidnt Up uploadcp/index.php Multiple Parameter SQL Injection
Arab Portal admin/index.php X-Forwarded-For HTTP Header SQL
Injection
ArtForms Component for Joomla! imgcaptcha.php mosConfig_
absolute_path Parameter Remote File Inclusion
ArtForms Component for Joomla! mp3captcha.php mosConfig_
absolute_path Parameter Remote File Inclusion
ArtForms Component for Joomla! swfmovie.php mosConfig_
absolute_path Parameter Remote File Inclusion
DMXReady Registration Manager databases/
webblogmanager.mdb Direct Request Database Disclosure
Custom T-shirt Design product.php id Parameter XSS
MaxCMS admin/admin_manager.asp m_username Cookie SQL
Injection
PHPenpals mail.php ID Parameter SQL Injection
Unclassified NewsBoard (UNB) import_wbb1.php Direct Request
Error Message Path Disclosure
OCS Inventory NG download.php Multiple Parameter SQL
Injection
OCS Inventory NG group_show.php systemid Parameter SQL
Injection
Online Grades parents/parents.php Multiple Parameter SQL
Injection
AdaptBB latestposts.php forumspath Parameter Remote File
Inclusion
ASP Football Pool NFL.mdb Direct Request Database Disclosure
Escon SupportPortal Pro forum.php Multiple Parameter SQL
Injection
R2 Newsletter Stats admin.mdb Direct Request Database
Disclosure
IBM WebSphere Application Server (WAS) Traversal Error Page
XSS
phpBugTracker include.php username Parameter SQL Injection
Online Grades & Attendance index.php GLOBALS[SKIN]
Parameter Traversal Local File Inclusion
Online Grades & Attendance admin/admin.php skin Parameter
Traversal Local File Inclusion
WebCal webCal3_detail.asp event_id Parameter SQL Injection
PHP-Nuke main/tracking/userLog.php HTTP Referer Header SQL
Injection
Asterisk GUI Client admin.php Multiple Parameter SQL Injection
Flash Quiz num_questions.php quiz Parameter SQL Injection
Flash Quiz answers.php quiz Parameter SQL Injection
Flash Quiz high_score.php quiz Parameter SQL Injection
Flash Quiz high_score_web.php quiz Parameter SQL Injection
Flash Quiz results_table_web.php quiz Parameter SQL Injection
Flash Quiz question.php quiz Parameter SQL Injection
Flash Quiz answers.php order_number Parameter SQL Injection
Flash Quiz question.php order_number Parameter SQL Injection
WebEyes Guest Book yorum.asp mesajid Parameter SQL
Injection
Xitami testssi.ssi HTTP Header XSS
MyMiniBill my_orders.php orderid Parameter SQL Injection
Movie PHP Script system/services/init.php anticode Parameter
Arbitrary PHP Code Execution
moziloCMS admin/index.php Multiple Parameter XSS
LightNEasy LightNEasy.php Multiple Parameter XSS
Web Directory PRO admin/backup_db.php Direct Request
Database Backup Disclosure
SiteX themes/Corporate/homepage.php THEME_FOLDER
Parameter Traversal Local File Inclusion
CVE-2009-1822
CVE-2009-1822
CVE-2009-1822
CVE-2009-1821
CVE-2009-1820
CVE-2009-1818
CVE-2009-1814
CVE-2009-1949
CVE-2009-1946
CVE-2009-1851
CVE-2009-2037
CVE-2009-2037
CVE-2009-1945
CVE-2009-1842
CVE-2009-1843
CVE-2009-1843
CVE-2009-1843
CVE-2009-1843
CVE-2009-1843
CVE-2009-1843
CVE-2009-1843
CVE-2009-1843
CVE-2009-1950
CVE-2009-1367
CVE-2009-1937
CVE-2009-1846
SiteX themes/Fusion/homepage.php THEME_FOLDER
Parameter Traversal Local File Inclusion
SiteX themes/Joombo/homepage.php THEME_FOLDER
Parameter Traversal Local File Inclusion
SiteX themes/Streamline/homepage.php THEME_FOLDER
Parameter Traversal Local File Inclusion
SiteX themes/Structure/homepage.phpTHEME_FOLDER
Parameter Traversal Local File Inclusion
myGesuad modules/admuser.php Admin Authentication Bypass
User Account Enumeration
myColex modules/admuser.php Admin Authentication Bypass
User Account Enumeration
moziloCMS gallery.php gal[] Parameter Path Disclosure
moziloCMS download.php file[] Parameter Path Disclosure
Sitecore CMS login/default.aspx sc_error Parameter XSS
PAD Site Scripts dbbackup.txt Direct Request Database
Disclosure
Virtue Shopping Mall products.php cid Parameter SQL Injection
Virtue Classifieds search.php category Parameter SQL Injection
Virtue Book Store products.php cid Parameter SQL Injection
Frontis bin/aps_browse_sources.php source_class Parameter
SQL Injection
MyCars admin/index.php authuserid Parameter SQL Injection
Virtue News Manager news_detail.php nid Parameter SQL
Injection
Dokeos main/document/slideshow.php curdirpath Parameter XSS
Dokeos main/exercice/testheaderpage.php file Parameter XSS
Dokeos main/tracking/userLog.php uInfo Parameter SQL Injection
Dokeos main/mySpace/lp_tracking.php course Parameter SQL
Injection
Dokeos main/exercice/hotspot_lang_conversion.php lang
Parameter Traversal Arbitrary File Access
Dokeos main/exercice/Hpdownload.php doc_url Parameter
Traversal Arbitrary File Access
MooFAQ Component for Joomla! com_moofaq/includes/file_
includer.php file Parameter Traversal Arbitrary File Access
The Ticket System admin.php Direct Request Admin Panel
Security Restriction Bypass
phpWebThings help.php module Parameter Traversal Arbitrary
File Access
Sniggabo CMS article.php id Parameter SQL Injection
Grestul admin/options.php Admin User Addition Restriction
Bypass
PDshopPro search.asp search Parameter XSS
DM FileManager admin/login.php Multiple Cookie Manipulation
Admin Authentication Bypass
VT Auth zHk8dEes3.txt Direct Request Database Credentials
Disclosure
fipsCMS _fipsdb/db.mdb Direct Request Database Disclosure
Virtue News Manager news_detail.php nid Parameter XSS
Answer and Question Script myaccount.php Multiple Parameter
Password Verification Weakness Remote Privilege Escalation
TBDEV.NET makepoll.php returnto Parameter XSS
Zip Store Chat admin/index.asp Multiple Parameter SQL Injection
Pivot pivot/index.php menu Parameter XSS
TBDEV.NET polls.php returnto Parameter XSS
TBDEV.NET my.php info Parameter XSS
4images member.php user_homepage Parameter XSS
CVE-2009-1846
CVE-2009-1846
CVE-2009-1846
CVE-2009-1846
CVE-2009-1826
CVE-2009-1825
CVE-2009-1369
CVE-2009-1369
CVE-2009-2163
CVE-2009-1941
CVE-2009-2016
CVE-2009-2021
CVE-2009-2017
CVE-2009-2013
CVE-2009-2018
CVE-2009-2019
CVE-2009-2009
CVE-2009-2009
CVE-2009-2008
CVE-2009-2008
CVE-2009-2007
CVE-2009-2007
CVE-2009-2015
CVE-2009-2080
CVE-2009-2081
CVE-2009-2040
CVE-2009-2032
CVE-2009-2025
CVE-2009-2024
CVE-2009-2022
CVE-2009-2020
CVE-2009-1664
CVE-2009-2141
CVE-2009-2142
CVE-2009-2133
CVE-2009-2141
CVE-2009-2141
Han -2009-2131
FireStats Plugin for Wordpress wp-content/plugins/firestats/
firestats-wordpress.php fs_javascript Parameter Remote File
CVE-2009-2143
Inclusion
4images global.php l Parameter Traversal Local File Inclusion
CVE-2009-2132
Compaq Web-Based Management Agent Encoded Traversal File
Request Enumeration
Yogurt index.php msg Parameter XSS
CVE-2009-2033
Yogurt writemessage.php original Parameter SQL Injection
CVE-2009-2034
Elvin login.php Multiple Parameter SQL Injection
CVE-2009-2123
Elvin close_bug.php Subject Field XSS
CVE-2009-2126
SkyBlueCanvas admin.php Multiple Parameter XSS
CVE-2009-2114
DB Top Sites full.php u Parameter Traversal Local File Inclusion CVE-2009-2110
Zoki Catalog system/application/controllers/catalog.php search_
CVE-2009-2097
text Parameter SQL Injection
Free Joke Script webadmin/includes/security.php Admin Account
Password Manipulation
Elvin delete_bug.php Restriction Bypass Arbitrary Bug Deletion
CVE-2009-2125
Photoracer Plugin for WordPress viewimg.php id Parameter SQL
CVE-2009-2122
Injection
phpCollegeExchange house/listing_view.php itemnr Parameter
CVE-2009-2096
SQL Injection
DB Top Sites contact.php u Parameter Traversal Local File
CVE-2009-2110
Inclusion
DB Top Sites add_reg.php location Parameter Arbitrary PHP
CVE-2009-2111
Code Execution
TorrentTrader Classic account-inbox.php origmsg Parameter SQL
CVE-2009-2157
Injection
Linksys WVC54GCA IP Camera adm/file.cgi Multiple Parameter
CVE-2009-1559,2009-1558
Traversal Arbitrary File Access
Fretsweb admin/common.php Multiple Parameter Traversal Local
CVE-2009-2109
File Inclusion
fuzzylime (cms) code/confirm.php list Parameter Local File
CVE-2009-2176
Inclusion
Campus Virtual-LMS news/index.php id Parameter SQL Injection CVE-2009-2148
Fretsweb player.php name Parameter SQL Injection
CVE-2009-2113
Fretsweb song.php hash Parameter SQL Injection
CVE-2009-2113
Campus Virtual-LMS enrolments/step1.php courseid Parameter
CVE-2009-2149
XSS
Campus Virtual-LMS files/shared_list.php Multiple Parameter
CVE-2009-2149
XSS
TorrentVolve archive.php deleteTorrent Parameter Traversal
CVE-2009-2101
Arbitrary File Deletion
phPortal topicler.php id Parameter SQL Injection
CVE-2009-2098
Mundi Mail template/simpledefault/admin/_masterlayout.php top
CVE-2009-2095
Parameter Remote File Inclusion
fuzzylime (cms) code/display.php template Parameter Local File
CVE-2009-2176
Inclusion
fuzzylime (cms) code/display.php s Parameter Arbitrary File
CVE-2009-2177
Overwrite
WebNMS report/ReportViewAction.do type Parameter XSS
CVE-2009-2155
All-in-One admin.php ids Parameter SQL Injection
CVE-2009-2120
All-in-One members.php y Parameter SQL Injection
CVE-2009-2120
phPortal uye_paneli.php kulladi Cookie Manipulation Admin
CVE-2009-2117
Authentication Bypass
SkyBlueCanvas admin.php dir Parameter Traversal Directory
CVE-2009-2116
Content Listing
SkyBlueCanvas admin.php id Parameter Error Message Path
CVE-2009-2115
Disclosure
phpFK include/page_bottom.php _FORUM[settings_design_style]
CVE-2009-2112
Parameter Traversal Local File Inclusion
Fretsweb charts.php language Parameter Traversal Arbitrary File
Access
TorrentTrader Classic backup-database.php Direct Request
Database Disclosure
TorrentTrader Classic browse.php wherecatin Parameter SQL
Injection
TorrentTrader Classic check.php Direct Request Information
Disclosure
TorrentTrader Classic phpinfo.php Direct Request Information
Disclosure
TorrentTrader Classic delreq.php categ Parameter SQL Injection
TorrentTrader Classic modrules.php id Parameter SQL Injection
TorrentTrader Classic report.php Multiple Parameter SQL
Injection
TorrentTrader Classic takedelreport.php delreport[] Parameter
SQL Injection
TorrentTrader Classic takedelreq.php delreq[] Parameter SQL
Injection
TorrentTrader Classic takewarndisable.php warndisable[]
Parameter SQL Injection
TorrentTrader Classic today.php limit Parameter SQL Injection
TorrentTrader Classic torrents-details.php where Parameter SQL
Injection
TorrentTrader Classic admin-delreq.php categ Parameter SQL
Injection
TorrentTrader Classic Torrent requests.php Title Field XSS
TorrentTrader Classic torrents-upload.php Torrent Name Field
XSS
TorrentTrader Classic backend/admin-functions.php ss_uri
Parameter Traversal Local File Inclusion
TorrentTrader Classic themes/default/footer.php ttversion
Parameter XSS
TorrentTrader Classic themes/default/header.php Multiple
Parameter XSS
TorrentTrader Classic visitorstoday.php todayactive Parameter
XSS
TorrentTrader Classic visitorsnow.php activepeople Parameter
XSS
TorrentTrader Classic faq.php faq_categ[][title] Parameter XSS
Elvin show_bug.cgi id Parameter SQL Injection
Elvin show_bug.cgi id Parameter XSS
Elvin show_activity.cgi id Parameter SQL Injection
Elvin show_activity.cgi id Parameter XSS
Elvin page.php id Parameter Traversal Local File Inclusion
EZ-Blog public/view.php storyid Parameter SQL Injection
Podcast Generator core/themes.php GLOBALS[theme_path]
Parameter Remote File Inclusion
Podcast Generator core/admin/delete.php Multiple Parameter
Arbitrary File Deletion
WeBid cron.php include_path Parameter Remote File Inclusion
Pivot pivot/tb.php url Parameter Error Message Path Disclosure
Elvin login.php Arbitrary Authentication Hijack CSRF
Elvin close_bug.php Subject Field SQL Injection
Softbiz Banner Ad Management Script image.php size_id
Parameter SQL Injection
SourceBans sb-callback.php Admin E-mail Address Manipulation
Privilege Escalation
Nagios statuswml.cgi Multiple Parameter Arbitrary Remote Shell
Command Execution
Gravy Media Photo Host forcedownload.php file Parameter
Arbitrary File Access
CVE-2009-2109
CVE-2009-2159
CVE-2009-2157
CVE-2009-2160
CVE-2009-2160
CVE-2009-2157
CVE-2009-2157
CVE-2009-2157
CVE-2009-2157
CVE-2009-2157
CVE-2009-2157
CVE-2009-2157
CVE-2009-2157
CVE-2009-2157
CVE-2009-2156
CVE-2009-2156
CVE-2009-2161
CVE-2009-2156
CVE-2009-2156
CVE-2009-2156
CVE-2009-2156
CVE-2009-2156
CVE-2009-2123
CVE-2009-2123
CVE-2009-2127
CVE-2009-2124
CVE-2009-2134
CVE-2009-2129
CVE-2009-2128
CVE-2009-2232
CVE-2009-2288
CVE-2009-2184
MyBB inc/datahandlers/user.php birthdayprivacy Parameter SQL
Injection
Kasseler CMS engine.php file Parameter Traversal Arbitrary File
Access
7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
OCS Inventory NG on Unix cvs.php log Parameter Traversal
Arbitrary File Access
Impleo Music Collection admin/login.php username Parameter
SQL Injection
AdaptWeb a_index.php CodigoDisciplina Parameter SQL
Injection
phpWebThings fdown.php id Parameter SQL Injection
fuzzylime (cms) code/commupdate.php s Parameter Traversal
Local File Inclusion
fuzzylime (cms) code/newsheads.php heads Parameter Traversal
Local File Inclusion
Zen Cart admin/record_company.php frmdt_content Parameter
Arbitrary PHP Code Execution
Movable Type mt-wizard.cgi set_static_uri_to Parameter XSS
7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
Kjtechforce mailman activate.php code Parameter SQL Injection
Kjtechforce mailman index.php dest Parameter SQL Injection
Campus Virtual-LMS login/logout.php Session Termination Hijack
CSRF
Campus Virtual-LMS enrolments/step2.php Multiple Action
Authentication Hijack CSRF
Campsite admin-files/ad.php GLOBALS[g_campsiteDir]
Parameter Traversal Arbitrary File Access
Campsite admin-files/templates/list_dir.php listbasedir Parameter
XSS
Pc4 Uploader upfiles/index.php file Parameter Traversal Arbitrary
File Access
phpDatingClub search.php sform[day] Parameter SQL Injection
phpDatingClub website.php page Parameter XSS
Radio and TV Player Addon for vBulletin forum/radioandtv.php
station Parameter XSS
RS-CMS rscms_mod_newsview.php key Parameter SQL
Injection
Zen Cart admin/sqlpatch.php query_string Parameter SQL
Injection
2Bgal admin/phpinfo.php phpinfo() Function Direct Request
Information Disclosure
TorrentTrader Classic take-deletepm.php delmp Parameter SQL
Injection
TorrentTrader Classic takestaffmess.php clases Parameter SQL
Injection
TorrentTrader Classic torrents-details.php keepget Parameter
XSS
TBDev.NET login.php returnto Parameter Arbitrary Site Redirect
TBDev.NET news.php returnto Parameter Arbitrary Site Redirect
Movable Type mt-wizard.cgi Unspecified Security Restriction
Bypass
Unclassified NewsBoard (UNB) forum.php GLOBALS[filename]
Parameter Traversal Arbitrary File Access
Unclassified NewsBoard (UNB) forum.php GLOBALS[UTE][__
tplCollection] Parameter Traversal Local File Inclusion
Unclassified NewsBoard (UNB) forum.php Query Parameter SQL
Injection
DMXReady Registration Manager assetmanager.asp Unrestricted
File Upload Arbitrary Code Execution
Call Center Suite admin.php Multiple Parameter SQL Injection
CVE-2009-2230
CVE-2009-2229
CVE-2009-2167
CVE-2009-2166
CVE-2009-2154
CVE-2009-2152
CVE-2009-2147
CVE-2008-6834
CVE-2008-6834
CVE-2009-2255
CVE-2009-2168
CVE-2009-2164
CVE-2009-2164
CVE-2009-2150
CVE-2009-2150
CVE-2009-2183
CVE-2009-2181
CVE-2009-2180
CVE-2009-2179
CVE-2009-2178
CVE-2009-2172
CVE-2009-2209
CVE-2009-2254
CVE-2009-2157
CVE-2009-2157
CVE-2009-2156
CVE-2009-2138
CVE-2009-2138
CVE-2009-1948
CVE-2009-1948
CVE-2009-1947
CVE-2009-2238
CVE-2009-2234
Kasseler CMS engine.php url Parameter XSS
LightOpenCMS locms/smarty.php cwd Parameter Traversal Local
File Inclusion
PunBB Affiliation Module affiliates.php Multiple Parameter SQL
Injection
PunBB Vote For Us Module voteforus.php out Parameter SQL
Injection
DM Albums Plugin for WordPress wp-content/plugins/dm-albums/
template/album.php SECURITY_FILE Parameter Remote File
Inclusion
Audio Article Directory download.php file Parameter Arbitrary File
Access
NEWSolved newsscript.php Multiple Parameter SQL Injection
DM FileManager dm-albums/template/album.php SECURITY_
FILE Parameter Remote File Inclusion
phpCollegeExchange home.php _SESSION[handle] Parameter
XSS
phpCollegeExchange books/allbooks.php _SESSION[handle]
Parameter XSS
phpCollegeExchange books/home.php _SESSION[handle]
Parameter XSS
phpCollegeExchange i_head.php home Parameter XSS
phpCollegeExchange i_nav.php home Parameter XSS
phpCollegeExchange books/allbooks.php home Parameter XSS
phpCollegeExchange books/home.php home Parameter XSS
phpCollegeExchange books/i_nav.php home Parameter XSS
phpCollegeExchange i_head.php home Parameter Remote File
Inclusion
phpCollegeExchange i_nav.php home Parameter Remote File
Inclusion
phpCollegeExchange user_new_2.php home Parameter Remote
File Inclusion
phpCollegeExchange house/myrents.php home Parameter
Remote File Inclusion
phpCollegeExchange books/allbooks.php home Parameter
Remote File Inclusion
phpCollegeExchange books/home.php home Parameter Remote
File Inclusion
phpCollegeExchange books/mybooks.php home Parameter
Remote File Inclusion
GalleryPal FE login.asp Unspecified Parameter SQL Injection
ProSMDR login.aspx txtUser Parameter SQL Injection
LinkPal z_admin_login.asp Password Parameter SQL Injection
Authentication Bypass
PHP-addressbook view.php id Parameter SQL Injection
SitePal login.asp Password Parameter SQL Injection
Authentication Bypass
V-SpacePal login.asp Password Parameter SQL Injection
PHP-addressbook edit.php id Parameter SQL Injection
PHP-addressbook delete.php id Parameter SQL Injection
ForumPal login.asp Password Parameter SQL Injection
Authentication Bypass
LinkPal z_loginfailed.asp page Parameter XSS
LinkPal z_admin_login.asp page Parameter XSS
LinkPal z_forgot.asp page Parameter XSS
LinkPal demo.asp page Parameter XSS
LinkPal z_link_add.asp page Parameter XSS
LinkPal z_link_edit.asp page Parameter XSS
WeBid /admin/ST_browsers.php include_path Parameter Remote
File Inclusion
CVE-2009-2228
CVE-2009-2223
CVE-2009-2308
CVE-2009-2276
CVE-2009-2219
CVE-2009-2219
CVE-2009-2219
CVE-2009-2219
CVE-2009-2219
CVE-2009-2219
CVE-2009-2219
CVE-2009-2219
CVE-2009-2218
CVE-2009-2218
CVE-2009-2218
CVE-2009-2218
CVE-2009-2218
CVE-2009-2218
CVE-2009-2218
CVE-2009-2259
WeBid /admin/ST_countries.php include_path Parameter Remote
File Inclusion
WeBid /admin/ST_platforms.php include_path Parameter Remote
File Inclusion
Fungamez includes/user.php user Cookie Parameter Admin
Authentication Bypass
FunGamez index.php module Parameter Traversal Local File
Inclusion
FunGamez pages/login.php login_user Parameter SQL Injection
X-Forum SaveConfig.php adminEMail Parameter Arbitrary PHP
Code Injection
KoschtIT Image Gallery ki_makepic.php file Parameter Traversal
Local File Inclusion
KoschtIT Image Gallery ki_nojsdisplayimage.php file Parameter
Traversal Local File Inclusion
Million Dollar Text Links admin.home.php Direct Request Admin
Authentication Bypass
QuickTeam qte_web.php qte_web_path Parameter Remote File
Inclusion
BluSky CMS index.php news_id Parameter SQL Injection
X-Forum Configure.php cookie_username Parameter SQL
Injection
eLitius banner-details.php id Parameter SQL Injection
Internet Discussion Boards (iDB) profile.php skin Parameter
Traversal Local File Inclusion
Sarkilar Module for PHP-Nuke modules.php id Parameter SQL
Injection
Pecio CMS index.php language Parameter Traversal Arbitrary
File Access
QuickTeam bin/qte_init.php qte_root Parameter Remote File
Inclusion
TemaTres login.php Multiple Parameter SQL Injection
Glassfish Enterprise Server Admin Console /applications/
applications.jsf URI XSS
Project Woodstock ThemeServlet.java 404 Error Page UTF-7
Encoded XSS
IceWarp Merak Mail Server RSS Feed Reader item.php Multiple
Element XSS
IceWarp Merak Mail Server webmail.php Search Query XML Data
SQL Injection
Yourplace internettoolbar/edit.php Crafted username Toolbar
Setting Modification
MyPHP Forum post.php Multiple Parameter SQL Injection
MoinMoin action/AttachFile.py Multiple Function XSS
Lizardware CMS administrator/index.php user Parameter SQL
Injection
TemaTres xml.php Multiple Parameter SQL Injection
FreePBX reports.php display Parameter XSS
Glassfish Enterprise Server Admin Console /configuration/
configuration.jsf URI XSS
Glassfish Enterprise Server Admin Console /customMBeans/
customMBeans.jsf URI XSS
Glassfish Enterprise Server Admin Console /resourceNode/
resources.jsf URI XSS
Glassfish Enterprise Server Admin Console /sysnet/registration.jsf
URI XSS
Glassfish Enterprise Server Admin Console /webService/
webServicesGeneral.jsf URI XSS
Glassfish Enterprise Server Admin Console /configuration/
auditModuleEdit.jsf name Parameter XSS
CVE-2009-1489
CVE-2009-1488
CVE-2009-1487
CVE-2009-1512
CVE-2009-1510
CVE-2009-1510
CVE-2009-1582
CVE-2009-1551
CVE-2009-1548
CVE-2009-1508
CVE-2009-1506
CVE-2009-1498
CVE-2008-6779
CVE-2009-1519
CVE-2009-1551
CVE-2009-1585
CVE-2009-1553
CVE-2009-1554
CVE-2009-1467
CVE-2009-1468
CVE-2008-6774
CVE-2008-6777
CVE-2009-1482
CVE-2008-6787
CVE-2009-1584
CVE-2009-1801
CVE-2009-1553
CVE-2009-1553
CVE-2009-1553
CVE-2009-1553
CVE-2009-1553
CVE-2009-1553
Glassfish Enterprise Server Admin Console /configuration/
CVE-2009-1553
httpListenerEdit.jsf name Parameter XSS
Glassfish Enterprise Server Admin Console /resourceNode/
CVE-2009-1553
jdbcResourceEdit.jsf name Parameter XSS
FreePBX config.php Multiple Parameter XSS
CVE-2009-1801
FreePBX recordings/index.php sort Parameter XSS
CVE-2009-1801
Simple Customer profile.php Email Credentials Manipulation
CVE-2009-1637
Admin Authentication Bypass
Job Script Job Board Software admin/changepassword.php Direct
CVE-2009-1610
Request Admin Authentication Bypass
webSPELL src/func/language.php language Cookie Local File
CVE-2009-1912
Inclusion
TCPDB user/index.php Direct Request Admin Authentication
CVE-2009-1670
Bypass
Pre Real Estate Listings login.php Multiple Parameter SQL
CVE-2008-6798
Injection
Vibro-School-CMS view_news.php nID Parameter SQL Injection CVE-2008-6795
ABC Advertise admin.inc.php Direct Request Admin Credentials
CVE-2009-1550
Disclosure
Pre Real Estate Listings manager/login.php username1
CVE-2008-6796
Parameter SQL Injection
webSPELL awards.php page Parameter SQL Injection
CVE-2009-1912
Claroline claroline/linker/notfound.php HTTP Referer Header XSS CVE-2009-1907
QuiXplorer admin/index.php lang Parameter Traversal Local File
CVE-2009-1911
Inclusion
Luxbum manager.php username Parameter SQL Injection
CVE-2009-1913
TinyWebGallery /admin/_include/init.php lang Parameter
Traversal Local File Inclusion
Realty Web-Base admin/admin.php Multiple Parameter SQL
CVE-2009-1658
Injection
Smarty libs/plugins/function.math.php smarty_function_math()
Function Template Security Bypass Arbitrary Command
CVE-2009-1669
Execution
Bitweaver boards/boards_rss.php version Parameter Traversal
CVE-2009-1678
Arbitrary File Creation
Matt Wright FormMail FormMail.pl Multiple Parameter XSS
CVE-2009-1776
Matt Wright FormMail FormMail.pl request Parameter HTTP
CVE-2009-1777
Response Splitting
Dokeos main/auth/courses.php search_term Parameter XSS
Leap CMS leap.php Multiple Parameter SQL Injection
CVE-2009-1613
Open Virtual Desktop admin/applications.php id Parameter XSS CVE-2009-1775
Open Virtual Desktop admin/appsgroup.php id Parameter XSS
CVE-2009-1775
Open Virtual Desktop admin/users.php id Parameter XSS
CVE-2009-1775
Open Virtual Desktop admin/usersgroup.php id Parameter XSS
CVE-2009-1775
Open Virtual Desktop admin/tasks.php id Parameter XSS
CVE-2009-1775
Open Virtual Desktop admin/logs.php show Parameter XSS
CVE-2009-1775
Open Virtual Desktop admin/configuration-partial.php mode
CVE-2009-1775
Parameter XSS
Open Virtual Desktop header.php error Parameter XSS
CVE-2009-1785
Dizi Portali diziler.asp id Parameter SQL Injection
CVE-2008-6803
EZ-Blog public/specific.php category Parameter SQL Injection
CVE-2009-1626
Dew-NewPHPLinks index.php show Parameter Traversal
CVE-2009-1624
Arbitrary File Access
EcShop user.php order_sn Parameter SQL Injection
CVE-2009-1622
osprey ListRecords.php xml_dir Parameter Remote File Inclusion CVE-2008-6807
7Shop includes/imageupload.php Unrestricted File Upload
CVE-2008-6806
Arbitrary Code Execution
Family Connections messageboard.php thread Parameter SQL
Injection
Family Connections profile.php member Parameter SQL Injection
Family Connections gallery/index.php pid Parameter SQL
Injection
My Game Script admin.php user Parameter SQL Injection
Answer and Question Script questiondetail.php questionid
Parameter XSS
Business Community Script admin/adminaddeditdetails.php
Admin Account Creation
beLive arch.php arch Parameter Traversal Arbitrary File Access
Submitter Script admin/index.php Multiple Parameter SQL
Injection
Business Community Script admin/member_details.php mid
Parameter SQL Injection
SquirrelMail contrib/decrypt_headers.php Unspecified XSS
Answer and Question Script myaccount.php Multiple Parameter
SQL Injection
Dokeos main/mySpace/myStudents.php Multiple Parameter SQL
Injection
Dokeos main/mySpace/myStudents.php Multiple Parameter XSS
myGesuad common/login.php formUser Parameter SQL Injection
Authentication Bypass
myGesuad modules/ereignis.php Page Parameter XSS
myColex common/login.php formUser Parameter SQL Injection
myColex modules/kategorie.php ID Parameter SQL Injection
myColex modules/medium.php ID Parameter SQL Injection
myColex modules/person.php ID Parameter SQL Injection
myColex modules/schlagwort.php ID Parameter SQL Injection
Custom T-shirt Design product.php id Parameter SQL Injection
Rama Zaiten CMS download.php file Parameter Traversal
Arbitrary File Access
myColex modules/kalender.php year Parameter XSS
myColex modules/ereignis.php Page Parameter XSS
myColex modules/kategorie.php Kontext Parameter XSS
myColex modules/image.php image Parameter XSS
TemaTres sobre.php Multiple Parameter SQL Injection
Services Recipe Script admin/login.php Multiple Parameter SQL
Injection
eLitius admin/uploadimage.php Accepted Content-Type Avatar
File Unrestricted File Upload
TinyButStrong examples/tbs_us_examples_0view.php script
Parameter Traversal Arbitrary File Access
e-Commerce Plugin for Wordpress image_processing.php
Unrestricted File Upload Arbitrary Code Execution
MyPic bom.php dir Parameter Traversal Arbitrary Directory
Access
Apache Jserv Non-existent JSP Request XSS
Coppermine Photo Gallery thumbnails.php GLOBALS[cat]
Parameter SQL Injection
Creative CMS insidepage.php catid Parameter SQL Injection
Pc4 Uploader code.php id Parameter SQL Injection
ClanWeb admincp/save.php Admin Account Manipulation Access
Restriction Bypass
Pluck data/modules/contactform/module_info.php langpref
Parameter Traversal Local File Inclusion
Template Monster Clone admin/edituser.php Multiple Parameter
Access Restriction Bypass
Pluck data/modules/blog/module_info.php langpref Parameter
Traversal Local File Inclusion
Pluck data/modules/albums/module_info.php langpref Parameter
Traversal Local File Inclusion
CVE-2009-1816
CVE-2009-1654
CVE-2009-1652
CVE-2009-1649
CVE-2009-1813
CVE-2009-1651
CVE-2009-1578
CVE-2009-1655
CVE-2009-1812
CVE-2009-1811
CVE-2009-1810
CVE-2009-1810
CVE-2009-1810
CVE-2009-1810
CVE-2009-1810
CVE-2009-1819
CVE-2009-1768
CVE-2009-1809
CVE-2009-1809
CVE-2009-1809
CVE-2009-1809
CVE-2009-1584
CVE-2009-1662
CVE-2009-1659
CVE-2009-1653
CVE-2008-6811
CVE-2009-1737
CVE-2009-1742
CVE-2009-1765
CVE-2009-1767
CVE-2009-1765
CVE-2009-1765
Answer and Question Script myaccount.php userid Parameter
Arbitrary Account Deletion
VidShare Pro listing_video.php catid Parameter SQL Injection
DM FileManager login.php Multiple Parameter SQL Injection
IPplan admin/usermanager grp Parameter XSS
My Guest Book (myGuestBk) admin/index.asp XSS
bSpeak index.php forumid Parameter SQL Injection
myGesuad modules/kategorie.php Kontext Parameter XSS
myGesuad modules/image.php image Parameter XSS
myGesuad modules/kategorie.php ID Parameter SQL Injection
myGesuad modules/budget.php ID Parameter SQL Injection
myGesuad modules/zahlung.php ID Parameter SQL Injection
myGesuad modules/adresse.php ID Parameter SQL Injection
Sun Java System Communications Express uwc/abs/search.xml
abperson_displayName Parameter XSS
Sun Java System Communications Express uwc/base/UWCMain
URL Parameter XSS
Venalsur Booking Centre Booking System for Hotels Group
admin/checklogin.php Multiple Parameter SQL Injection
Venalsur Booking Centre Booking System for Hotels Group hotel_
habitaciones.php HotelID Parameter SQL Injection
Your Articles Directory yad-admin/login.php txtAdminEmail
Parameter SQL Injection
Douran Portal /Admin/ImportExport/download.aspx Multiple
Parameter Arbitrary File Access
ASP Inline Corporate Calendar search.asp keyword Parameter
XSS
Your Articles Directory page.php id Parameter SQL Injection
ZaoCMS admin/functions/PhpCommander/download.php
Directory Parameter Local File Access
Douran Portal FCKEditor Module /fck/editor Arbitrary File Upload
Douran Portal /DesktopModules/DesktopCalendar/HZAN_
pickercal.aspx calsize Parameter Path Disclosure
Realty Web-Base list_list.php id Parameter SQL Injection
DGNews berita.php id Parameter SQL Injection
MLFFAT panel/index.php supervisor Cookie SQL Injection
phpWebNews bukutamu.php det Parameter SQL Injection
ASP Inline Corporate Calendar active_appointments.asp Multiple
Parameter SQL Injection
openWYSIWYG addons/imagelibrary/select_image.php dir
Parameter Traversal Arbitrary File Manipulation
OrangeHRM CentralController.php msg Parameter XSS
Dogfood CRM Mail spell.php Remote Command Execution
aMember /docs/changelog.txt Version Disclosure
DotNetNuke ErrorPage.aspx error Parameter XSS
Basic Analysis and Security Engine (BASE) /base/base_qry_
main.php sig[1] Parameter XSS
Arcade Trade Script index.php q Parameter XSS
AjaxTerm ajaxterm.js Predictible Session ID Weakness
Answer and Question Script myaccount.php Unrestricted File
Upload Arbitrary Code Execution
WordPress wp-admin/upgrade.php Direct Request Remote
Unauthorized Application Upgrade
Php Recommend admin.php form_aula Parameter Arbitrary PHP
Code Injection
Php Recommend admin.php Multiple Parameter Authentication
Bypass Remote Privilege Escalation
Php Recommend admin.php form_include_template Parameter
Remote File Inclusion
CVE-2009-1665
CVE-2009-1734
CVE-2009-1741
CVE-2009-1732
CVE-2009-1747
CVE-2009-1811
CVE-2009-1811
CVE-2009-1812
CVE-2009-1812
CVE-2009-1812
CVE-2009-1812
CVE-2009-1729
CVE-2009-1729
CVE-2008-6810
CVE-2008-6809
CVE-2009-1751
CVE-2009-1746
CVE-2009-1731
CVE-2008-6812
CVE-2009-1629
CVE-2009-1663
CVE-2008-6767
CVE-2009-1781
CVE-2009-1780
CVE-2009-1779
Strawberry example/index.php file Parameter Traversal Local File
Inclusion
MaxCMS inc/ajax.asp id Parameter SQL Injection
Adult Portal Script profile.php user_id Parameter SQL Injection
WebMember form.php formID Parameter SQL Injection
cpCommerce _functions.php GLOBALS[prefix] Parameter
Remote File Inclusion
RoomPHPlanning login.php loginus Parameter SQL Injection
WP-Lytebox Plugin for Wordpress wp-lytebox/main.php pg
Parameter Local File Inclusion
pMachine /lib/ Multiple Script Direct Request Path Disclosure
DokuWiki inc/init.php config_cascade Parameter Remote File
Inclusion
pMachine /search/index.php keywords Parameter XSS
pMachine Multiple Script sfx Parameter Path Disclosure
Novell GroupWise gw/webacc Multiple Parameter XSS
pod.board forum_details.php Multiple Parameter XSS
pod.board new_topic.php Multiple Parameter XSS
Basic Analysis and Security Engine (BASE) base_ag_main.php
Multiple Action CSRF
Basic Analysis and Security Engine (BASE) /base/base_stat_
alerts.php time[0][1] Parameter XSS
Basic Analysis and Security Engine (BASE) /base/base_stat_
uaddr.php time[0][1] Parameter XSS
aMember /admin/users.php Multiple Parameter XSS
aMember /admin/access_log.php order1 Parameter SQL Injection
aMember /docs/tester.php Direct Request Path Disclosure
aMember setup.php step Parameter Path Disclosure
aMember /admin/report.php report Parameter Path Disclosure
aMember /admin/aff_clicks.php year_month Parameter SQL
Injection
aMember /admin/products.php product_id Parameter SQL
Injection
aMember /admin/setup.php notebook Parameter XSS
aMember /admin/newsletter_threats.php thread_id Parameter
XSS
aMember /admin/newsletter_guests.php guest_id Parameter XSS
aMember /admin/products.php action Parameter XSS
aMember /admin/protect.php action Parameter XSS
aMember /admin/coupons.php action Parameter XSS
aMember /admin/aff_banners.php banner_id Parameter XSS
aMember /admin/email_templates.php tpl Parameter XSS
aMember /admin/aff.php action Parameter XSS
aMember signup.php Multiple Field XSS
aMember aff_signup.php Multiple Field XSS
aMember profile.php Multiple Field XSS
aMember /admin/index.php Menu User-lookup XSS
Siteframe download.php id Parameter Information Disclosure
RoomPHPlanning admin/userform.php id Parameter SQL
Injection
RoomPHPlanning admin/delitem.php Direct Request Arbitrary
Item Deletion
Vanilla ajax/updatecheck.php RequestName Parameter XSS
ZeeCareers addadminmembercode.php Security Restriction
Bypass
ACollab sign_in.php f Parameter XSS
Small Pirate pag1.php id Parameter SQL Injection
Small Pirate pag1-guest.php id Parameter SQL Injection
Small Pirate rss-comment_post.php id Parameter SQL Injection
CVE-2009-1774
CVE-2009-1764
CVE-2009-1762
CVE-2009-1845
Small Pirate rss-pic-comment.php id Parameter SQL Injection
YouTube Video Script admin/index.php Multiple Parameter SQL
Injection
ST-Gallery example.php Multiple Parameter SQL Injection
MyKtools mykdownload.php Direct Request Database Backup
Disclosure
Flyspeck CMS addressbook.php lang Parameter Traversal Local
File Inclusion
ACollab profile.php address Parameter XSS
ACollab events/add_event.php description Parameter XSS
TmaxSoft JEUS url.jsp URI XSS
SimpleBoard Component for Mambo image_upload.php
Unrestricted File Upload Arbitrary Code Execution
myGesuad modules/sitzung.php ID Parameter XSS
PostNuke install.php Admin Password Disclosure
Podcast Generator core/admin/delete.php file Parameter Arbitrary
File Deletion
Sun Java System Calendar Server login.wcap Fmt-out Parameter
XSS
Quick Classifieds locate.php3 DOCUMENT_ROOT Parameter
Remote File Inclusion
Quick Classifieds search_results.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds classifieds/index.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds classifieds/view.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds controlcenter/index.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds controlcenter/manager.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlcenter/pass.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds controlcenter/remember.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlcenter/sign-up.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlcenter/update.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds controlcenter/userSet.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlcenter/verify.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds controlpannel/alterCats.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/alterFeatured.php3
DOCUMENT_ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/alterHomepage.php3
DOCUMENT_ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/alterNews.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/alterTheme.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/color_help.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/createdb.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/createFeatured.php3
DOCUMENT_ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/createHomepage.php3
DOCUMENT_ROOT Parameter Remote File Inclusion
CVE-2009-1804
CVE-2009-1799
CVE-2008-6815
CVE-2009-1770
CVE-2008-6814
CVE-2009-1811
CVE-2009-1226
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
Quick Classifieds controlpannel/createL.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/createM.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/createNews.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/createP.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/createS.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/createT.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/index.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds controlpannel/mailadmin.php3 DOCUMENT_
ROOT Parameter Remote File Inclusion
Quick Classifieds controlpannel/setUp.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds include/sendit.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds include/sendit2.php3 DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds include/adminHead.inc DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds include/usersHead.inc DOCUMENT_ROOT
Parameter Remote File Inclusion
Quick Classifieds style/default.scheme.inc DOCUMENT_ROOT
Parameter Remote File Inclusion
phpKF-Portal baslik.php tema_dizin Parameter Traversal Local
File Inclusion
phpKF-Portal anket_yonetim.php portal_ayarlarportal_dili
Parameter Traversal Local File Inclusion
Caucho Resin caucho-status Information Disclosure
Xpressions Interactive Multiple Products login.asp SQL Injection
Authentication Bypass
OpenX adview.php OAID Cookie SQL Injection
Nokia Siemens Flexi ISN Multiple Script Direct Request
Authentication Bypass
AjaxPortal ajaxp_backend.php page Parameter SQL Injection
Ixprim mod/nc_phpmyadmin/core/libraries/Theme_
Manager.class.php Unspecified Parameter Remote File Inclusion
Sambar Server /session/sendmail Arbitrary Mail Relay
Banshee DAAP Extension apps/web/vs_diag.cgi server
Parameter XSS
Rapidleech upload.php filename Parameter Traversal Arbitrary
File Access
e-Vision CMS admin/ind_ex.php adminlang Cookie Traversal
Local File Inclusion
e-Vision CMS 3rdparty/adminpart/add3rdparty.php module
Parameter Traversal Local File Inclusion
e-Vision CMS polling/adminpart/addpolling.php module
Parameter Traversal Local File Inclusion
e-Vision CMS contact/adminpart/addcontact.php module
Parameter Traversal Local File Inclusion
e-Vision CMS brandnews/adminpart/addbrandnews.php module
Parameter Traversal Local File Inclusion
e-Vision CMS newsletter/adminpart/addnewsletter.php module
Parameter Traversal Local File Inclusion
e-Vision CMS game/adminpart/addgame.php module Parameter
Traversal Local File Inclusion
e-Vision CMS tour/adminpart/addtour.php module Parameter
Traversal Local File Inclusion
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6543
CVE-2008-6516
CVE-2008-6516
CVE-2009-1509
CVE-2006-7237
CVE-2009-1175
CVE-2009-1089
CVE-2008-6551
CVE-2008-6551
CVE-2008-6551
CVE-2008-6551
CVE-2008-6551
CVE-2008-6551
CVE-2008-6551
CVE-2008-6551
e-Vision CMS articles/adminpart/addarticles.php module
Parameter Traversal Local File Inclusion
e-Vision CMS product/adminpart/addproduct.php module
Parameter Traversal Local File Inclusion
e-Vision CMS plain/adminpart/addplain.php module Parameter
Traversal Local File Inclusion
Glossaire glossaire.php letter Parameter XSS
Web Server Creator news/include/createdb.php langfile
Parameter Remote File Inclusion
Living Local editimage.php Unrestricted File Upload Arbitrary PHP
Code Execution
Living Local listtest.php r Parameter XSS
ASP Forum forum.asp iFor Parameter SQL Injection
Kusaba load_receiver.php Unrestricted File Upload
phpCollab general/login.php loginForm Parameter SQL Injection
Kusaba paint_save.php shipainter Action Unrestricted File Upload
openInvoice auth.php oiauth Cookie Remote Authentication
Bypass
BosClassifieds index.php cat_id Parameter SQL Injection
Asbru Web Content Management page.asp id Parameter SQL
Injection
Cisco ASA5520 WebVPN /+webvpn+/index.html Host HTTP
Header XSS
Sun Java System Calendar Server command.shtml date
Parameter XSS
Asbru Web Content Management login.asp url Parameter XSS
vsp stats processor vsp-core/pub/themes/bismarck/gamestat.php
gameID Parameter SQL Injection
aspWebCalendar calendar/calendar.mdb Direct Request
Credentials Disclosure
openInvoice resetpass.php uid Parameter Remote Arbitrary
Password Manipulation
DeStar config/add/CfgOptUser Direct Request Arbitrary User
Addition
phpMyAdmin BLOB Streaming Feature bs_disp_as_mime_
type.php file_path Parameter Traversal Arbitrary File Access
ColdFusion Red_Reservations Script makered.mdb /
makered97.mdb Direct Request Database Disclosure
ConnX frmLoginPwdReminderPopup.aspx txtEmail Parameter
SQL Injection
Apache mod_perl Apache::Status /perl-status Unspecified XSS
glFusion private/system/lib-session.php glf_session Cookie SQL
Injection
Azureus WebUI index.tmpl CSRF
SimpleBBS /users/users.php Remote User List Disclosure
SimpleChat /data/usr Active Chat User List Disclosure
PicoFlat CMS index.php pagina Parameter Traversal Local File
Inclusion
PHCDownload upload/install/index.php step Parameter XSS
PHCDownload admin/index.php hash Parameter SQL Injection
SquirrelMail move_messages.php Arbitrary File Moving
SquirrelMail Administrator Plugin options.php Arbitrary Admin
Account Creation
StockMan Shopping Cart shop.plx page Parameter Arbitrary
Command Execution
StockMan Shopping Cart shop.plx page Parameter Path
Disclosure
Synchrologic Email Accelerator aggregate.asp User Account
Disclosure
talentsoft Web+ webplus.exe Path Disclosure
CVE-2008-6551
CVE-2008-6551
CVE-2008-6551
CVE-2008-6550
CVE-2008-6545
CVE-2008-6530
CVE-2008-6529
CVE-2008-6527
CVE-2008-5663
CVE-2008-4303
CVE-2008-5663
CVE-2008-6523
CVE-2008-6526
CVE-2009-1220
CVE-2009-1224
CVE-2009-1223
CVE-2008-6524
CVE-2008-6538
CVE-2009-1148
CVE-2008-6580
CVE-2009-0796
CVE-2009-1282
CVE-2008-6587
CVE-2008-6604
CVE-2008-6597
CVE-2008-6596
Lanius CMS includes/upload.php File Upload Arbitrary PHP Code
Execution
Interspire Knowledge Manager loadpanel.php Panel Parameter
Traversal Local File Inclusion
Blogplus includes/block_center_down.php row_mysql_blocks_
center_down[file] Parameter Traversal Local File Inclusion
Blogplus block_center_top.php row_mysql_blocks_center_top[file]
Parameter Traversal Local File Inclusion
Blogplus includes/block_left.php row_mysql_blocks_left[file]
Parameter Traversal Local File Inclusion
Blogplus includes/block_right.php row_mysql_blocks_right[file]
Parameter Traversal Local File Inclusion
Blogplus includes/window_down.php row_mysql_bloginfo[theme]
Parameter Traversal Local File Inclusion
Blogplus includes/window_top.php row_mysql_bloginfo[theme]
Parameter Traversal Local File Inclusion
LinPHA actions/image_resized_view.php imgid Parameter XSS
GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
GEDCOM_TO_MYSQL php/index.php nom_branche Parameter
XSS
GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
OneCMS asd.php sitename Parameter SQL Injection
OxYBox edithistory.php oxymsg Parameter Arbitrary PHP Code
Injection
Truegalerie admin.php loggedin Parameter Admin Authentication
Bypass
Horde Turba status.php Path Disclosure
US Robotics Broadband Router 8003 menu.htm Admin Password
Disclosure
Upload Lite upload.cgi Arbitrary File Upload
VChat msg.txt Direct Request Message Disclosure
VChat chat.php Message Field Overflow DoS
miniBloggie del.php post_id Parameter Arbitrary Post Deletion
phpAddressBook index.php username Parameter XSS
Shader TV yonet/kanal.asp sid Parameter SQL Injection
Shader TV yonet/google.asp sid Parameter SQL Injection
Shader TV yonet/hakk.asp sid Parameter SQL Injection
Shader TV yonet/default.asp Multiple Parameter SQL Injection
BatmanPorTaL uyeadmin.asp id Parameter SQL Injection
BatmanPorTaL profil.asp id Parameter SQL Injection
RoomPHPlanning weekview.php idroom Parameter SQL Injection
MercuryBoard func/login.php User-Agent HTTP Header SQL
Injection
ClassSystem class/ApplyDB.php Unrestricted File Upload
Arbitrary Code Execution
Zen Cart index.php keyword Parameter XSS
Zen Cart index.php keyword Parameter SQL Injection
Minimal ABlog admin/uploader.php Unrestricted File Upload
Arbitrary Code Execution
phpcksec phpcksec.php file Parameter Traversal Arbitrary File /
Directory Access
phpcksec phpcksec.php path Parameter XSS
MatPo Link view.php thema Parameter XSS
MatPo Link view.php id Parameter SQL Injection
WebFileExplorer db.mdb Direct Request Database Disclosure
VP-ASP Shopping Cart shopadmin.asp Multiple Parameter SQL
Injection
VP-ASP Shopping Cart shopping400.mdb / shopping300.mdb
Direct Request Customer Database Disclosure
CVE-2009-1246
CVE-2009-1246
CVE-2009-1246
CVE-2009-1246
CVE-2009-1246
CVE-2009-1246
CVE-2008-6655
CVE-2008-6655
CVE-2008-6655
CVE-2008-6652
CVE-2008-6651
CVE-2003-1488
CVE-2008-6650
CVE-2008-6646
CVE-2008-6641
CVE-2008-6641
CVE-2008-6641
CVE-2008-6641
CVE-2008-6640
CVE-2008-6640
CVE-2008-6634
CVE-2008-6632
CVE-2008-6619
CVE-2008-6616
CVE-2008-6615
CVE-2008-6612
CVE-2008-6610
CVE-2008-6609
CVE-2008-6607
CVE-2008-6606
CVE-2009-1495
CVE-2002-1919
VP-ASP Shopping Cart shopdbtest.asp Database Location
Manipulation
Photo Graffix mp3upload.php Unrestricted File Upload Arbitrary
PHP Code Execution
LinPHA admin.php friend_full_name Parameter XSS
LinPHA admin.php Account Manipulation CSRF
VideoDB edit.php Database Editing Unspecified Unauthorized
Access
nweb2fax viewrq.php var_filename Parameter Shell
Metacharacter Arbitrary Remote Code Execution
nweb2fax comm.php id Parameter Traversal Arbitrary File Access
nweb2fax viewrq.php var_filename Parameter Traversal Arbitrary
File Access
SH-News action.php Multiple Cookie Manipulation Remote Admin
Authentication Bypass
PHPAuctions PHPAuctions.info auction_id Parameter SQL
Injection
Photo Graffix wmprocess.php tdir Parameter Arbitrary File Write
Web Wiz Siste News /news/news.mdb Direct Request User
Database Disclosure
Micro CMS microcms-admin-home.php Multiple Action Admin
Account Manipulation
RitsBlog jobs.php p Parameter SQL Injection
TinX CMS rss.php id Parameter SQL Injection
DeStar /user/settings/ destar_cfg.py pin Parameter Arbitrary
Python Code Injection
phpCommunity module/forum/class_forum.php SQL Injection
Addonics NAS Adapter nas.cgi Multiple Parameter Overflow DoS
net2ftp includes/registerglobals.inc.php validateGenericInput()
Function XSS
Geeklog system/lib-sessions.php sessid Parameter SQL Injection
Simbas CMS loginverify.asp Multiple Parameter SQL Injection
BackendCMS main.asp id Parameter SQL Injection
DotNetNuke Website\admin\Sales\paypalipn.aspx Unspecified
Parameter XSS
WebCalendar long.php user_inc Parameter Traversal Arbitrary
File Access
Book Module for w3b|cms includes/module/book/index.inc.php
spam_id Parameter SQL Injection
WihPhoto sendphoto.php Traversal Arbitrary File Access
WordPress /wp-admin/edit.php m Parameter SQL Injection
XMB member.php Multiple Parameter SQL Injection
IBM Tivoli Continuous Data Protection for Files login/
FilepathLogin.html reason Parameter XSS
Yellow Duck Weblog include/languages/check.php lang
Parameter Traversal Local File Inclusion
NanoCMS data/pagesdata.txt Direct Request Password Hash
Disclosure
FlatNuke sections/none_Login/section.php level Parameter
Remote Privilege Escalation
User Journals Plugin for e107 userjournals_menu/
userjournals.php blog Parameter SQL Injection
NanoCMS data/nanoadmin.php Admin Password Update CSRF
XOOPS Glossary Module glossaire-aff.php lettre Parameter XSS
IBM BladeCenter Advanced Management Module private/file_
management.ssi PATH Parameter XSS
DeltaScripts PHP Links admin/adm_login.php admin_username
Parameter SQL Injection
YaBB SE reminder.php user Parameter SQL Injection
CVE-2008-6669
CVE-2008-6668
CVE-2008-6668
CVE-2008-6664
CVE-2008-6663
CVE-2008-6553
CVE-2008-6539
CVE-2009-1366
CVE-2003-1239
CVE-2009-1334
CVE-2009-1288
CVE-2008-6720
YaBB SE Packages.php sourcedir Parameter Remote File
Inclusion
YaBB SE News.php template Parameter Remote File Inclusion
FreznoShop product_details.php id Parameter SQL Injection
WikkaWiki wikka.php Multiple Parameter XSS
Aqua CMS droplets/functions/base.php userSID Cookie SQL
CVE-2009-1317
Injection
Nortel Application Gateway 2000 (AG2000) adminDownloads.htm
Admin Credentials Disclosure
Zazzle Store Builder include/zstore.php Multiple Parameter XSS CVE-2009-1320
Aqua CMS admin/index.php username Parameter SQL Injection CVE-2009-1317
Ananta CMS change.php email Parameter Remote Privilege
CVE-2008-6665
Escalation
e_Board index2.cgi message Parameter Traversal Arbitrary File
Access
Pre ADS Portal homeadmin/adminhome.php msg Parameter XSS CVE-2008-6715
Pre ADS Portal homeadmin/signinform.php msg Parameter XSS CVE-2008-6715
Job2C windetail.php adtype Parameter Traversal Local File
Inclusion
FreeWebShop.org includes/startmodules.inc.php lang_file
Parameter Traversal Local File Inclusion
AbleSpace events_view.php eid Parameter SQL Injection
CVE-2009-1316
Novell Teaming c/portal/login Error Message Username
CVE-2009-1293
Enumeration
WikkaWiki wikka.php Multiple Parameter SQL Injection
WikkaWiki wikka.php Site Setting Manipulation CSRF
Pre ADS Portal homeadmin/adminhome.php Direct Request
CVE-2008-6716
Admin Authentication Bypass
Beanwebbs Guestbook add.php Multiple Parameter XSS
Beanwebbs Guestbook /guestbook/admin.php Unrestricted Admin
Access
iXmail ixmail_netattach.php Arbitrary File Deletion
iXmail ixmail_attach.php Crafted Request Unrestricted File
Upload
Job2C detail.php adtype Parameter Traversal Local File Inclusion
AbleSpace events_clndr_view.php id Parameter SQL Injection
CVE-2009-1316
AbleSpace blogs_full.php Comments Parameter XSS
CVE-2009-1315
AbleSpace groups_profile.php gid Parameter XSS
CVE-2009-1315
AbleSpace adv_cat.php Multiple Parameter XSS
CVE-2009-1315
Nuke Evolution Xtreme player.php defaultVisualExt Parameter
CVE-2009-1457
XSS
razorCMS admin/index.php Multiple Parameter XSS
CVE-2009-1458
DNS Tools dig.php Multiple Parameter Arbitrary Remote Shell
CVE-2009-1361
Command Execution
eLitius admin/manage-admin.php Admin Authentication Bypass
BlackBerry Enterprise Server MDS Connection Service /admin/
CVE-2009-0307
statistics/ConfigureStatistics Multiple Parameter XSS
WebCollab tasks.php selection Parameter XSS
CVE-2009-1454
Geeklog usersettings.php savepreferences() Function SQL
Injection
HP Deskjet 6840 refresh_rate.htm POST Request XSS
CVE-2009-1333
HR Web Add On mss/index.asp app_username Parameter SQL
Injection
razorCMS admin/core/admin_config.php Permission Weakness
CVE-2009-1460
Credentials Disclosure
ASP Product Catalog search.asp keywords Parameter XSS
CVE-2009-1321
ASP Product Catalog database/aspProductCatalog.mdb Direct
CVE-2009-1322
Request User Credentials Disclosure
Web File Explorer body.asp id Parameter SQL Injection
CVE-2009-1323
myPHPNuke phptonuke.php filnavn Parameter Traversal
Arbitrary File Access
MyServer math_sum.mscgi Multiple Parameter XSS
MyServer math_sum.mscgi Multiple Parameter Remote Overflow
Malleo admin.php module Parameter Traversal Local File
Inclusion
Phorum admin/badwords.php curr Parameter XSS
Tiny Blogr class.eport.php txtUsername Parameter SQL Injection
Free Shopping Cart admin/editor/image.php File Upload Arbitrary
PHP Code Execution
Nethoteles ficha.php id_establecimiento Parameter SQL Injection
EZ Webitor login.php Multiple Parameter SQL Injection
osTicket open.php Support Address Crafted Mail Loop Remote
DoS
Studio Lounge Address Book upload-file.php File Upload Arbitrary
PHP Code Execution
P-News p-news.php Name Field Arbitrary Account Injection
Privilege Escalation
e107 usersettings.php hide Parameter SQL Injection
FlatnuX CMS sections/02_Flatforum/search.php module
Parameter Traversal Local File Inclusion
Online Contact Manager view.php id Parameter XSS
Online Contact Manager email.php id Parameter XSS
Online Contact Manager edit.php id Parameter XSS
Online Contact Manager delete.php id Parameter XSS
Seditio CMS Events Plugin events/inc/events.inc.php c Parameter
SQL Injection
Creasito E-Commerce Content Manager admin/checkuser.php
username SQL Injection
TotalCalendar /admin/manage_users.php Authentication Bypass
Privilege Escalation
FlatnuX CMS sections/08_Files/search.php module Parameter
Traversal Local File Inclusion
FlatnuX CMS sections/06_Download/section.php _FNVMOD
Parameter Traversal Local File Inclusion
FlatnuX CMS sections/10_Login/section.php _FN[vmod]
Parameter Traversal Local File Inclusion
FlatnuX CMS none_Control_Center/section.php _FN[vmod]
Parameter Traversal Local File Inclusion
FlatnuX CMS themes/tp_alpha/theme.php _FN[theme] Parameter
Traversal Local File Inclusion
FlatnuX CMS themes/tp_dhtml2/theme.php _FN[theme]
Parameter Traversal Local File Inclusion
FlatnuX CMS themes/tp_green/theme.php _FN[theme] Parameter
Traversal Local File Inclusion
Phorum support/common.php ForumLang Parameter Traversal
Arbitrary File Access
VS PANEL showcat.php Cat_ID Parameter SQL Injection
DiViS DVR GET Request Handling Traversal Arbitrary File
Access
Dokeos whoisonline.php tablename_column Parameter Arbitrary
PHP Code Execution
I-Rater Platinum admincp/login.php txtname Parameter SQL
Injection
I-Rater Pro login.php login_username Parameter SQL Injection
OpenX www/delivery/tjs.php Multiple Method SQL Injection
OpenX www/admin/sso-accounts.php email Parameter XSS
OpenX on Windows www/delivery/tjs.php trackerid Parameter
Traversal Arbitrary File Deletion
OpenX adframe.php CRLF Injection
CVE-2002-1913
CVE-2009-1456
CVE-2009-1453
CVE-2009-1447
CVE-2009-1346
CVE-2009-1483
CVE-2009-1409
CVE-2009-1411
OpenX adjs.php CRLF Injection
OpenX www/delivery/tjs.php CRLF Injection
New 5 Star Rating System admin/admin_class.php myusername
Parameter SQL Injection
PHP-Ping index.php pingto Parameter Arbitrary Code Execution
PastelCMS admin.php user Parameter SQL Injection
CVE-2009-1404
SAP Multiple Products Collaboration Folders (cFolders) col_table_
filter.htm p_current_role Parameter XSS
Mongoose URI Traversal Arbitrary File Access
CVE-2009-1354
HoMaP-CMS html/admin/modules/plugin_admin.php _settings
CVE-2008-6740
[pluginpath] Parameter Remote File Inclusion
ASP Download Management Script setupdownload.asp Admin
CVE-2008-6739
Authentication Bypass
SAP Multiple Products Collaboration Folders (cFolders) hyp_de_
create.htm LINK Field XSS
SAP Multiple Products Collaboration Folders (cFolders) me_
ov.htm p_current_role Parameter XSS
ThaiQuickCart qc/index.php sLanguage Cookie Traversal
CVE-2008-6735
Arbitrary File Access
Keller Web Admin CMS Public/index.php action Parameter
CVE-2008-6734
Traversal Local File Inclusion
cpCommerce document.php id_document Parameter SQL
CVE-2009-1345
Injection
Apache Geronimo /console/portal/ URI XSS
CVE-2009-0038
Apache Geronimo /console/portal/Server/Monitoring Multiple
CVE-2009-0038
Parameter XSS
Novell Teaming Liferay Portal web/guest/home Multiple
CVE-2009-1294
Parameter XSS
PJBlog3 action.asp cname Parameter SQL Injection
CVE-2009-1481
Multiple Vendor ping.asp Address Field Arbitrary Command
Execution
Simple Machines Forum (SMF) Load.php db_character_set
CVE-2008-6741
Parameter SQL Injection
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary
File Access
rot13sj.cgi Arbitrary File Access
phpCommunity module/forum/class_search.php SQL Injection
phpCommunity module/admin/files/show_file.php file Parameter
Traversal Arbitrary File Access
phpCommunity module/admin/files/show_source.php path
Parameter Arbitrary File Access
phpCommunity templates/1/login.php msg Parameter XSS
TotalCalendar cms_detect.php include Parameter Traversal
CVE-2009-1406
Arbitrary File Access
SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure
spin_client.cgi Remote Overflow
Dojo src/io/xip_client.html XSS
CVE-2007-6726
Dojo src/io/xip_server.html XSS
CVE-2007-6726
xeCMS admin.php xecms_username Cookie Admin
CVE-2008-6714
Authentication Bypass
Butterfly Organizer view.php mytable Parameter XSS
CVE-2008-6700
Butterfly Organizer viewdb2.php mytable Parameter XSS
CVE-2008-6700
Butterfly Organizer category-rename.php tablehere Parameter
CVE-2008-6700
XSS
Butterfly Organizer module-contacts.php letter Parameter XSS
CVE-2008-6700
ttCMS / ttforum Profile.php Member Name SQL Injection
CVE-2003-1458
ttCMS / ttforum News.php template Parameter Remote File
CVE-2003-1459
Inclusion
ttCMS / ttforum install.php installdir Parameter Remote File
CVE-2003-1459
Inclusion
TYPO3 /fileadmin/include_test.php Path Disclosure
TYPO3 showpic.php Traversal File Enumeration
TYPO3 thumbs.php Traversal File Enumeration
TYPO3 translations.php ONLY Parameter Encoded Traversal
Arbitrary File Access
Phorum admin/banlist.php curr Parameter XSS
Phorum admin/users.php Multiple Parameter XSS
Phorum versioncheck.php upgrade_available Parameter XSS
Phorum control.php panel Parameter XSS
Phorum control.php Administration CSRF
Phorum moderation.php Moderate Forum CSRF
Phorum pm.php Private Message CSRF
Phorum posting.php Forum Post CSRF
myPHPNuke print.php sid Parameter SQL Injection
Linksys WRT54GC administration.cgi Crafted HTTP Request
Handling Admin Password Manipulation
VPOPMail for SquirrelMail vpopmail.php Arbitrary Command
Execution
MataChat input.php Multiple Parameter XSS
Flatchat pmscript.php with Parameter Traversal Local File
Inclusion
CuteNews show_news.php Query String XSS
CuteNews rss.php rss_title Parameter XSS
Faq-O-Matic fom.cgi file Parameter XSS
APRICOT apricot.php Unspecified Parameter XSS
Elkagroup Image Gallery upload.php Unrestricted File Upload
Arbitrary Code Execution
WebSPELL picture.php id Parameter Traversal Arbitrary File
Access
@mail webadmin/admin.php Multiple Parameter XSS
WebPortal CMS libraries/helpdocs/help.php lang Parameter
Traversal Arbitrary File Access
WebPortal CMS indexk.php lib_path Parameter Remote File
Inclusion
NotFTP config.php languages[][file] Parameter Traversal Arbitrary
File Access
CRE Loaded product_info.php products_id Parameter SQL
Injection
Novell GroupWise WebAccess WebAccessUninstall.ini
Information Disclosure
Tiger DMS login.php Multiple Parameter SQL Injection
Infinity CGI Exploit Scanner nph-exploitscanget.cgi host
Parameter XSS
Infinity CGI Exploit Scanner nph-exploitscanget.cgi DNS Wildcard
Scan Policy Bypass
Infinity CGI Exploit Scanner nph-exploitscanget.cgi host
Parameter Arbitrary Command Execution
SMA-DB theme/format.php Multiple Parameter Remote File
Inclusion
SMA-DB format.php _page_content Parameter Remote File
Inclusion
Coppermine Photo Gallery docs/showdoc.php css Parameter
XSS
S-CMS plugin.php page Parameter Traversal Local File Inclusion
Flexcustomer admin/install.php installdbname Parameter
Arbitrary PHP Code Execution
MPC SoftWeb Guestbook insertguest.asp Multiple Parameter
XSS
MPC SoftWeb Guestbook mpcsoftweb_guestdata.mdb Direct
Request Database Disclosure
CVE-2008-4088
CVE-2009-1561
CVE-2009-1486
CVE-2002-2011
CVE-2009-1448
CVE-2009-1446
CVE-2009-1445
CVE-2009-1444
CVE-2009-1407
CVE-2009-1403
CVE-2009-1503
CVE-2009-1452
CVE-2009-1450
CVE-2009-1502
CVE-2008-6761
Linksys WVC54GCA IP Camera /img/main.cgi next_file
Parameter Encoded Traversal Arbitrary File Access
Linksys WVC54GCA IP Camera /adm/file.cgi admpw Cleartext
Admin Password Disclosure
Linksys WVC54GCA IP Camera main.cgi next_file Parameter
XSS
Linksys WVC54GCA IP Camera /adm/file.cgi Multiple Parameter
XSS
Booking System for Hotels Group cadena_ofertas_ext.php
CVE-2008-6216
OfertaID Parameter SQL Injection
Booking System for Hotels Group cadena_ofertas_ext.php
CVE-2008-6215
OfertaID Parameter XSS
RavenNuke Resend_Email Module modules.php user_prefix
CVE-2009-0672
Parameter SQL Injection
Plunet BusinessManager pagesUTF8/auftrag_
CVE-2009-0699
allgemeinauftrag.jsp Multiple Parameter XSS
APC PowerChute Business Edition /security/applet referrer
Parameter XSS
e107 submitnews.php Multiple Parameter XSS
CVE-2008-6208
Document Library save_user.asp Admin Credentials Disclosure
ZABBIX PHP Frontend include/validate.inc.php extlang Parameter
Arbitrary PHP Code Execution
Centreon oreon.php p Parameter SQL Injection
Academic Web Tools page.php Unspecified Parameter XSS
Centreon main.php p Parameter SQL Injection
Z1Exchange showads.php id Parameter SQL Injection
CVE-2008-6392
Jbook main.asp Multiple Parameter SQL Injection
CVE-2008-6391,2008-6376
Rapid Classified cldb.mdb Direct Request Database Disclosure
CVE-2008-6388
GhostScripter Amazon Shop add_review.php lang Parameter
Traversal Local File Inclusion
Quick Tree View .NET qtv.mdb Direct Request Database
CVE-2008-6387
Disclosure
Z1Exchange showads.php id Parameter XSS
CVE-2008-6386
JBook userids.mdb Direct Request Database Disclosure
CVE-2008-6375
Social Groupie Photos/create_album.php Unrestricted File
CVE-2008-6367
Upload Arbitrary Code Execution
MyCal Personal Events Calendar mycal.mdb Direct Request
CVE-2008-6357
Credentials Disclosure
TurnkeyForms Local Clasifieds listtest.php r Parameter XSS
CVE-2008-6351
Onguma Time Sheet Component for Joomla! lib/
onguma.class.php mosConfig_absolute_path Parameter Remote CVE-2008-6347
File Inclusion
Easy File Sharing Web Server thumbnail.ghp vfolder Parameter
Traversal Arbitrary File Access
RSS Simple News news.php pid Parameter SQL Injection
CVE-2008-6333
Softbiz Classifieds Script showcategory.php radio Parameter XSS CVE-2008-6325
Softbiz Classifieds Script advertisers/signinform.php msg
CVE-2008-6325
Parameter XSS
Softbiz Classifieds Script gallery.php radio Parameter XSS
CVE-2008-6325
Softbiz Classifieds Script lostpassword.php msg Parameter XSS CVE-2008-6325
Softbiz Classifieds Script admin/adminhome.php msg Parameter
CVE-2008-6325
XSS
Softbiz Classifieds Script admin/index.php msg Parameter XSS
CVE-2008-6325
CF_Auction forummessages.cfm categorynbr Parameter SQL
CVE-2008-6323
Injection
PHPmyGallery _conf/_php-core/common-tpl-vars.php admindir
CVE-2008-6318
Parameter Remote File Inclusion
ToursManager tourview.php tourid Parameter SQL Injection
CVE-2008-6303
TurnkeyForms Local Classifieds Site_Admin/admin.php Direct
CVE-2008-6302
Request Admin Authentication Bypass
Sun Management Center (SunMC) Performance Reporting
Module /prm/reports msg Parameter XSS
GhostScripter Amazon Shop cart.php asin Parameter Traversal
Local File Inclusion
GhostScripter Amazon Shop info.php asin Parameter Traversal
Local File Inclusion
CMSCart maindatafunctions.php MenuLevel1 Parameter SQL
Injection
Blogsa Widgets.aspx searchText Parameter XSS
xGuestbook login.php user Parameter SQL Injection
zFeeder admin.php Direct Request Admin Authentication Bypass
YapBB forumhop.php forumID Parameter SQL Injection
Team Board online.asp lookname Parameter XSS
txtSQL smNews Example Script login.php username Parameter
SQL Injection
Academic Web Tools page_arch.php Unspecified Parameter XSS
Academic Web Tools login.php Unspecified Parameter XSS
Academic Web Tools download.php Unspecified Parameter XSS
AJ Auction Pro detail.php item_id Parameter SQL Injection
Ol' Bookmarks Manager show.php show Parameter Traversal
Local File Inclusion
Ol' Bookmarks Manager index.php id Parameter SQL Injection
Ol' Bookmarks Manager frame.php framefile Parameter Remote
File Inclusion
Ol' Bookmarks Manager frame.php framefile Parameter Traversal
Local File Inclusion
Hotscripts Clone showcategory.php cid Parameter SQL Injection
Thyme add_calendars.php callback Parameter XSS
OpenRat themes/default/include/html/insert.inc.php tpl_dir
Parameter Remote File Inclusion
Sofi WebGui hu/modules/reg-new/modstart.php mod_dir
Parameter Remote File Inclusion
ZABBIX PHP Frontend users.php CSRF
ZABBIX PHP Frontend locales.php srclang Parameter Traversal
Local File Inclusion
HotPot Module for Moodle report.php hotpot_delete_selected_
attempts Function SQL Injection
Graugon PHP Article Publisher view.php id Parameter SQL
Injection
evCal Events Calendar evcal.mdb Direct Request Credentials
Disclosure
evCal Events Calendar evcal97.mdb Direct Request Credentials
Disclosure
PHortail poster.php Multiple Parameter XSS
isiAJAX paises.php id Parameter SQL Injection
TinX/cms system/rss.php id Parameter SQL Injection
APC PowerChute Business Edition /contexthelp page Parameter
Response Splitting
WEBJump! portfolio_genre.php id Parameter SQL Injection
WEBJump! news_id.php id Parameter SQL Injection
Book Panel Infusion for PHP-Fusion infusions/book_panel/
books.php bookid Parameter SQL Injection
Aryanic HighCMS includes/web_search.aspx q Parameter XSS
Aryanic HighPortal includes/web_search.aspx q Parameter XSS
Maarch login.php login Parameter SQL Injection
EditeurScripts EsContacts login.php msg Parameter XSS
TikiWiki CMS/Groupware tiki-list_file_gallery.php URL Parameter
XSS
pHNews extra/genbackup.php Direct Request Database
Disclosure
CVE-2009-0857
CVE-2009-0814
CVE-2009-0810
CVE-2009-0807
CVE-2009-0768
CVE-2009-0761
CVE-2009-0750
CVE-2008-6414
CVE-2008-6410
CVE-2008-6409
CVE-2008-6408
CVE-2008-6407
CVE-2008-6405
CVE-2008-6404
CVE-2008-6403
CVE-2008-6402
CVE-2008-6124
CVE-2008-6356
CVE-2008-6356
CVE-2009-0881
CVE-2009-0825
CVE-2009-0866
S-Cms admin/delete_page.php id Parameter SQL Injection
CVE-2009-0863
CelerBB login.php Username Parameter Admin Authentication
CVE-2009-0853
Bypass
CelerBB showme.php user Parameter Reserved Information
CVE-2009-0852
Disclosure
CelerBB viewforum.php id Parameter SQL Injection
CVE-2009-0851
CelerBB viewtopic.php id Parameter SQL Injection
CVE-2009-0851
phpKF forum_duzen.php fno Parameter SQL Injection
CVE-2008-6443
AbleDating search_results.php keyword Parameter XSS
CVE-2008-6439
RavenNuke images/captcha.php aFonts Array Parameter Remote
CVE-2009-0674,2009-0678
Information Disclosure
TikiWiki CMS/Groupware tiki-listpages.php URL Parameter XSS
TikiWiki CMS/Groupware tiki-orphan_pages.php URL Parameter
XSS
Cryptographp cryptographp.inc.php cfg Parameter Local File
Inclusion
Rapidleech upload.php uploaded Parameter Traversal Local File
Inclusion
PHP Pro Bid includes/class_image.php fileExtension Parameter
CVE-2009-0970
Remote File Inclusion
OneOrZero Helpdesk login.php default_language Parameter
CVE-2009-0886
Traversal Arbitrary File Access
nForum showtheme.php id Parameter SQL Injection
CVE-2009-0882
nForum userinfo.php user Parameter SQL Injection
CVE-2009-0882
PHPLinkAdmin edlink.php linkid Parameter SQL Injection
CVE-2009-1024
phpFoX account/settings/account/ Admin Email Address
CVE-2009-0969
Manipulation CSRF
Diesel Job Site jobs/jobseekers/job-info.php job_id Parameter
CVE-2008-6467
SQL Injection
Oceandir show_vote.php id Parameter SQL Injection
CVE-2008-6452
PHPmyGallery _conf/core/common-tpl-vars.php lang Parameter
CVE-2008-6316
Traversal Local File Inclusion
Rapidleech upload.php uploaded Parameter XSS
jPORTAL humor.php id Parameter SQL Injection
CVE-2008-6451
PHPRunner UserView_list.php SearchField Parameter SQL
CVE-2009-0963
Injection
YABSoft Mega File Hosting Script cross.php url Parameter
CVE-2009-0966
Remote File Inclusion
Pivot extensions/bbclone_tools/count.php refkey Parameter
Traversal Arbitrary File Deletion
YAP comments.php image_id Parameter SQL Injection
CVE-2009-1038
YAP admin/index.php user Parameter SQL Injection
CVE-2009-1038
PHPLinkAdmin linkadmin.php page Parameter Remote File
CVE-2009-1025
Inclusion
DeluxeBB misc.php qorder Parameter SQL Injection
CVE-2009-1033
Advanced Image Hosting gallery_list.php gal Parameter SQL
CVE-2009-1032
Injection
PHPRunner orders_list.php SearchField Parameter SQL Injection CVE-2009-0963
PHPRunner users_list.php SearchField Parameter SQL Injection CVE-2009-0963
PHPRunner Administrator_list.php SearchField Parameter SQL
CVE-2009-0963
Injection
Ganesha Digital Library (GDL) gdl.php node Parameter SQL
CVE-2009-0965
Injection
PHPGKit connexion.php DOCUMENT_ROOT Parameter Remote
CVE-2008-6491
File Inclusion
FLABER function/update_xml.php target_file Parameter Arbitrary
CVE-2008-6490
File Overwrite
FubarForum db/user.tsv Direct Request Credentials Disclosure
CVE-2009-1051
FireAnt db/user.tsv Direct Request Credentials Disclosure
CVE-2009-1052
Pixie CMS index.php x Parameter XSS
CVE-2009-1067
DigiAffiliate login.asp Multiple Field SQL Injection
Wordpress MU wp-includes/wpmu-functions.php Host Header
XSS
Kim Websites login.php Multiple Parameter SQL Injection
XAMPP security/xamppsecurity.php xampppasswd Parameter
CSRF
ASP User Engine.NET users.mdb Direct Request Database
Disclosure
Easy Content Management Publishing Database/News.mdb
Direct Request Database Disclosure
gigCalendar Component for Joomla! (com_gigcal)
venuedetails.php gigcal_venues_id Parameter SQL Injection
Golabi CMS index_logged.php cur_module Parameter Remote
File Inclusion
Pixie CMS admin/lib/lib_logs.php Referer HTTP Header SQL
Injection
PHCDownload search.php string Parameter Arbitrary PHP Code
Execution
Bloginator articleCall.php id Parameter SQL Injection
ExpressionEngine system/index.php avatar Parameter XSS
HP Embedded Web Server (EWS) hp/device/config_result_
YesNo.html/config NetIPChange Request CSRF
HP Embedded Web Server (EWS) hp/device/set_config_
password.html/config Multiple Parameter CSRF
Pluck data/modules/blog/module_pages_site.php post Parameter
Traversal Local File Inclusion
e107 e107_admin/*.php Account Modification CSRF
PSCS VPOP3 Email Server homeplus.html sess_folder
Parameter XSS
phpMyAdmin libraries/display_export.lib.php Unspecified Cookie
XSS
Media Entertainment Script view.php id Parameter SQL Injection
e107 e107_admin/userclass2.php Multiple Parameter XSS
e107 e107_admin/meta.php meta_copyright Parameter XSS
e107 e107_admin/notify.php Multiple Parameter XSS
e107 e107_admin/language.php multilanguage_subdomain
Parameter XSS
Jinzora index.php name Parameter Traversal Local File Inclusion
EditeurScripts EsBaseAdmin login.php msg Parameter XSS
EditeurScripts EsPartenaires login.php msg Parameter XSS
EditeurScripts EsNews modifier.php msg Parameter XSS
Simply Classified adverts.php category_id Parameter SQL
Injection
Apache Tomcat Examples Web Application Calendar Application
jsp/cal/cal2.jsp time Parameter XSS
Openfire Admin Console login.jsp url Parameter XSS
Openfire login.jsp url Parameter Arbitrary Site Redirect
Andy's PHP Knowledgebase (aphpkb) saa.php Unrestricted File
Upload Arbitrary Code Execution
Free PHP Petition Signing Script index.php Multiple Parameter
SQL Injection
Acute Control Panel themes/container.php theme_directory
Parameter Remote File Inclusion
Ultraseek cs.html url Parameter Arbitrary Site Redirect
PacPoll poll.mdb / poll97.mdb Direct Request Database
Disclosure
Acute Control Panel themes/header.php theme_directory
Parameter Remote File Inclusion
Plunet BusinessManager pagesUTF8/Sys_DirAnzeige.jsp Pfad
Parameter Direct Request Information Disclosure
CVE-2008-6487
CVE-2009-1030
CVE-2009-1026
CVE-2008-6498
CVE-2008-6494
CVE-2008-6493
CVE-2009-1066
CVE-2009-1049
CVE-2009-1070
CVE-2009-0940
CVE-2009-0940
CVE-2009-0781
CVE-2008-6510
CVE-2008-6511
CVE-2008-6513
CVE-2009-0347
CVE-2008-5981
CVE-2009-0700
Plunet BusinessManager pagesUTF8/auftrag_job.jsp Pfad
CVE-2009-0700
Parameter Direct Request Information Disclosure
Ocean12 ASP Guestbook Manager /admin/o12guest.mdb Direct
Request User Database Disclosure
Owl browse.php Authentication Bypass
P-Synch Password Management nph-psf.exe css Parameter
Remote File Inclusion
P-Synch Password Management nph-psa.exe css Parameter
Remote File Inclusion
PD9 MegaBBS thread-post.asp Multiple Header CRLF Injection
PD9 MegaBBS ladder-log.asp Multiple Parameter SQL Injection
PD9 MegaBBS view-profile.asp Multiple Parameter SQL Injection
glFusion private/system/classes/listfactory.class.php Multiple
Parameter SQL Injection
chaozzDB user.tsv Direct Request Credentials Disclosure
CVE-2009-1053
Philboard /database/philboard.mdb Direct Request Database
Disclosure
My Simple Forum theme/default/index.template.php action
Parameter Traversal Local File Inclusion
My Simple Forum theme/default/index.template.php Name
Parameter XSS
Diskos CMS side.asp kat Parameter SQL Injection
JobHut library/process.php pk Parameter SQL Injection
Aurora FoodPro nutframe.asp locationName Parameter XSS
Aurora FoodPro Menusamp.asp locationName Parameter XSS
Diskos CMS medlemmer.mdb Direct Request Information
Disclosure
Sama Educational Management System Error.asp Message
Parameter XSS
Oracle Application Server login.jsp site2pstoretoken Parameter
XSS
Oracle Forms cgi60.exe form Parameter XSS
PerlSoft Gästebuch admincenter.cgi loginname1 Parameter
Arbitrary Command Execution
E-Php B2B Trading Marketplace Script signin.php errmsg
Parameter XSS
The Mapping Calendar (MapCal) index.php id Parameter SQL
CVE-2008-6038
Injection
SalesCart online/menu.asp Multiple Parameter SQL Injection
SalesCart customer/cmenu.asp code Parameter SQL Injection
Twitter Clone rss/user_updates.php user Parameter SQL Injection
SMA-DB startpage.php URL XSS
phpSlash include/class/tz_env.class generic Function Arbitrary
CVE-2009-0517
PHP Code Execution
AJA modules/Contact_Plus/admin/case.php currentlang
CVE-2009-0457
Parameter Traversal Local File Inclusion
Online Grades admin/admin_login.php Multiple Parameter SQL
CVE-2009-0479
Injection
D-Link DVG-2001S Forms/page_CfgDevInfo_Set URL XSS
AJA modules/Fancy_NewsLetter/admin/includes/
FANCYNLOptions.php module_name Parameter Traversal Local CVE-2009-0457
File Inclusion
Online Grades parents/login.php Multiple Parameter SQL Injection CVE-2009-0452
Online Grades include/phpinfo.php Direct Request Information
CVE-2009-0453
Disclosure
Whole Hog Software Multiple Products admin/login_submit.php
CVE-2009-0458,2009-0459
Multiple Parameter SQL Injection
GBook includes/header.php abspath Parameter Remote File
CVE-2009-0464
Inclusion
ClickCart customer_login_check.asp Multiple Parameter SQL
CVE-2009-0462
Injection
FlatnuX CMS include/flatnux.php _FNROOTPATH Parameter
Remote File Inclusion
FlatnuX CMS filemanager.php _FNROOTPATH Parameter
Remote File Inclusion
GRBoard theme/179_squarebox_pds_list/view.php theme
Parameter Remote File Inclusion
PHPbbBook bbcode.php l Parameter Traversal Local File
Inclusion
TECHNOTE skin_shop/standard/2_view_body/body_default.php
shop_this_skin_path Parameter Remote File Inclusion
MyDesign Sayac default.asp Multiple Parameter SQL Injection
KeyFocus (KF) Web Server Null Byte Request Forced Directory
Listing
Kebi Academy Home Page Administration file Parameter
Traversal Arbitrary File Access
GR Blog admin/ Directory Unrestricted File Upload
Team Board team.mdb Direct Request Information Disclosure
4Site CMS pcgi/4site.pl Multiple Parameter SQL Injection
Micronation Banking System utdb_access.php minsoft_path
Parameter Remote File Inclusion
Micronation Banking System utgn_message.php minsoft_path
Parameter Remote File Inclusion
Rianxosencabos CMS scripts/links.php id Parameter SQL
Injection
Xnova includes/todofleetcontrol.php ugamela_root_path
Parameter Remote File Inclusion
LinksPro Default.asp OrderDirection Parameter SQL Injection
Active Bids search.asp search Parameter XSS
Active Bids tellafriend.asp URL Parameter XSS
Active Bids search.asp search Parameter SQL Injection
Active Bids auctionsended.asp SortDir Parameter SQL Injection
Active Bids wishlist.asp catid Parameter SQL Injection
Meet#Web modules.php root_path Parameter Remote File
Inclusion
Meet#Web ManagerResource.class.php root_path Parameter
Remote File Inclusion
Meet#Web ManagerRightsResource.class.php root_path
Parameter Remote File Inclusion
Meet#Web RegForm.class.php root_path Parameter Remote File
Inclusion
Meet#Web RegResource.class.php root_path Parameter Remote
File Inclusion
Meet#Web RegRightsResource.class.php root_path Parameter
Remote File Inclusion
Liberum Help Desk db/helpdesk2000.mdb Direct Request
Password Disclosure
Simple PHP News post.php Multiple Parameter Arbitrary PHP
Code Execution
Kipper default.php charm Parameter XSS
Cisco IOS HTTP Server /level/15/exec/-/ PATH_INFO XSS
MetaCart metacart.mdb Direct Request Credentials Disclosure
PHP-CMS admin/login.php username Parameter SQL Injection
smartSite CMS articles.php var Parameter SQL Injection
Chipmunk Blogger Script admin/authenticate.php Multiple
Parameter SQL Injection
E-Php CMS browsecats.php cid Parameter SQL Injection
Chipmunk Blogger Script admin/reguser.php Direct Request
Admin Privilege Escalation
Pre Lecture Exercises CMS login.php school Parameter SQL
Injection
CVE-2009-0572
CVE-2009-0572
CVE-2009-0444
CVE-2009-0442
CVE-2009-0441
CVE-2009-0447
CVE-2009-0760
CVE-2009-0646
CVE-2008-6006
CVE-2008-6006
CVE-2008-6014
CVE-2008-6022,2008-6023
CVE-2009-0431
CVE-2009-0430
CVE-2009-0430
CVE-2009-0429
CVE-2009-0429
CVE-2009-0429
CVE-2008-6066
CVE-2008-6066
CVE-2008-6066
CVE-2008-6066
CVE-2008-6066
CVE-2008-6066
CVE-2008-6057
CVE-2009-0610,2009-0643
CVE-2009-0763
CVE-2009-0470
CVE-2008-6051
CVE-2009-0407
CVE-2009-0405
CVE-2009-0403
CVE-2009-0401
CVE-2009-0399
CVE-2009-0394
Motorola Wimax CPEi300 sysconf.cgi page Parameter XSS
Motorola Wimax CPEi300 sysconf.cgi page Parameter Traversal
Arbitrary File Access
OwnRS CMS autor.php id Parameter SQL Injection
SiteXS CMS post.php type Parameter Traversal Local File
Inclusion
Article Script view.php v Parameter SQL Injection
BaseBuilder main.inc.php mj_config[src_path] Parameter Remote
File Inclusion
WSN Links comments.php id Parameter SQL Injection
WSN Links vote.php id Parameter SQL Injection
Fez list.php parent_id Parameter SQL Injection
4Site CMS print/print.shtml page Parameter SQL Injection
4Site CMS portfolio/index.shtml Multiple Parameter SQL Injection
4Site CMS faq/index.shtml th Parameter SQL Injection
Ninja Designs Mailist send.php load Parameter Traversal Local
File Inclusion
PHP-Calendar update.php Direct Request Information Disclosure
SilverNews admin.php section Parameter Traversal Local File
Inclusion
ilchClan statistic.php X-Forwarded-For Header SQL Injection
glFusion lib-comment.php username Parameter XSS
FotoWeb Login.fwx s Parameter XSS
MediaWiki Installer config/index.php Unspecified Parameter XSS
ASP101 Login Password Sample login.mdb Direct Request
Password Disclosure
SnippetMaster includes/vars.inc.php _SESSION[SCRIPT_PATH]
Parameter Remote File Inclusion
Yet Another NOCC check_lang.php lang Parameter Traversal
Local File Inclusion
AdaptCMS Lite plugins/rss_importer_functions.php sitepath
Parameter Remote File Inclusion
A Better Member-Based ASP Photo Gallery view.asp entry
Parameter SQL Injection
Sajax php/Sajax.php sajax_get_common_js() Function XSS
If-CMS frame.php id Parameter SQL Injection
GLinks includes/header.php abspath Parameter Remote File
Inclusion
patForms for Sourdough examples/example_clientside_
javascript.php neededFiles[patForms] Parameter Remote File
Inclusion
SkaLinks admin/ URI Admin Name Field SQL Injection
Syntax Desktop admin/modules/aa/preview.php synTarget
Parameter Traversal Local File Inclusion
phpMyID MyID.php openid_return_to Parameter Arbitrary Site
Redirect
WEBalbum photo.php id Parameter SQL Injection
ScriptsEz Easy Image Downloader main.php id Parameter
Traversal Arbitrary File Access
Virtual GuestBook guestbook.mdb Direct Request Database
Disclosure
IT!CMS login.php Username Parameter SQL Injection
NETGEAR SSL312 Web Interface cgi-bin/welcome/VPN_only
Crafted Request Remote DoS
BMForum plugins.php tagname Parameter SQL Injection
Banking@Home login.asp LoginName Parameter SQL Injection
w3b|cms admin/index.php cms_admin Cookie Manipulation
Admin Authentication Bypass
SilverNews admin.php Multiple Parameter SQL Injection
SilverNews admin/settings.php Arbitrary PHP Code Injection
CVE-2009-0393
CVE-2009-0392
CVE-2009-0384
CVE-2009-0371
CVE-2008-6037
CVE-2008-6036
CVE-2008-6033
CVE-2008-6031
CVE-2008-6028
CVE-2009-0646
CVE-2009-0646
CVE-2009-0646
CVE-2009-0570
CVE-2009-0455
CVE-2009-0573
CVE-2009-0737
CVE-CVE-2009-0530,CVE-2009-0529
CVE-2009-0515
CVE-2009-0527
CVE-2009-0531
CVE-2009-0525
CVE-2009-0528
CVE-2009-0463
CVE-2009-0456
CVE-2009-0451
CVE-2009-0448
CVE-2009-0446
CVE-2008-6089
CVE-2009-0498
CVE-2009-0493
CVE-2009-0680
CVE-2008-6091
CVE-2009-0741
Auth PHP login.php Multiple Parameter SQL Injection
CVE-2009-0738
Papoo CMS lib/classes/message_class.php pfadhier Parameter
CVE-2009-0735
Traversal Local File Inclusion
Thyme phpinfo.php Direct Request Information Disclosure
FotoWeb Grid.fwx search Parameter XSS
CVE-2009-0573
Camera Life topic.php name Parameter XSS
CVE-2008-6087
Camera Life album.php id Parameter SQL Injection
CVE-2008-6086
TXTshop header.php language Parameter Traversal Local File
CVE-2008-6083
Inclusion
Simple Customer contact.php id Parameter SQL Injection
CVE-2008-6081
WebFrame mod/index.php Multiple Parameter Traversal Local
CVE-2009-0514
File Inclusion
WebFrame admin/doc/index.php classFiles Parameter Remote
CVE-2009-0513
File Inclusion
WebFrame base/menu.php classFiles Parameter Remote File
CVE-2009-0513
Inclusion
Calendarix Advanced cal_login.php login Parameter SQL Injection
Calendarix Basic cal_login.php login Parameter SQL Injection
Den Dating Website Script searchmatch.php txtlookgender
Parameter SQL Injection
Novell QuickFinder Server qfsearch/AdminServlet Multiple
CVE-2009-0611
Parameter XSS
Bahar Download Script aspkat.asp kid Parameter SQL Injection CVE-2008-6075
Vivid Ads Shopping Cart category.php cid Parameter SQL
Injection
bcoos include/common.php XOOPS_ROOT_PATH Parameter
Remote File Inclusion
PHP Krazy Image Host Script viewer.php id Parameter SQL
Injection
Free Joke Script login.php Multiple Parameter SQL Injection
Sectionsnew Module for PHP-Nuke modules.php artid Parameter
SQL Injection
Current_Issue Module for PHP-Nuke modules.php id Parameter
SQL Injection
A4Desk PHP Event Calendar admin/index.php eventid Parameter
CVE-2008-6104
SQL Injection
Discussion Forums 2k misc/RSS1.php CatID Parameter SQL
CVE-2008-6100
Injection
Discussion Forums 2k misc/RSS2.php CatID Parameter SQL
CVE-2008-6100
Injection
Discussion Forums 2k misc/RSS5.php SubID Parameter SQL
CVE-2008-6100
Injection
DomPHP agenda/index.php cat Parameter SQL Injection
CVE-2008-6064
phpWebSite links.php cid Parameter SQL Injection
CVE-2008-6266
Sharedlog slideshow_uploadvideo.content.php root_dir
Parameter Remote File Inclusion
Openfire sipark-log-summary.jsp type Parameter SQL Injection
Free Joke Script joke-archives.php cat_id Parameter SQL
Injection
Vlinks page.php id Parameter SQL Injection
Real Estate Portal admin/index.php Multiple Parameter Traversal
CVE-2008-6010
Arbitrary File Access
WSN Links Free comments.php id Parameter SQL Injection
CVE-2008-6032
NatterChat register.asp Multiple Parameter XSS
WHMCS index.php phpinfo Remote Information Disclosure
MemHT Portal pages/pvtmsg/index.php Multiple Parameter SQL
Injection
ZeroShell cgi-bin/kerbynet type Parameter Shell Metacharacter
CVE-2009-0545
Arbitrary Command Execution
ea-gBook index_inc.php inc_ordner Parameter Remote File
Inclusion
Thyme export.php export_to Parameter Traversal Arbitrary File
CVE-2009-0535
Access
EZ Reminder password.php Unspecified Parameter XSS
CVE-2009-0533
EZ Baby password.php Unspecified Parameter XSS
CVE-2009-0532
BlogWrite print.php id Parameter SQL Injection
SAS Hotel Management System myhotel_info.asp id Parameter
SQL Injection
ASP Product Catalog default.asp cid Parameter SQL Injection
YACS scripts/update_trailer.php context[path_to_root] Parameter
Remote File Inclusion
EasySiteNetwork joke.php id Parameter SQL Injection
WordPress wp-admin/upgrade.php backto Parameter XSS
Madrese-Portal haber.asp haber Parameter SQL Injection
RavenNuke Your Account Module avartarlist.php Multiple
CVE-2009-0677
Parameter Arbitrary PHP Code Execution
FlexCMS index.php catId Parameter SQL Injection
CVE-2009-0534
Sections Module for PHP-Nuke modules.php artid Parameter SQL
Injection
PHP-Fusion E-Cart Module items.php CA Parameter SQL
CVE-2009-0832
Injection
PHP-Fusion vArcade Module callcomments.php comment_id
Parameter SQL Injection
WebBiscuits Modules Controller adminhead.php path[docroot]
CVE-2008-6138
Parameter Remote File Inclusion
Comersus Shopping Cart comersus_customerModifyExec.asp
User Password Remote Disclosure
Full PHP Emlak Script arsaprint.php id Parameter SQL Injection CVE-2008-6133
Sagem F@st 2404 restoreinfo.cgi Remote Reboot DoS
Cybershade CMS core/includes.php CMS_ROOT Parameter
Remote File Inclusion
MoinMoin Wiki Engine WikiSandBox Multiple Parameter XSS
Lootan System login.asp username Parameter SQL Injection
SFS EZ Baby password.php u2 Parameter XSS
CVE-CVE-2009-0532
LDF login.asp user Parameter SQL Injection
TangoCMS modules/page/hooks/listeners.php Unspecified
CVE-2009-0862
Parameter XSS
Max.Blog show_post.php id Parameter SQL Injection
Max.Blog submit_post.php draft Parameter SQL Injection
Bugs Online help.asp style Parameter SQL Injection
Drupal install.php profile Parameter Local File Inclusion
3Com OfficeConnect Wireless Router SaveCfgFile.cgi Backup
Configuration Disclosure
SFS EZ Reminder password.php u2 Parameter XSS
CVE-CVE-2009-0533
IdeaCart secure/index.php cID Parameter SQL Injection
Graugon Gallery view.php id Parameter SQL Injection
TYPO3 class.tslib_fe.php 3 jump_url Function Arbitrary File
CVE-2009-0815
Access
SnippetMaster includes/tar_lib/pcltar.lib.php g_pcltar_lib_dir
CVE-CVE-2009-0530,CVE-2009-0529
Parameter Remote File Inclusion
SnippetMaster index.php language Parameter XSS
CVE-CVE-2009-0530,CVE-2009-0529
GRBoard theme/179_squarebox_minishop_expand/view.php
CVE-2009-0444
theme Parameter Remote File Inclusion
GRBoard theme/179_squarebox_gallery_list_pds/view.php theme
CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_squarebox_gallery_list/view.php theme
CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_squarebox_gallery/view.php theme
CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_squarebox_board_swfupload/view.php
CVE-2009-0444
theme Parameter Remote File Inclusion
GRBoard theme/179_squarebox_board_expand/view.php theme CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_squarebox_board_basic_with_grcode/
CVE-2009-0444
view.php theme Parameter Remote File Inclusion
GRBoard theme/179_squarebox_board_basic/view.php theme
CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_simplebar_pds_list/view.php theme
CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_simplebar_notice/view.php theme
CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_simplebar_gallery_list_pds/view.php theme
CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_simplebar_gallery/view.php theme
CVE-2009-0444
Parameter Remote File Inclusion
GRBoard theme/179_simplebar_basic/view.php theme Parameter
CVE-2009-0444
Remote File Inclusion
GRBoard latest/sirini_gallery_latest/list.php path Parameter
CVE-2009-0444
Remote File Inclusion
GRBoard include.php grboard Parameter Remote File Inclusion CVE-2009-0444
Calendarix Basic admin/cal_login.php login Parameter SQL
Injection
Calendarix Advanced admin/cal_login.php login Parameter SQL
Injection
Php-Stats admin.php Multiple Parameter XSS
CVE-2008-6212
mcGallery admin.php lang Parameter XSS
CVE-2008-6211
mcGallery sess.php lang Parameter XSS
CVE-2008-6211
mcGallery stats.php lang Parameter XSS
CVE-2008-6211
mcGallery detail.php lang Parameter XSS
CVE-2008-6211
mcGallery resize.php lang Parameter XSS
CVE-2008-6211
mcGallery show.php lang Parameter XSS
CVE-2008-6211
I-Tech Software Zone view_product.php cat_id Parameter SQL
CVE-2008-6209
Injection
RobotStats graph.php DOCUMENT_ROOT Parameter Remote
CVE-2008-6206
File Inclusion
RobotStats robotstats.inc.php DOCUMENT_ROOT Parameter
CVE-2008-6206
Remote File Inclusion
URLStreet seeurl.php Multiple Parameter XSS
CVE-2008-6205
SuperNET Shop secure/admin/guncelle.asp id Parameter SQL
CVE-2008-6204
Injection
SuperNET Shop secure/admin/giris.asp Multiple Parameter SQL
CVE-2008-6204
Injection
SuperNET Shop secure/admin/default.asp Multiple Parameter
CVE-2008-6204
SQL Injection
CoBaLT adminler.asp id Parameter SQL Injection
CVE-2008-6203
CoBaLT urun.asp id Parameter SQL Injection
CVE-2008-6202
CoBaLT admin/bayi_listele.asp id Parameter SQL Injection
CVE-2008-6202
CoBaLT admin/urun_grup_listele.asp id Parameter SQL Injection CVE-2008-6202
CoBaLT admin/urun_listele.asp id Parameter SQL Injection
CVE-2008-6202
2532|Gigs backup.php Direct Request Remote Information
CVE-2008-6199
Disclosure
Custom Pages Plugin for MyBulletinBoard (MyBB) pages.php
CVE-2008-6198
pages Parameter SQL Injection
EasySite browser.php EASYSITE_BASE Parameter Remote File
CVE-2008-6196
Inclusion
EasySite image_editor.php EASYSITE_BASE Parameter Remote
CVE-2008-6196
File Inclusion
EasySite skin_chooser.php EASYSITE_BASE Parameter Remote
CVE-2008-6196
File Inclusion
Jetbox CMS admin/postlister/index.php liste Parameter XSS
CVE-2008-6174
miniPortail search.php Unspecified Parameter XSS
miniPortail search.php lng Parameter Traversal Local File
Inclusion
phpyabs moduli/libri/index.php Azione Parameter Remote File
Inclusion
Omnicom Content Platform (OCP) admin/fileKontrola/browser.asp
root Parameter Traversal Arbitrary Directory Listing
OpenX fc.php MAX_type Parameter Traversal Local File Inclusion
Joomla! configuration.php Variable Overwrite Remote File
Inclusion
Simple Forum Plugin for WordPress sf-profile.php u Parameter
SQL Injection
WordPress Recipe Plugin wordspew-rss.php id Parameter SQL
Injection
Professioneller Anzeigenmarkt siteadmin/login.php Multiple
Parameter SQL Injection
WF-Section Module for XOOPS print.php articleid Parameter SQL
Injection
Vacatures Module for XOOPS index.php cid Parameter SQL
Injection
Badliege Module for XOOPS index.php id Parameter SQL
Injection
Events Module for XOOPS index.php id Parameter SQL Injection
Seminars Module for XOOPS index.php id Parameter SQL
Injection
Downloadcenter common.h Direct Request Information
Disclosure
PayPal Download Shop siteadmin/login.php Multiple Parameter
SQL Injection
EQDKP Plus itemsearch.php search Parameter XSS
Page Engine CMS includes/modules/recent_poll_include.php
fPrefix Parameter Remote File Inclusion
Graugon Forum view_profile.php id Parameter SQL Injection
Page Engine CMS includes/modules/login_include.php fPrefix
Parameter Remote File Inclusion
Page Engine CMS includes/modules/statistics_include.php fPrefix
Parameter Remote File Inclusion
Page Engine CMS includes/configuration.inc.php fPrefix
Parameter Remote File Inclusion
PayPal Download Shop siteadmin/products.php File Upload
Arbitrary PHP Code Execution
Classifieds Module for PHP-Nuke Details Mode id Parameter SQL
Injection
BenchmarkNews Module for PHP-Nuke modules.php sid
Parameter SQL Injection
Siir Module for PHP-Nuke modules.php id Parameter SQL
Injection
Dossiers Module for PHP-Nuke modules.php did Parameter SQL
Injection
Downloads Module for PHP-Nuke modules.php sid Parameter
SQL Injection
Recipes Module for PHP-Nuke modules.php recipeid Parameter
SQL Injection
Kuran Module for PHP-Nuke modules.php surano Parameter SQL
Injection
Sell module for PHP-Nuke modules.php cid Parameter SQL
Injection
PHPG Upload form_upload.php Unrestricted File Upload Arbitrary
Code Execution
WikkiTikkiTavi upload.php Unrestricted File Upload Arbitrary
Code Execution
CVE-2008-6168
CVE-2008-6167
CVE-2009-0639
CVE-2008-5997
CVE-2009-0291
CVE-2009-0732
CVE-2009-0729
CVE-2008-6207
CVE-2009-0602
MLDonkey src/utils/lib/url.ml Double Forward Slash URL Handling
CVE-2009-0753
Arbitrary File Disclosure
Free Arcade Script pages/play.php template Parameter Traversal CVE-2009-0731
Local File Inclusion
OpenSite admincp/includes/functions.php Multiple Parameter
SQL Injection
JOnAS ListMBeanDetails.do select Parameter XSS
PenPal admin/verifylogin.asp Multiple Parameter SQL Injection
OpenSite admincp/settings.php Multiple Parameter SQL Injection
Quran Module for PHP-Nuke modules.php surano Parameter SQL
Injection
Downloads Module for w3b|cms includes/module/downloads/
index.inc.php id Parameter SQL Injection
News Module for w3b|cms includes/module/news/index.inc.php
action Parameter SQL Injection
Portfolio Module for w3b|cms includes/module/portfolio/
index.inc.php action Parameter SQL Injection
Partner Module for w3b|cms includes/module/partner/
index.inc.php id Parameter SQL Injection
Mediathek Module for w3b|cms includes/module/mediathek/
index.inc.php id Parameter SQL Injection
Sitemap Module for w3b|cms includes/module/sitemap/
index.inc.php seite Parameter SQL Injection
Links Module for w3b|cms includes/module/links/index.inc.php id
Parameter SQL Injection
Blog Module for w3b|cms includes/module/blog/index.inc.php
action Parameter SQL Injection
Suche Module for w3b|cms includes/module/suche/index.inc.php
suchbegriff Parameter SQL Injection
Gallery Module for w3b|cms includes/module/gallery/index.inc.php
action Parameter SQL Injection
cPanel scripts2/confdkillproc Query String XSS
BlueBird login.php Multiple Parameter SQL Injection
CVE-2009-0740
MyNews login.php Multiple Parameter SQL Injection
CVE-2009-0739
taifajobs jobdetails.php jobid Parameter SQL Injection
CVE-2009-0727
GigCalendar Component for Mambo / Joomla! index.php gigcal_
CVE-2009-0726
gigs_id Parameter SQL Injection
Potato News admin.php User Cookie Parameter Traversal Local
CVE-2009-0722
File Inclusion
WSN Guest search.php search Parameter SQL Injection
CVE-2009-0704
ASPThai.Net Webboard bview.asp id Parameter SQL Injection
CVE-2009-0703
Broadcast Machine MySQLController.php controllers/baseDir
CVE-2008-6287
Parameter Remote File Inclusion
Broadcast Machine SQLController.php controllers/baseDir
CVE-2008-6287
Parameter Remote File Inclusion
Broadcast Machine SetupController.php controllers/baseDir
CVE-2008-6287
Parameter Remote File Inclusion
Broadcast Machine VideoController.php controllers/baseDir
CVE-2008-6287
Parameter Remote File Inclusion
Broadcast Machine ViewController.php controllers/baseDir
CVE-2008-6287
Parameter Remote File Inclusion
Z1Exchange edit.php site Parameter SQL Injection
CVE-2008-6284
MyKtools configuration_script.php language Parameter Traversal
CVE-2008-6273
Local File Inclusion
Apoll admin/index.php Multiple Parameter SQL Injection
CVE-2008-6272,2008-6270
Multi Languages WebShop Online detail.php id parameter SQL
CVE-2008-6268
Injection
Multi Languages WebShop Online detail.php name Parameter
CVE-2008-6267
XSS
Cyberfolio portfolio/css.php theme Parameter Traversal Local File
CVE-2008-6265
Inclusion
Slide Popups admin/admin.php password Parameter SQL
Injection
Pre Multi-Vendor Shopping Malls buyer_detail.php Multiple
Parameter SQL Injection
Cisco IOS HTTP Server level/15/configure/-/hostname CSRF
Cisco Multiple Wireless Products login.html Malformed POST
Request Remote DoS
PHP-Calendar update08.php Direct Request Information
Disclosure
PHP-Calendar update10.php Direct Request Information
Disclosure
Kipper kipper.php charm Parameter XSS
Kipper index.php configfile Parameter Traversal Local File
Inclusion
Kipper default.php configfile Parameter Traversal Local File
Inclusion
Kipper job/config.data Direct Request Credentials Disclosure
PHP Classifieds detail.php siteid Parameter SQL Injection
phpBB modcp.php side Parameter Referer Session ID Disclosure
LoveCMS system/admin/images.php delete Parameter Traversal
Arbitrary File Deletion
ZeeMatri bannerclick.php adid Parameter SQL Injection
Can't Find A Gaming CMS (CFAGCMS) right.php title Parameter
SQL Injection
Forest Blog blog.mdb Direct Request Credentials Disclosure
CadeNix index.php cid Parameter SQL Injection
PHPFootball filter.php dbtable Parameter SQL Injection
Aperto Blog admin.php action Parameter Traversal Local File
Inclusion
Aperto Blog categories.php id Parameter SQL Injection
PHP Weather test.php language Parameter Traversal Local File
Inclusion
Pixel8 Web Photo Album Photo.asp AlbumID Parameter SQL
Injection
PHP Weather config/make_config.php PATH_INFO XSS
2Capsules Sticker Extreme Edition sticker.php id Parameter SQL
Injection
w3blabor CMS admin/index.php benutzername Parameter SQL
Injection
AM Events Module for XOOPS print.php id Parameter SQL
Injection
Faupload download.php id Parameter SQL Injection
Memberkit My Picture Album Section File Upload Arbitrary PHP
Code Execution
Vacation Script properties_view.php editid1 Parameter SQL
Injection
FlexPHPic admin/index.php Multiple Parameter SQL Injection
PowerClan admin/index.php loginemail Parameter SQL Injection
PowerNews news.php newsid Parameter SQL Injection
Site2Nite Real Estate Web agentlist.asp SQL Injection
E-theni aff_liste_langue.php rep_include Parameter Remote File
Inclusion
EZsite Forum Database/EZsiteForum.mdb User Database
Remote Disclosure
Clickheat - Heatmap Stats Component for Joomla!
install.clickheat.php GLOBALS[mosConfig_absolute_path]
Parameter Remote File Inclusion
Clickheat - Heatmap Stats Component for Joomla! Cache.php
GLOBALS[mosConfig_absolute_path] Parameter Remote File
Inclusion
CVE-2008-6264
CVE-2008-6227
CVE-2009-0471
CVE-2009-0059
CVE-2009-0764
CVE-2009-0765
CVE-2009-0766
CVE-2009-0767
CVE-2008-5805
CVE-2008-5794
CVE-2008-5782
CVE-2008-5781
CVE-2008-5780
CVE-2008-5777
CVE-2008-5776
CVE-2008-5775
CVE-2008-5771
CVE-2008-5770
CVE-2008-5768
CVE-2008-5766
CVE-2003-1256
CVE-2008-5793
CVE-2008-5793
Clickheat - Heatmap Stats Component for Joomla! Clickheat_
Heatmap.php GLOBALS[mosConfig_absolute_path] Parameter
Remote File Inclusion
Clickheat - Heatmap Stats Component for Joomla!
GlobalVariables.php GLOBALS[mosConfig_absolute_path]
Parameter Remote File Inclusion
Clickheat - Heatmap Stats Component for Joomla! includes/
heatmap/_main.php mosConfig_absolute_path Parameter
Remote File Inclusion
Clickheat - Heatmap Stats Component for Joomla! includes/
heatmap/main.php mosConfig_absolute_path Parameter Remote
File Inclusion
Clickheat - Heatmap Stats Component for Joomla! includes/
overview/main.php mosConfig_absolute_path Parameter Remote
File Inclusion
Recly!Competitions Component for Joomla! add.php GLOBALS
[mosConfig_absolute_path] Parameter Remote File Inclusion
Recly!Competitions Component for Joomla! competitions.php
GLOBALS[mosConfig_absolute_path] Parameter Remote File
Inclusion
Recly!Competitions Component for Joomla! settings.php
mosConfig_absolute_path Parameter Remote File Inclusion
Recly Interactive Feederator Component For Joomla! add_
tmsp.php mosConfig_absolute_path Parameter Remote File
Inclusion
Recly Interactive Feederator Component For Joomla! edit_
tmsp.php mosConfig_absolute_path Parameter Remote File
Inclusion
Recly Interactive Feederator Component For Joomla! tmsp.php
mosConfig_absolute_path Parameter Remote File Inclusion
Recly Interactive Feederator Component For Joomla!
subscription.php GLOBALS[mosConfig_absolute_path]
Parameter Remote File Inclusion
Datalife Engine imagepreview.php image Parameter CSRF
PHPFootball filter.php dbfield Parameter XSS
PHPFootball login.php user Parameter SQL Injection
PHPFootball login.php user Parameter XSS
Blogator-script init_pass2.php Arbitrary User Password
Manipulation
SlimCMS redirect.php Multiple Parameter Admin Account
Creation
MediaWiki images/deleted/ Direct Request Remote Information
Disclosure
NPDS footer.php Default_Theme Parameter Traversal Local File
Inclusion
CMScout admin.php bit Parameter Traversal Local File Inclusion
CMScout index.php bit Parameter Traversal Local File Inclusion
NPDS themes/npds2004/footer.php theme Parameter XSS
Lito Lite CMS postcomment.php id Parameter XSS
PNphpBB2 Module for PostNuke admin_words.php ModName
Parameter Traversal Local File Inclusion
paFileDB articles.php id Parameter SQL Injection
Autoreminder members.php id Parameter SQL Injection
A-Emlak Pro panel/-.asp kadi Parameter SQL Injection
PNphpBB2 Module for PostNuke admin_groups_reapir.php
ModName Parameter Traversal Local File Inclusion
PNphpBB2 Module for PostNuke admin_smilies.php ModName
Parameter Traversal Local File Inclusion
PNphpBB2 Module for PostNuke admin_ranks.php ModName
Parameter Traversal Local File Inclusion
PNphpBB2 Module for PostNuke admin_styles.php ModName
Parameter Traversal Local File Inclusion
CVE-2008-5793
CVE-2008-5793
CVE-2008-5793
CVE-2008-5793
CVE-2008-5793
CVE-2008-5790
CVE-2008-5790
CVE-2008-5790
CVE-2008-5789
CVE-2008-5789
CVE-2008-5789
CVE-2008-5789
CVE-2008-5708
CVE-2008-5687
PNphpBB2 Module for PostNuke admin_users.php ModName
Parameter Traversal Local File Inclusion
A-Emlak Pro acc.mdb Direct Request Information Disclosure
Business Object Infoview logon.object cms Parameter XSS
ILIAS repository.php ref_id Parameter SQL Injection
phpAlumni Acomment.php id Parameter SQL Injection
SPIP inc/rubriques.php ID Parameter SQL Injection
PHPAuctions profile.php user_id Parameter SQL Injection
PHPAuctions profile.php user_id Parameter XSS
SolucionWeb main.php id_area Parameter SQL Injection
Poll Pro admin/agent_edit.asp Multiple Parameter CSRF
World Recipe emailrecipe.aspx n Parameter XSS
Cant Find A Gaming CMS (CFAGCMS) index.php Multiple
Parameter Remote File Inclusion
iGaming previews.php browse Parameter SQL Injection
iGaming reviews.php browse Parameter SQL Injection
Joomla! attachmentlibrary.php X_CMS_LIBRARY_PATH HTTP
Header Traversal Arbitrary File Access
BlogHelper common_db.inc Direct Request Credentials
Disclosure
Gallarific gallery/tags.php tag Parameter XSS
PollHelper poll.inc Direct Request Credentials Disclosure
Fusion News comments.php X-Forwarded-For HTTP Header
Arbitrary Code Injection
GOsa plugins/3fax/1blocklists/index.php plugin Parameter
Remote File Inclusion
GOsa plugins/2administration/6departamentadmin/index.php
plugin Parameter Remote File Inclusion
GOsa plugins/2administration/5terminals/index.php plugin
Parameter Remote File Inclusion
GOsa plugins/2administration/4mailinglists/index.php plugin
Parameter Remote File Inclusion
GOsa plugins/2administration/3departaments/index.php plugin
Parameter Remote File Inclusion
GOsa plugins/2administration/2groupd/index.php plugin
Parameter Remote File Inclusion
GTCatalog password.inc Direct Request Password Disclosure
phpSkelSite skysilver/login.tpl.php TplSuffix Parameter Traversal
Local File Inclusion
phpSkelSite skysilver/login.tpl.php theme Parameter Remote File
Inclusion
Horde test.php Direct Request Information Disclosure
Horde test.php3 Direct Request Information Disclosure
Horde Webmail addevent.php url Parameter XSS
Userlocator Module for Woltlab Burning Board locator.php y
Parameter SQL Injection
Yourfreeworld Styleish Text Ads advertise.php XSS
EZpack index.php qType Parameter SQL Injection
EZpack index.php mdfd Parameter XSS
Goople CMS frontpage.php Multiple Parameter SQL Injection
RiotPix read.php forumid Parameter SQL Injection
playSMS plugin/gateway/gnokii/init.php apps_path[plug]
Parameter Remote File Inclusion
playSMS plugin/themes/default/init.php apps_path[themes]
Parameter Remote File Inclusion
playSMS lib/function.php apps_path[libs] Parameter Remote File
Inclusion
playSMS plugin/gateway/gnokii/init.php gateway_module
Parameter Traversal Local File Inclusion
CVE-2008-5816
CVE-2008-5815
CVE-2008-5813
CVE-2009-0106
CVE-2009-0107
CVE-2009-0112
CVE-2008-5922
CVE-2008-5841
CVE-2008-5841
CVE-2009-0113
CVE-2003-1412
CVE-2003-1412
CVE-2003-1412
CVE-2003-1412
CVE-2003-1412
CVE-2003-1412
CVE-2008-5863
CVE-2009-0104
CVE-2009-0105
CVE-2009-0111,2009-0121
CVE-2009-0110
CVE-2009-0103
CVE-2009-0103
CVE-2009-0103
CVE-2008-5881
playSMS plugin/themes/default/init.php themes_module
CVE-2008-5881
Parameter Traversal Local File Inclusion
Chicomos CMS config.inc Direct Request Config File Disclosure
ulog-php port.php proto Parameter SQL Injection
Instaboard index.cfm Multiple Parameter SQL Injection
SocialEngine browse_classifieds.php classifiedcat_id Parameter
SQL Injection
FTTSS A Free Text-To-Speech System TFLivre.php voz
Parameter Arbitrary Shell Command Injection
Photobase include/header.php language Parameter Traversal
Local File Inclusion
Invision Power Board ssi.php f Parameter SQL Injection
Openfire logviewer.jsp log Parameter XSS
Pizzis CMS visualizza.php idvar Parameter SQL Injection
Members Area Manager upload_image_security_level.asp cid
Parameter SQL Injection
phpMDJ animateurs.php id_animateur Parameter SQL Injection
Weight Loss Recipe Book admin-login.php Multiple Parameter
SQL Injection
Fast Guest Book admin/authorize.php Multiple Parameter SQL
Injection
Realtor 747 include/define.php INC_DIR Parameter Remote File
Inclusion
XOOPS xoops_lib/modules/protector/oninstall.php mydirname
Parameter Arbitrary PHP Code Injection
Oracle Application Server BPEL Process Manager /
CVE-2008-4014
BPELConsole/default/activities.jsp XSS
Members CV Module for PHP-Fusion members.php sortby
Parameter SQL Injection
phpList admin/index.php _SERVER[ConfigFile] Parameter
Traversal Local File Inclusion
AN Guestbook sign1.php country Parameter XSS
DMXReady Classified Listings Manager upload_image_
category.asp cid Parameter SQL Injection
DMXReady SDK download_link.asp File Download Authentication
Bypass
Cisco IOS HTTP Server /ping Script XSS
CVE-2008-3821
Oracle BEA WebLogic Server /reviewService/createArtist_
service.jsp Multiple Parameter XSS
Oracle BEA WebLogic Server /reviewService/addBooks_session_
ejb21.jsp title Parameter XSS
Oracle BEA WebLogic Server /reviewService/addReview_
service.jsp rating Parameter XSS
Oracle BEA WebLogic Server /reviewService/examplesWebApp/
JWS_WebService.jsp XSS
Oracle BEA WebLogic Server /reviewService/ClientServlet XSS
Oracle BEA WebLogic Server /reviewService/
InterceptorClientServlet XSS
Oracle BEA WebLogic Server /reviewService/createArtist_
session.jsp XSS
QuoteBook quotes.inc Direct Request Credentials Disclosure
Silentum Uploader on Windows upload.php delete Parameter
Traversal Arbitrary File Deletion
iyzi Forum db/iyziforum.mdb Direct Request Database Disclosure CVE-2008-5901
mini-pub front-end/dir.php sDir Parameter Traversal Arbitrary
CVE-2008-5883
Directory Listing
GNUBoard common.php g4_path Parameter Traversal Local File
CVE-2009-0290
Inclusion
CuteNews data/ipban.db.php add_ip Parameter Arbitrary PHP
Code Execution
QuoteBook quotes.php Multiple Parameter SQL Injection
QuoteBook quotesadd.php Multiple Parameter SQL Injection
QuoteBook quotesadd.php Multiple Parameter XSS
phoSheezy config/password Direct Request Admin Password
Hash Disclosure
MacGuru BLOG Engine Plugin for e107 macgurublog.php uid
Parameter SQL Injection
Repair Online sentout.asp CSRF Admin Account Creation
ComicShout news.php news_id Parameter SQL Injection
phoSheezy admin.php Multiple Parameter Arbitrary PHP Code
Execution
DMXReady Member Directory Manager upload_image_
category.asp cid Parameter SQL Injection
DMXReady Secure Document Library upload_image_
category.asp cid Parameter SQL Injection
Openfire log.jsp log Parameter XSS
Openfire group-summary.jsp search Parameter XSS
Openfire user-properties.jsp username Parameter XSS
Openfire audit-policy.jsp Multiple Parameter XSS
Openfire server-properties.jsp propName Parameter XSS
Openfire muc-room-edit-form.jsp Multiple Parameter XSS
Openfire log.jsp log Parameter Traversal Arbitrary File Access
Flat Calendar Admin Function Direct Request Authentication
Bypass
World Recipe recipedetail.aspx id Parameter XSS
World Recipe validatefieldlength.aspx catid Parameter XSS
XOOPS xoops_lib/modules/protector/onupdate.php mydirname
Parameter Arbitrary PHP Code Injection
XOOPS xoops_lib/modules/protector/notification.php mydirname
Parameter Arbitrary PHP Code Injection
XOOPS xoops_lib/modules/protector/onuninstall.php mydirname
Parameter Arbitrary PHP Code Injection
Blog Manager inc_webblogmanager.asp ItemID Parameter SQL
Injection
eReservations default.asp Multiple Parameter SQL Injection
eFAQ default.asp Multiple Parameter SQL Injection
AV Book Library admin/edit.php Unspecified Parameter SQL
Injection
BibCiter reports/projects.php idp Parameter SQL Injection
ActionCalendar admin.asp pass Parameter SQL Injection
BlogIt! index.asp Multiple Parameter SQL Injection
Ping IP login.aspx Multiple Parameter SQL Injection
Digital Sales IPN Database/Sales.mdb Direct Request Admin
Credentials Disclosure
BlogIt! index.asp view Parameter XSS
Velocity Security Management System Web Server Traversal
Arbitrary File Access
openPro search_wA.php LIBPATH Parameter Remote File
Inclusion
Community CMS include.php root Parameter Remote File
Inclusion
MiniBB RSS Plugin rss.php Multiple Parameter Remote File
Inclusion
RCBlog config/password.txt Direct Request Admin Credentials
Hash Disclosure
Apache Jackrabbit search.jsp q Parameter XSS
Free Bible Search PHP Script readbible.php version Parameter
SQL Injection
Apache Jackrabbit swr.jsp q Parameter XSS
PHPads ads.dat Direct Request Admin Credentials Hash
Disclosure
CVE-2009-0250
CVE-2009-0251,2009-0275
CVE-2009-0339
CVE-2009-0252
CVE-2009-0332
CVE-2009-0324
CVE-2009-0334,2009-0337
CVE-2009-0328
CVE-2009-0335
CVE-2009-0026
CVE-2009-0327
CVE-2009-0026
Ninja Blog entries/index.php cat Parameter Traversal Arbitrary
CVE-2009-0325
File Access
PHPads admin.php ad_name Parameter XSS
AJ Auction Pro index.php id Parameter SQL Injection
MoinMoin action/AttachFile.py Multiple Parameter XSS
CVE-2009-0260
Dodo's Quiz Script dodosquiz.php n Parameter Traversal Local
File Inclusion
Max.Blog delete.php Direct Request Arbitrary File Deletion
FhImage imgconfig/index.php Arbitrary PHP Code Execution
AXIS 70U Network Document Server user/help/help.shtml Query
String XSS
YapBB include/class_yapbbcooker.php cfgIncludeDirectory
CVE-2008-5947
Parameter Remote File Inclusion
PHP-Fusion readmore.php news_id Parameter SQL Injection
CVE-2008-5946
XM Events Diary diary.mdb Direct Request Database Download CVE-2008-5925
CodeAvalanche FreeForum _private/CAForum.mdb Direct
CVE-2008-5932
Request Database Password Disclosure
ASPired2Blog admin/blog.mdb Direct Request Credentials
CVE-2008-5931
Disclosure
ASPired2Blog admin/blog_comments.asp BlogID Parameter SQL
CVE-2008-5930
Injection
VP-ASP Shopping Cart database/shopping650.mdb Direct
CVE-2008-5929
Request Database Password Disclosure
XM Events Diary diary_viewC.asp cat Parameter SQL Injection
CVE-2008-5924
XM Events Diary default.asp cat Parameter SQL Injection
CVE-2008-5923
RankEm rankup.asp siteID Parameter XSS
CVE-2009-0248
RankEm database/topsites.mdb Direct Request Credentials
CVE-2009-0249
Disclosure
FlexPHPNews admin/usercheck.php Multiple Parameter SQL
CVE-2008-5927
Injection
WebSVN utils.inc create_anchors Function Arbitrary PHP Code
CVE-2008-5920
Execution
ASPired2Quote admin/quote.mdb Direct Request Credentials
CVE-2008-5885
Disclosure
Discussion Web _private/discussion.mdb Direct Request
CVE-2008-5886
Password Disclosure
CodeAvalanche RateMySite _private/CARateMySite.mdb Direct
CVE-2008-5896
Request Admin Password Disclosure
CodeAvalanche FreeWallpaper _private/CAFreeWallpaper.mdb
CVE-2008-5897
Direct Request Admin Password Disclosure
CodeAvalanche Directory _private/CADirectory.mdb Direct
CVE-2008-5898
Request Admin Password Disclosure
CodeAvalanche FreeForAll _private/CAFFAPage.mdb Direct
CVE-2008-5899
Request Admin Password Disclosure
CodeAvalanche Articles _private/CAArticles.mdb Direct Request
CVE-2008-5900
Admin Password Disclosure
Flax Article Manager category.php cat_id Parameter SQL Injection CVE-2009-0284
BibCiter reports/contacts.php idc Parameter SQL Injection
CVE-2009-0324
BibCiter reports/users.php idu Parameter SQL Injection
CVE-2009-0324
Web-Calendar Lite main.asp Multiple Parameter SQL Injection
KEEP Toolkit patUser.php Login Feature SQL Injection
CVE-2009-0287
Web Help Desk Helpdesk.woa Encoded JavaScript XSS
CVE-2009-0303
Wbstreet show.php id Parameter SQL Injection
CVE-2008-5955
Wbstreet connect.inc Direct Request Database Credentials
CVE-2008-5956
Disclosure
Template Creature workDB/templatemonster.mdb Direct Request
CVE-2008-5951
Database Disclosure
ClickAuction login_check.asp Multiple Parameter SQL Injection
CVE-2009-0297
WB News search.php config[installdir] Parameter Remote File
CVE-2009-0294
Inclusion
SHOP-INET show_cat2.php grid Parameter SQL Injection
CVE-2009-0292
Script Toko Online shop_display_products.php cat_id Parameter
CVE-2009-0296
SQL Injection
Wazzum Dating Software profile_view.php userid Parameter SQL CVE-2009-0293
Injection
WB News archive.php config[installdir] Parameter Remote File
CVE-2009-0294
Inclusion
WB News comments.php config[installdir] Parameter Remote File
CVE-2009-0294
Inclusion
WB News news.php config[installdir] Parameter Remote File
CVE-2009-0294
Inclusion
WB News base/News.php config[installdir] Parameter Remote
CVE-2009-0294
File Inclusion
WB News base/SendFriend.php config[installdir] Parameter
CVE-2009-0294
Remote File Inclusion
WB News base/Archive.php config[installdir] Parameter Remote
CVE-2009-0294
File Inclusion
WB News base/Comments.php config[installdir] Parameter
CVE-2009-0294
Remote File Inclusion
ConPresso CMS _admin/frame_titel.php URL XSS
Pixie CMS admin/admin/modules/mod_settings.php x Parameter
Traversal Local File Inclusion
Pixie CMS admin/admin/modules/mod_myaccount.php Multiple
Parameter Traversal Local File Inclusion
PHP JOBWEBSITE PRO siteadmin/forgot.php adname
CVE-2008-5977
Parameter SQL Injection
PHP JOBWEBSITE PRO siteadmin/forgot.php Multiple Parameter
CVE-2008-5976
XSS
PHP iCalendar print.php cookie_language Parameter Traversal
CVE-2008-5968
Local File Inclusion
Domain Technologie Control client/new_account.php Multiple
Parameter SQL Injection
Gazelle CMS index.php template Parameter Traversal Local File
Inclusion
GameScript games.php search Parameter XSS
Globsy globsy_edit.php Multiple Parameter Arbitrary File
CVE-2008-5966
Manipulation
mini-pub front-end/edit.php sFileName Parameter Remote File
CVE-2008-5936
Access
WebSVN listing.php repname Parameter Remote File Access
CVE-2009-0240
Blog Manager inc_webblogmanager.asp CategoryID Parameter
CVE-2009-0338
XSS
AV Book Library admin/add.php Unspecified Parameter SQL
CVE-2009-0332
Injection
AV Book Library lib/book_search.php Unspecified Parameter SQL
CVE-2009-0332
Injection
Max.Blog offline_auth.php username Parameter SQL Injection
SocialEngine blog.php category_id Parameter SQL Injection
MoinMoin security/antispam.py Disallowed Content XSS
CVE-2009-0312
Downloads Module for PHP-Nuke modules.php url Parameter
CVE-2009-0302
SQL Injection
OpenGoo upgrade/index.php form_data[script_class] Parameter
CVE-2009-0286
Traversal Arbitrary File Access
BBSXP error.asp message Parameter XSS
CVE-2009-0285
Oblog err.asp message Parameter XSS
CVE-2009-0283
Walking Club login.aspx Multiple Parameter SQL Injection
CVE-2009-0281
Pardal CMS comentar.php id Parameter SQL Injection
CVE-2009-0279
Profense Web Application Firewall proxy.html proxy Parameter
XSS
GameScript page.php user Parameter SQL Injection
GameScript page.php page Parameter Traversal Local File
Inclusion
AXIS 70U Network Document Server user/help/help.shtml Query
String Traversal Local File Inclusion
AXIS 70U Network Document Server user/help/general_help_
user.shtml Query String XSS
Coppermine Photo Gallery include/init.inc.php Arbitrary PHP Code
Execution
Simple PHP Newsletter mail.php olang Parameter Traversal
CVE-2009-0340
Arbitrary File Access
Simple PHP Newsletter mailbar.php olang Parameter Traversal
CVE-2009-0340
Arbitrary File Access
BlogIt! database/Blog.mdb Direct Request Credentials Disclosure CVE-2009-0336
Enhanced Simple PHP Gallery gallery/comment.php file
CVE-2009-0331
Parameter Traversal Arbitrary File Access
Dark Age CMS login.php Multiple Parameter SQL Injection
CVE-2009-0326
AJ Auction Pro search.php product Parameter XSS
CVE-2008-6004
AJ Auction Pro sellers_othersitem.php seller_id Parameter SQL
CVE-2008-6003
Injection
Emlak Sistem A diger.php KayitNo Parameter SQL Injection
CVE-2008-5992
Emlak Sistem A sayfalar.php KayitNo Parameter SQL Injection
CVE-2008-5992
emergecolab connect/index.php sitecode Parameter Traversal
CVE-2008-5990
Local File Inclusion
Vulnerability Name
CVE
Lito Lite CMS cate.php cid Parameter SQL Injection
eWebquiz start.asp Multiple Parameter SQL Injection
Ocean12 FAQ Manager Pro default.asp ID Parameter SQL Injection
Active Photo Gallery account.asp Multiple Parameter SQL Injection
Active Trade account.asp Multiple Parameter SQL Injection
RakhiSoftware Shopping Cart product.php Multiple Parameter XSS
Active Newsletter SubscriberStart.asp Multiple Parameter SQL Injection
ASPThai Forums database/aspthaiForum.md Direct Request Database
Disclosure
Active Votes VoteHistory.asp AccountID Parameter SQL Injection
Active Price Comparison login.aspx password Parameter SQL Injection
Active Bids bidhistory.asp ItemID Parameter SQL Injection
Active Web Helpdesk default.aspx CategoryID Parameter SQL Injection
CMS Made Simple admin/login.php cms_language Cookie Traversal Local
File Inclusion
Active Price Comparison reviews.aspx ProductID Parameter SQL Injection
Active Business Directory default.asp catid Parameter SQL Injection
Active Test questions.asp QuizID Parameter SQL Injection
Active Time Billing Account.asp Multiple Parameter SQL Injection
PHP TV Portal index.php mid Parameter SQL Injection
ASPReferral Merchantsadd.asp AccountID Parameter SQL Injection
cpCommerce within _functions.php Unspecified Arbitrary Parameter
Overwrite
Minimal Ablog admin/ Scripts Remote Authentication Bypass
CUPS cgi-bin/admin.c Multiple RSS Subscription Function Policy Bypass
CSRF
Simple PHP Blog (SPHPBlog) /config/users.php Arbitrary User Password
Hash Disclosure
Experts answer.php question_id Parameter SQL Injection
ASPPortal content/forums/reply.asp Topic_Id Parameter SQL Injection
pSys index.php shownews Parameter SQL Injection
Yuhhu Superstar view.topics.php board Parameter SQL Injection
Linksys WRT160N apply.cgi action Parameter XSS
IBM Rational ClearCase RWP Server VOB Page Unspecified XSS
ASPPortal ASPPortal.mdb Direct Request Database Disclosure
bcoos modules/adresses/viewcat.php cid Parameter SQL Injection
Pluck update.php Remote File Corruption Privilege Escalation
Blog System image.php id Parameter SQL Injection
e-Flower popupproduct.php id Parameter SQL Injection
Ocean12 Mailing List Manager Gold default.asp Email Parameter SQL
Injection
Orkut Clone profile_social.php id Parameter SQL Injection
Orkut Clone profile_social.php id Parameter XSS
Ocean12 Mailing List Manager Gold o12mail.mdb Direct Request Database
Disclosure
Ocean12 Mailing List Manager Gold default.asp Email Parameter XSS
Ocean12 Mailing List Manager Gold s_edit.asp Email Parameter SQL
Injection
Active Test importquestions.asp QuizID Parameter SQL Injection
Active Test quiztakers.asp QuizID Parameter SQL Injection
Active Test start.asp Multiple Parameter SQL Injection
CVE-2008-5636
CVE-2008-5631
CVE-2008-5641
CVE-2008-5627
CVE-2008-5365
CVE-2008-5640
CVE-2008-5642
CVE-2008-5638
CVE-2008-5632
CVE-2008-5184
CVE-2008-5267
CVE-2008-5268
CVE-2008-5269
CVE-2008-5270
CVE-2008-5330
CVE-2008-5311
Vulnerability
checks added in
2008
Multi SEO phpBB include/global.php pfad Parameter Remote File Inclusion
Rae Media Contact Management Software asadmin/default.asp Password
Parameter SQL Injection
Calendar Mx Professional calendar_Eventupdate.asp ID Parameter SQL
Injection
MailingListPro db/MailingList.mdb Direct Request Database Disclosure
Check Up New Generation findoffice.php search Parameter SQL Injection
Active Web Mail login.aspx password Parameter SQL Injection
Gallery MX pics_pre.asp ID Parameter SQL Injection
Simple PHP Blog (SPHPBlog) /images/emoticons/sphp.php Emoticon
Upload Arbitrary PHP Code Execution
trixbox user/index.php langChoice Parameter Traversal Local File Inclusion
Dictionary Module for Xoops print.php id Parameter SQL Injection
12Planet Chat Server Error Message Path Disclosure
3Com SuperStack II RAS 1500 user_settings.cfg Remote Information
Disclosure
Webboard Street show.php id Parameter SQL Injection
User Engine Lite users.mdb Direct Request Database Disclosure
Merlix Template Creature media_level.asp mcatid Parameter SQL Injection
Gravity GTD library/setup/rpc.php objectname Parameter Traversal Local
File Inclusion
ImpressCMS modules/system/admin.php rank_title Parameter XSS
Webboard Street connect.inc Direct Request Database Disclosure
CcTiddly handle/proxy.php cct_base Parameter Remote File Inclusion
CcTiddly includes/header.php cct_base Parameter Remote File Inclusion
CcTiddly includes/include.php cct_base Parameter Remote File Inclusion
CcTiddly includes/workspace.php cct_base Parameter Remote File
Inclusion
NitroTech members.php id Parameter SQL Injection
NitroTech includes/common.php root Parameter Remote File Inclusion
Bandwebsite lyrics.php id Parameter SQL Injection
Bandwebsite info.php section Parameter XSS
Gravity GTD library/setup/rpc.php objectname Parameter Arbitrary PHP
Code Execution
Active Force Matrix account.asp Multiple Parameter SQL Injection
ActiveVotes register.asp Multiple Parameter SQL Injection
Active Membership account.asp Multiple Parameter SQL Injection
Microsoft ASP.NET Malformed File Request Path Disclosure
Ikon AdManager ikonBAnner_AdManager.mdb Direct Request Database
Disclosure
NightFall Personal Diary login.asp username Parameter XSS
XOOPS xoops_lib/modules/protector/blocks.php xoopsConfig[language]
Parameter Local File Inclusion
NightFall Personal Diary users-zza21.mdb Direct Request Database
Disclosure
Multiple Membership Script sitepage.php id Parameter SQL Injection
Educate Server db.mdb Direct Request Database Disclosure
Teamworx Server default.asp password Parameter SQL Injection
RankEm processlogin.asp Multiple Parameter SQL Injection
ASP AutoDealer detail.asp ID Parameter SQL Injection
phpPgAdmin index.php _language Parameter Traversal Local File Inclusion
CafeLog b2 blogger-2-b2.php b2inc Parameter Remote File Inclusion
CafeLog b2 b2edit.showposts.php b2inc Parameter Remote File Inclusion
CafeLog b2 gm-2-b2.php b2inc Parameter Remote File Inclusion
CafeLog b2 /b2-include/b2functions.php b2inc Parameter Arbitrary
Command Execution
CafeLog b2 blog.header.php posts Parameter SQL Injection
CafeLog b2 /b2-include/b2menutop.php b2inc Parameter Arbitrary File
Access
CVE-2008-5586
CVE-2008-5601
CVE-2008-5333
CVE-2008-5334
CVE-2008-5337
CVE-2008-5338
CVE-2008-5634
CVE-2008-5633
CVE-2008-5635
CVE-2008-5596
CVE-2008-5591
CVE-2008-5592
CVE-2008-5599
CVE-2008-5589
CVE-2008-5595
CVE-2008-5587
CVE-2002-0734
wPortfolio admin/userinfo.php account_save Action Multiple Parameter
Admin Account Password Modification
Basit CMS Content Module op Parameter DoS
Siteframe search.php searchfor Parameter XSS
Basit CMS Submit Module index.php title Parameter XSS
Basit CMS Search Module index.php q Parameter XSS
QMail Mailing List Manager database/qmail.mdb Direct Request Database
Disclosure
Professional Download Assistant database/downloads.mdb Direct Request
Database Disclosure
Professional Download Assistant admin/login.asp Multiple Parameter SQL
Injection
Brio odscgi HTMLFile Parameter Traversal Arbitrary File Access
BulletScript MailList bsml.pl Information Disclosure
WebCAF modules/view.php view Parameter Traversal Local File Inclusion
Tag Board module for phpBB tag_board.php id Parameter SQL Injection
PunBB login.php req_passwort Parameter XSS
PhPepperShop Webshop shop/kontakt.php URL XSS
PhPepperShop Webshop shop/Admin/shop_kunden_mgmt.php URL XSS
PhPepperShop Webshop shop/Admin/SHOP_KONFIGURATION.php URL
XSS
XOOPS xoops_lib/modules/protector/main.php xoopsConfig[language]
Parameter Local File Inclusion
3CX Phone System login.php Multiple Parameter XSS
Peel lire/index.php rubid Parameter SQL Injection
WebCAF index.php Multiple Parameter Traversal Local File Inclusion
PunBB admin/users.php Multiple Parameter SQL Injection
PunBB admin/settings.php Unspecified Parameter SQL Injection
Bonza Cart ad_settings.php Crafted POST Request Admin Authentication
Bypass
DL PayCart settings.php admin/settings.php Crafted POST Request Admin
Authentication Bypass
IPN Pro 3 admin/settings.php Crafted POST Request Admin Authentication
Bypass
PostEcards sendcard.cfm cid Parameter SQL Injection
Citrix NFuse Server launch.asp Arbitrary Server/Port Redirect
RSA ClearTrust ct_logon.asp Multiple Parameter XSS
ColdFusion Application Server Expression Evaluator openfile.cfm Arbitrary
File Upload
Coppermine Photo Gallery displayimage.php SQL Injection
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
PostEcards postcards.mdb Direct Request Database Disclosure
PunPortal Module for PunBB login.php pun_user[language] Parameter
Traversal Local File Inclusion
CF Shopkart index.cfm Category Parameter SQL Injection
Butterfly Organizer view.php Multiple Parameter SQL Injection
Webmaster Marketplace member.php u Parameter SQL Injection
phpAddEdit addedit-render.php editform Parameter Traversal Local File
Inclusion
CF_Calendar calendarevent.cfm calid Parameter SQL Injection
CF_Forum forummessages.cfm categorynbr Parameter SQL Injection
CFMBlog index.cfm categorynbr Parameter SQL Injection
Teamworx Server teamworx.mdb Direct Request Database Disclosure
Pro Chat Rooms profiles/index.php gud Parameter XSS
CF Shopkart databases/cfshopkart52.mdb Direct Request Database
Disclosure
Social Groupie group_index.php id Parameter SQL Injection
ASP-CMS index.asp cha Parameter SQL Injection
ASPired2Poll ASPired2poll.mdb Direct Request Database Disclosure
CVE-2008-5221
CVE-2008-5606
CVE-2008-5572
CVE-2008-5571
CVE-2008-5433
CVE-2008-5569
CVE-2008-5569
CVE-2008-5569
CVE-2008-5434
CVE-2008-5434
CVE-2008-5567
CVE-2008-5565
CVE-2008-5568
CVE-2008-5559
CVE-1999-0477
CVE-2008-5560
CVE-2008-5418
CVE-2008-5574
CVE-2008-5600
Xpoze home.html menu Parameter SQL Injection
Ad Management Software Java logon_process.jsp pass Parameter SQL
Injection
PunBB moderate.php Topic Subject XSS
CVE-2008-5435
ASPired2Protect ASPired2Protect.mdb Direct Request Database
Disclosure
CodeWidgets Alpha Tabbed Address Book index.asp alpha Parameter SQL
Injection
Affiliate Software Java logon_process.jsp pass Parameter SQL Injection
Banner Exchange Software Java logon_process.jsp pass Parameter SQL
Injection
RoundCube Webmail bin/html2text.php preg_replace Function Remote PHP
CVE-2008-5619
Code Execution
Injader feeds.php id Parameter SQL Injection
HTMPL htmpl_admin.cgi help Parameter Arbitrary Command Execution
Simple Text-File Login Script slogin_lib.inc.php slogin_path Parameter
CVE-2008-5763
Remote File Inclusion
GeekiGeeki geekigeeki.py Multiple Function Traversal Arbitrary File Access
RealtyListings type.asp iType Parameter SQL Injection
CVE-2008-5772
Pro Chat Rooms sendData.php avatar Parameter CSRF
ASP-DEv Internal E-Mail System login.asp Multiple Parameter SQL Injection
HomeBuilder type.asp iType Parameter SQL Injection
CVE-2008-5774
Free Links Directory Script redir.php id Parameter SQL Injection
Citrix Application Gateway Broadcast Server login.asp txtUID Parameter
SQL Injection
Blue Coat ProxySG Management Console /Secure/Local/console/install_
CVE-2007-5796
upload_from_file.htm file Parameter XSS
SlimCMS edit.php pageID Parameter SQL Injection
CVE-2008-5491
Domain Shop admin.php passfromform Parameter SQL Injection
CVE-2008-5488
TurnkeyForms Text Link Sales admin.php id Parameter XSS
CVE-2008-5487
Barracuda Multiple Products index.cgi Unspecified Parameter XSS
CVE-2008-0971
RealtyListings detail.asp iPro Parameter SQL Injection
CVE-2008-5772
Simple Text-File Login Script slog_users.txt Direct Request Credentials
CVE-2008-5762
Disclosure
Click&Rank admin_login.asp Multiple Parameter SQL Injection
ClickAndEmail admin_loginCheck.asp Multiple Parameter SQL Injection
Kerio MailServer WebMail mailCompose.php folder Parameter XSS
CVE-2008-5769
phplist admin/index.php cline[c] Parameter Remote File Inclusion
Free Links Directory Script lpro.php id Parameter SQL Injection
CVE-2008-5779
Free Links Directory Script report.php linkid Parameter SQL Injection
CVE-2008-5778
WorkSimple data/usr.txt Direct Request Credentials Disclosure
CVE-2008-5765
WorkSimple calendar.php lang Parameter Remote File Inclusion
CVE-2008-5764
Rapid Classified HotList Image admin_logon.asp Multiple Parameter SQL
Injection
HomeBuilder type2.asp iType Parameter SQL Injection
CVE-2008-5774
HomeBuilder detail.asp iPro Parameter SQL Injection
CVE-2008-5774
ASPPortal xportal.mdb Direct Request Database Disclosure
CVE-2008-5562
Netref fiche_product.php id Parameter SQL Injection
CVE-2008-5561
Netref presentation.php id Parameter SQL Injection
CVE-2008-5561
Nukedit dbsite.mdb Direct Request Database Disclosure
CVE-2008-5773
EvimGibi Pro Resim Galerisi resim.asp kat_id Parameter SQL Injection
FlatnuX CMS sections/05_Foto/photo.php foto Parameter XSS
CVE-2008-5761
gNews Publisher authors.asp authorID Parameter SQL Injection
CVE-2008-5767
Black Lily products.php class Parameter SQL Injection
Ucms search.cache.inc.php Multiple Backdoor Paswords
mini-pub mini-pub.php/front-end/img.php sFileName Parameter Remote File
CVE-2008-5581
Inclusion
Mediatheka connection.php user Parameter SQL Injection
mini-pub mini-pub.php/front-end/cat.php sFileName Parameter Traversal
Arbitrary File Access
sCssBoard admin/forums.php current_user[users_level] Parameter Admin
Authentication Bypass
Kerio MailServer WebMail calendarEdit.php daytime Parameter XSS
Kerio MailServer WebMail error413.php sent Parameter XSS
Pre Courier and Cargo Business dbcourior.mdb Direct Request Database
Disclosure
ADbNewsSender mailinglist/opt_in_out.php.inc Unspecified Parameter SQL
Injection
betaparticle blog Blog.mdb Direct Request Database Disclosure
ADbNewsSender mailinglist/confirmation.php.inc Unspecified Parameter
SQL Injection
ADbNewsSender mailinglist/renewal.php.inc Unspecified Parameter SQL
Injection
RSMScript submit.php quote XSS
RSMScript edit-submit.php quote XSS
Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
ClaSS scripts/export.php ftype Parameter Traversal Arbitrary File Access
Moodle filter/tex/texed.php pathname Parameter Remote Command
Execution
Rematic CMS referenzdetail.php id Parameter SQL Injection
Rematic CMS produkte.php id Parameter SQL Injection
Click&Rank hitcounter.asp id Parameter SQL Injection
Click&Rank user_update.asp id Parameter SQL Injection
Click&Rank user.asp action Parameter XSS
ClickAndEmail admin_dblayers.asp ID Parameter SQL Injection
ClickAndEmail admin_dblayers.asp tablename Parameter XSS
Songs Portal albums.php id Parameter SQL Injection
I-Rater Basic messages.php idp Parameter SQL Injection
Phpclanwebsite theme/superchrome/box.php boxname Parameter
Traversal Local File Inclusion
FIGIS FILogin.do Password Field SQL Injection
PHPKIT include.php path Parameter Remote File Inclusion
Xhresim Module for XOOPS index.php no Parameter SQL Injection
Active Price Comparison links.asp linkid Parameter SQL Injection
ParsBlogger blog.asp wr Parameter SQL Injection
Wordpress p Parameter SQL Injection
ASP AutoDealer auto.mdb Direct Request Database Disclosure
ASP Portal classifieds.asp ItemID Parameter SQL Injection
ASP Portal Events.asp ID Parameter SQL Injection
ASPTicker news.mdb Direct Request Database Disclosure
Natterchat natterchat112.mdb Direct Request Database Disclosure
Cold BBS db/cforum.mdb Direct Request Database Disclosure
Product Sale Framework customer.forumtopic.php forum_topic_id
Parameter SQL Injection
Kayako SupportSuite Multiple Script PHP_SELF Parameter XSS
RankEm rankup.asp siteID Parameter SQL Injection
lcxBBportal portal/includes/portal_block.php phpbb_root_path Parameter
Remote File Inclusion
lcxBBportal includes/acp/acp_lcxbbportal.php phpbb_root_path Parameter
Remote File Inclusion
KafooeyBlog lib/image_upload.php File Upload Arbitrary PHP Code
Execution
Phpclanwebsite pcw/processforms.php form_id Parameter SQL Injection
Phpclanwebsite pcw/setlogin.php pcwlogin Parameter SQL Injection
Phpclanwebsite pcw/downloads.php Multiple Parameter SQL Injection
Pre Classified Listings ASP pclasp.mdb Direct Request Database
Disclosure
CVE-2008-5579
CVE-2008-5576
CVE-2008-5769
CVE-2008-5760
CVE-2008-2380
CVE-2008-5856
CVE-2008-5665
CVE-2008-5637
CVE-2008-5608
CVE-2008-5605
CVE-2008-5605
CVE-2008-5603
CVE-2008-5602
CVE-2008-5597
CVE-2008-5590
CVE-2008-5588
CVE-2008-5585
CVE-2008-5585
CVE-2008-5732
Pre E-Learning Portal db_elearning.mdb Direct Request Database
Disclosure
Pre Resume Submitter onlineresume.mdb Direct Request Database
Disclosure
K&S Shop admin/editor/images.php File Upload Arbitrary PHP Code
Execution
FreeLyrics source.php p Parameter Traversal Arbitrary File Access
CVE-2008-5861
Extract Website download.php filename Parameter Traversal Arbitrary File
Access
Emefa Guestbook guestbook.mdb Direct Request Database Disclosure
CVE-2008-5852
WebcamXP Unspecified URL-encoded Traversal Arbitrary File Access
CVE-2008-5862
GeSHi geshi.php set_language_path Function Unspecified Remote File
CVE-2008-5186
Inclusion
myPHPscripts Login Session login.php Multiple Parameter XSS
CVE-2008-5854
myPHPscripts Login Session users.txt Direct Request Database Disclosure CVE-2008-5855
Constructr CMS template.php edit_page Parameter Traversal Local File
CVE-2008-5860
Access
WordPress Page Flip Image Gallery Plugin books/getConfig.php book_id
CVE-2008-5752
Parameter Arbitrary File Access
Text Lines Rearrange Script download.php filename Parameter Traversal
Arbitrary File Access
Pligg evb/check_url.php url Parameter SQL Injection
CVE-2008-5739
OneOrZero Helpdesk tinfo.php send_email Parameter Arbitrary File Upload
Cognos Powerplay WE /ppwb/Temp/ Remote Information Disclosure
Cognos Powerplay WE ppdscgi.exe Information Disclosure
Coppermine Photo Gallery init.inc.php favs Parameter SQL Injection
CVE-2005-1225
Coppermine Photo Gallery zipdownload.php favs Parameter SQL Injection CVE-2005-1225
Barracuda Spam Firewall Account View Page index.cgi pattern_x Parameter
CVE-2008-1094
SQL Injection
Online Keyword Research Tool download.php filename Parameter Traversal
Arbitrary File Access
Iltaweb Alisveris Sistemi urunler.asp catno Parameter SQL Injection
CVE-2008-5707
REDPEACH CMS page.php zv Parameter SQL Injection
Joomla! includes/ Multiple Script Direct Request Path Disclosure
SiteX CMS FCKEditor upload.php Arbitrary File Upload
phpCollab installation/setup.php URI Parameter Arbitrary PHP Code
CVE-2008-4305
Injection
Sandbox lib/jpgraph/jpgraph_errhandler.inc.php Unspecified Parameter
CVE-2008-5694
Remote File Inclusion
phpEmployment auth.php File Upload Arbitrary PHP Code Execution
BloofoxCMS plugins/spaw2/dialogs/dialog.php Multiple Parameter Traversal
CVE-2008-5748
Local File Inclusion
w3-msql URI Error Page XSS
OneCMS a_login.php usernameb Parameter SQL Injection
Garment Center index.cgi page Parameter Traversal Arbitrary File Access
AIST NetCat password_recovery.php Query String SQL Injection
CVE-2008-5727
PHPKIT upload_files/include.php Multiple Action CSRF
Archimede Net 2000 E-Guest_show.php display Parameter SQL Injection
F5 BIG-IP Web Management Console tmui/Control/form CSRF
BT Home Hub Router cgi/b/_voip_/stats/ Arbitrary Call CSRF
aliboard usercp.php Arbitrary File Upload Code Execution
MWP Blog System for PHP-Fusion blog.php id Parameter SQL Injection
ForumApp 8690.mdb Direct Request Database Disclosure
Perl Nopaste index.pl language Parameter XSS
ForumApp 8690BAK.mdb Direct Request Database Disclosure
eDNews eDNews_archive.php lg Parameter Traversal Local File Inclusion CVE-2008-5819
webClassifieds index.php Multiple Parameter SQL Injection
CVE-2008-5817
DeluxeBB pm.php delete* Parameter SQL Injection
PHPEcho CMS smarty/Smarty.class.php smarty_compile_path Parameter
Remote File Inclusion
Pigyard Art Gallery module.php Multiple Parameter SQL Injection
roportaj Module for PHP-Nuke modules.php secid Parameter SQL Injection
My_eGallery Module for PHP-Nuke modules.php gid Parameter SQL
Injection
eDNews eDNews_view.php newsid SQL Injection
TI Blog System Mod for PHP-Fusion blog.php id Parameter SQL Injection
OpenEdit DAM archive/savedqueries/savequeryfinish.html name Parameter
XSS
stormBoards thread.php id Parameter SQL Injection
OpenEdit data/views/index.html catalogid Parameter XSS
ViArt Shop cart_save.php cart_name Parameter CSRF
FlexPHPSite admin/index.php Multiple Parameter SQL Injection
Sepcity Faculty Portal deptdisplay.asp ID Parameter SQL Injection
Sepcity Classified Ads classdis.asp ID Parameter SQL Injection
Sepcity Shopping Mall shpdetails.asp ID Parameter SQL Injection
ThePortal2 galeria.php Unrestricted File Upload Arbitrary PHP Code
Execution
PHP-Fusion submit.php submit_info[] Parameter SQL Injection
XP Book entry.php Name Field XSS
eGallery Module for PHP-Nuke modules.php pid Parameter SQL Injection
AIST NetCat modules/auth/index.php redirect Parameter Arbitrary Site
Redirect
AIST NetCat modules/linkmanager/redirect.php url Parameter Arbitrary Site
Redirect
AIST NetCat add.php Unspecified CRLF Injection
AIST NetCat FCKeditor/neditor.php Multiple Parameter XSS
AIST NetCat admin/siteinfo/iframe.inc.php path Parameter XSS
AIST NetCat modules/netshop/post.php system Parameter Traversal Local
File Inclusion
AIST NetCat auth.inc.php INCLUDE_FOLDER Parameter Traversal Local
File Inclusion
AIST NetCat banner.inc.php INCLUDE_FOLDER Parameter Traversal
Local File Inclusion
AIST NetCat blog.inc.php INCLUDE_FOLDER Parameter Traversal Local
File Inclusion
AIST NetCat forum.inc.php INCLUDE_FOLDER Parameter Traversal Local
File Inclusion
PHP-Fusion messages.php Unspecified Parameter XSS
OneCMS staff.php user Parameter SQL Injection
OneCMS a_upload.php Multiple Extension Arbitrary File Upload
K's CGI Access Log Kaiseki analysis.cgi XSS
Mantis core/string_api.php Modified Issue Number Remote Information
Disclosure
SFS EZ Pub Site directory.php cat Variable SQL Injection
SFS EZ Career content.php topic Variable SQL Injection
SFS EZ Top Sites topsite.php ts Variable SQL Injection
SFS EZ Hot or Not viewcomments.php phid Variable SQL Injection
SFS EZ Webring category.php cat Variable SQL Injection
SFS EZ Auction viewfaqs.php cat Variable SQL Injection
SFS EZ Hotscripts-like Site showcategory.php cid Variable SQL Injection
SFS EZ Gaming Cheats view_reviews.php id Variable SQL Injection
MyGallery gallery.inc.php mghash Variable XSS
SignMe signme.inc.php hash Variable XSS
Article Publisher Pro contact_author.php userid Variable SQL Injection
YourFreeWorld Reminder Service Script tr.php id Variable SQL Injection
Cacti copy_cacti_user.php template_user Variable SQL Injection
SFS EZ BIZ PRO directory.php id Variable SQL Injection
CVE-2008-5820
CVE-2008-5733
CVE-2008-5726
CVE-2008-5742
CVE-2008-5742
CVE-2008-5730
CVE-2008-5729
CVE-2008-5729
CVE-2008-5728
CVE-2008-5728
CVE-2008-5728
CVE-2008-5728
CVE-2008-5728
CVE-2008-4663
CVE-2008-4688
CVE-2008-4892
CVE-2008-4891
CVE-2008-4902
CVE-CVE-2008-4881
SFS EZ e-store SearchResults.php where Variable SQL Injection
Logz CMS fichiers/add_url.php art Variable SQL Injection
Chipmunk CMS board/admin/reguser.php POST Request Handling Admin
Authentication Bypass
YourFreeWorld Shopping Cart Script index.php c Variable SQL Injection
Tribiq CMS header.inc.php template_path Variable Traversal Local File
Inclusion
SFS EZ Links Directory directory.php cat_id Variable SQL Injection
Flash Tree Gallery Component for Joomla! admin.treeg.php mosConfig_
live_site Variable Remote File Inclusion
Tribiq CMS header.inc.php template_path Variable XSS
Logz CMS fichiers/add_url.php art Variable XSS
Article Publisher Pro admin/admin.php username Variable SQL Injection
Comersus /comersus/database/comersus.mdb Direct Request Database
Disclosure
Fantastico De Luxe Module for cPanel
autoinstall4imagesgalleryupgrade.php Multiple Variable XSS
Simple PHP Scripts Blog complete.php id Variable XSS
Comersus BackOffice comersus_backoffice_menu.asp Multiple Variable
SQL Injection
VirtueMart Google Base Component for Joomla! admin.googlebase.php
mosConfig_absolute_path Variable Remote File Inclusion
Simple Document Management System (SDMS) login.php Multiple Variable
SQL Injection
Way Of The Warrior visualizza.php plancia Variable Traversal Local File
Inclusion
ToursManager cityview.php cityid Variable SQL Injection
Maran PHP Shop prod.php cat Variable SQL Injection
Maran PHP Shop prodshow.php id Variable SQL Injection
U-Mail Webmail edit.php Multiple Variable Arbitrary Remote File Overwrite
1st News products.php id Variable SQL Injection
nicLOR Sito Includefile includefile.php page_file Variable Traversal Local
File Inclusion
LokiCMS admin.php delete Variable Traversal Arbitrary File Deletion
RS MAXSOFT fotogalerie Module popup_img.php fotoID Variable SQL
Injection
DHCart order.php Multiple Variable XSS
SFS EZ Hotscripts-like Site software-description.php id Variable SQL
Injection
Way Of The Warrior crea.php plancia Variable Remote File Inclusion
SFS EZ Adult Directory directory.php cat_id Variable SQL Injection
SFS EZ Hosting Directory directory.php cat_id Variable SQL Injection
SFS EZ Home Business Directory directory.php cat_id Variable SQL
Injection
SFS EZ Gaming Directory directory.php cat_id Variable SQL Injection
SFS EZ Affiliate directory.php cat_id Variable SQL Injection
Istant-Replay read.php data Variable Remote File Inclusion
PHPX includes/news.inc.php news_id Variable SQL Injection
Dada Mail Manager Component for Joomla! config.dadamail.php
mosConfig_absolute_path Variable Remote File Inclusion
PHP Auto Listings moreinfo.php itemno Variable SQL Injection
Pre Podcast Portal tour.php id Variable SQL Injection
Horde Turba Contact Manager H3 imp/test.php IMAP Session User Field
XSS
YourFreeWorld Blog Blaster Script tr.php id Variable SQL Injection
YourFreeWorld Autoresponder Hosting Script tr.php id Variable SQL
Injection
YourFreeWorld Classifieds Hosting Script tr.php id Variable SQL Injection
YourFreeWorld Scrolling Text Ads Script tr1.php id Variable SQL Injection
CVE-2008-4897
CVE-2008-4921
CVE-2008-4894
CVE-2008-4893
CVE-2008-4896
CVE-2008-4901
CVE-2008-4802
CVE-2008-4879
CVE-2008-4880
CVE-2008-4932
CVE-2008-4890
CVE-2008-4913
CVE-2008-4912
CVE-2008-4911
CVE-2008-5000
CVE-2008-4182
CVE-CVE-2008-4883
CVE-CVE-2008-4882
CVE-CVE-2008-4884
CVE-CVE-2008-4885
YourFreeWorld Downline Builder tr.php id Variable SQL Injection
CVE-CVE-2008-4895
YourFreeWorld Classifieds Blaster tr.php id Variable SQL Injection
CVE-CVE-2008-4900
hMailServer PHPWebAdmin initialize.php hmail_config[includepath]
Variable Remote File Inclusion
PHP Classifieds login.php admin_username Variable SQL Injection
Pre Simple CMS siteadmin/loginsucess.php user Variable SQL Injection
CVE-2008-5058
Openfire AuthCheck Filter URL Traversal Admin Authentication Bypass
E-topbiz Number Links 1 admin/admin_catalog.php id Variable SQL
Injection
E-topbiz Online Store 1 admin/login.php user Variable SQL Injection
MyioSoft Ajax Portal ajaxp.php username Variable SQL Injection
MyioSoft EasyBookMarker bookmarker_backend.php Parent Variable SQL
Injection
x10 Automatic MP3 Script download.php url Variable Arbitrary File Access
Mini Web Calendar php/cal_default.php URL Variable XSS
CVE-2008-5061
Arab Portal mod.php file Variable Traversal Arbitrary File Access
TYPO3 phpMyAdmin Extension pmd_pdf.php db Variable XSS
CVE-2008-4775
Mole Group Rental Script admin/index.php username Variable SQL Injection CVE-2008-5047
Mole Group Airline Ticket Sale Script info.php flight Variable SQL Injection
Mole Group Taxi Google API Script login.php user name Variable SQL
Injection
Enthusiast show_joined.php path Variable Remote File Inclusion
Nagios cmd.cgi Commit Button CSRF
TurnkeyForms Local Classifieds listtest.php r Variable SQL Injection
Mini Web Calendar php/cal_pdf.php thefile Variable Local Arbitrary File
CVE-2008-5062
Access
DevelopItEasy Events Calendar calendar_details.php id Variable SQL
Injection
DevelopItEasy News And Article System article_details.php aid Variable
CVE-2008-5131
SQL Injection
DevelopItEasy Membership System customer_login.php Multiple Variable
CVE-2008-5054
SQL Injection
Bloggie Lite genscode.php Crafted Cookie Handling SQL Injection
CVE-2008-5004
Shahrood ndetail.php id Variable SQL Injection
CVE-2008-5003
MyioSoft EasyBookMarker ajaxp.php username Variable SQL Injection
MyioSoft EasyCalendar ajaxp.php username Variable SQL Injection
Simple PHP Guestbook Script act.php message Variable PHP Code
Execution
PhotoVideoTube admin/home.php Direct Request Admin Authentication
CVE-2008-5042
Bypass
Shaadi Clone admin/home.php Direct Request Admin Authentication
Bypass
WOW Raid Manager auth_phpbb3.php phpBB3 Bridge Authentication
Bypass
Dizi Film Portal film.asp film Variable SQL Injection
CVE-2008-5057
PHP Shop login.php admin_username Variable SQL Injection
WEBBDOMAIN WebShop detail.php id Variable SQL Injection
WEBBDOMAIN Post Card choosecard.php catid Variable SQL Injection
WEBBDOMAIN WebShop detail.php name Variable XSS
Bugzilla quips.cgi Unspecified Crafted Variable Security Bypass
DevelopItEasy Photo Gallery cat_id gallery_category.php Variable SQL
Injection
TurnkeyForms Software Directory showcategory.php cid Variable SQL
Injection
TurnkeyForms Business Survey Pro survey_results_text.php id Variable
SQL Injection
TestLink projectview.tpl Testcaseprefixes XSS
EC-CUBE html/products/detail_image.php image Variable SQL Injection
CVE-2008-4991
TurnkeyForms Software Directory signinform.php msg Variable XSS
DevelopItEasy Events Calendar admin/index.php Multiple Variable SQL
Injection
buymyscripts.net Clickbank Portal search.php keyword Variable XSS
CVE-CVE-2008-4670
DevelopItEasy News And Article System admin/index.php Multiple Variable CVE-2008-5131
SQL Injection
DevelopItEasy Membership System admin/index.php Multiple Variable SQL
CVE-2008-5054
Injection
buymyscripts.net Recipe Website Script search.php keyword XSS
CVE-CVE-2008-4669
buymyscripts.net Lyrics Script search_results.php k Variable XSS
CVE-CVE-2008-4672
MemHT Portal files/pages/articles/path.php title Variable SQL Injection
PozScripts Business Directory Script showcategory.php cid Variable SQL
Injection
DevelopItEasy Photo Gallery gallery_photo.php photo_id Variable SQL
Injection
DevelopItEasy Photo Gallery admin/index.php Multiple Variable SQL
Injection
ModernBill include/scripts/export_batch.inc.php DIR Variable Remote File
CVE-2008-5060
Inclusion
ModernBill include/scripts/run_auto_suspend.cron.php DIR Variable
CVE-2008-5060
Remote File Inclusion
ModernBill include/scripts/send_email_cache.php DIR Variable Remote File
CVE-2008-5060
Inclusion
ModernBill include/misc/mod_2checkout/2checkout_return.inc.php DIR
CVE-2008-5060
Variable Remote File Inclusion
ModernBill include/html/nettools.popup.php DIR Variable Remote File
CVE-2008-5060
Inclusion
WEBBDOMAIN Post Card admin/admin.php username Variable SQL
Injection
AlstraSoft Article Manager Pro admin/admin.php username Variable SQL
Injection
AlstraSoft SendIt Pro submit_file.php Unrestricted File Upload Arbitrary PHP
Code Execution
TurnkeyForms Web Hosting Directory admin/backup/db Direct Request
Database Disclosure
Fresh Email Script register.php Email Variable XSS
Small ShoutBox Module for phpBB shoutbox_view.php id Variable SQL
Injection
OTManager CMS Admin/ADM_Pagina.php Tipo Variable Remote File
CVE-2008-5063
Inclusion
Pi3Web ISAPI Directory File Request Remote DoS
ElkaGroup Image Gallery view.php cid Variable SQL Injection
CVE-2008-5037
ThemeSiteScript upload/admin/frontpage_right.php loadadminpage Variable
CVE-2008-5066
Remote File Inclusion
Simple RSS Reader Component for Joomla! admin.rssreader.php
CVE-2008-5053
mosConfig_live_site Variable Remote File Inclusion
League Module for PHP-Nuke modules.php tid Variable XSS
CVE-2008-5039
FloSites Blog index.php Multiple Variable SQL Injection
PHPStore Wholesales track.php id Variable SQL Injection
TurnkeyForms Text Link Sales admin.php Direct Request Admin
Authentication Bypass
TurnkeyForms Text Link Sales admin.php id Variable SQL Injection
BoutikOne CMS search.php search_query Variable XSS
CVE-2008-5126
fuzzylime (cms) comssrss.php files[] Variable Traversal Local File Inclusion
PromoteWeb MySQL go.php id Variable SQL Injection
CVE-2008-5069
PHPKB Knowledge Base email.php ID Variable SQL Injection
CVE-2008-5088
PHPKB Knowledge Base question.php ID Variable SQL Injection
CVE-2008-5088
vBulletin admincp/admincalendar.php holidayinfo[recurring] Variable SQL
Injection
Yoxel itpm_estimate.php proj_id Variable Arbitrary PHP Code Execution
CVE-2008-5071
Jadu Galaxies scripts/documents.php categoryID Variable SQL Injection
vBulletin admincp/verify.php answer Variable SQL Injection
Pluck data/inc/lib/pcltar.lib.php g_pcltar_lib_dir Variable Traversal Local File
Inclusion
phpFan includes/init.php includepath Variable Remote File Inclusion
VideoScript admin/cp.php Direct Request Admin Password Manipulation
CVE-2008-5219
SaturnCMS lib/url/meta_url.php Query String SQL Injection
E-topbiz AdManager view.php group Variable SQL Injection
Simple Customer login.php Multiple Variable SQL Injection
Openasp default.asp idpage Variable SQL Injection
mxCamArchive admin/admin.php description Variable Arbitrary PHP Code
Execution
Camera Life Image Upload Component images/photos/upload Unrestricted
CVE-2008-4366
File Upload Arbitrary Code Execution
ViewVC lib/viewvc.py HTTP Content-Type Header content-type Variable
CVE-2008-4325
Object Handling Weakness
MemHT Portal inc/ajax/ajax_rating.php X-Forwarded-For HTTP Header SQL
CVE-2008-5132
Injection
DXShopCart search.php keyword Variable XSS
CVE-2008-5119
SaturnCMS lib/user/t_user.php username Variable SQL Injection
KimsON _xml/bbs.track.php Query String XSS
vBulletin admincp/attachmentpermission.php extension Variable SQL
Injection
Free Directory Script init.php API_HOME_DIR Variable Remote File
Inclusion
E-Uploader Pro img.php id Variable SQL Injection
CVE-2008-5075
E-Uploader Pro file.php id Variable SQL Injection
CVE-2008-5075
E-Uploader Pro mail.php id Variable SQL Injection
CVE-2008-5075
E-Uploader Pro thumb.php id Variable SQL Injection
CVE-2008-5075
E-Uploader Pro zip.php id Variable SQL Injection
CVE-2008-5075
E-Uploader Pro zipit.php id Variable SQL Injection
CVE-2008-5075
E-Uploader Pro browser.php view Variable SQL Injection
CVE-2008-5075
EC-CUBE LC_Page_Products_DetailImage.php image Variable SQL
CVE-2008-4991
Injection
ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure
CVE-2003-1469
ClipShare channel_detail.php chid Variable SQL Injection
MauryCMS Rss.php c Variable SQL Injection
refbase show.php headerMsg Variable XSS
refbase search.php headerMsg Variable XSS
Pre ASP Job Board Employee/login.asp Multiple Variable SQL Injection
phpBLASTER CMS admin/minibb/index.php Multiple Variable Traversal
CVE-2008-5171
Local File Inclusion
The Rat CMS viewarticle.php Multiple Variable XSS
CVE-2008-5164
The Rat CMS viewarticle2.php id Variable XSS
CVE-2008-5164
The Rat CMS viewarticle.php id Variable SQL Injection
CVE-2008-5163
The Rat CMS viewarticle2.php id Variable SQL Injection
CVE-2008-5163
Adobe Dreamweaver _notes/dwsync.xml Remote Information Disclosure
Easyedit CMS subcategory.php intSubCategoryID Variable SQL Injection
Softbiz Classifieds Script signinform.php msg Variable XSS
Easyedit CMS page.php intPageID Variable SQL Injection
Easyedit CMS news.php intPageID Variable SQL Injection
Nukedit utilities/login.asp email Parameter SQL Injection
PHP-Fusion messages.php Multiple Parameter SQL Injection
CVE-2008-5335
Ez Ringtone Manager main.php id Parameter Traversal Arbitrary File
Access
Goople CMS win/content/upload.php loggedin Cookie Authentication
Bypass
Simple Forum Module for LoveCMS modules/simpleforum/admin/index.php
CVE-2008-5308
Direct Request Admin Authentication Bypass
PG Job Site Pro homepage.php poll_view_id Variable SQL Injection
Vlog System blog.php note Variable SQL Injection
PG Real Estate Solution admin/index.php login_lg Parameter SQL Injection
Prozilla Hosting Index directory.php id Parameter SQL Injection
MODx CMS assets/snippets/reflect/snippet.reflect.php reflect_base
Parameter Remote File Inclusion
Jonascms backup.php taal Parameter Traversal Local File Inclusion
Jonascms gb_voegtoe.php taal Parameter Traversal Local File Inclusion
MosXML modules/mod_mainmenu.php mosConfig_absolute_path
Parameter Remote File Inclusion
wellyblog edit.php articleid Parameter XSS
OTManager CMS index.php conteudo Parameter XSS
OTManager CMS index.php conteudo Parameter Traversal Local File
Inclusion
PG Roomate Finder Solution admin/index.php login_lg Parameter SQL
Injection
Q-Shop users.asp Multiple Variable SQL Injection
COMS dynamic.php q Variable XSS
IdeaBox include.php gorumDir Parameter Remote File Inclusion
Acmlmboard memberlist.php pow Parameter SQL Injection
PHP-Fusion classifieds.php lid Parameter SQL Injection
Kroax Module for PHP-Fusion kroax.php category Parameter SQL Injection
ZoGo-Shop Plugin for e107 product_details.php product Variable SQL
Injection
SebracCMS cms/form/read.php recid Parameter SQL Injection
SebracCMS cms/index.php uname Parameter SQL Injection
ClanLite service/profil.php link Parameter SQL Injection
ClanLite service/calendrier.php annee Parameter XSS
PhpBlock script/tick/script/init/createallimagecache.php PATH_TO_CODE
Parameter Remote File Inclusion
PhpBlock script/tick/allincludefortick.php PATH_TO_CODE Parameter
Remote File Inclusion
PhpBlock script/tick/test.php PATH_TO_CODE Parameter Remote File
Inclusion
PhpBlock modules/dungeon/tick/allincludefortick.php PATH_TO_CODE
Parameter Remote File Inclusion
PowerAward external_vote.php l_vote_done Parameter XSS
PowerAward agb.php lang Parameter Traversal Local File Inclusion
PowerAward angemeldet.php lang Parameter Traversal Local File Inclusion
PowerAward anmelden.php lang Parameter Traversal Local File Inclusion
PowerAward charts.php lang Parameter Traversal Local File Inclusion
PowerAward external_vote.php lang Parameter Traversal Local File
Inclusion
PowerAward guestbook.php lang Parameter Traversal Local File Inclusion
PowerAward impressum.php lang Parameter Traversal Local File Inclusion
PowerAward rss-reader.php lang Parameter Traversal Local File Inclusion
PowerAward statistic.php lang Parameter Traversal Local File Inclusion
PowerAward teilnehmer.php lang Parameter Traversal Local File Inclusion
PowerAward topsites.php lang Parameter Traversal Local File Inclusion
PowerAward votecode.php lang Parameter Traversal Local File Inclusion
PowerAward voting.php lang Parameter Traversal Local File Inclusion
PowerAward winner.php lang Parameter Traversal Local File Inclusion
Clean CMS full_text.php id Parameter XSS
Q-Shop search.asp srkeys Variable XSS
Clean CMS full_text.php id Parameter SQL Injection
Video Girls BiZ view_snaps.php type Parameter SQL Injection
fuzzylime (cms) code/track.php p Parameter Traversal Local File Inclusion
WordPress wp-includes/feed.php self_link() Function Host Header RSS
Feed XSS
CVE-2008-5306
CVE-2008-5207
CVE-2008-5207
CVE-2008-5206
CVE-2008-5205
CVE-2008-5202
CVE-2008-5201
CVE-2008-5307
CVE-2008-5199
CVE-2008-5198
CVE-2008-5197
CVE-2008-5196
CVE-2008-5195
CVE-2008-5195
CVE-2008-5215
CVE-2008-5214
CVE-2008-5210
CVE-2008-5210
CVE-2008-5210
CVE-2008-5210
CVE-2008-5203
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5204
CVE-2008-5290
CVE-2008-5289
CVE-2008-5292
CVE-2008-5291
CVE-2008-5278
FAQ Manager include/header.php config_path Parameter Traversal Local
CVE-2008-5288
File Inclusion
Crossday Discuz! Board wap/index.php creditsformula Parameter Arbitrary
PHP Code Execution
Car Portal image.php id Parameter SQL Injection
CVE-2008-5310
HeXHub /report Macro XSS
FAQ Manager catagorie.php cat_id Parameter SQL Injection
CVE-2008-5287
Pligg user.php keyword Parameter XSS
Pligg trackback.php tb_url Parameter File Enumeration
Pligg settemplate.php template Parameter Local File Inclusion
Pligg vote.php id Parameter SQL Injection
Pligg trackback.php id Parameter SQL Injection
Pligg submit.php Unspecified SQL Injection
Pligg story.php requestTitle Parameter SQL Injection
Pligg recommend.php Multiple Parameter SQL Injection
Pligg cloud.php categoryID Parameter SQL Injection
Pligg out.php title Parameter SQL Injection
Pligg login.php username Parameter SQL Injection
Pligg cvote.php id Parameter SQL Injection
Pligg edit.php commentid Parameter SQL Injection
Star Articles article.list.php subcatid Parameter SQL Injection
HeXHub /report Macro CSRF
Post Affiliate Pro index.php umprof_status Parameter SQL Injection
Chipmunk Guestbook index.php start Parameter SQL Injection
CMS Ortus engine/users/users_edit_pub.inc city Parameter SQL Injection
RakhiSoftware Shopping Cart product.php Multiple Parameter SQL Injection
Ocean12 Contact Manager Pro default.asp Sort Parameter SQL Injection
Ocean12 Membership Manager Pro login.asp Multiple Parameter SQL
Injection
Goople CMS gooplecms/admin/account/action/editpass.php Multiple
Parameter Arbitrary PHP Code Execution
TestLink planEdit.php Multiple Parameter XSS
Ocean12 Contact Manager Pro default.asp DisplayFormat Parameter XSS
Oempro /member/settings_account.php Cleartext Password Disclosure
CVE-2008-3059
Oempro /client/campaign_track.php FormValue_SearchKeywords
CVE-2008-3058
Parameter SQL Injection
Chipmunk Guestbook index.php start Parameter XSS
Star Articles article.print.php artid Parameter SQL Injection
Star Articles article.comments.php artid Parameter SQL Injection
Star Articles article.publisher.php artid Parameter SQL Injection
Star Articles article.download.php artid Parameter SQL Injection
Star Articles user.modify.profile.php Multiple Extension Unrestricted File
Upload
Adult Banner Exchange Website click.php targetid Variable SQL Injection
PHP iCalendar admin/index.php Arbitrary File Upload
ZEELYRICS bannerclick.php adid Variable SQL Injection
CVE-2008-4717
A4Desk PHP Event Calendar index.php v Variable Remote File Inclusion
ASPapp Knowledge Base content_by_cat.asp catid Variable SQL Injection
Pritlog index.php filename Variable Traversal Remote File Access
LanSuite LanParty Intranet System upload.php Arbitrary PHP Code
Execution
BookMarks Favourites Script view_group.php id Variable SQL Injection
Siteman search.php Unspecified Variable XSS
CVE-2008-4365
ParsaWeb CMS default.aspx Multiple Variable SQL Injection
CVE-2008-4364
PowerPortal URI path Variable Traversal Arbitrary File Access
CVE-2008-4361
pLink linkto.php id Variable SQL Injection
CVE-2008-4357
Linkarity link.php cat_id Variable SQL Injection
CVE-2008-4353
phpSmartCom index.php uid Variable SQL Injection
CVE-2008-4352
phpSmartCom index.php p Variable Traversal Local File Inclusion
vbLOGIX Tutorial Script main.php cat_id Variable SQL Injection
Powie pNews newskom.php newsid Variable SQL Injection
6rbScript cat.php CatID Variable SQL Injection
Atomic Photo Album (APA) album.php apa_album_ID Variable XSS
Atomic Photo Album (APA) album.php apa_album_ID Variable SQL
Injection
PHP infoBoard showtopic.php idcat Variable SQL Injection
openEngine cms/system/openengine.php oe_classpath Variable Remote
File Inclusion
Blosxom blosxom.cgi flav Variable XSS
OpenNMS surveillanceView.htm viewName Variable XSS
Link Trader Script ratelink.php linkid Variable SQL Injection
Celoxis user.do ni.smessage Variable XSS
Hotel Reservation System (HRS) city.asp city Variable SQL Injection
MySQL Quick Admin actions.php lang Variable Traversal Local File
Inclusion
CzarNews cn_users.php recook Cookie SQL Injection
Dolphin config.php rel_path Variable Remote File Inclusion
Dolphin info.php Direct Request Information Disclosure
AutoNessus bulk_update.pl remark Variable XSS
WebBiscuits Multiple Products common/theme/default/header_setup.php
Multiple Variable Remote File Inclusion
phpScheduleIt PHP reserve.php start_date Variable eval() Arbitrary Code
Injection
XAMPP adodb.php Multiple Variable XSS
OpenX ac.php bannerid Variable SQL Injection
MediaWiki LocalSettings.php wgGroupPermissions Variable Manipulation
Restriction Manipulation
V-webmail login.php username Field SQL Injection
V-webmail redirect.php to Variable Arbitrary Site Redirect
GreenSQL Firewall (greensql-fw) subselect SQL Injection Filter Bypass
JMweb MP3 Music Audio Search and Download Script listen.php src
Variable Traversal Local File Inclusion
JMweb MP3 Music Audio Search and Download Script download.php src
Variable Traversal Local File Inclusion
PHP-Fusion Recepies Module recept.php kat_id Variable SQL Injection
Kontiki Delivery Management System zodiac/servlet/zodiac action Variable
XSS
Fastpublish CMS index2.php sprache Variable SQL Injection
AdaptCMS includes/check_user.php user_name Variable SQL Injection
Wp Downloads Manager Module for Wordpress upload.php upfile Variable
Arbitrary File Upload/Execution
I-Tech Share Zone view_news.php id Variable SQL Injection
I-Tech Toner Cart show_series_ink.php id Variable SQL Injection
I-Tech DVD Zone view_mags.php cat_id Variable SQL Injection
I-Tech Visa Zone view_news.php news_id Variable SQL Injection
Datafeed Studio admin/bin/patch.php INSTALL_FOLDER Variable Remote
File Inclusion
bBlog bblog_plugins/builtin.help.php mod Variable SQL Injection
Mambo includes/core.classes.php Unspecified Local File Inclusion
RMSOFT Downloads Plus (rmdp) Module for XOOPS search.php key
Variable XSS
RMSOFT Downloads Plus (rmdp) Module for XOOPS down.php id Variable
XSS
RMSOFT MiniShop Module for XOOPS search.php itemsxpag Variable
SQL Injection
RMSOFT MiniShop Module for XOOPS search.php itemsxpag Variable
XSS
CVE-2008-4351
CVE-2008-4350
CVE-2008-4347
CVE-2008-4344
CVE-2008-4336
CVE-2008-4335
CVE-2008-4332
CVE-2008-4329
CVE-2008-2236
CVE-2008-4204
CVE-2008-4454
CVE-2008-4203
CVE-2008-4206
CVE-2008-4207
CVE-2008-4520
CVE-2008-4673
CVE-2008-4450
CVE-2008-3063
CVE-2008-3061
CVE-2008-4522
CVE-2008-4522
CVE-2008-4527
CVE-2008-4393
CVE-2008-4518
CVE-2008-4524
CVE-2008-3362
CVE-2008-4468
CVE-2008-4467
CVE-2008-4465
CVE-2008-4462
CVE-2008-4439
CVE-2008-4436
CVE-2008-4435
CVE-2008-4435
CVE-2008-4433
CVE-2008-4432
H-Sphere WebShell actions.php Multiple Variable XSS
CVE-2008-4447
H-Sphere WebShell actions.php Multiple Variable CSRF
CVE-2008-4448
Observer whois.php query Variable Arbitrary Shell Command Execution
CVE-2008-4318
Observer netcmd.php query Variable Arbitrary Shell Command Execution CVE-2008-4318
WebBiscuits FAQ Support wce.download.php download Variable Traversal
Arbitrary File Access
MyBlog add.php Cookie Manipulation Admin Authentication Bypass
CVE-2008-4341
Hot Links SQL-PHP report.php id Variable SQL Injection
CVE-2008-4378
Hot Links SQL-PHP report.php id Variable XSS
CVE-2008-4379
AdMan advertiser/editCampaign.php campaignId Variable SQL Injection
TorrentTrader Classic completed-advance.php id Vairable SQL Injection
CVE-2008-4494
PHP Autos searchresults.php catid Variable SQL Injection
CVE-2008-4498
PHP Realtor view_cat.php v_cat Variable SQL Injection
CVE-2008-4496
PHP Auto Dealer view_cat.php v_cat Variable SQL Injection
CVE-2008-4495
Atarone CMS ap-save.php Multiple Variable SQL Injection
CVE-2008-4487
phpAbook config.inc.php userInfo Cookie Traversal Local File Inclusion
CVE-2008-4490
Built2Go Real Estate Listings event_detail.php event_id Variable SQL
CVE-2008-4497
Injection
PHP Web Explorer main.php refer Variable Traversal Local File Inclusion
CVE-2008-4499
PHP Web Explorer edit.php file Variable Traversal Local File Inclusion
CVE-2008-4499
DataFeedFile (DFF) PHP Framework API DFF_affiliate_client_API.php
CVE-2008-4502
DFF_config[dir_include] Variable Remote File Inclusion
DataFeedFile (DFF) PHP Framework API DFF_featured_prdt.func.php
CVE-2008-4502
DFF_config[dir_include] Variable Remote File Inclusion
DataFeedFile (DFF) PHP Framework API DFF_mer.func.php DFF_config
CVE-2008-4502
[dir_include] Variable Remote File Inclusion
DataFeedFile (DFF) PHP Framework API DFF_mer_prdt.func.php DFF_
CVE-2008-4502
config[dir_include] Variable Remote File Inclusion
DataFeedFile (DFF) PHP Framework API DFF_paging.func.php DFF_config
CVE-2008-4502
[dir_include] Variable Remote File Inclusion
DataFeedFile (DFF) PHP Framework API DFF_rss.func.php DFF_config
CVE-2008-4502
[dir_include] Variable Remote File Inclusion
DataFeedFile (DFF) PHP Framework API DFF_sku.func.php DFF_config
CVE-2008-4502
[dir_include] Variable Remote File Inclusion
Atarone CMS ap-pages.php Multiple Variable XSS
CVE-2008-4488
Atarone CMS ap-save.php theme_chosen Variable Traversal Local File
CVE-2008-4489
Inclusion
CMME cmme/data/admin/users Direct Request User Credential Disclosure
CMME cmme/info.php Remote Information Disclosure
CMME cmme/backup/cmme_data.zip Direct Request Server Backup
Disclosure
Fastpublish CMS index2.php target Variable Traversal Local File Inclusion CVE-2008-4519
asiCMS Association.php _ENV[asicms][path] Variable Remote File Inclusion CVE-2008-4529
asiCMS BigMath.php _ENV[asicms][path] Variable Remote File Inclusion
CVE-2008-4529
asiCMS DiffieHellman.php _ENV[asicms][path] Variable Remote File
CVE-2008-4529
Inclusion
asiCMS DumbStore.php _ENV[asicms][path] Variable Remote File Inclusion CVE-2008-4529
asiCMS Extension.php _ENV[asicms][path] Variable Remote File Inclusion CVE-2008-4529
asiCMS FileStore.php _ENV[asicms][path] Variable Remote File Inclusion CVE-2008-4529
asiCMS HMAC.php _ENV[asicms][path] Variable Remote File Inclusion
CVE-2008-4529
asiCMS MemcachedStore.php _ENV[asicms][path] Variable Remote File
CVE-2008-4529
Inclusion
asiCMS Message.php _ENV[asicms][path] Variable Remote File Inclusion CVE-2008-4529
asiCMS Nonce.php _ENV[asicms][path] Variable Remote File Inclusion
CVE-2008-4529
asiCMS SQLStore.php _ENV[asicms][path] Variable Remote File Inclusion CVE-2008-4529
asiCMS SReg.php _ENV[asicms][path] Variable Remote File Inclusion
CVE-2008-4529
asiCMS TrustRoot.php _ENV[asicms][path] Variable Remote File Inclusion CVE-2008-4529
asiCMS URINorm.php _ENV[asicms][path] Variable Remote File Inclusion CVE-2008-4529
asiCMS XRDS.php _ENV[asicms][path] Variable Remote File Inclusion
CVE-2008-4529
asiCMS XRI.php _ENV[asicms][path] Variable Remote File Inclusion
asiCMS XRIRes.php _ENV[asicms][path] Variable Remote File Inclusion
Phlatline's Personal Information Manager (pPIM) notes.php id Variable
Traversal Local File Inclusion
IP Reg login.php user_name Variable SQL Injection
geccBBlite leggi.php id Variable SQL Injection
Galerie galerie.php pic Variable SQL Injection
ASP News Management db/news.mdb Direct Request Information
Disclosure
ASP/MS Access Shoutbox db/shoutdb.mdb Direct Request Remote
Information Disclosure
CCMS forums.php skin Variable Traveral Local File Inclusion
CCMS admin.php skin Variable Traveral Local File Inclusion
CCMS header.php skin Variable Traveral Local File Inclusion
CCMS pages/story.php skin Variable Traveral Local File Inclusion
NewLife Blogger system/nlb_user.class.php nlb3 Cookie SQL Injection
World of Warcraft Tracker Infusion Module for PHP-Fusion
thisraidprogress.php INFO_RAID_ID Variable SQL Injection
YourOwnBux referrals.php usNick Cookie SQL Injection
Real Estates Classifieds index.php cat Variable SQL Injection
MunzurSoft Wep Portal W3 kategori.asp kat Variable SQL Injection
ScriptsEz Mini Hosting Panel members.php dir Variable Traversal Arbitrary
File Access
GForge new/index.php offset Variable SQL Injection
Crux Gallery main.php name Variable Admin Authentication Bypass
IndexScript sug_cat.php parent_id Variable SQL Injection
FOSS Gallery processFiles.php Unrestricted File Upload Arbitrary Code
Execution
MyPHPDating success_story.php id Variable SQL Injection
Elxis CMS modules/mod_language.php Multiple Variable XSS
WP Comment Remix Plugin for WordPress ajax_comments.php p Variable
SQL Injection
Webscene eCommerce productlist.php level Variable SQL Injection
WP Comment Remix Plugin for WordPress wpcommentremix.php Multiple
Variable XSS
WP Comment Remix Plugin for WordPress wpcommentsremix.php wpcr_
do_options_page Function CSRF
Plogger plog-download.php Checked Array Variable SQL Injection
Plogger plog-remote.php Unspecified Variable SQL Injection
Plogger admin/plog-themes.php activate Variable SQL Injection
myStats hits.php sortby Variable SQL Injection
AstroSPACES profile.php id Variable SQL Injection
GForge news/index.php offset Variable SQL Injection
GForge top/topusers.php offset Variable SQL Injection
GForge people/editprofile.php skill_edit[] Variable SQL Injection
GForge frs/shownotes.php release_id Variable SQL Injection
PhpWebGallery comments.php sort_by Variable SQL Injection
Mantis manage_proj_page.php sort Variable Arbitrary PHP Code Execution
CafeEngine dish.php id Variable id SQL Injection
WEB//NEWS parse/module_search.php catid Variable SQL Injection
Habari CMS Login Feature habari_username Variable XSS
Absolute Poll Manager XE xlacomments.asp p Variable SQL Injection
CafeEngine menu.php id Variable id SQL Injection
PhpWebGallery plugins/event_tracer/event_list.php sort Variable Arbitrary
PHP Code Execution
Stash admin/login.php username Variable SQL Injection
Stash admin/news.php post Variable SQL Injection
yappa-ng index.php album Variable Traversal Local File Inclusion
CVE-2008-4529
CVE-2008-4529
CVE-2008-4528
CVE-2008-4523
CVE-2008-4517
CVE-2008-4516
CVE-2008-4511
CVE-2008-4512
CVE-2008-4526
CVE-2008-4526
CVE-2008-4526
CVE-2008-4526
CVE-2008-4521
CVE-2008-4492
CVE-2008-4570
CVE-2008-4573
CVE-2008-4484
CVE-2008-4509
CVE-2008-4705
CVE-2008-4648
CVE-2008-4732
CVE-2008-4733
CVE-2008-4734
CVE-2008-3563
CVE-2008-3563
CVE-2008-3563
CVE-2008-4643
CVE-2008-4642
CVE-2008-4687
CVE-2008-4605
CVE-2008-4601
CVE-2008-4569
CVE-2008-4605
CVE-2008-4645
CVE-2008-4590
CVE-2008-4590
CVE-2008-4626
cpCommerce search.php search Variable XSS
e107 usersettings.php ue[] Array Variable SQL Injection
Zeeproperty bannerclick.php adid Variable SQL Injection
Fast Click SQL Lite init.php CFG[CDIR] Variable Remote File Inclusion
DS-Syndicate Component for Joomla index2.php feed_id Variable SQL
Injection
PhpWebGallery admin/include/isadmin.inc.php Multiple Variable XSS
Mic_Blog category.php cat Variable SQL Injection
Mic_Blog login.php user Variable SQL Injection
Mic_Blog register.php site Variable SQL Injection
Makale Module for XOOPS makale.php id Variable SQL Injection
Mosaic Commerce category.php cid Variable SQL Injection
ShiftThis Newsletter Plugin for WordPress stnl_iframe.php newsletter
Variable SQL Injection
Post Affiliate Pro index.php md Variable Traversal Local File Inclusion
LightBlog login.php username_post Variable Traversal Local File Inclusion
iGaming CMS search.php keywords Variable SQL Injection
cpCommerce sendtofriend.php name Variable XSS
LightBlog check_user.php Lightblog_username Cookie Traversal Local File
Inclusion
AN HTTPD count.pl Traversal Arbitrary File Access
miniBloggie del.php post_id Variable SQL Injection
Meeting Room Booking System (MRBS) month.php area Variable SQL
Injection
Meeting Room Booking System (MRBS) day.php area Variable SQL
Injection
Meeting Room Booking System (MRBS) week.php area Variable SQL
Injection
SourceForge (alexandria) docman/new.php Upload Spoofing Arbitrary File
Access
SourceForge (alexandria) patch/index.php Upload Spoofing Arbitrary File
Access
SourceForge (alexandria) sendmessage.php Arbitrary Mail Relay
SourceForge (alexandria) sendmessage.php CRLF Injection
Microsoft Outlook Web Access (OWA) exchweb/bin/redir.asp URL Variable
Arbitrary Site Redirect
IP Reg locationdel.php location_id Variable SQL Injection
IP Reg it.php vlan_id Variable SQL Injection
Lyrics Script search_results.php k Variable XSS
Clickbank Portal search.php Search Box XSS
Recipe Script search.php keyword Variable XSS
ArabCMS rss.php rss Variable Traversal Local File Inclusion
Ultimate Webboard webboard.php Category Variable SQL Injection
LokiCMS admin.php language Variable Traversal Local File Inclusion
Iamma Simple Gallery upload.php Unrestricted File Upload Arbitrary PHP
Code Execution
phpcrs frame.php importFunction Variable Traversal Local File Inclusion
LoudBlog loudblog/ajax.php colpick Variable SQL Injection
ionFiles Component for Joomla! download.php file Variable Traversal File
Access
WebSVN rss.php rev Variable Traversal Arbitrary File Overwrite
Dorsa CMS ShowPage.aspx PageIDF Variable SQL Injection
Jetbox CMS admin/cms/images.php orderby Variable SQL Injection
Jetbox CMS admin/cms/nav.php nav_id Variable SQL Injection
myEvent viewevent.php eventdate Variable SQL Injection
PhpWebGallery init.inc.php Multiple Variable Traversal Local File Inclusion
PhpWebGallery isadmin.inc.php user[language] Variable Traversal Local
File Inclusion
CSPartner gestion.php Multiple Variable SQL Injection
CVE-2008-4121,2008-4637
CVE-2008-4621
CVE-2008-4624
CVE-2008-4623
CVE-2008-4591
CVE-2008-4653
CVE-2008-4599
CVE-2008-4625
CVE-2008-4602
CVE-2008-4603
CVE-2008-4121,2008-4637
CVE-2008-4628
CVE-2008-4620
CVE-2008-4620
CVE-2008-4620
CVE-2008-1547
CVE-2008-4606
CVE-2008-4606
CVE-2008-4672
CVE-2008-4670
CVE-2008-4669
CVE-2008-4667
CVE-2008-4666
CVE-2008-4662
CVE-2008-4651
CVE-2008-4651
CVE-2008-4650
CVE-2008-4702
CVE-2008-4702
ClipShare fullscreen.php title Variable XSS
ShopMaker product.php id Variable SQL Injection
RWCards Component for Joomla! captcha/captcha_image.php img Variable
Traversal Arbitrary File Access
BosNews news.php article Variable SQL Injection
CVE-2008-4703
SezHoo SezHooTabsAndActions.php IP Variable Remote File Inclusion
CVE-2008-4704
BbZL.PhP index.php lien_2 Variable Traversal Directory Access
CVE-2008-4707
Joovili view.blog.php id Variable SQL Injection
CVE-2008-4711
Joovili view.event.php id Variable SQL Injection
CVE-2008-4711
Joovili view.group.php id Variable SQL Injection
CVE-2008-4711
Joovili view.music.php id Variable SQL Injection
CVE-2008-4711
Joovili view.picture.php id Variable SQL Injection
CVE-2008-4711
Joovili view.video.php id Variable SQL Injection
CVE-2008-4711
212cafe Board view.php qID Variable SQL Injection
CVE-2008-4713
X7 Chat help/mini.php help_file Variable Traversal Local File Inclusion
CVE-2008-4718
openEngine cms/classes/openengine/filepool.php oe_classpath Variable
CVE-2008-4719
Remote File Inclusion
SunGard Banner Student ss/bwgkoemr.P_UpdateEmrgContacts addr1
CVE-2008-4727
Variable XSS
phpMyID MyID.php Multiple Variable XSS
CVE-2008-4730
Belong Software Site Builder admin/home.php Direct Request Access
CVE-2008-4585
Restriction Bypass
PozScripts Classified Auctions gotourl.php id Variable SQL Injection
CVE-2008-4755
AtomicBoard index.php location Variable Traversal Arbitrary File Access
iPei Guestbook index.php pg Variable XSS
CVE-2008-4751
AtomicBoard index.php Malformed location Variable Path Disclosure
SFS Ez Forum forum.php forum Variable SQL Injection
CVE-2008-4754
AutomatedShops WebC Shopping Cart webc.cgi Script Name Handling
Remote Overflow
AutomatedShops WebC Shopping Cart webc.cgi Symlink Local Privilege
Escalation
AutomatedShops WebC Shopping Cart webc.emf Handling Format String
BEA WebLogic Null Byte Request JSP Source Disclosure
MyKtools update.php langage Variable Traversal Local File Inclusion
CVE-2008-4781
FCKEditor connectors/php/connector.php Unrestricted File Upload
phpMyAdmin pmd_pdf.php db Variable XSS
CVE-2008-4775
All In One Control Panel (AIOCP) public/code/cp_polls_results.php poll_id
CVE-2008-4782
Variable SQL Injection
WebGUI lib/WebGUI/Asset.pm loadModule() Function Arbitrary Remote
CVE-2008-4798
Code Execution
Ads Pro dhtml.pl page Variable Arbitrary Shell Command Execution
WordPress wp-includes/link-template.php Multiple Function SSL
CVE-2008-3747
Communication Cookie Handling Weakness
BasiliX login.php3 username Variable Arbitrary Command Execution
DXShopCart product_detail.php pid Variable SQL Injection
CVE-2008-4744
AJ Square RSS Reader EditUrl.php url Variable SQL Injection
CVE-2008-4753
PHP-Daily add_prest_date.php date Variable XSS
CVE-2008-4756
PHP-Daily add_postit.php id Variable SQL Injection
CVE-2008-4757
PHP-Daily delete.php id Variable SQL Injection
CVE-2008-4757
PHP-Daily mod_prest_date.php id Variable SQL Injection
CVE-2008-4757
PHP-Daily prest_detail.php prev Variable SQL Injection
CVE-2008-4757
PHP-Daily download_file.php fichier Variable Traversal Arbitrary File
CVE-2008-4758
Access
BuzzyWall download.php id Variable Traversal Arbitrary File Access
CVE-2008-4759
Graphiks MyForum lecture.php id Variable SQL Injection
CVE-2008-4760
WiKID wClient-PHP sample.php PHP_SELF Variable XSS
CVE-2008-4763
osCommerce Poll Booth Add-On pollBooth.php pollID Variable SQL
CVE-2008-4765
Injection
Oxygen Bulletin Board member.php member Variable SQL Injection
CVE-2008-4766
TLM CMS a-b-membres.php nom Variable SQL Injection
CVE-2008-4768
H&H WebSoccer liga.php id Variable SQL Injection
Persia BME E-Catalogue search.asp q Variable SQL Injection
Kmita Catalogue search.php q Variable XSS
Kayako eSupport includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php
CVE-2008-4761
jsMakeSrc Variable XSS
QuestCMS main/main.php obj Variable SQL Injection
CVE-2008-4772
QuestCMS main/main.php theme Variable Traversal Arbitrary File Access CVE-2008-4773
QuestCMS main/main.php cx Variable XSS
CVE-2008-4774
H2O-CMS SaveConfig.php Multiple Variable Arbitrary PHP Code Execution
WebCards admin.php user Variable SQL Injection
CVE-2008-4877
WebCards admin.php Image Macro File Upload Arbitrary PHP Code
CVE-2008-4878
Execution
Venalsur Booking Centre cadena_ofertas_ext.php OfertaID Variable SQL
Injection
Nuke Et FCKEditor connectors/php/commands.php Unrestricted File Upload
FCKeditor connector.php Config[DeniedExtensions][File] Incomplete
CVE-2006-0658
Blacklist Arbitrary File Upload
Saba usercp.php username Variable XSS
Pro Traffic One mypage.php trg Variable SQL Injection
Dorsa CMS Default_.aspx search Variable XSS
Kmita Gallery search.php searchtext Variable XSS
Venalsur Booking Centre cadena_ofertas_ext.php OfertaID Variable XSS
MyForum admin/centre.php padmin Variable Traversal Local File Inclusion CVE-2008-4780
EasyShop Plugin for e107 easyshop.php category_id Variable SQL Injection CVE-2008-4786
Alternate_profiles Plugin for e107 newuser.php id Variable SQL Injection
CVE-2008-4785
Interact spaces/emailuser.php email_user_key Variable SQL Injection
CVE-2008-3867
Lyrics Plugin for e107 lyrics_song.php l_id Variable SQL Injection
CVE-2008-4906
CompactCMS admin/index.php Multiple Variable XSS
SPBOARD board.cgi file Variable Arbitrary Shell Command Injection
CVE-2008-4873
Pro Traffic One poll_results.php id Variable SQL Injection
Mantis adm_config_set.php value Variable Arbitrary Remote Code
CVE-2008-3332
Execution
EasyClassifields staticpages/easyclassifields/index.php go Variable SQL
CVE-2008-4084
Injection
Kyocera FS-118MFP Command Center Traversal Arbitrary File Access
CVE-2008-4040
vtiger CRM index.php Multiple Variable XSS
CVE-2008-3101
Z-Breaknews single.php id Variable SQL Injection
CVE-2008-3848
Thickbox Gallery conf/admins.php Direct Request Credentials Disclosure
CVE-2008-3859
Mini-NUKE Freehost members.asp uid Variable SQL Injection
CVE-2008-3888
@Mail parse.php Multiple Variable XSS
CVE-2008-4045
Invision Power Board sources/action_public/xmlout.php name Variable SQL
CVE-2008-4171
Injection
Open Media Collectors Database (OpenDb) user_admin.php user_id
CVE-2008-3937
Variable XSS
@Mail showmail.php start Variable XSS
CVE-2008-4045
@Mail abook.php abookview Variable XSS
CVE-2008-4045
Open Media Collectors Database (OpenDb) listings.php title Variable XSS CVE-2008-3937
Open Media Collectors Database (OpenDb) user_profile.php redirect_url
CVE-2008-3937
Variable XSS
Open Media Collectors Database (OpenDb) user_admin.php Password
CVE-2008-3938
Modification CSRF
ZoneMinder zm_html_view_event.php filter array Variable SQL Injection
CVE-2008-3880
ZoneMinder zm_html_view_events.php executeFilter Function Arbitrary
CVE-2008-3882
Remote Command Execution
ZoneMinder zm_html_view_state.php run_state Variable Arbitrary Remote
CVE-2008-3882
Command Execution
Celerondude Uploader account.php username Variable XSS
Living Local listtest.php r Variable SQL Injection
CVE-2008-3943
CMSbright public/page.php id_rub_page Variable SQL Injection
aspWebAlbum album.asp txtUserName Variable SQL Injection
aspWebAlbum album.asp message Variable XSS
Wordpress press-this.php i Multiple Variable XSS
CVE-2008-3233
KSES lib/kses.php kses_bad_protocol_once Function Arbitrary PHP Code
Execution
phpAuction phpinfo.php Direct Request Information Disclosure
Silentum LoginSys login.php message Variable XSS
MemHT Portal inc/inc_statistics.php stats_res Cookie Variable SQL
Injection
phpAdultSite CMS as_archives.php results_per_page Variable XSS
Avactis Shopping Cart checkout.php Multiple Variable XSS
EsFaq questions.php idcat Variable SQL Injection
CVE-2008-3952
EsFaq search.php Multiple Variable SQL Injection
Cosmetics Zone view_products_cat.php cat_id Variable SQL Injection
Thyme modules/groups/pick_users.php uname_search Variable SQL
Injection
B2B Trading Marketplace Script listings.php cid Variable SQL Injection
Stylish Text Ads Script tr1.php id Variable SQL Injection
CVE-2008-3754
Horde MIME Library MIME/MIME/Contents.php Email Attachment Filename
CVE-2008-3823
XSS
DevalCMS /modules/tool/hitcounter.php Multiple Variable Arbitrary PHP
Code Execution
Libera CMS admin.php Multiple Variable SQL Injection
Creator CMS index.asp sideid Variable SQL Injection
DeluxeBB tools.php Unspecified Variable XSS
I-Tech Jobs Zone view_news.php news_id Variable SQL Injection
AvailScript Photo Album pics.php sid Variable SQL Injection
AvailScript Article Script articles.php aIDS Variable XSS
AvailScript Classmate Script viewprofile.php p Variable SQL Injection
I-Tech MMORPG Zone game.php game_id SQL Injection
AvailScript Article Script articles.php aIDS Variable SQL Injection
Stash admin/library/authenticate.php username Variable SQL Injection
AvailScript Jobs Portal Script applynow.php jid Variable SQL Injection
AvailScript Photo Album pics.php sid Variable XSS
AvailScript Photo Album view.php a Variable XSS
I-Tech Mag Zone view_mags.php cat_id Variable SQL Injection
Stash downloadmp3.php download Variable SQL Injection
CVE-2008-4080
PunBB userlist.php p Variable XSS
CVE-2008-3968
I-Tech Shaadi Zone keyword_search_action.php tage Variable SQL
CVE-2008-3953
Injection
I-Tech Agent Zone view_ann.php ann_id Variable SQL Injection
CVE-2008-3951
XRMS CRM admin/users/self-2.php Multiple Field SQL Injection
CVE-2008-3948
Full PHP Emlak Script landsee.php id Variable SQL Injection
CVE-2008-3942
Easy Photo Gallery show.php imageid Variable SQL Injection
D-iscussion Board general/index.php topic Variable Traversal Local File
CVE-2008-4075
Inclusion
MyBulletinBoard (MyBB) usercp2.php Unspecified Referrer Field XSS
CVE-2008-3966
MyBulletinBoard (MyBB) inc/functions_online.php Unspecified Location
CVE-2008-3966
Field XSS
MyBulletinBoard (MyBB) moderation.php Multiple Field XSS
CVE-2008-3966
MyBulletinBoard (MyBB) misc.php Unspecified Editor Field SQL Injection
CVE-2008-3965
phpVID groups.php cat Variable SQL Injection
CVE-2008-4157
CyBoards PHP Lite flat_read.php script_path Variable Remote File Inclusion CVE-2008-3707
CyBoards PHP Lite post.php script_path Variable Remote File Inclusion
CVE-2008-3707
CyBoards PHP Lite process_post.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite process_search.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite forum.php script_path Variable Remote File Inclusion
CVE-2008-3707
CyBoards PHP Lite process_subscribe.php script_path Variable Remote
CVE-2008-3707
File Inclusion
CyBoards PHP Lite read.php script_path Variable Remote File Inclusion
CVE-2008-3707
CyBoards PHP Lite search.php script_path Variable Remote File Inclusion CVE-2008-3707
CyBoards PHP Lite subscribe.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite add_ban.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite add_ban_form.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite add_board.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite add_vip.php script_path Variable Remote File Inclusion CVE-2008-3707
CyBoards PHP Lite add_vip_form.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite copy_ban.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite copy_vip.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite delete_ban.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite delete_board.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite delete_messages.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite delete_vip.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite edit_ban.php script_path Variable Remote File Inclusion CVE-2008-3707
CyBoards PHP Lite edit_board.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite edit_vip.php script_path Variable Remote File Inclusion CVE-2008-3707
CyBoards PHP Lite lock_messages.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite login.php script_path Variable Remote File Inclusion
CVE-2008-3707
CyBoards PHP Lite modify_ban_list.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite modify_vip_list.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite move_messages.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite process_add_board.php script_path Variable Remote
CVE-2008-3707
File Inclusion
CyBoards PHP Lite process_ban.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite process_delete_ban.php script_path Variable Remote
CVE-2008-3707
File Inclusion
CyBoards PHP Lite process_delete_board.php script_path Variable Remote
CVE-2008-3707
File Inclusion
CyBoards PHP Lite process_delete_messages.php script_path Variable
CVE-2008-3707
Remote File Inclusion
CyBoards PHP Lite process_delete_vip.php script_path Variable Remote
CVE-2008-3707
File Inclusion
CyBoards PHP Lite process_edit_board.php script_path Variable Remote
CVE-2008-3707
File Inclusion
CyBoards PHP Lite process_lock_messages.php script_path Variable
CVE-2008-3707
Remote File Inclusion
CyBoards PHP Lite process_login.php script_path Variable Remote File
CVE-2008-3707
Inclusion
CyBoards PHP Lite process_move_messages.php script_path Variable
Remote File Inclusion
CyBoards PHP Lite process_sticky_messages.php script_path Variable
Remote File Inclusion
CyBoards PHP Lite process_vip.php script_path Variable Remote File
Inclusion
CyBoards PHP Lite sticky_messages.php script_path Variable Remote File
Inclusion
psipuss categories.php Cid Variable SQL Injection
Content Management Made Easy (CMME) statistics.php Multiple Variable
XSS
Content Management Made Easy (CMME) admin.php logout Action CSRF
Content Management Made Easy (CMME) admin.php env Variable
Traversal Arbitrary Directory Creation
Content Management Made Easy (CMME) backup/cmme_data.zip Direct
Request Backup Function Information Disclosure
Content Management Made Easy (CMME) backup/cmme_cmme.zip Direct
Request Backup Function Information Disclosure
vbLOGIX Tutorials Script main.php cat_id Variable SQL Injection
PSCRIPT Forum showprofil.php id Variable SQL Injection
StingRay FTS verify_login.jsp form_username Variable XSS
TalkBack comments.php language Variable Traversal Local File Inclusion
phsBlog upload/index.php Multiple Variable SQL Injection
ParaNews news.php Multiple Variable XSS
iBoutique index.php cat Variable SQL Injection
Downline Goldmine Builder tr.php id Variable SQL Injection
Pre Real Estate Listings search.php c Variable SQL Injection
I-Tech Freelance Zone freelance/view_cresume.php coder_id Variable SQL
Injection
Link Bid upgrade.php ucat Variable SQL Injection
I-Tech Dating Zone advanced_search_results.php fage Variable SQL
Injection
Fantastico De Luxe Module for cPanel includes/xml.php fantasticopath
Variable Local File Inclusion
PHPortfolio photo.php id Variable SQL Injection
NooMS smileys.php page_id Variable XSS
RazorCommerce Shopping Cart category_search.php id Variable SQL
Injection
Link Bid linkadmin/edit.php id Variable SQL Injection
Quick.Cms.Lite admin.php URL XSS
NooMS search.php q Variable XSS
iScripts EasyIndex detaillist.php produid Variable SQL Injection
phpRealty manager/static/view.php INC Variable Remote File Inclusion
TalkBack install/info.php Direct Request Information Disclosure
YourOwnBux memberstats.php user Variable SQL Injection
Technote twindow_notice.php shop_this_skin_path Variable Remote File
Inclusion
myPHPNuke printfeature.php artid Variable SQL Injection
myPHPNuke print.php sid Variable XSS
Matterdaddy Market admin/login.php msg Variable XSS
AJ HYIP article/readarticle.php artid Variable SQL Injection
E-Php CMS article.php es_id Variable SQL Injection
Quick.Cart admin.php URL XSS
WebPortal CMS download.php aid Variable SQL Injection
Accellion File Transfer Appliance courier/1000@/api_error_email.html
Arbitrary Mail Send
AJ HYIP acme/article/comment.php artid Variable SQL Injection
AJ HYIP prime/article/comment.php artid Variable SQL Injection
Stash admin/login.php bsm Cookie Admin Authentication Bypass
CVE-2008-3707
CVE-2008-3707
CVE-2008-3707
CVE-2008-3707
CVE-2008-3598
CVE-2008-3923
CVE-2008-3925
CVE-2008-3926
CVE-2008-3924
CVE-2008-3924
CVE-2008-4355
CVE-2008-4168
CVE-2008-4346
CVE-2008-4072
CVE-2008-4349
CVE-2008-4354
CVE-2008-4178
CVE-2008-4177
CVE-2008-4175
CVE-2008-4181
CVE-2008-4348
CVE-2008-4179
CVE-2008-4143
CVE-2008-4175
CVE-2008-4139
CVE-2008-4179
CVE-2008-4169
CVE-2008-4134
CVE-2008-4115
CVE-2008-4093
CVE-2008-4092
CVE-2008-4089
CVE-2008-4056
CVE-2008-4044
CVE-2008-4142
CVE-2008-4140
CVE-2008-4345
CVE-2008-4043
CVE-2008-4043
CVE-2008-4081
TWiki bin/configure image Variable Traversal Arbitrary File Access/
Execution
HyperStop Web Host Directory admin/backup/db Direct Request Database
Disclosure
Assetman search_inv.php order_by Variable SQL Injection
Attachmax config.php rel_path Variable Remote File Inclusion
Attachmax search.php category Variable SQL Injection
Attachmax info.php Direct Request Information Disclosure
BilboBlog footer.php enable_cache=false Query String Remote Information
Disclosure
BilboBlog pagination.php Direct Request Error Message Path Disclosure
Softbiz Image Gallery images.php Multiple Variable XSS
Softbiz Image Gallery suggest_image.php Multiple Variable XSS
Softbiz Image Gallery image_desc.php latest Variable XSS
Softbiz Image Gallery adminhome.php msg Variable XSS
Softbiz Image Gallery config.php msg Variable XSS
Softbiz Image Gallery changepassword.php msg Variable XSS
Softbiz Image Gallery cleanup.php msg Variable XSS
Softbiz Image Gallery browsecats.php msg Variable XSS
Easy Photo Gallery show.php Multiple Variable XSS
Easy Photo Gallery gallery.php Multiple Variable SQL Injection
Easy Photo Gallery gallery.php galleryid Variable XSS
Easy Photo Gallery useradmin.php Admin Authentication Bypass
Invision Power Board sources/action_admin/languages.php Arbitrary PHP
Code Execution
Invision Power Board admin.php INFO[base_url] Variable Arbitrary Site
Redirect
Invision Power Board admin.php INFO[base_url] Variable Path Disclosure
easyLink detail.php cat Variable SQL Injection
MyFWB index.php page Variable SQL Injection
MyBulletinBoard (MyBB) global.php Unspecified Issue
MyBulletinBoard (MyBB) announcements.php Unspecified Issue
MyBulletinBoard (MyBB) admin/inc/class_page.php Unspecified Issue
MyBulletinBoard (MyBB) inc/functions.php Unspecified Issue
MyBulletinBoard (MyBB) inc/datahandlers/post.php Unspecified Issue
MyBulletinBoard (MyBB) inc/class_error.php Unspecified Issue
MyBulletinBoard (MyBB) polls.php Unspecified Issue
MyBulletinBoard (MyBB) moderation.php Unspecified Issue
MyBulletinBoard (MyBB) inc/class_moderation.php Unspecified Issue
MyBulletinBoard (MyBB) usercp.php Unspecified Issue
MyBulletinBoard (MyBB) attachments.php Unspecified Issue
ClanSphere system/core/abcode.php listimg Variable XSS
Horde Text_Filter/Filter/xss.php HTML Email Slash for Space XSS
Popoon externalinput.php HTML Email Slash for Space XSS
XRMS CRM login.php target Variable XSS
XRMS CRM activities/some.php title Variable XSS
XRMS CRM companies/some.php company_name Variable XSS
XRMS CRM contacts/some.php last_name Variable XSS
XRMS CRM campaigns/some.php campaign_title Variable XSS
XRMS CRM opportunities/some.php opportunity_title Variable XSS
XRMS CRM cases/some.php case_title Variable XSS
XRMS CRM files/some.php file_id Variable XSS
XRMS CRM reports/custom/mileage.php starting Variable XSS
ClanSphere mods/messages/getusers.php Unspecified XSS
x10 Automatic MP3 Search Engine Script includes/function_core.php
webroot Variable Remote File Inclusion
x10 Automatic MP3 Search Engine Script templates/layout_lyrics.php
webroot Variable Remote File Inclusion
CVE-2008-4112,2008-3195
CVE-2008-4161
CVE-2008-3304
CVE-2008-3304
CVE-2008-3511
CVE-2008-3511
CVE-2008-3511
CVE-2008-3511
CVE-2008-3511
CVE-2008-3511
CVE-2008-3511
CVE-2008-3511
CVE-2008-4167
CVE-2008-3824
CVE-2008-3824
CVE-2008-3664
CVE-2008-3664
CVE-2008-3664
CVE-2008-3664
CVE-2008-3664
CVE-2008-3664
CVE-2008-3664
CVE-2008-3664
CVE-2008-3664
CVE-2008-4141
CVE-2008-4141
fuzzylime (cms) admin/usercheck.php user Variable XSS
PHP Pro Bid categories.php Multiple Variable SQL Injection
phpMyAdmin libraries/js_escape.lib.php PMA_escapeJsString() Function
MSIE Nul Byte XSS
Dataspade Index.asp Multiple Variable XSS
Achievo dispatch.php atkaction Variable XSS
BlueCUBE CMS tienda.php id Variable SQL Injection
6rbScript section.php name Variable Traversal Arbitrary File Access
Basebuilder src/main.inc.php mj_config[src_path] Variable Remote File
Inclusion
DataLife Engine CMS admin.php URL XSS
FoT Video scripti izle.asp oyun Variable SQL Injection
Basic PHP Events Lister event.php id Variable SQL Injection
InterTech WCMS etemplate.php id Variable SQL Injection
Cars-Vehicle Script page.php lnkid Variable SQL Injection
osCommerce create_account.php dob Variable Error Message Path
Disclosure
CYASK collect.php neturl Variable Traversal Arbitrary File Access
PHPcounter defs.php l Variable Traversal Local File Inclusion
Diesel Joke Site picture_category.php id Variable SQL Injection
Addalink user_read_links.php category_id Variable SQL Injection
PHP-Crawler footer.php footer_file Variable Remote File Inclusion
olbookmarks frame.php framefile Variable Remote File Inclusion
olbookmarks read/frame.php framefile Variable Traversal Local File
Inclusion
olbookmarks show.php show Variable Traversal Local File Inclusion
NooMS admin/auth.php g_site_url Variable Arbitrary Site Redirect
MailWatch for MailScanner mailscanner/docs.php doc Variable Traversal
Local File Inclusion
6rbScript section.php singerid Variable SQL Injection
Barcode Generator html/image.php code Variable Traversal Local File
Inclusion
web-cp sendfile.php filelocation Variable Arbitrary File Access
JETIK-WEB sayfa.php kat Variable SQL Injection
bitweaver articles/edit.php URL XSS
OpenElec scr/form.php obj Variable Traversal Local File Inclusion
OpenNMS notification/list.jsp username Variable XSS
Libra File Manager fileadmin.php isadmin Variable Remote File Access
FlatPress contact.php name Variable XSS
FlatPress login.php Multiple Variable XSS
BuzzyWall search.php search Variable SQL Injection
EasyRealtorPRO site_search.php Multiple Variable SQL Injection
Jetik ESA diger.php KayitNo Variable SQL Injection
bitweaver articles/list.php URL XSS
bitweaver blogs/list_blogs.php URL XSS
bitweaver blogs/rankings.php URL XSS
bitweaver calendar/index.php URL XSS
bitweaver events/calendar.php URL XSS
bitweaver events/index.php URL XSS
bitweaver events/list_events.php URL XSS
bitweaver fisheye/index.php URL XSS
bitweaver fisheye/list_galleries.php URL XSS
bitweaver liberty/list_content.php URL XSS
bitweaver newsletters/edition.php URL XSS
bitweaver pigeonholes/list.php URL XSS
bitweaver recommends/index.php URL XSS
bitweaver rss/index.php URL XSS
bitweaver stars/index.php URL XSS
CVE-2008-3098
CVE-2008-4326
CVE-2008-4176
CVE-2008-4172
CVE-2008-4170
CVE-2008-4151
CVE-2008-4150
CVE-2008-4145
CVE-2008-4137
CVE-2008-4162
CVE-2008-4337
CVE-2008-4320
CVE-2008-4319
CVE-2008-4120
CVE-2008-4120
CVE-2008-4328
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
bitweaver users/remind_password.php URL XSS
bitweaver wiki/orphan_pages.php URL XSS
bitweaver stats/index.php URL XSS
Jetik ESA sayfalar.php KayitNo Variable SQL Injection
Kolab Groupware Server admin/user/create_user.php GET Request
Remote Password Disclosure
Pro Chat Rooms profiles/index.php gud Variable SQL Injection
VBGooglemap Module for vBulletin vbgooglemaphse.php mapid Variable
SQL Injection
PHP-Lance show.php catid Variable SQL Injection
Pro Chat Rooms profiles/admin.php gud Variable SQL Injection
CoAST header.php sections_file Variable Remote File Inclusion
LnBlog pages/showblog.php plugin Variable Traversal Local File Inclusion
WhoDomLite wholite.cgi dom Variable XSS
Pilot Group eTraining news_read.php id Variable SQL Injection
MyCard gallery.php id Variable SQL Injection
EasySite www/index.php Multiple Variable Traversal Arbitrary File Access
EasySite modules/Module/index.php Multiple Variable Traversal Arbitrary
File Access
EasySite modules/Themes/index.php Multiple Variable Traversal Arbitrary
File Access
EasySite inc/vmenu.php module Variable Traversal Arbitrary File Access
Vikingboard register.php user Variable Null Byte Account Name Spoofing
The Gemini Portal page/forums/bottom.php lang Variable Remote File
Inclusion
PG MatchMaking Script news_read.php id Variable SQL Injection
moziloCMS download.php file Variable Traversal Arbitrary File Download
moziloWiki print.php page Variable Traversal Arbitrary File Download
hyBook Guestbook Script hyBook.mdb Direct Request Information
Disclosure
Real Estate Manager realestate-index.php cat_id Variable SQL Injection
WordPress MU wp-admin/wpmu-blogs.php Multiple Variable XSS
PG MatchMaking Script gifts_show.php id Variable SQL Injection
The Gemini Portal admin.php user Cookie Admin Authentication Bypass
moziloCMS download.php Multiple Variable XSS
moziloCMS gallery.php gal Variable XSS
moziloCMS admin/login.php URL XSS
Owl Intranet Knowledgebase register.php username Variable SQL Injection
Dokeos E-Learning System user_portal.php include Variable Traversal
Local File Inclusion
Pligg CMS story.php id Variable SQL Injection
TalkBack install/help.php language Variable Traversal Local File Inclusion
Getacoder Clone search_form.php sb_protype Variable SQL Injection
phpTest picture.php image_id Variable SQL Injection
VisualPic URI pic Variable XSS
PHPFootball show.php dbtable Variable SQL Injection
Minishowcase Image Gallery libraries/general.init.php lang Variable
Traversal Local File Inclusion
XRMS CRM activities/workflow-activities.php include_directory Variable
Remote File Inclusion
MJGuest guestbook.js.php link Variable XSS
phpLinkat showcat.php catid Variable SQL Injection
Coppermine Photo Gallery include/functions.inc.php _data Cookie lang
Variable Traversal Local File Inclusion
LetterIt inc/wysiwyg.php language Variable Traversal Local File Inclusion
E.Z. Poll admin/login.asp Multiple Variable SQL Injection
moziloCMS download.php cat Variable Traversal Local File Access
Online Dating members/mail.php mail_id Variable SQL Injection
CVE-2008-4337
CVE-2008-4337
CVE-2008-4337
CVE-2008-4165
CVE-2008-4155
CVE-2008-4155
CVE-2008-4155
CVE-2008-4155
CVE-2008-3359
CVE-2008-3363
CVE-2008-3366
CVE-2008-3371
CVE-2008-3372
CVE-2008-3377
CVE-2008-3379
CVE-2008-3387
CVE-2008-3390
CVE-2008-3399
CVE-2008-3404
CVE-2008-3406
CVE-2008-3486
CVE-2008-3446
CVE-2008-3590
CVE-2008-3589
CVE-2008-3490
K-Links Platinum visit.php id Variable SQL Injection
E-Store Kit viewdetails.php pid Variable SQL Injection
Scripts24 iPost go.php id Variable SQL Injection
Meeting Room Booking System (MRBS) day.php area Variable XSS
Scripts24 iTGP go.php id Variable SQL Injection
Meeting Room Booking System (MRBS) week.php area Variable XSS
Meeting Room Booking System (MRBS) month.php area Variable XSS
Meeting Room Booking System (MRBS) search.php area Variable XSS
Meeting Room Booking System (MRBS) report.php area Variable XSS
Meeting Room Booking System (MRBS) help.php area Variable XSS
Crafty Syntax Live Help livehelp_js.php department Variable XSS
Gallery contrib/phpBB2/modules.php phpEx Variable Traversal Local File
Inclusion
Kshop Module for Xoops kshop_search.php search Variable XSS
csphonebook index.php letter Variable XSS
e107 download.php extract() Function SQL Injection
KAPhotoservice order.asp page Variable XSS
PowerGap Shopsystem s03.php ag Variable SQL Injection
Coppermine Photo Gallery themes/sample/theme.php Direct Request Error
Message Path Disclosure
PHP Hosting Directory include/admin.php rd Variable Remote File Inclusion
Calendar Module for eNdonesia mod.php loc_id Variable SQL Injection
Harmoni Username Field XSS
OpenImpro image.php id Variable SQL Injection
ZeeBuddy bannerclick.php adid Variable SQL Injection
PHPAuction GPL Enhanced profile.php id Variable SQL Injection
PHPX includes/functions.inc.php PXL Cookie SQL Injection
Scripts24 iTGP go.php id Variable SQL Injection
PHP Realty dpage.php docID Variable SQL Injection
KAPhotoservice search.asp filename Variable XSS
Africa Be Gone (ABG) index.php abg_path Variable Remote File Inclusion
PHP-Ring Webring System admin/wr_admin.php Crafted Admin Cookie
Remote Authentication Bypass
Freeway create_order_new.php include_page Variable Remote File
Inclusion
txtSQL examples/txtSQLAdmin/startup.php CFG[txtsql][class] Variable
Remote File Inclusion
Joomla! components/com_user/models/reset.php Reset Token Validation
Forgery
SyzygyCMS index.php page Variable Traversal Local File Inclusion
phsBlog comments.php eid Variable SQL Injection
phsBlog entries.php urltitle Variable SQL Injection
Homes 4 Sale result.php r Variable XSS
Datafeed Studio search.php q Variable XSS
Gelato classes/imgsize.php img Variable Traversal Arbitrary File Access
GreenCart PHP Shopping Cart product_desc.php id Variable SQL Injection
GreenCart PHP Shopping Cart store_info.php id Variable SQL Injection
Keld PHP-MySQL News Script login.php username Variable SQL Injection
Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
ezContents modules/calendar/minicalendar.php GLOBALS[gsLanguage]
Variable Remote File Inclusion
Freeway admin/search_links.php URL XSS
Gallery contrib/phpBB2/modules.php phpEx Variable Traversal Local File
Inclusion
Pluck data/inc/footer.php lang_footer Variable XSS
Pluck data/inc/header.php Multiple Variable XSS
Pluck data/inc/header2.php Multiple Variable XSS
Pluck data/inc/themeinstall.php lang_theme6 Variable XSS
CVE-2008-3580
CVE-2008-3594
CVE-2008-3491
CVE-2008-3565
CVE-2008-3565
CVE-2008-3565
CVE-2008-3565
CVE-2008-3565
CVE-2008-3565
CVE-2008-3510
CVE-2008-3600
CVE-2008-3560
CVE-2008-3448
CVE-2008-3559
CVE-2008-3561
CVE-2008-3481
CVE-2008-3455
CVE-2008-3452
CVE-2008-3596
CVE-2008-3599
CVE-2008-3604
CVE-2008-3487
CVE-2008-3489
CVE-2008-3491
CVE-2008-3682
CVE-2008-3559
CVE-2008-3570
CVE-2008-3602
CVE-2008-3769
CVE-2008-3595
CVE-2008-3681
CVE-2008-3593
CVE-2008-3588
CVE-2008-3588
CVE-2008-3587
CVE-2008-3675
CVE-2008-3585
CVE-2008-3585
CVE-2008-3582
CVE-2008-2938
CVE-2008-3575
CVE-2008-3678
CVE-2008-3600
CVE-2008-3574
CVE-2008-3574
CVE-2008-3574
CVE-2008-3574
XAMPP iart.php text Variable XSS
CVE-2008-3569
XAMPP ming.php text Variable XSS
CVE-2008-3569
UNAK-CMS connectors/php/connector.php Dirroot Variable Traversal Local CVE-2008-3568
File Inclusion
Book Catalog Module for PHP-Nuke modules.php catid Variable SQL
CVE-2008-3513
Injection
Kleinanzeigen Module for PHP-Nuke modules.php lid Variable SQL Injection CVE-2008-3512
LiteNews index.php id Variable SQL Injection
CVE-2008-3507
PolyPager URI nr Variable SQL Injection
CVE-2008-3506
PolyPager URI nr Variable XSS
CVE-2008-3505
MyPHP CMS pages.php pid Variable SQL Injection
CVE-2008-3497
Openfire login.jsp url Variable XSS
CVE-2006-7233
Pcshey Portal kategori.asp kid Variable SQL Injection
CVE-2008-3495
NavBoard admin_modules.php module Variable Traversal Local File
Inclusion
NavBoard modules.php module Variable Traversal Local File Inclusion
NavBoard modules.php module Variable XSS
E-Shop Shopping Cart search_results.php cid Variable SQL Injection
FlexCMS inc-core-admin-editor-previouscolorsjs.php PreviousColorsString
CVE-2008-3715
Variable XSS
dotCMS news/index.dot id Variable Traversal Local File Inclusion
CVE-2008-3708
AWStats awstats.pl URL XSS
CVE-2008-3714
Mambo connectors/php/connector.php URL XSS
CVE-2008-3712
ZEEJOBSITE bannerclick.php adid Variable SQL Injection
CVE-2008-3706
Mambo administrator/popups/index3pop.php mosConfig_sitename Variable
CVE-2008-3712
XSS
dotCMS getting_started/macros/macros_detail.dot id Variable Traversal
CVE-2008-3708
Local File Inclusion
Ad Board Script trr.php id Variable SQL Injection
CVE-2008-3725
PHPizabi index.php id Variable Traversal Arbitrary File Access
CVE-2008-3723
SFS Affiliate Directory directory.php id Variable SQL Injection
CVE-2008-3719
PHPizabi index.php query Variable XSS
CVE-2008-3735
PHP Live Helper onlinestatus_html.php dep Variable SQL Injection
CVE-2008-3762
Forced Matrix Script tr1.php id Variable SQL Injection
CVE-2008-3757
YourFreeWorld Classifieds Script view.php category Variable SQL Injection CVE-2008-3755
Vanilla people.php NewPassword Variable XSS
CVE-2008-3758
Short Url / Url Tracker Script tr.php id Variable SQL Injection
CVE-2008-3751
URL Rotator Script tr.php id Variable SQL Injection
CVE-2008-3750
Ad-Exchange Script tr.php id Variable SQL Injection
CVE-2008-3752
Viral Marketing Script tr.php id Variable SQL Injection
CVE-2008-3756
Active PHP Bookmarks view_group.php id Variable SQL Injection
CVE-2008-3748
Banner Management tr.php id Variable SQL Injection
CVE-2008-3749
Programs Rating details.php id Variable SQL Injection
SunShop Shopping Cart class.ajax.php Multiple Variable SQL Injection
CVE-2008-3768
Uniwin eCart Professional search.asp Unspecified Variable SQL Injection
TimeTrex interface/Login.php Multiple Variable XSS
Easy Site index.php action Variable Traversal Local File Inclusion
phpBazar classified.php adid Variable SQL Injection
CVE-2008-3767
fipsCMS forum/neu.asp kat Variable SQL Injection
CVE-2008-3722
Pars4u Videosharing V1 categories_portal.php cat_id Variable SQL
CVE-2008-3772
Injection
TinyCMS modules/ZZ_Templater/templater.php config[template] Variable
Traversal Local File Inclusion
DeeEmm CMS user_language.php language_dir Variable Remote File
CVE-2008-3721
Inclusion
cyberBB show_topic.php id Variable SQL Injection
CVE-2008-3718
cyberBB profile.php user Variable SQL Injection
CVE-2008-3718
K-Links Platinum report/ PATH_INFO SQL Injection
CVE-2008-3580
K-Links Platinum addreview/ PATH_INFO SQL Injection
K-Links Platinum refer/ PATH_INFO SQL Injection
PHPBasket product.php pro_id Variable SQL Injection
Kayako SupportSuite staff/index.php customfieldlinkid Variable SQL
Injection
CyBoards PHP Lite options.php Multiple Variable XSS
CyBoards PHP Lite subscribe.php lNavReturn Variable XSS
Freeway includes/events_application_top.php Unspecified Variable
Traveral Local File Inclusion
Uniwin eCart Professional emailFriend.asp Unspecified Variable XSS
Uniwin eCart Professional cartUtil.asp Unspecified Variable SQL Injection
PHP Live Helper libsecure.php Arbitrary Variable Overwrite
PHP Live Helper chat.php test Variable Arbitrary PHP Code Execution
CyBoards PHP Lite options.php script_path Variable Traversal Local File
Inclusion
CyBoards PHP Lite adminopts/copy_vip.php lang_code Variable Traversal
Local File Inclusion
CyBoards PHP Lite adminopts/process_edit_board.php lang_code Variable
Traversal Local File Inclusion
Yogurt Social Network Module for XOOPS friends.php uid Variable XSS
Yogurt Social Network Module for XOOPS seutubo.php uid Variable XSS
Yogurt Social Network Module for XOOPS album.php uid Variable XSS
Yogurt Social Network Module for XOOPS scrapbook.php uid Variable XSS
Yogurt Social Network Module for XOOPS index.php uid Variable XSS
Yogurt Social Network Module for XOOPS tribes.php uid Variable XSS
Easy Site index.php module Variable Arbitrary Directory Listing
MailScan for Mail Server Web Admin Interface URI Traversal Arbitrary File
Access
MailScan for Mail Server Web Admin Interface LOG/ Directory Direct
Request Information Disclosure
Vanilla account.php Multiple Field XSS
Vanilla ajax/UpdateCheck.php Unspecified CSRF
Calendarix Basic cal_search.php catsearch Variable SQL Injection
Calendarix Basic cal_cat.php catview Variable SQL Injection
Five Star Review Script recommend.php item_id Variable SQL Injection
Five Star Review Script search/index.php words Variable XSS
ezContents diary/showdiary.php Multiple Variable Traversal Local File
Inclusion
ezContents diary/showdiarydetail.php Multiple Variable Traversal Local File
Inclusion
ezContents diary/submit_diary.php Multiple Variable Traversal Local File
Inclusion
ezContents news/news_summary.php admin_home Variable Traversal
Local File Inclusion
ezContents news/inlinenews.php Multiple Variable Traversal Local File
Inclusion
BtitTracker / xBtiTracker scrape.php info_hash Variable SQL Injection
Accellion File Transfer Appliance forgot_password.html URL XSS
Crafty Syntax Live Help is_xmlhttp.php department Variable SQL Injection
Crafty Syntax Live Help is_flush.php department Variable SQL Injection
CCMS Gaming print.php id Variable SQL Injection
PopnupBlog Module for XOOPS index.php Multiple Variable XSS
Kolifa.net Download Script indir.php id Variable SQL Injection
Smart Survey surveyresults.asp sid Variable XSS
Programs Rating Script details.php id Variable SQL Injection
Quick Poll Script code.php id Variable SQL Injection
Pars4u Videosharing members.php PageNo Variable XSS
Fujitsu Web-Based Admin View URI Traversal Arbitrary File Access
Web Directory Script listing_view.php name Variable SQL Injection
CVE-2008-3580
CVE-2008-3580
CVE-2008-3713
CVE-2008-3709
CVE-2008-3709
CVE-2008-3677
CVE-2008-3763
CVE-2008-3764
CVE-2008-3710
CVE-2008-3710
CVE-2008-3710
CVE-2008-3668
CVE-2008-3668
CVE-2008-3668
CVE-2008-3668
CVE-2008-3668
CVE-2008-3668
CVE-2008-3727
CVE-2008-3728
CVE-2008-3758
CVE-2008-3759
CVE-2008-2429
CVE-2008-2429
CVE-2008-3780
CVE-2008-3779
CVE-2008-3784
CVE-2008-3753
CVE-2008-3765
CVE-2008-3771
CVE-2008-3776
CVE-2008-3787
Photo Cart search.php Multiple Variable SQL Injection
CVE-2008-3788
Photo Cart _login.php Multiple Variable SQL Injection
CVE-2008-3788
Freeway english/account.php language Variable Traversal Local File
CVE-2008-3770
Inclusion
Freeway french/account.php language Variable Traversal Local File
CVE-2008-3770
Inclusion
Freeway french/account_newsletters.php language Variable Traversal Local
CVE-2008-3770
File Inclusion
Freeway includes/modules/faqdesk/faqdesk_article_require.php language
CVE-2008-3770
Variable Traversal Local File Inclusion
Freeway includes/modules/newsdesk/newsdesk_article_require.php
CVE-2008-3770
language Variable Traversal Local File Inclusion
Freeway templates/Freeway/boxes/card1.php language Variable Traversal
CVE-2008-3770
Local File Inclusion
Freeway templates/Freeway/boxes/loginbox.php language Variable
CVE-2008-3770
Traversal Local File Inclusion
Freeway templates/Freeway/boxes/whos_online.php language Variable
CVE-2008-3770
Traversal Local File Inclusion
Freeway templates/Freeway/mainpage_modules/mainpage.php language
CVE-2008-3770
Variable Traversal Local File Inclusion
phpMyRealty search.php price_max Variable SQL Injection
BareNuked CMS admin/index.php password Variable SQL Injection
CVE-2008-3133
myBloggie admin.php post_id Variable SQL Injection
CVE-2007-1899
Pivot search.php t Variable Traversal Arbitrary File Access
CVE-2008-3128
HIOX Banner Rotator (HBR) hioxBannerRotate.php hm Variable Remote
CVE-2008-3127
File Inclusion
aspWebCalendar calendar_admin.asp Unrestricted File Upload Arbitrary
CVE-2008-2832
Code Execution
Flux CMS webinc/bxe/scripts/loadsave.php Request Body PHP File
CVE-2008-2686
Overwrite Arbitrary Code Execution
Horde Multiple Product week.php PATH_INFO XSS
CVE-2008-2783
DeskPRO admincp/user_help.php do Parameter new_entry Variable
CVE-2007-4413
Arbtirary Code Execution
plx Ad Trader ad.php adid Variable SQL Injection
CVE-2008-3025
CAT2 spaw_control.class.php spaw_root Variable Traversal Local File
Inclusion
AShop Deluxe catalogue.php cat Variable SQL Injection
CVE-2008-3136
XchangeBoard newThread.php boardID Variable SQL Injection
CVE-2008-3035
Horde Multiple Product workweek.php PATH_INFO XSS
CVE-2008-2783
Horde Multiple Product day.php PATH_INFO XSS
CVE-2008-2783
fuzzylime (cms) rss.php p Variable Traversal Local File Inclusion
CVE-2008-3165
Xpoze user.html uid Variable SQL Injection
CVE-2008-3089
ContentNow cn/upload.php Unrestricted File Upload Arbitrary PHP Code
CVE-2008-3181
Execution
ContentNow upload/file/language_menu.php Multiple Variable XSS
CVE-2008-3180
4ndvddb Module for PHP-Nuke modules.php id Variable SQL Injection
CVE-2008-3151
Brightcode Weblinks component for Joomla! index.php catid Variable SQL
CVE-2008-3083
Injection
webXell Editor upload_pictures.php Unrestricted File Upload Arbitrary Code
CVE-2008-3178
Execution
Orlando CMS modules/core/logger/init.php GLOBALS[preloc] Variable
CVE-2008-2854
Remote File Inclusion
Orlando CMS AJAX/newscat.php GLOBALS[preloc] Variable Remote File
CVE-2008-2854
Inclusion
OwnRS clanek.php id Variable XSS
CVE-2008-2855
OwnRS clanek.php id Variable SQL Injection
CVE-2008-2856
AJ Auction Pro category.php cate_id Variable SQL Injection
CVE-2008-2860
CaupoShop Classic csc_article_details.php saArticle[ID] Variable SQL
CVE-2008-2866
Injection
ShareCMS event_info.php eventID Variable SQL Injection
CVE-2008-2870
ShareCMS list_user.php userID Variable SQL Injection
PEGames template2.php Multiple Variable XSS
sHibby sHop Db/urun.mdb Direct Request Database Disclosure
Webdevindo-CMS index.php hal Variable SQL Injection
cmsWorks admin/include/lib.module.php mod_root Variable Remote File
Inclusion
PageSquid CMS index.php page Variable SQL Injection
PHPAuction item.php id Variable SQL Injection
CMS Mini view/index.php Multiple Variable Traversal Local File Inclusion
MyBlog index.php Multiple Variable XSS
MyBlog post.php id Variable XSS
MyBlog index.php view Variable SQL Injection
MyBlog member.php id Variable SQL Injection
MyBlog post.php id Variable SQL Injection
ResearchGuide guide.php id Variable SQL Injection
Ray modules/global/inc/content.inc.php sIncPath Variable Remote File
Inclusion
vBulletin admincp/faq.php Injection adminlog.php XSS
JaxUltraBB (JUBB) viewforum.php forum Variable XSS
BrewBlogger includes/authentication.inc.php username Variable SQL
Injection
SafeHTML HTMLSax3.php dir[plugins] Variable Remote File Inclusion
JaxUltraBB (JUBB) viewprofile.php user Variable Traversal Local File
Inclusion
KbLance index.php cat_id Variable SQL Injection
MM Chat chathead.php Multiple Variable XSS
MM Chat chatconfig.php currentlang Variable Traversal Local File Inclusion
Dokeos user_portal.php include Variable Traversal Local File Inclusion
TinX CMS admin/objects/obj_image.php language Variable XSS
Ourvideo CMS edit_top_feature.php include_connection Variable Remote
File Inclusion
Ourvideo CMS edit_topics_feature.php include_connection Variable
Remote File Inclusion
Ourvideo CMS phpi/rss.php prefix Variable Traversal Local File Inclusion
Ourvideo CMS phpi/login.php Multiple Variable XSS
SafeHTML safehtml.php dir[plugins] Variable Remote File Inclusion
HomePH Design admin/templates/template_thumbnail.php thumb_template
Variable Remote File Inclusion
Demo4 CMS index.php id Variable SQL Injection
CMReams CMS backend/umleitung.php lang[be_red_text] Variable XSS
CMReams CMS load_language.php page_language Variable Traversal
Local File Inclusion
phpDMCA adodb-errorpear.inc.php ourlinux_root_path Variable Remote
File Inclusion
phpDMCA adodb-pear.inc.php ourlinux_root_path Variable Remote File
Inclusion
AuraCMS js/pages/pages_data.php POST Request Arbitrary Content
Manipulation
FacileForms Component for Mambo / Joomla! facileforms.frame.php ff_
compath Variable Remote File Inclusion
PHPEasyData last_records.php annuaire Variable XSS
PHPEasyData annuaire.php Multiple Variable XSS
DreamPics Builder index.php page Variable SQL Injection
PHPortal sablonlar/gunaysoft/gunaysoft.php Multiple Variable Remote File
Inclusion
myBloggie admin.php Edit Actions CSRF
MyBulletinBoard (MyBB) portal.php Unspecified Variable XSS
MyBulletinBoard (MyBB) inc/functions_post.php Unspecified Variable XSS
FaName index.php Multiple Variable XSS
CVE-2008-2870
CVE-2008-2871
CVE-2008-2873
CVE-2008-2875
CVE-2008-2877
CVE-2008-2897
CVE-2008-2900
CVE-2008-2961
CVE-2008-2962
CVE-2008-2962
CVE-2008-2963
CVE-2008-2963
CVE-2008-2963
CVE-2008-2964
CVE-2008-3166
CVE-2008-3184
CVE-2008-2965
CVE-2008-3167
CVE-2008-2966
CVE-2008-2972
CVE-2008-2973
CVE-2008-2974
CVE-2008-3120
CVE-2008-2975
CVE-2008-2977
CVE-2008-2977
CVE-2008-2978
CVE-2008-2979
CVE-2008-3167
CVE-2008-2981
CVE-2008-2983
CVE-2008-2984
CVE-2008-2985
CVE-2008-2986
CVE-2008-2986
CVE-2008-3203
CVE-2008-2990
CVE-2008-2994
CVE-2008-2994
CVE-2008-3119
CVE-2008-3022
CVE-2008-3080
CVE-2008-3069
CVE-2008-3069
CVE-2007-3653
FaName page.php name Variable XSS
CVE-2007-3653
FaName class/page.php id Variable SQL Injection
CVE-2007-3652
FaName class/page.php id Variable Error Message Path Disclosure
CVE-2007-3651
RSS-aggregator admin/fonctions/supprimer_flux.php IdFlux Variable SQL CVE-2008-3034
Injection
RSS-aggregator admin/fonctions/supprimer_tag.php IdTag Variable SQL
CVE-2008-3034
Injection
HomePH Design admin/templates/template_thumbnail.php thumb_template
CVE-2008-2982
Variable Traversal Local File Inclusion
HomePH Design account/account.php language Variable Traversal Local
CVE-2008-2982
File Inclusion
HomePH Design downloads/downloads.php language Variable Traversal
CVE-2008-2982
Local File Inclusion
HomePH Design forum/forum.php language Variable Traversal Local File
CVE-2008-2982
Inclusion
HomePH Design fotogalerie/delete.php language Variable Traversal Local
CVE-2008-2982
File Inclusion
HomePH Design fotogalerie/fotogalerie.php language Variable Traversal
CVE-2008-2982
Local File Inclusion
HomePH Design admin/features/register/register.php error_meldung
CVE-2008-2980
Variable XSS
HomePH Design admin/features/memberlist/memberlist.php feature_
CVE-2008-2980
language[ueberschrift] Variable XSS
HomePH Design admin/features/lostpassword/lostpassword.php language_
CVE-2008-2980
array[ueberschrift] Variable XSS
HomePH Design admin/features/kalender/eingabe.php language_feature
CVE-2008-2980
[titel] Variable XSS
HomePH Design admin/features/fotogalerie/eingabe.php language_feature
CVE-2008-2980
[bildmenu] Variable XSS
TinX CMS include_me.php language Variable Traversal Local File Inclusion CVE-2008-2976
TinX CMS admin/ajax.php language Variable Traversal Local File Inclusion CVE-2008-2976
TinX CMS admin/objects/catalog.ajaxhandler.php language Variable
CVE-2008-2976
Traversal Local File Inclusion
TinX CMS admin/inc/config.php prefix Variable Traversal Local File
CVE-2008-2976
Inclusion
DreamNews Manager dreamnews-rss.php id Variable SQL Injection
CVE-2008-3189
eSyndiCat Directory Software register.php Multiple Variable XSS
phpDatingClub website.php page Variable Traversal Local File Inclusion
CVE-2008-3179
Zen Cart admin/includes/initsystem.php loader_file Variable Local File
Inclusion
Zen Cart admin/includes/languages/english.php _SESSION[language]
Variable Local File Inclusion
AlstraSoft Affiliate Network Pro merchants/index.php Multiple Variable XSS CVE-2007-4081
AlstraSoft Video Share Enterprise view_video.php category Variable Path
CVE-2007-4087
Disclosure
AlstraSoft Video Share Enterprise uprofile.php UID Variable Path Disclosure CVE-2007-4087
AlstraSoft Video Share Enterprise channel_detail.php UID Variable Path
CVE-2007-4087
Disclosure
AlstraSoft Video Share Enterprise uvideos.php UID Variable Path
CVE-2007-4087
Disclosure
AlstraSoft Video Share Enterprise groups_home.php UID Variable Path
CVE-2007-4087
Disclosure
AlstraSoft Video Share Enterprise ufriends.php UID Variable Path
CVE-2007-4087
Disclosure
AlstraSoft Affiliate Network Pro merchants/temp.php rowid Variable XSS
CVE-2007-4081
MyBulletinBoard (MyBB) inc/class_language.php $language Variable
CVE-2008-3071
Traversal Unspecified Security Issue
MyBulletinBoard (MyBB) inc/datahandler/user.php $user['language']
CVE-2008-3070
Variable Unspecified Security Issue
Gravity Board X index.php Multiple Variable SQL Injection
CVE-2008-2996
WordPress Admin Panel options.php Options Database Table XSS
CVE-2007-4153
IndexScript include/utils.php Multiple Variable SQL Injection
CVE-2007-4163
WordPress Admin Panel link-import.php opml_url Variable XSS
CVE-2007-4153
PHPEasyData annuaire.php annuaire Variable SQL Injection
CVE-2008-2995
PHPEasyData admin/login.php username Field SQL Injection
CVE-2008-2995
Maian Events admin/index.php mevents_admin_cookie Cookie
Administrator Authentication Bypass
Pluck data/inc/themes/predefined_variables.php Multiple Variable Traversal
CVE-2008-3194
Local File Inclusion
ITechBids sellers_othersitem.php seller_id Variable SQL Injection
CVE-2008-3238
ITechBids classifieds.php productid Variable SQL Injection
CVE-2008-3238
ITechBids shop.php id Variable SQL Injection
CVE-2008-3238
ITechBids forward_to_friend.php product Variable XSS
CVE-2008-3237
Maian Events admin/index.php mmusic_cookie Cookie Admin
Authentication Bypass
Procapita login.asp Unspecified SQL Injection
@1 File Store PRO confirm.php id Variable SQL Injection
Scripteen Free Image Hosting Script admin/login.php Multiple Variable SQL
CVE-2008-3212
Injection
webCMS Portal Edition secciones/tablon/tablon.php Variable id SQL
CVE-2008-3213
Injection
@1 File Store PRO download.php id Variable SQL Injection
Million Pixels tops_top.php id_cat Variable SQL Injection
CVE-2008-3204
jSite admin/login.php username Variable SQL Injection
Black Cat browse.groups.php category Variable SQL Injection
CVE-2008-3206
Maian Search admin/index.php search_cookie Cookie Admin Authentication
CVE-2008-3317
Bypass
Maian Guestbook admin/index.php gbook_cookie Cookie Admin
CVE-2008-3320
Authentication Bypass
Maian Recipe admin/index.php recipe_cookie Cookie Admin Authentication
CVE-2008-3322
Bypass
Maian Links admin/index.php links_cookie Cookie Admin Authentication
CVE-2008-3319
Bypass
Maian Uploader admin/index.php uploader_cookie Cookie Admin
CVE-2008-3321
Authentication Bypass
Maian Weblog admin/index.php weblog_cookie Cookie Admin
CVE-2008-3318
Authentication Bypass
CodeDB list.php lang Variable Traversal Local File Inclusion
CVE-2008-3190
Galatolo WebManager all.php tag Variable XSS
phpMyAdmin db_create.php db Variable CSRF
CVE-2008-3197
Galatolo WebManager plugins/users/index.php id Variable SQL Injection
php Help Agent include/head_chat.inc.php content Variable Traversal Local
CVE-2008-3385
File Inclusion
Chipmunk Blog members.php membername Variable XSS
CVE-2008-3186
Chipmunk Blog comments.php membername Variable XSS
CVE-2008-3186
Chipmunk Blog photos.php membername Variable XSS
CVE-2008-3186
Chipmunk Blog archive.php membername Variable XSS
CVE-2008-3186
Chipmunk Blog cat.php membername Variable XSS
CVE-2008-3186
Pragyan CMS cms/modules/form.lib.php Multiple Variable Remote File
CVE-2008-3207
Inclusion
gapicms ktmlpro/includes/ktedit/toolbar.php dirDepth Variable Remote File
CVE-2008-3183
Inclusion
fuzzylime (cms) blog.php file Variable Traversal Local File Inclusion
CVE-2008-3164
DodosMail dodosmail.php dodosmail_header_file Variable Traversal Local
CVE-2008-3163
File Inclusion
IBM Maximo jsp/common/system/debug.jsp Multiple HTTP Header XSS
CVE-2008-3161
SmartPPC Multiple Product directory.php idDirectory Variable SQL Injection CVE-2008-3152
pSys chatbox.php showid Variable SQL Injection
CVE-2008-3131
PHPmotion play.php vid Variable SQL Injection
CVE-2008-3118
PHPizabi system/v_cron_proc.php writeLogEntry Function Arbitrary PHP
Code Execution
AlstraSoft Affiliate Network Pro index.php pgm Variable SQL Injection
Scripteen Free Image Hosting Script login.php Multiple Variable SQL
Injection
IBM Maximo jsp/common/system/debug.jsp Direct Access Remote
Information Disclosure
tplSoccerSite index.php id Variable SQL Injection
tplSoccerSite player.php id Variable SQL Injection
tplSoccerSite opponent.php id Variable SQL Injection
tplSoccerSite matchdetails.php id Variable SQL Injection
tplSoccerSite additionalpage.php id Variable SQL Injection
phpHoo3 phpHoo3.php viewCat Variable SQL Injection
AlstraSoft Video Share Enterprise album.php UID Variable SQL Injection
Jobbex JobSite search_result.cfm searchFor Variable XSS
Jobbex JobSite search_result.cfm Multiple Variable SQL Injection
EZCMS admin/filemanager/ Insecure Permission Arbitrary File Manipulation
sHibby sHop upgrade.asp Direct Request Insecure Permission Arbitrary File
Manipulation
eLineStudio Site Composer cms/include/trigger.asp Direct Request
Database Path Disclosure
eLineStudio Site Composer cms/include/common2.asp Direct Request
Database Path Disclosure
MoinMoin macro/AdvancedSearch.py Multiple Variable XSS
Def-Blog comaddok.php article Variable SQL Injection
Def-Blog comlook.php article Variable SQL Injection
EasyE-Cards staticpages/easyecards/index.php Multiple Variable XSS
EasyE-Cards staticpages/easyecards/index.php sid Variable SQL Injection
MojoAuto mojoAuto.cgi cat_a Variable SQL Injection
Hotel Reservation System (HRS) Multi picture_pic_bv.asp key Variable SQL
Injection
EasyBookMarker ajaxp_backend.php rs Variable XSS
EasyPublish staticpages/easypublish/index.php read Variable XSS
EasyDynamicPages staticpages/easycalendar/index.php year Variable XSS
EasyPublish staticpages/easypublish/index.php read Variable SQL Injection
EasyDynamicPages staticpages/easycalendar/index.php year Variable SQL
Injection
MojoJobs mojoJobs.cgi cat_a Variable SQL Injection
MojoPersonals mojoClassified.cgi cat Variable SQL Injection
ShopCartDx product_detail.php pid Variable SQL Injection
Claroline document/rqmkhtml.php cwd Variable XSS
Claroline announcements/announcements.php URL XSS
Claroline calendar/agenda.php URL XSS
Claroline course/index.php URL XSS
Claroline course_description/index.php URL XSS
Claroline document/document.php URL XSS
Claroline exercise/exercise.php URL XSS
Claroline group/group_space.php URL XSS
Claroline phpbb/newtopic.php URL XSS
Claroline phpbb/reply.php URL XSS
Claroline phpbb/viewtopic.php URL XSS
Claroline wiki/wiki.php URL XSS
Claroline work/work.php URL XSS
MojoClassifieds mojoClassified.cgi cat_a Variable SQL Injection
Interact help/help.php Multiple Variable Traversal Local File Inclusion
Moodle blog/edit.php etitle Variable XSS
YouTube Blog todos.php id Variable SQL Injection
YouTube Blog mensaje.php m Variable XSS
CVE-2008-3239
CVE-2008-3240
CVE-2008-3212
CVE-2008-3161
CVE-2008-3251
CVE-2008-3251
CVE-2008-3251
CVE-2008-3251
CVE-2008-3251
CVE-2008-3245
CVE-2008-3386
CVE-2008-3340
CVE-2008-3341
CVE-2008-2920
CVE-2008-2882
CVE-2008-2864
CVE-2008-2864
CVE-2008-3381
CVE-2008-3388
CVE-2008-3388
CVE-2008-3344
CVE-2008-3345
CVE-2008-3383
CVE-2008-3266
CVE-2008-3380
CVE-2008-3342
CVE-2008-3348
CVE-2008-3343
CVE-2008-3347
CVE-2008-3267
CVE-2008-3403
CVE-2008-3346
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3260
CVE-2008-3382
CVE-2008-3384
CVE-2008-3326
CVE-2008-3307
CVE-2008-3305
YouTube Blog cuenta/cuerpo.php base_archivo Variable Remote File
Inclusion
YouTube Blog info.php id Variable SQL Injection
Claroline auth/announcements/messages.php Query String XSS
Pre Survey Poll default.asp catid Variable SQL Injection
SocialEngine include/class_user.php se_user Cookie SQL Injection
SocialEngine include/class_admin.php se_admin Cookie SQL Injection
Atom PhotoBlog atomPhotoBlog.php photoId Variable SQL Injection
SiteAdmin CMS line2.php art Variable SQL Injection
PunBB include/parser.php Unspecified Variable XSS
MyBulletinBoard (MyBB) search.php Unspecified Variable XSS
IceBB modules/members.php username Variable SQL Injection
Youtuber Clone ugroups.php UID SQL Injection
Web Wiz Forum admin_group_details.asp mode Variable XSS
XRMS CRM tests/info.php Direct Request phpinfo() Function Information
Disclosure
GC Auction Platinum category.php cate_id Variable SQL Injection
fipsCMS light home/index.asp r Variable SQL Injection
Camera Life sitemap.xml.php id Variable SQL Injection
TriO browse.php id Variable SQL Injection
CMScout common.php bit Variable Local File Inclusion
Avlc Forum vlc_forum.php id Variable SQL Injection
UltraStats players-detail.php id Variable SQL Injection
Siteframe CMS folder.php id Variable SQL Injection
EZWebAlbum constants.inc photoalbumadmin Cookie Administrator
Authentication Bypass
EZWebAlbum download.php dlfilename Variable Traversal Arbitrary File
Access
XOOPS modules/system/admin.php fct Variable XSS
XOOPS modules/system/admin.php fct Variable Traversal Local File
Inclusion
XRMS CRM login.php msg Variable XSS
Owl Intranet Engine register.php username Variable XSS
Newbb Plus Module for RunCMS votepolls.php bbPath[path] Variable
Remote File Inclusion
Newbb Plus Module for RunCMS config.php bbPath[root_theme] Variable
Remote File Inclusion
Jobbex JobSite search_result.cfm Unspecified Error Message Path
Disclosure
Mantis account_prefs_update.php language Variable Traversal Local File
Inclusion
Mantis return_dynamic_filters.php filter_target Variable XSS
CreaCMS edition_article/edition_article.php cfg[document_uri] Variable
Remote File Inclusion
CreaCMS fonctions/get_liste_langue.php cfg[base_uri_admin] Variable
Remote File Inclusion
Lemon CMS FCKeditor/editor/filemanager/browser/browser.php dir Variable
Traversal Local File Inclusion
Flip config.php incpath Variable Remote File Inclusion
Gregarius ajax.php rsargs[] Variable SQL Injection
DigiLeave info_book.asp book_id Variable SQL Injection
ibase zubehoer/download.php filename Variable Traversal Arbitrary File
Access
ViArt Shop products_rss.php category_id Variable SQL Injection
Jamroom includes/jamroom-misc.inc.php jrCookie Function Admin
Authentication Bypass
ATutor tools/packages/import.php type Variable Remote File Inclusion
Web Wiz Rich Text Editor RTE_popup_link.asp email Variable XSS
mForum usercp.php Multiple Variable SQL Injection
CVE-2008-3308
CVE-2008-3306
CVE-2008-3315
CVE-2008-3310
CVE-2008-3297
CVE-2008-3297
CVE-2008-3351
CVE-2008-3414
CVE-2008-3336
CVE-2008-3334
CVE-2008-3416
CVE-2008-3419
CVE-2008-3391
CVE-2008-3400
CVE-2008-3413
CVE-2008-3417
CVE-2008-3355
CVE-2008-3418
CVE-2008-3415
CVE-2008-3200
CVE-2008-3241
CVE-2008-3256
CVE-2008-3292
CVE-2008-3293
CVE-2008-3295
CVE-2008-3296
CVE-2008-3398
CVE-2008-3100
CVE-2008-3354
CVE-2008-3354
CVE-2008-3339
CVE-2008-3333
CVE-2008-3331
CVE-2008-3313
CVE-2008-3313
CVE-2008-3312
CVE-2008-3311
CVE-2008-3374
CVE-2008-3309
CVE-2008-3369
CVE-2008-3375
CVE-2008-3368
CVE-2008-3367
CVE-2008-3191
Claroline claroline/redirector.php url Variable Arbitrary Site Redirect
BilboBlog admin/update.php content Variable XSS
BilboBlog head.php titleId Variable XSS
BilboBlog footer.php t_lang[lang_copyright] Variable XSS
BilboBlog admin/ Default URI content Variable XSS
BilboBlog admin/homelink.php Multiple Variable XSS
BilboBlog admin/post.php t_lang[lang_admin_new_post] Variable XSS
BookMine events.cfm events_id Variable SQL Injection
BilboBlog admin/delete.php num Variable SQL Injection
BookMine search.cfm Multiple Variable XSS
BilboBlog admin/login.php Direct Request Admin Authentication Bypass
Moodle blog/blogpage.php Direct Request Error Message Path Disclosure
Moodle course/report/stats/report.php Direct Request Error Message Path
Disclosure
ScrewTurn Wiki /admin.aspx System Log XSS
Web Wiz Forum admin_category_details.asp mode Variable XSS
Web Wiz Forum log_off_user.asp CSRF
HIOX Browser Statistics hioxstats.php hm Variable Remote File Inclusion
HIOX Browser Statistics hioxupdate.php hm Variable Remote File Inclusion
fizzMedia comment.php mid Variable SQL Injection
Axesstel AXW-D800 etc/config/System.html Direct Request Configuration
Manipulation
HIOX Random Ad hioxRandomAd.php hm Variable Remote File Inclusion
Mobius Web Publishing Software browse.php id Variable SQL Injection
Mobius Web Publishing Software detail.php s Variable SQL Injection
PozScripts Classified Ads browsecats.php cid Variable SQL Injection
Article Friendly authordetail.php autid Variable SQL Injection
PozScripts Classified Ads showcategory.php cid Variable SQL Injection
ZeeScripts Reviews comments.php ItemID Variable SQL Injection
Article Friendly categorydetail.php Cat Variable SQL Injection
TubeGuru Video Sharing Script ugroups.php UID Variable SQL Injection
Axesstel AXW-D800 etc/config/Network.html Direct Request Configuration
Manipulation
Axesstel AXW-D800 etc/config/Security.html Direct Request Configuration
Manipulation
Axesstel AXW-D800 cgi-bin/sysconf.cgi Direct Request Configuration
Manipulation
Axesstel AXW-D800 cgi-bin/route.cgi Direct Request Configuration
Manipulation
Procapita inloggning.asp Unspecified SQL Injection
Claroline auth/lostPassword.php Query String XSS
Claroline auth/profile.php Query String XSS
Claroline learnPath/calendar/myagenda.php Query String XSS
Claroline learnPath/group/group.php Query String XSS
Claroline learnPath/learningPath.php Query String XSS
Claroline learnPath/learningPathList.php Query String XSS
Claroline learnPath/module.php Query String XSS
Claroline tracking/phpbb/index.php Query String XSS
Claroline tracking/courseLog.php Query String XSS
Claroline tracking/course_access_details.php Query String XSS
Claroline tracking/delete_course_stats.php Query String XSS
Claroline tracking/userLog.php Query String XSS
Claroline tracking/user_access_details.php Query String XSS
Claroline user/user.php Query String XSS
Claroline user/userInfo.php Query String XSS
Claroline tracking/courseLog.php view Variable XSS
Claroline tracking/toolaccess_details.php toolId Variable XSS
PassWiki passwiki.php site_id Variable Traversal Local File Inclusion
CVE-2008-3261
CVE-2008-3301
CVE-2008-3301
CVE-2008-3301
CVE-2008-3301
CVE-2008-3301
CVE-2008-3301
CVE-2008-3393
CVE-2008-3302
CVE-2008-3394
CVE-2008-3303
CVE-2008-3327
CVE-2008-3327
CVE-2008-3391
CVE-2008-3392
CVE-2008-3402
CVE-2008-3402
CVE-2008-3378
CVE-2008-3411
CVE-2008-3401
CVE-2008-3420
CVE-2008-3420
CVE-2008-3411
CVE-2008-3411
CVE-2008-3411
CVE-2008-3411
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
CVE-2008-3315
xGB xGB.php Admin Edit Action Direct Request Authentication Bypass
PrayerCenter Component for Joomla index2.php id Variale SQL Injection
Social Site Generator display_blog.php sgc_id Variable SQL Injection
TorrentTrader scrape.php info_hash Variable SQL Injection
LokiCMS admin.php Direct Request Authentication Bypass
Social Site Generator social_my_profile_download.php scm_mem_id
Variable SQL Injection
Social Site Generator social_forum_subcategories.php catid Variable SQL
Injection
Social Site Generator filedload.php file Variable Arbitrary File Download
Social Site Generator webadmin/download.php file Variable Arbitrary File
Download
Social Site Generator webadmin/download_file.php file Variable Arbitrary
File Download
Social Site Generator social_game_play.php path Variable Remote File
Inclusion
PsychoStats weapon.php id Variable SQL Injection
PsychoStats map.php id Variable SQL Injection
Xoops Contenido EZ Publish (contenido_hacks) main_upl.php cfgPathInc
Variable Remote File Inclusion
Apache Tomcat Host Manager host-manager/html/add name Variable XSS
meBiblio add_journal_mask.inc.php InsertJournal Variable XSS
SMEweb catalog.php Multiple Variable SQL Injection
meBiblio dbadd.inc.php sql Variable XSS
meBiblio insert_mask.inc.php InsertBibliography Variable XSS
meBiblio search_mask.inc.php LabelYear Variable XSS
SMEweb catalog.php data Variable XSS
SMEweb search.php keyword Variable XSS
SMEweb bb.php page Variable XSS
SMEweb order.php new_s Variable XSS
Upload File Plugin for WordPress wp-uploadfile.php f_id Variable SQL
Injection
Excuse Online pwd.asp pID Variable SQL Injection
Tr Script News news.php nb Variable XSS
Weblosning index2.php Multiple Variable SQL Injection
Weblosning result.php search Variable XSS
Netbutik netbutik.php cat Variable SQL Injection
Netbutik product.php id Variable SQL Injection
QuickerSite bs_login.asp Unauthenticated Admin Function Access
Battle Blog comment.asp entry Variable SQL Injection
PHP Address Book view.php id Variable SQL Injection
427BB showpost.php post Variable SQL Injection
427BB register.php Multiple Variable XSS
427BB reminder.php Multiple Variable XSS
427BB search.php Multiple Variable XSS
PowerPhlogger edCss.php css_str Variable SQL Injection
PHP Visit Counter read.php datespan Variable SQL Injection
BP Blog template_permalink.asp id Variable SQL Injection
BP Blog template_archives_cat.asp cat Variable SQL Injection
HispaH Model Search cat.php cat Variable SQL Injection
eChat Plugin for e107 e107chat.php nick Variable SQL Injection
1Book guestbook.php Multiple Variable Arbitrary PHP Code Execution
F5 FirePass /vdesk/admincon/webyfiers.php css_exceptions Variable XSS
Phoenix View CMS gbuch.admin.php del Variable SQL Injection
Phoenix View CMS links.admin.php del Variable SQL Injection
Phoenix View CMS menue.admin.php del Variable SQL Injection
Phoenix View CMS news.admin.php del Variable SQL Injection
Phoenix View CMS todo.admin.php del Variable SQL Injection
CVE-2007-4637
CVE-2007-5115
CVE-2008-1947
CVE-2008-2646
CVE-2008-2652
CVE-2008-2646
CVE-2008-2646
CVE-2008-2646
CVE-2008-2644
CVE-2008-2644
CVE-2008-2644
CVE-2008-2644
CVE-2008-2510
CVE-2008-2509
CVE-2008-2508
CVE-2008-2506
CVE-2008-2505
CVE-2008-2504
CVE-2008-2504
CVE-2008-2626
CVE-2008-2565
CVE-2008-2560
CVE-2008-2561
CVE-2008-2561
CVE-2008-2561
CVE-2008-2562
CVE-2008-2556
CVE-2008-2554
CVE-2008-2554
CVE-2008-2537
CVE-2008-2638
CVE-2008-2637
CVE-2008-2535
CVE-2008-2535
CVE-2008-2535
CVE-2008-2535
CVE-2008-2535
Phoenix View CMS admin/admin_frame.php ltarget Variable Traversal
Local File Inclusion
Phoenix View CMS admin/admin_frame.php ltarget Variable XSS
Phoenix View CMS gbuch.admin.php conf Variable XSS
Phoenix View CMS menue.admin.php conf Variable XSS
Phoenix View CMS links.admin.php conf Variable XSS
Phoenix View CMS news.admin.php conf Variable XSS
Phoenix View CMS todo.admin.php conf Variable XSS
AJ HYIP Acme forum/topic_detail.php id Variable SQL Injection
QuickUpCMS frontend/news.php nr Variable SQL Injection
QuickUpCMS events3.php id Variable SQL Injection
QuickUpCMS videos2.php id Variable SQL Injection
QuickUpCMS frontend/events2.php y Variable SQL Injection
QuickUpCMS frontend/fotos2.php ser Variable SQL Injection
Advanced Links Management (ALM) read.php catId Variable SQL Injection
F5 FirePass /vdesk/admincon/index.php sql_matchscope Variable XSS
BrowserCRM pub/clients.php bcrm_pub_root Variable Remote File
Inclusion
JiRos FAQ Manager eXperience read.php fID Variable SQL Injection
BrowserCRM pub/kb.php bcrm_pub_root Variable Remote File Inclusion
BrowserCRM pub/login.php bcrm_pub_root Variable Remote File Inclusion
BrowserCRM pub/contact_view.php bcrm_pub_root Variable Remote File
Inclusion
BrowserCRM pub/index.php bcrm_pub_root Variable Remote File Inclusion
BrowserCRM pub/contact.php bcrm_pub_root Variable Remote File
Inclusion
Realm CMS _includes/inc_routines.asp kwrd Variable SQL Injection
Pilot Cart pilot.asp article Variable SQL Injection
Real-Estate-Website location.asp location Variable SQL Injection
Real-Estate-Website location.asp name Variable XSS
Realm CMS _db/compact.asp Multiple Variable XSS
Realm CMS _db/compact.asp Direct Request Path Disclosure
Realm CMS _RealmAdmin/login.asp Crafted Cookie Authentication Bypass
SyndeoCMS fckeditor/studenteditor.php template Variable Traversal Local
File Inclusion
ASP News Management viewnews.asp newsID Variable SQL Injection
Tornado Knowledge Retrieval System searcher.exe p Variable XSS
GlassFish Administration Console configuration/httpListenerEdit.jsf name
Variable XSS
SyndeoCMS starnet/index.php template Variable Traversal Local File
Inclusion
Brim /templates/barrel/template.tpl.php renderer Variable Remote File
Inclusion
yblog search.php q Variable SQL Injection
PHP Address Book edit.php id Variable SQL Injection
Absolute News Manager XE search.asp Multiple Variable XSS
Absolute Banner Manager XE searchbanners.asp text Variable XSS
Pooya Site Builder utils/getXsl.aspx xslIdn Variable SQL Injection
Absolute Form Processor XE search.asp Multiple Variable XSS
Absolute Control Panel XE users.asp name Variable XSS
eFiction toplists.php list Variable SQL Injection
Absolute Form Processor XE users.asp name Variable XSS
Pooya Site Builder utils/getXml.aspx part Variable SQL Injection
Pooya Site Builder utils/getXls.aspx part Variable SQL Injection
yblog user.php n Variable SQL Injection
yblog search.php q Variable XSS
yblog user.php n Variable XSS
yblog uss.php n Variable XSS
CVE-2008-2534
CVE-2008-2533
CVE-2008-2533
CVE-2008-2533
CVE-2008-2533
CVE-2008-2533
CVE-2008-2533
CVE-2008-2532
CVE-2008-2530
CVE-2008-2530
CVE-2008-2530
CVE-2008-2530
CVE-2008-2530
CVE-2008-2529
CVE-2008-2637
CVE-2008-2689
CVE-2008-2691
CVE-2008-2690
CVE-2008-2690
CVE-2008-2690
CVE-2008-2690
CVE-2008-2690
CVE-2008-2679
CVE-2008-2688
CVE-2008-2680
CVE-2008-2681
CVE-2008-2682
CVE-2008-2645
CVE-2008-2669
CVE-2008-2565
CVE-2008-2758
CVE-2008-2761
CVE-2008-2753
CVE-2008-2759
CVE-2008-2756
CVE-2008-2754
CVE-2008-2759
CVE-2008-2753
CVE-2008-2753
CVE-2008-2669
CVE-2008-2668
CVE-2008-2668
CVE-2008-2668
FlashBlog php/leer_comentarios.php articulo_id Variable SQL Injection
Absolute News Manager XE publishers.asp name Variable XSS
Absolute News Manager XE search.asp orderby Variable SQL Injection
Absolute Banner Manager XE listadvertisers.asp text Variable XSS
Absolute Banner Manager XE searchbanners.asp orderby Variable SQL
Injection
meBiblio admin/journal_change_mask.inc.php JID Variable SQL Injection
DesktopOnNet don3_requiem.don3app/don3_requiem.php app_path
Variable Remote File Inclusion
DesktopOnNet frontpage.don3app/frontpage.php app_path Variable
Remote File Inclusion
Battle Blog article.asp entry Variable SQL Injection
Telephone Directory 2008 edit1.php code Variable SQL Injection
Telephone Directory 2008 view_more.php id Variable SQL Injection
Telephone Directory 2008 edit1.php action Variable XSS
DCFM Blog comments.php id Variable SQL Injection
Insanely Simple Blog index.php Multiple Variable SQL Injection
yblog uss.php n Variable SQL Injection
ASP News Management rss.asp Direct Request Information Disclosure
ASP News Management viewheadings.asp Direct Request Information
Disclosure
ASP News Management viewnews.asp Direct Request Information
Disclosure
PHP JOBWEBSITE PRO jobseekers/JobSearch3.php Multiple Variable
SQL Injection
Lyris ListManager read/search/results words Variable XSS
Contenido CMS /backend_search.php contenido_path Variable Remote File
Inclusion
Clever Copy results.php searchtype Variable SQL Injection
Cartweaver details.php prodId Variable SQL Injection
Pre ADS Portal showcategory.php cid Variable SQL Injection
Pre Job Board JobSearch3.php Multiple Variable SQL Injection
Pre ADS Portal software-description.php id Variable SQL Injection
E-SMART CART productsofcat.asp category_id Variable SQL Injection
WebChamado lista_anexos.php tsk_id Variable SQL Injection
PHPMyCart shop.php cat Variable SQL Injection
AlstraSoft AskMe Pro forum_answer.php que_id Variable SQL Injection
gllcTS2 listing.php sort Variable SQL Injection
Mambo includes/Cache/Lite/Output.php mosConfig_absolute_path Variable
Remote File Inclusion
WebChamado index.php eml Variable SQL Injection
WebChamado admin/index.php eml Variable SQL Injection
AlstraSoft AskMe Pro profile.php id Variable SQL Injection
gllcTS2 login.php detail Variable SQL Injection
Family Connections addressbook.php address Variable SQL Injection
Family Connections familynews.php getnews Variable SQL Injection
Family Connections home.php poll_id Variable SQL Injection
vBulletin Unspecified XSS
AWBS news.php viewnews Variable SQL Injection
MyMarket shopping/index.php id Variable SQL Injection
QuickerSite mailPage.asp Arbitrary Mail Send
QuickerSite showThumb.aspx close Variable XSS
QuickerSite showThumb.aspx Direct Request Path Disclosure
QuickerSite process_send.asp SB_redirect Variable XSS
QuickerSite process_send.asp Arbitrary Mail Send
QuickerSite picker.asp Multiple Variable XSS
QuickerSite rss.asp Multiple Header XSS
Exero CMS custompage.php theme Variable Traversal Local File Inclusion
CVE-2008-2572
CVE-2008-2758
CVE-2008-2757
CVE-2008-2761
CVE-2008-2760
CVE-2008-2647
CVE-2008-2649
CVE-2008-2649
CVE-2008-2685
CVE-2008-2678
CVE-2008-2678
CVE-2008-2677
CVE-2008-2671
CVE-2008-2670
CVE-2008-2669
CVE-2008-2746
CVE-2008-2744
CVE-2008-2815
CVE-2008-2840
Exero CMS errors/404.php theme Variable Traversal Local File Inclusion
Exero CMS members/memberslist.php theme Variable Traversal Local File
Inclusion
Exero CMS members/profile.php theme Variable Traversal Local File
Inclusion
Exero CMS news/fullview.php theme Variable Traversal Local File Inclusion
Exero CMS news/index.php theme Variable Traversal Local File Inclusion
Exero CMS nopermission.php theme Variable Traversal Local File Inclusion
Exero CMS usercp/avatar.php theme Variable Traversal Local File Inclusion
Exero CMS usercp/editpassword.php theme Variable Traversal Local File
Inclusion
Open Azimyt CMS azimyt/lang/lang-system.php lang Variable Traversal
Local File Inclusion
TorrentTrader account-signup.php Multiple Variable SQL Injection
TorrentTrader account-inbox.php receiver Variable SQL Injection
TYPO3 fe_adminlib.inc Unspecified XSS
easyTrade detail.php id Variable SQL Injection
ManageEngine OpUtils MainLayout.do hostName Variable XSS
Comparison Engine Power Script product.detail.php id Variable SQL
Injection
Adobe Flex 3 History Management historyFrame.html XSS
OpenDocMan out.php last_message Variable XSS
BASIC-CMS pages/index.php page_id Variable SQL Injection
Gallery embed.php Remote Address Manipulation Path Disclosure
FlashBlog admin/Editor/imgupload.php Unrestricted File Upload Arbitrary
Code Execution
meBiblio upload/uploader.html Unrestricted File Upload Arbitrary Code
Execution
ErfurtWiki /ewiki/fragments/css.php Multiple Variable Traversal Arbitrary File
Disclosure
Brim /templates/barry/template.tpl.php renderer Variable Remote File
Inclusion
Brim /templates/mylook/template.tpl.php renderer Variable Remote File
Inclusion
Brim /templates/oerdec/template.tpl.php renderer Variable Remote File
Inclusion
Brim /templates/penguin/template.tpl.php renderer Variable Remote File
Inclusion
Brim /templates/sidebar/template.tpl.php renderer Variable Remote File
Inclusion
Brim /templates/slashdot/template.tpl.php renderer Variable Remote File
Inclusion
Brim /templates/text-only/template.tpl.php renderer Variable Remote File
Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_con_editside.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_news_rcp.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_mod.php cfgPathInc
Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_tplinput_edit.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_con.php cfgPathInc
Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_tpl.php cfgPathInc
Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_con_sidelist.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_str.php cfgPathInc
Variable Remote File Inclusion
CVE-2008-2840
CVE-2008-2840
CVE-2008-2840
CVE-2008-2840
CVE-2008-2840
CVE-2008-2840
CVE-2008-2840
CVE-2008-2840
CVE-2008-2820
CVE-2008-2428
CVE-2008-2428
CVE-2008-2718
CVE-2008-2790
CVE-2008-2797
CVE-2008-2791
CVE-2008-2640
CVE-2008-2787
CVE-2008-2789
CVE-2008-2723
CVE-2008-2574
CVE-2008-2648
CVE-2008-2672
CVE-2008-2645
CVE-2008-2645
CVE-2008-2645
CVE-2008-2645
CVE-2008-2645
CVE-2008-2645
CVE-2008-2645
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
Xoops Contenido EZ Publish (contenido_hacks) main_news.php cfgPathInc
Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_tplinput.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_lang.php cfgPathInc
Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_mod_edit.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_lay.php cfgPathInc
Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_lay_edit.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_news_send.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_con_edittpl.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_stat.php cfgPathInc
Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_tpl_edit.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) main_news_edit.php
cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/con_show_
sidelist.inc.php Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/mod_show_
modules.inc.php Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/lay_show_
layouts.inc.php Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/str_show_tree.inc.php
Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/tpl_show_
templates.inc.php Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/stat_show_tree.inc.php
Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/con_editcontent.inc.php
Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/main_user_md5.php3
cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/main_top.inc.php
cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/upl_show_
uploads.inc.php cfgPathInc Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/con_edit_form.inc.php
Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/con_show_tree.inc.php
Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/news_show_
newsletters.inc.php Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) inc/news_show_
recipients.inc.php Multiple Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_mod.php
cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_lay.php
cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_upl.php
cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_stat.php
cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_news.php
cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_str.php
cfgPathTpl Variable Remote File Inclusion
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
Xoops Contenido EZ Publish (contenido_hacks) tpl/header.php cfgPathTpl
Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_con_
sidelist.php cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_tpl.php
cfgPathTpl Variable Remote File Inclusion
Xoops Contenido EZ Publish (contenido_hacks) tpl/actions_con.php
cfgPathTpl Variable Remote File Inclusion
Contenido CMS /cronjobs/move_articles.php cfg[path][contenido] Variable
Remote File Inclusion
Contenido CMS /cronjobs/move_old_stats.php cfg[path][contenido] Variable
Remote File Inclusion
Contenido CMS /cronjobs/optimize_database.php cfg[path][contenido]
Variable Remote File Inclusion
Contenido CMS /cronjobs/run_newsletter_job.php cfg[path][contenido]
Variable Remote File Inclusion
Contenido CMS /cronjobs/send_reminder.php cfg[path][contenido] Variable
Remote File Inclusion
Contenido CMS /cronjobs/session_cleanup.php cfg[path][contenido]
Variable Remote File Inclusion
Contenido CMS /cronjobs/setfrontenduserstate.php cfg[path][contenido]
Variable Remote File Inclusion
Contenido CMS /includes/include.newsletter_jobs_subnav.php cfg[path]
[templates] Variable Remote File Inclusion
Contenido CMS /plugins/content_allocation/includes/include.right_top.php
cfg[path][templates] Variable Remote File Inclusion
Contenido CMS /includes/include.newsletter_jobs_subnav.php Multiple
Variable Remote File Inclusion
Contenido CMS /plugins/content_allocation/includes/include.right_top.php
Multiple Variable Remote File Inclusion
Maxtrade AIO modules.php Trade Module categori Variable SQL Injection
doITLive CMS default.asp ID Variable SQL Injection
doITLive CMS edit/default.asp Cookie SQL Injection
doITLive CMS edit/showmedia.asp FILE Variable XSS
MyBizz-Classifieds index.php cat Variable SQL Injection
ProManager inc/config.php language Variable Traversal Local File Inclusion
vBulletin modcp/index.php redirect Variable XSS
Samart-CMS site.php contentsid Variable SQL Injection
eLineStudio Site Composer ansFAQ.asp Multiple Variable XSS
phpInv search.php keyword Variable XSS
phpInv entry.php action Variable Traversal Local File Inclusion
WEBalbum photo_add-c.php Multiple Variable XSS
Galatolo WebManager (GWM) admin/plugins.php plugin Variable Traversal
Local File Inclusion
Galatolo WebManager view.php id Variable SQL Injection
Absolute Form Processor XE search.asp orderby Variable SQL Injection
Absolute Live Support XE search.asp orderby Variable SQL Injection
Absolute Live Support XE admin/search.asp Multiple Variable XSS
Absolute Image Gallery XE gallery.asp categoryid Variable SQL Injection
Absolute Image Gallery XE admin/search.asp XSS
Absolute Image Gallery XE gallery.asp XSS
Poll Manager XE search.asp orderby Variable SQL Injection
Poll Manager XE admin/search.asp Multiple Variable XSS
phpRaider authentication/smf/smf.functions.php pConfig_auth[smf_path]
Variable Remote File Inclusion
Search System for RevokeBB inc/class_search.php search Variable SQL
Injection
OtomiGenX library_rss.php lang Variable Traversal Local File Inclusion
OtomiGenX rss.php lang Variable Traversal Local File Inclusion
eLineStudio Site Composer login.asp txtEmail Variable XSS
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2007-5115
CVE-2008-2687
CVE-2008-2694
CVE-2008-2695
CVE-2008-2698
CVE-2008-2699
CVE-2008-2762
CVE-2008-2763
CVE-2008-2764
CVE-2008-2765
CVE-2008-2766
CVE-2008-2766
CVE-2008-2767
CVE-2008-2768
CVE-2008-2769
CVE-2008-2778
CVE-2008-2782
CVE-2008-2782
eLineStudio Site Composer ansFAQ.asp id Variable SQL Injection
eLineStudio Site Composer cms/assetmanager/folderdel_.asp x Direct
Request Arbitrary Directory Manipulation
eLineStudio Site Composer cms/assetmanager/foldernew.asp Direct
Request Arbitrary Directory Manipulation
Absolute News Manager XE admin/anmviewer.asp Unspecified XSS
Absolute News Manager XE admin/editarticleX.asp Unspecified XSS
MiGCMS /lib/obj/collection.class.php GLOBALS[application][app_root]
Variable Remote File Inclusion
MiGCMS /lib/obj/content_image.class.php GLOBALS[application][app_root]
Variable Remote File Inclusion
j00lean-CMS includes/classes/page.php Unspecified Security Issue
CCleague Pro admin.php u Variable SQL Injection
CCleague Pro admin.php type Cookie Admin Authentication Bypass
sHibby sHop default.asp sayfa Variable SQL Injection
AJ HYIP news.php id Variable SQL Injection
le.cms cms/admin/upload.php submit0 Variable Arbitrary Remote File
Execution
Online Fantasy Football League teams.php fflteam_id Variable SQL
Injection
RSS-aggregator display.php path Variable Remote File Inclusion
Hedgehog-CMS includes/header.php c_temp_path Variable Remote File
Inclusion
Jamroom purchase.php jamroom[jm_dir] Variable Remote File Inclusion
IGSuite cgi-bin/igsuite formid Variable SQL Injection
Jamroom payment.php jamroom[jm_dir] Variable Remote File Inclusion
ODARS resource_categories_view.php CLASSES_ROOT Variable Remote
File Inclusion
Online Fantasy Football League leagues.php league_id Variable SQL
Injection
Online Fantasy Football League players.php player_id Variable SQL
Injection
Dagger skins/default.php Multiple Variable Remote File Inclusion
phpMyAdmin /libraries Multiple Scripts Unspecified XSS
ClipShare group_posts.php tid Variable SQL Injection
Oxygen post.php repquote Variable SQL Injection
NiTrO Web Gallery albums.php CatId Variable SQL Injection
Link ADS 1 out.php linkid Variable SQL Injection
PHPeasyblog newsarchive.php post Variable SQL Injection
Scientific Image DataBase projects.php id Variable SQL Injection
WebCalendar send_reminders.php Multiple Variable Remote File Inclusion
CiBlog links-extern.php id Variable SQL Injection
Viral DX 1 adclick.php bannerid Variable SQL Injection
DUware DUcalendar detail.asp iEve Variable SQL Injection
Traindepot index.php module Variable Arbitrary File Access
Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Variable
SQL Injection
Trac Search Script q Variable XSS
Softbiz Jokes & Funny Pics Script index.php sbjoke_id Variable SQL
Injection
Jokes Website joke.php jokeid Variable SQL Injection
Cheats Website item.php itemid Variable SQL Injection
Tips Website tip.php tipid Variable SQL Injection
Riddles Website riddle.php riddleid Variable SQL Injection
Drinks Website drink.php drinkid Variable SQL Injection
Commtouch Enterprise Anti-Spam Gateway login.asp PARAMS Variable
XSS
Yazd Forum Software search.jsp q Variable XSS
CVE-2008-2758
CVE-2008-2758
CVE-2008-2833
CVE-2008-2835
CVE-2008-2793
CVE-2008-2816
CVE-2008-2817
CVE-2008-2823
CVE-2008-2834
CVE-2008-2836
CVE-2008-2838
Orca Interactive Forum Script layout/default/params.php gConf[dir][layouts]
Variable Remote File Inclusion
eTicket open.php pri Variable SQL Injection
eTicket open_raw.php pri Variable SQL Injection
eTicket newticket.php pri Variable SQL Injection
Yazd Forum Software error.jsp msg Variable XSS
Yazd Forum Software userAccount.jsp msg Variable XSS
SePortal poll.php poll_id Variable SQL Injection
SePortal staticpages.php sp_id Variable SQL Injection
Philboard forum.asp forumid Variable SQL Injection
Philboard search.asp searchterms Variable XSS
Online Booking Manager checkavail.php id Variable SQL Injection
Blog Pixel Motion liste_article.php jours Variable XSS
DigitalHive base.php mt Variable XSS
Grape Web Statistics includes/functions.php location Variable Remote File
Inclusion
Aterr include/functions.inc.php class Variable Traversal Local File Inclusion
Aterr include/common.inc.php file Variable Traversal Local File Inclusion
AllMyGuests index.php AMG_id Variable SQL Injection
Cezanne CFLogon/CFLogon.asp SleUserName Variable XSS
Cezanne CFLookup.asp FUNID Variable SQL Injection
Cezanne CznCommon/CznCustomContainer.asp FUNID Variable SQL
Injection
Cezanne CFLookUP.asp Multiple Variable XSS
Cezanne CznCommon/CznCustomContainer.asp Multiple Variable XSS
Cezanne PeopleWeb/Cards/CVCard.asp PersonOid Variable XSS
Cezanne PeopleWeb/Cards/PayrollCard.asp Multiple Variable XSS
Cezanne PeopleWeb/CznDocFolder/CznDFStartProcess.asp Multiple
Variable XSS
PHPizabi template.class.php AssignUser Function Remote Information
Disclosure
GF-3XPLORER updater.php lang_sel Variable Traversal Local File
Inclusion
GF-3XPLORER thumber.php lang_sel Variable Traversal Local File
Inclusion
awzMB modules/adminhelp.php Setting[OPT_includepath] Variable Remote
File Inclusion
awzMB modules/admin.incl.php Setting[OPT_includepath] Variable Remote
File Inclusion
awzMB modules/reg.incl.php Setting[OPT_includepath] Variable Remote
File Inclusion
awzMB modules/help.incl.php Setting[OPT_includepath] Variable Remote
File Inclusion
awzMB modules/gbook.incl.php Setting[OPT_includepath] Variable Remote
File Inclusion
awzMB modules/core/core.incl.php Setting[OPT_includepath] Variable
Remote File Inclusion
cpLinks admin/index.php admin_username Variable SQL Injection
cpLinks search.php Multiple Variable SQL Injection
cpLinks search.php Multiple Variable XSS
LifeType admin.php newBlogUserName Variable XSS
ITCms box/MiniChat/boxpop.php shout Variable Arbitrary PHP Code
Execution
Miniweb index.php historymonth Variable SQL Injection
Auction XL viewfaqs.php cat Variable SQL Injection
DeluxeBB forums.php sort Variable SQL Injection
DeluxeBB admincp.php Arbitrary PHP Code Execution
PHPEasyData annuaire.php cat_id Variable SQL Injection
Maian Weblog admin/index.php keywords Variable XSS
CVE-2008-1986
CVE-2008-1985
CVE-2008-1963
CVE-2008-1962
CVE-2008-1962
CVE-2008-1961
CVE-2008-1967
CVE-2008-1968
CVE-2008-1968
CVE-2008-1969
CVE-2008-1969
CVE-2008-1969
CVE-2008-1969
CVE-2008-1969
CVE-2008-2018
CVE-2007-6475
CVE-2007-6475
CVE-2007-5592
CVE-2007-5592
CVE-2007-5592
CVE-2007-5592
CVE-2007-5592
CVE-2007-5592
CVE-2008-2180
CVE-2008-2180
CVE-2008-2181
CVE-2008-2196
CVE-2008-2192
CVE-2008-2197
CVE-2008-2189
CVE-2008-2194
CVE-2008-2195
CVE-2008-2113
CVE-2008-2200
Maian Weblog admin/inc/header.php Multiple Variable XSS
Zomplog admin/category.php catname Variable XSS
phpDirectorySource show.php lid Variable SQL Injection
BlogMe PHP comments.php id Variable SQL Injection
SysAid SystemList.jsp searchField Variable XSS
LifeType admin.php searchTerms Variable XSS
angelo-emlak hpz/profil.asp id Variable SQL Injection
Mjguest interface/redirect.htm.php level Variable XSS
vlbook include/global.inc.php l Variable Traversal Local File Inclusion
SMartBlog gestion/logon.php login Variable SQL Injection
Harris Wap Chat eng.writeMsg.php sysFileDir Variable Remote File
Inclusion
phpDirectorySource admin.php login Variable SQL Injection
angelo-emlak hpz/prodetail.asp Variable SQL Injection
angelo-emlak hpz/admin/Default.asp sayfa Variable XSS
ActualAnalyzer Lite style Variable Traversal Local File Inclusion
AstroCam pic.php picfile Variable XSS
Project-Based Calendaring System (PBCS) src/yopy_sync.php filename
Variable Traversal Local File Access
FluentCMS view.php sid Variable SQL Injection
Softbiz Web Host Directory Script search_result.php host_id Variable SQL
Injection
Musicbox viewalbums.php artistId Variable SQL Injection
CMS Faethon search.php what Variable XSS
Sun Java System Web Server lib/webapps/search/index.jps XSS
CMS Faethon header.php mainpath Variable Remote File Inclusion
Article Module for XOOPS article.php id Variable SQL Injection
Kubelance ipn.php i Variable Traversal Local File Inclusion
PHP Forge News Module admin.php id Variable SQL Injection
MyArticles Module for RunCMS topics.php topic_id Variable SQL Injection
Siteman index.php module Variable XSS
SiteXS CMS index.php user Variable XSS
miniBB bb_admin.php whatus Variable SQL Injection
QTOFileManager qtofm.php Direct Request File Upload Arbitrary PHP
Code Execution
Harris Wap Chat eng.adCreate.php sysFileDir Variable Remote File
Inclusion
Harris Wap Chat eng.adCreateSave.php sysFileDir Variable Remote File
Inclusion
Harris Wap Chat eng.adDispByTypeOptions.php sysFileDir Variable
Remote File Inclusion
Harris Wap Chat eng.createRoom.php sysFileDir Variable Remote File
Inclusion
Harris Wap Chat eng.forward.php sysFileDir Variable Remote File Inclusion
Harris Wap Chat eng.pageLogout.php sysFileDir Variable Remote File
Inclusion
Harris Wap Chat eng.resultMember.php sysFileDir Variable Remote File
Inclusion
Harris Wap Chat eng.roomDeleteConfirm.php sysFileDir Variable Remote
File Inclusion
Harris Wap Chat eng.saveNewRoom.php sysFileDir Variable Remote File
Inclusion
Harris Wap Chat eng.searchMember.php sysFileDir Variable Remote File
Inclusion
Maian Links admin/inc/footer.php Multiple Variable XSS
PostcardMentor step1.asp cat_fldAuto Variable SQL Injection
InfoBiz Server search_results.php keywords Variable XSS
Cyberfolio portfolio/commentaires/derniers_commentaires.php rep Variable
Remote File Inclusion
CVE-2008-2200
CVE-2008-2176
CVE-2008-2177
CVE-2008-2175
CVE-2008-2179
CVE-2008-2178
CVE-2008-2047
CVE-2008-2187
CVE-2008-2073
CVE-2008-2184
CVE-2008-2074
CVE-2008-2177
CVE-2008-2047
CVE-2008-2048
CVE-2008-2076
CVE-2008-2075
CVE-2008-2215
CVE-2008-2087
CVE-2008-2125
CVE-2008-2127
CVE-2008-2166
CVE-2008-2128
CVE-2008-2094
CVE-2008-2091
CVE-2008-2088
CVE-2008-2084
CVE-2008-2082
CVE-2008-2046
CVE-2008-2067
CVE-2008-2110
CVE-2008-2074
CVE-2008-2074
CVE-2008-2074
CVE-2008-2074
CVE-2008-2074
CVE-2008-2074
CVE-2008-2074
CVE-2008-2074
CVE-2008-2074
CVE-2008-2074
CVE-2008-2213
CVE-2008-2132
CVE-2008-2228
Maian Greetings admin/inc/header.php Multiple Variable XSS
Maian Search search.php keywords Variable SQL Injection
Maian Search admin/inc/header.php Multiple Variable XSS
Project-Based Calendaring System (PBCS) plugins/system-logger/print_
logs.php filename Variable Traversal Local File Access
SazCart layouts/default/header.saz.php _saz[settings][site_dir] Variable
Remote File Inclusion
SazCart default/pages/login.php _saz[settings][site_url] Variable Remote
File Inclusion
Maian Guestbook admin/inc/footer.php Multiple Variable XSS
Maian Recipe admin/inc/header.php Multiple Variable XSS
vShare YouTube Clone group_posts.php tid Variable SQL Injection
Maian Music admin/inc/footer.php msg_script Variable XSS
Maian Uploader admin/index.php keywords Variable XSS
Maian Uploader admin/inc/header.php Multiple Variable XSS
Maian Gallery admin/index.php keywords Variable XSS
fipsCMS modules/print.asp lg Variable SQL Injection
Maian Support admin/inc/footer.php Multiple Variable XSS
Sphider search.php query Variable XSS
Tux CMS tux-login.php returnURL Variable XSS
Maian Support admin/inc/header.php msg_script2 Variable XSS
iziContents modules/poll/poll_summary.php admin_home Variable
Traversal Local File Inclusion
iziContents include/db.php rootdp Variable Traversal Local File Inclusion
PHPMyChat setup.php3 Direct Request Remote Information Disclosure
ChiCoMaS install/ URI lang Variable Remote File Inclusion
ChiCoMaS install/ URI Multiple Variable Traversal Local File Inclusion
Bitrix Site Manager redirect.php goto Variable Arbitrary Site Redirect
DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP
Header SQL Injection
RSA Authentication Agent IISWebAgentIF.dll postdata Variable URLEncoded XSS
RSA Authentication Agent WebID/IISWebAgentIF.dll FTP url Variable
Arbitrary Site Redirect
ezContents showdetails.php contentname Variable SQL Injection
ezContents printer.php article Variable SQL Injection
iGaming CMS poll_vote.php id Variable SQL Injection
Project Alumni info.php id Variable SQL Injection
Power Editor editor.php Multiple Variable Traversal Local File Inclusion
Power Editor editor.php Multiple Variable XSS
Pre Shopping Mall emall/search.php search Variable SQL Injection
ActualAnalyzer view.php language Variable XSS
BIGACE Web CMS function.captcha.php GLOBALS[_BIGACE][DIR][addon]
Variable Remote File Inclusion
Kmita Mail kmitaadmin/kmitam/htmlcode.php file Variable Remote File
Inclusion
YABSoft Mega File Hosting Script members.php fid Variable SQL Injection
BIGACE Web CMS AdoDBConnection.php GLOBALS[_BIGACE][DIR]
[addon] Variable Remote File Inclusion
BIGACE Web CMS plugin.php GLOBALS[_BIGACE][DIR][admin] Variable
Remote File Inclusion
BIGACE Web CMS item_information.php GLOBALS[_BIGACE][DIR][admin]
Variable Remote File Inclusion
BIGACE Web CMS jstree.php GLOBALS[_BIGACE][DIR][admin] Variable
Remote File Inclusion
Admidio get_file.php file Variable Traversal Arbitrary File Download
Advanced Image Hosting (AIH) out.php t Variable SQL Injection
PhotoStore gallery.php gid Variable SQL Injection
PhotoStore about_us.php gid Variable SQL Injection
CVE-2008-2209
CVE-2008-2203
CVE-2008-2204
CVE-2008-2215
CVE-2008-2224
CVE-2008-2224
CVE-2008-2211
CVE-2008-2201
CVE-2008-2223
CVE-2008-2206
CVE-2008-2202
CVE-2008-2202
CVE-2008-2207
CVE-2008-2124
CVE-2008-2210
CVE-2008-2210
CVE-2007-5055
CVE-2007-5055
CVE-2004-2718
CVE-2008-2016
CVE-2008-2017
CVE-2008-2052
CVE-2008-2026
CVE-2008-2027
CVE-2008-2135
CVE-2008-2135
CVE-2008-2130
CVE-2008-2118
CVE-2008-2116
CVE-2008-2115
CVE-2008-2114
CVE-2008-2199
PhotoStore manager/image_details_editor.php id Variable SQL Injection
Cisco Building Broadband Service Manager (BBSM) AccessCodeStart.asp
msg Variable XSS
ZeusCart category_list.php cid Variable SQL Injection
Meto Forum admin/duzenle.asp id Variable SQL Injection
EQdkp eqdkp_data Cookie login.php user_id Variable SQL Injection
Meto Forum admin_oku.asp id Variable SQL Injection
Meto Forum kategori.asp kid Variable SQL Injection
Meto Forum admin_kategori.asp kid Variable SQL Injection
The Real Estate Script dpage.php docID Variable SQL Injection
Automated Link Exchange Portal linking.page.php cat_id Variable SQL
Injection
ZoGo-Shop Plugin for e107 products.php cat Variable SQL Injection
EMO Realty Manager news.php ida Variable SQL Injection
WebGroupCommunicationCenter (WGCC) picturegallery.php bildid Variable
SQL Injection
AJ Auction classifide_ad.php item_id Variable SQL Injection
CaLogic Calendars userreg.php langsel Variable SQL Injection
WebGroupCommunicationCenter (WGCC) filebase.php id Variable SQL
Injection
WebGroupCommunicationCenter (WGCC) schedule.php id Variable SQL
Injection
WebGroupCommunicationCenter (WGCC) profile.php id Variable SQL
Injection
WebGroupCommunicationCenter (WGCC) message.php Multiple Variable
SQL Injection
WebGroupCommunicationCenter (WGCC) profile.php userid Variable XSS
wordTube Plugin for WordPress wordtube-button.php wpPATH Variable
Traversal Local File Inclusion
Fusebox fusebox5.php FUSEBOX_APPLICATION_PATH Variable Remote
File Inclusion
phpVID search_results.php query Variable XSS
Oracle Application Server Portal /dav_portal/portal/ Crafted Encoded
Request Information Disclosure
WordPress wp-includes/vars.php PATH_INFO Access Restriction Bypass
PHP Classifieds Script browse.php fatherID Variable SQL Injection
PHP Classifieds Script search.php fatherID Variable SQL Injection
AJ Article featured_article.php artid Variable SQL Injection
Freelance Auction Script browseproject.php pid Variable SQL Injection
Feedback and Rating Script detail.php listingid Variable SQL Injection
Model Search cat.php cat Variable SQL Injection
Kostenloses Linkmanagementscript template/index.php Multiple Variable
Remote File Inclusion
Kostenloses Linkmanagementscript top_view.php id Variable SQL Injection
Kostenloses Linkmanagementscript view.php id Variable SQL Injection
Rantx Admin.php Crafted logininfo Cookie Authentication Bypass
Pet Grooming Management System useradded.php Arbitrary User Addition
e107 BLOG Engine Plugin comment.php rid Variable SQL Injection
Philboard admin/philboard_admin-forumedit.asp forumid Variable SQL
Injection
68 Classifieds category.php cat Variable SQL Injection
Philboard admin/philboard_admin-forum.asp forumid Variable SQL Injection
Philboard W1L3D4_foruma_yeni_konu_ac.asp forumid Variable SQL
Injection
Philboard W1L3D4_konuoku.asp id Variable SQL Injection
Philboard W1L3D4_konuya_mesaj_yaz.asp Multiple Variable SQL Injection
DotWidget For Articles (dotwidgeta) showcatpicks.php file_path Variable
Remote File Inclusion
CVE-2008-2165
CVE-2008-2448
CVE-2008-2222
CVE-2008-2448
CVE-2008-2448
CVE-2008-2448
CVE-2008-2443
CVE-2008-2263
CVE-2008-2447
CVE-2008-2265
CVE-2008-2446
CVE-2008-2444
CVE-2008-2446
CVE-2008-2446
CVE-2008-2446
CVE-2008-2446
CVE-2008-2445
CVE-2007-2482
CVE-2008-2284
CVE-2008-2335
CVE-2008-2138
CVE-2008-2146
CVE-2008-2453
CVE-2008-2453
CVE-2008-2278
CVE-2008-2277
CVE-2008-2270
CVE-2008-2301
CVE-2008-2301
CVE-2008-2297
CVE-2008-2294
CVE-2008-2334
CVE-2008-2336
CVE-2008-2334
CVE-2008-2334
CVE-2008-2334
CVE-2008-2334
CVE-2006-7052
DotWidget For Articles (dotwidgeta) showarticle.php file_path Variable
Remote File Inclusion
DotWidget For Articles (dotwidgeta) admin/authors.php Multiple Variable
Remote File Inclusion
DotWidget For Articles (dotwidgeta) admin/index.php Multiple Variable
Remote File Inclusion
DotWidget For Articles (dotwidgeta) admin/categories.php Multiple Variable
Remote File Inclusion
DotWidget For Articles (dotwidgeta) admin/editconfig.php Multiple Variable
Remote File Inclusion
DotWidget For Articles (dotwidgeta) admin/articles.php Multiple Variable
Remote File Inclusion
SAXON news.php Direct Request Path Disclosure
bcoos highlight.php file Variable Arbitrary File Access
GNU/Gallery admin.php show Variable Traversal Arbitrary File Access
PicEngine admin/index.php l Variable XSS
CyrixMED index.php msg_erreur Variable XSS
Forum Rank System infusions/rank_system/forum.php settings[locale]
Variable Traversal Local File Inclusion
Forum Rank System infusions/rank_system/profile.php settings[locale]
Variable Traversal Local File Inclusion
C-News install.php etape Variable XSS
Phprojekt CMS cm/graphie.php cm_imgpath Variable Traversal Local File
Inclusion
SAXON admin/edit-item.php Direct Request Path Disclosure
SAXON admin/ Directory Unspecified Scripts Path Disclosure
SAXON rss/ Directory Unspecified Scripts Path Disclosure
Kmita Tellfriend kmitaadmin/kmitat/htmlcode.php file Variable Remote File
Inclusion
ScorpNews example.php site Variable Remote File Inclusion
BlackBook footer.php Multiple Variable XSS
BlackBook header.php Multiple Variable XSS
how2ASP Webboard showQAnswer.asp qNo Variable SQL Injection
TAGWORX.CMS contact.php cid Variable SQL Injection
dotCMS search-results.dot search_query Variable XSS
TAGWORX.CMS news.php nid Variable SQL Injection
Mjguest interface/redirect.htm.php goto Variable Arbitrary Site Redirect
Interact modules/forum/embedforum.php CONFIG[LANGUAGE_CPATH]
Variable Remote File Inclusion
Interact modules/scorm/lib.inc.php CONFIG[BASE_PATH] Variable Remote
File Inclusion
PHP JackKnife (PHPJK) G_Display.php Multiple Variable Path Disclosure
PHP-Jokesite jokes_category.php cat_id Variable SQL Injection
Maian Cart admin/inc/header.php Multiple Variable XSS
Maian Cart admin/inc/footer.php Multiple Variable XSS
Maian Cart index.php keywords Variable XSS
AlkalinePHP thread.php id Variable SQL Injection
EntertainmentScript play.php id Variable SQL Injection
News Manager attachments.php id Variable Traversal Arbitrary File Access
News Manager ch_readalso.php read_xml_include Variable Remote File
Inclusion
Rgboard rg_search.php s_text Variable XSS
Rgboard include/bbs.lib.inc.php site_path Variable Remote File Inclusion
IMGallery galeria.php kategoria Variable SQL Injection
IMGallery popup/koment.php id_phot Variable SQL Injection
IMGallery popup/opis.php id_phot Variable SQL Injection
News Manager advsearch.php lang Variable SQL Injection
News Manager archive.php lang Variable SQL Injection
News Manager list_tagitems.php pid Variable SQL Injection
CVE-2006-7052
CVE-2006-7052
CVE-2006-7052
CVE-2006-7052
CVE-2006-7052
CVE-2006-7052
CVE-2007-4861
CVE-2008-2350
CVE-2008-2353
CVE-2008-2280
CVE-2008-2264
CVE-2008-2227
CVE-2008-2227
CVE-2008-2219
CVE-2008-2217
CVE-2007-4861
CVE-2007-4861
CVE-2007-4861
CVE-2008-2198
CVE-2008-2193
CVE-2008-2188
CVE-2008-2188
CVE-2008-2417
CVE-2008-2394
CVE-2008-2397
CVE-2008-2394
CVE-2008-2268
CVE-2008-2220
CVE-2008-2220
CVE-2007-3002
CVE-2008-2457
CVE-2008-2212
CVE-2008-2212
CVE-2008-2212
CVE-2008-2395
CVE-2008-2393
CVE-2008-2342
CVE-2008-2341
CVE-2008-2295
CVE-2008-2296
CVE-2008-2337
CVE-2008-2337
CVE-2008-2337
CVE-2008-2340
CVE-2008-2340
CVE-2008-2340
PeopleAggregator AudiosMediaGalleryModule/
AudiosMediaGalleryModule.php current_blockmodule_path Variable
CVE-2007-5631
Remote File Inclusion
News Manager db/connect_str.php Direct Request Remote Information
CVE-2008-2343
Disclosure
News Manager login/info.php Direct Request Remote Information
CVE-2008-2343
Disclosure
Interspire ActiveKB admin/index.php questId Variable SQL Injection
CVE-2007-5425
PeopleAggregator ImagesMediaGalleryModule/
ImagesMediaGalleryModule.php current_blockmodule_path Variable
CVE-2007-5631
Remote File Inclusion
PeopleAggregator MembersFacewallModule/MembersFacewallModule.php
CVE-2007-5631
current_blockmodule_path Variable Remote File Inclusion
PeopleAggregator NewestGroupsModule/NewestGroupsModule.php
CVE-2007-5631
current_blockmodule_path Variable Remote File Inclusion
PeopleAggregator UploadMediaModule/UploadMediaModule.php current_
CVE-2007-5631
blockmodule_path Variable Remote File Inclusion
PeopleAggregator VideosMediaGalleryModule/
VideosMediaGalleryModule.php current_blockmodule_path Variable
CVE-2007-5631
Remote File Inclusion
Internet Photoshow admin.php login_admin Cookie Authentication Bypass CVE-2008-2282
Web Slider Admin.php admin Cookie Modification Authentication Bypass
CVE-2008-2298
AlkalinePHP adduser.php Direct Request Authentication Bypass
CVE-2008-2346
MyPicGallery admin/addUser.php userID Variable Direct Request
CVE-2008-2347
Authentication Bypass
MeltingIce File System admin/adduser.php Direct Request Authentication
CVE-2008-2348
Bypass
Zomplog install/newuser.php admin Variable Direct Request Authentication
CVE-2008-2349
Bypass
Der Dirigent backend/inc/inc.generate_code.php dedi_path Variable Remote
CVE-2007-5146
File Inclusion
awrate 404.php toroot Variable Remote File Inclusion
CVE-2007-5599
awrate topbar.php toroot Variable Remote File Inclusion
CVE-2007-5599
Der Dirigent backend/inc/fnc.type_forms.php dedi_path Variable Remote
CVE-2007-5146
File Inclusion
Der Dirigent backend/inc/fnc.type.php dedi_path Variable Remote File
CVE-2007-5146
Inclusion
Der Dirigent projekt01/cms/inc/frontend.php dedi_path Variable Remote File
CVE-2007-5146
Inclusion
Der Dirigent projekt01/cms/inc/backend.php dedi_path Variable Remote File
CVE-2007-5146
Inclusion
Der Dirigent backend/inc/class.filemanager.php this_dir Variable Remote
CVE-2007-5146
File Inclusion
PHPMyphorum mep/frame.php chem Variable Remote File Inclusion
CVE-2007-0361
INDEXU upgrade.php gateway Variable Traversal Local File Inclusion
CVE-2007-0349
PunBB userlist.php Unspecified Character Filtering Weakness
PunBB login.php Unspecified Character Filtering Weakness
MyBestBB misc.php redirect_url Variable XSS
MyBestBB login.php Unspecified Character Filtering Weakness
PunBB admin_options.php Avatar Directory Cleaning Unspecified
Weakness
MyBestBB admin_options.php Avatar Directory Cleaning Unspecified
Weakness
PunBB /include/functions.php Unspecified Issue
MyBestBB /include/functions.php Unspecified Issue
MyBestBB search.php result_list array Parameter SQL Injection
MyBestBB include/common.php Local File Inclusion
MyBestBB include/common.php Global Parameter Registration Security
Bypass
MyBestBB admin_categories.php Category Name XSS
MyBestBB footer.php include/user/ Local File Inclusion
MyBestBB misc.php Referer HTTP Header XSS
MyBestBB moderate.php get_host Variable XSS
WordPress wp-pass.php Arbitrary Site Redirect CSRF
WordPress wp-login.php Multiple Action CSRF
phpRaider authentication/phpbb3/phpbb3.functions.php pConfig_auth
[phpbb_path] Variable Remote File Inclusion
plusPHP Short URL Multi-User Script plus.php _pages_dir Variable Remote
File Inclusion
Xomol CMS index.php op Variable Traversal Local File Inclusion
RoomPHPlanning resaopen.php idresa Variable SQL Injection
AbleDating search_results.php keyword Variable SQL Injection
EntertainmentScript play.php id Variable SQL Injection
phpFreeForum error.php message Variable XSS
OneCMS install_mod.php load Variable Traversal Local File Inclusion
Barracuda Spam Firewall cgi-bin/ldap_test.cgi email Variable XSS
phpFreeForum part/menu.php Multiple Variable XSS
BMForum newtem/footer/bsd01footer.php Multiple Variable XSS
BMForum newtem/header/bsd01header.php Multiple Variable XSS
Sava CMS index.cfm keywords Variable XSS
EntertainmentScript page.php page Variable Traversal Local File Inclusion
Quate CMS admin/includes/footer.php Multiple Variable Traversal Arbitrary
File Access
ClassSystem HomepageTop.php teacher_id Variable SQL Injection
ClassSystem HomepageMain.php teacher_id Variable SQL Injection
ClassSystem MessageReply.php teacher_id Variable SQL Injection
phpFix fix/browse.php kind Variable SQL Injection
Safari Montage forgotPW.php Multiple Variable XSS
Mini CWB connector.php Multiple Variable XSS
phpFix auth/00_pass.php account Variable SQL Injection
SAP Web Application Server sap/bc/gui/sap/its/webgui/ URL XSS
PCPIN Chat inc/url_redirection.inc.php Unspecified Variable XSS
DT Centrepiece search.asp searchFor Variable XSS
DT Centrepiece search.asp searchFor Variable SQL Injection
CKGold item.php category_id Variable SQL Injection
AjaXplorer User Password Modification CSRF
Quate CMS admin/includes/header.php Multiple Variable Remote File
Inclusion
Quate CMS admin/filemanager.php dir Variable Traversal Arbitrary File
Access
Quate CMS admin/index.php URI XSS
Quate CMS admin/login.php URI XSS
Quate CMS admin/credits.php URI XSS
Quate CMS upgrade/index.php URI XSS
Calcium Calcium40.pl CalendarName Variable XSS
PHPhotoalbum thumbnails.php album Variable SQL Injection
PHPhotoalbum displayimage.php pid Variable SQL Injection
Campus Bulletin Board post3/Book.asp review Variable XSS
Campus Bulletin Board post3/view.asp id Variable SQL Injection
Campus Bulletin Board post3/book.asp review Variable SQL Injection
CMS from Scratch cms/images.php dir Variable Arbitrary Directory Listing
DVBBS login.asp username Variable SQL Injection
AbleSpace adv_cat.php cat_id Variable SQL Injection
Xerox DocuShare dsdn/dsweb/SearchResults XSS
Netious CMS index.php pageid Variable SQL Injection
vBulletin faq.php q Variable SQL Injection
Xerox DocuShare dsdn/dsweb/Services/User XSS
Xerox DocuShare docushare/dsweb/ServicesLib/Group XSS
CVE-2008-2481
CVE-2008-2480
CVE-2008-2483
CVE-2008-2482
CVE-2008-2333
CVE-2008-2459
CVE-2008-2479
CVE-2008-2479
CVE-2008-2421
CVE-2008-2485
CVE-2008-2496
CVE-2008-2496
CVE-2008-2496
CVE-2008-2496
CVE-2008-2493
CVE-2008-2492
CVE-2008-2492
CVE-2008-2491
CVE-2008-2461
CVE-2008-2460
CMS from Scratch cms/files.php dir Variable Arbitrary Directory Listing
CMS from Scratch cms/images.php Unrestricted File Upload Arbitrary PHP
Code Execution
CMS from Scratch cms/files.php Unrestricted File Upload Arbitrary PHP
Code Execution
ACGV News glossaire.php id Variable SQL Injection
DigitalHive template/purpletech/base_include.php page Variable Traversal
Arbitrary File Access
MacGuru BLOG Engine Plugin for e107 comment.php rid Variable SQL
Injection
phpInstantGallery image.php Multiple Variable XSS
PNphpBB2 viewforum.php order Variable SQL Injection
MyCMS games.php Multiple File Processing Static Code Injection
vtiger CRM include/utils/SearchUtils.php Potentials ListView Action
assigned_user_id Variable SQL Injection
LimeSurvey File.php homedir Variable Remote File Inclusion
LimeSurvey Root.php homedir Variable Remote File Inclusion
LimeSurvey Writer.php homedir Variable Remote File Inclusion
LimeSurvey PPS.php homedir Variable Remote File Inclusion
LimeSurvey Worksheet.php homedir Variable Remote File Inclusion
LimeSurvey Parser.php homedir Variable Remote File Inclusion
LimeSurvey Workbook.php homedir Variable Remote File Inclusion
LimeSurvey Format.php homedir Variable Remote File Inclusion
LimeSurvey BIFFwriter.php homedir Variable Remote File Inclusion
ScozBook scozbook/add.php Multiple Variable XSS
Scozbook view.php PG Variable Error Message Path Disclosure
WP-Download Plugin for WordPress wp-download.php dl_id Variable SQL
Injection
TopperMod mod.php to Variable Traversal Local File Inclusion
Sava's Link Manager viewlinks.php category Variable SQL Injection
PJIRC Module for phpBB forum/irc/irc.php phpEx Variable Traversal Local
File Inclusion
TopperMod account/index.php localita Variable SQL Injection
Forums Module for PHP-Nuke modules.php p Variable SQL Injection
Gallarific Free Edition gadmin/photos.php Direct Request Authentication
Bypass
Gallarific Free Edition gadmin/comments.php Direct Request Authentication
Bypass
Gallarific Free Edition gadmin/gallery.php Direct Request Authentication
Bypass
Sections Module for RunCMS index.php artid Variable SQL Injection
EasyNews admin/login.php lang Variable Traversal Local File Inclusion
DotClear ecrire/tools.php Blogroll Page XSS
AuraCMS content/user.php country Variable SQL Injection
MyCMS games.php id Variable Remote File Inclusion
FaPhoto show.php id Variable SQL Injection
EasyNews dynamicpages/index.php read Variable SQL Injection
EasyNews staticpages/easypublish/index.php read Variable XSS
dBlog CMS dblog.mdb Direct Request Password Hash Disclosure
Blackboard Academic Suite webapps/blackboard/execute/viewCatalog
searchText Variable XSS
Writer's Block CMS permalink.php PostID Variable SQL Injection
DaZPHPNews makepost.php prefixdir Variable Traversal Local File
Inclusion
Smart Classified ADS view.cgi Multiple Variable XSS
Smart Photo ADS view.cgi Multiple Variable XSS
e-Classifieds hsx/classifieds.hsx db Variable XSS
Simple HTTPD (shttpd) URI Traversal Arbitrary File Access
ManageEngine Firewall Analyzer mindex.do displayName Variable XSS
CVE-2008-2412
CVE-2008-2415
CVE-2008-2455
CVE-2008-2449
CVE-2007-3584
CVE-2007-3586
CVE-2007-3603
CVE-2007-3632
CVE-2007-3632
CVE-2007-3632
CVE-2007-3632
CVE-2007-3632
CVE-2007-3632
CVE-2007-3632
CVE-2007-3632
CVE-2007-3632
CVE-2003-1554
CVE-2003-1555
CVE-2008-1646
CVE-2008-1553
CVE-2008-1644
CVE-2008-1565
CVE-2008-1554
CVE-2008-1539
CVE-2008-1469
CVE-2008-1469
CVE-2008-1469
CVE-2008-1462
CVE-2008-1651
CVE-2007-3672
CVE-2008-1715
CVE-2007-3585
CVE-2008-1714
CVE-2008-1650
CVE-2008-1649
CVE-2007-5026
CVE-2008-1795
CVE-2008-1699
CVE-2008-1696
CVE-2008-1793
CVE-2008-1793
CVE-2007-6404
CVE-2008-1775
Simple Internet Publishing System (SIPS) Configuration Directory Direct
Request Information Disclosure
Mitsubishi Electric GB-50 / GB-50A Web Controller servlet/
MIMEReceiveServlet setRequest Command Remote DoS
Phorum common.php Unspecified Issue
Phorum /include/db/mysql.php Unspecified Search SQL Injection
Phorum list.php Last Post Author Name XSS
Phorum /include/format_functions.php Linked Author XSS
Phorum /include/admin/badwords.php Censor List Bad Words XSS
Phorum /include/admin/users.php Userlist E-mail Address Field XSS
Phorum /include/admin/groups.php Group Admin Groups Field XSS
Phorum read.php Unspecified XSS
Phorum list.php Unspecified XSS
Phorum common.php Welcome In Header XSS
Phorum list.php linked_author XSS
Phorum /include/controlcenter/messages.php Center Message Moderation
Author Name XSS
Phorum /include/admin/login.php target-uri Variable XSS
Phorum changes.php New Diff Tracking Page XSS
Gekko /temp Directory Remote File Access Information Disclosure
Links Directory links.php cat_id Variable SQL Injection
Blogator-script struct_admin.php incl_page Variable Remote File Inclusion
Blogator-script struct_admin_blog.php incl_page Variable Remote File
Inclusion
Blogator-script struct_main.php incl_page Variable Remote File Inclusion
Software Index Script showcategory.php cid Variable SQL Injection
PIGMy-SQL getdata.php id Variable SQL Injection
Xpoze account/user/mail.html reed Variable SQL Injection
CC GuestBook cc_guestbook.pl Multiple Variable XSS
Bomba Haber haberoku.php haber Variable SQL Injection
Clever Copy postview.php ID Variable SQL Injection
GeeCarts show.php id Variable XSS
GeeCarts search.php id Variable XSS
GeeCarts view.php id Variable XSS
GeeCarts show.php id Variable Remote File Inclusion
GeeCarts search.php id Variable Remote File Inclusion
GeeCarts view.php id Variable Remote File Inclusion
Jshop Server v2demo/page.php xPage Variable Traversal Local File
Inclusion
Aztech ADSL2/2+ /cgi-bin/script system Variable Arbitrary Command
Execution
phpSpamManager body.php filename Variable Traversal Local File
Inclusion
LinPHA plugins/maps/map.main.class.php maps_type Variable Traversal
Local File Inclusion
Prozilla Reviews siteadmin/DeleteUser.php Direct Request Arbitrary User
Deletion
JAF CMS forum/headlines.php Multiple Variable Remote File Inclusion
Prozilla Entertainers directory.php cat Variable SQL Injection
Prozilla Cheats view_reviews.php id Variable SQL Injection
Prozilla Freelancers project.php project Variable SQL Injection
LokiCMS admin.php default Variable Arbitrary PHP Code Execution
KISGB view_private.php tmp_theme Variable Traversal Local File Inclusion
JGS-Treffen Addon for Woltlab Burning Board jgs_treffen.php view_id
Variable SQL Injection
PHP-Nuke Platinum maintenance/index.php Direct Request Remote
Information Disclosure
ExBB Italia modules/threadstop/threadstop.php Multiple Variable Remote
File Inclusion
CVE-2003-1553
CVE-2008-1546
CVE-2007-6361
CVE-2008-1871
CVE-2008-1760
CVE-2008-1760
CVE-2008-1760
CVE-2008-1870
CVE-2008-1874
CVE-2003-1556
CVE-2008-1607
CVE-2008-1608
CVE-2008-1621
CVE-2008-1621
CVE-2008-1621
CVE-2008-1622
CVE-2008-1622
CVE-2008-1622
CVE-2008-1624
CVE-2008-1645
CVE-2008-1856
CVE-2008-1783
CVE-2008-1609,2006-7127
CVE-2008-1788
CVE-2008-1863
CVE-2008-1864
CVE-2008-1860
CVE-2008-1635
CVE-2008-1640
CVE-2008-1680
CVE-2008-1862
ExBB Italia modules/threadstop/threadstop.php exbb[default_lang] Variable
Local File Inclusion
Online FlashQuiz Component for Joomla! quiz/common/db_config.inc.php
base_dir Variable Remote File Inclusion
iScripts SocialWare events.php id Variable SQL Injection
KnowledgeQuest articletext.php kqid Variable SQL Injection
Gallery Script Lite download.html path Variable Traversal Arbitrary File
Download
KnowledgeQuest articletextonly.php kqid Variable SQL Injection
KnowledgeQuest logincheck.php username Variable SQL Injection
KnowledgeQuest admincheck.php Admin Account Creation
bcoos modules/adresses/ratefile.php lid Variable SQL Injection
Gelato CMS comments.php XSS
Ossigeno CMS upload/xax/admin/modules/install_module.php level
Variable Remote File Inclusion
Ossigeno CMS upload/xax/admin/modules/uninstall_module.php level
Variable Remote File Inclusion
Ossigeno CMS upload/xax/admin/patch/index.php level Variable Remote
File Inclusion
Ossigeno CMS upload/xax/ossigeno/admin/install_module.php level
Variable Remote File Inclusion
Ossigeno CMS upload/xax/ossigeno/admin/uninstall_module.php level
Variable Remote File Inclusion
Ossigeno CMS ossigeno_modules/ossigeno-catalogo/xax/ossigeno/
catalogo/common.php ossigeno Variable Remote File Inclusion
cpCommerce calendar.php year Variable XSS
Coppermine Photo Gallery bridge/coppermine.inc.php Unspecified Cookie
SQL Injection
cpCommerce functions/display_page.func.php Multiple Variable SQL
Injection
cpCommerce index.php language Variable Traversal Local File Inclusion
cpCommerce category.php action Variable Traversal Local File Inclusion
1024 CMS includes/system.php cookpass Cookie Variable SQL Injection
PHP Knowledge Base (PHPKB) comment.php ID Variable SQL Injection
NewsOffice news_show.php newsoffice_directory Variable Remote File
Inclusion
1024 CMS pages/print/default/ops/news.php lang Variable Traversal Local
File Inclusion
Coppermine Photo Gallery upload.php Content-Type HTTP Header SQL
Injection
CcMail admin.php this_cookie Crafted Cookie Authentication Bypass
LiveCart /category URL id Variable SQL Injection
Ksemail index.php Multiple Variable Traversal Local File Inclusion
Dating Club browse.php age_to Variable SQL Injection
BosClassifieds Classified Ads System index.php cat Variable SQL Injection
WORK system e-commerce module/main.php Multiple Variable XSS
OSI Affiliate login.php Multiple Variable XSS
phpHotResources cat.php kind Variable SQL Injection
PhpBlock modules/basicfog/basicfogfactory.class.php PATH_TO_CODE
Variable Remote File Inclusion
Pligg editlink.php id Variable SQL Injection
Dragoon includes/header.inc.php root Variable Remote File Inclusion
Blogator-script _blogadata/include/sond_result.php id_art Variable SQL
Injection
World of Phaos showSource.php showSource function file Variable
Traversal Arbitrary File Access
Alkacon OpenCMS system/workplace/admin/workplace/sessions.jsp
searchfilter Variable XSS
Prediction Football showpredictionsformatch.php matchid Variable SQL
Injection
CVE-2008-1861
CVE-2008-1682
CVE-2008-1859
CVE-2008-1726
CVE-2008-1730
CVE-2008-1726
CVE-2008-1726
CVE-2008-1727
CVE-2007-6218
CVE-2007-6218
CVE-2007-6218
CVE-2007-6218
CVE-2007-6218
CVE-2007-6218
CVE-2008-1906
CVE-2008-1841
CVE-2008-1907
CVE-2008-1908
CVE-2008-1908
CVE-2008-1911
CVE-2008-1909
CVE-2008-1903
CVE-2008-1840
CVE-2008-1904
CVE-2008-1750
CVE-2008-1751
CVE-2008-1843
CVE-2008-1838
CVE-2008-1839
CVE-2008-1850
CVE-2008-1844
CVE-2008-1776
CVE-2008-1774
CVE-2008-1773
CVE-2008-1763
CVE-2008-1755
CVE-2008-1753
CVE-2008-1732
mxbBB mx_blogs includes/functions_weblog.php mx_root_path Variable
Remote File Inclusion
Carbon Communities login.asp Redirect Variable XSS
Poplar Gedcom Viewer index.php Multiple Variable XSS
Carbon Communities member_send.asp OrderBy Variable XSS
Carbon Communities events.asp ID Variable SQL Injection
Carbon Communities getpassword.asp UserName Variable SQL Injection
BusinessObjects XI Login URL cms Variable XSS
Prozilla Forum forum.php forum Variable SQL Injection
AutoTutorials viewcat.php id Variable SQL Injection
My Gaming Ladder ladder.php ladderid Variable SQL Injection
Blackboard Academic Suite bin/common/announcement.pl data__
announcements___pk1_pk2__subject Variable XSS
Dragoon forum/kietu/libs/calendrier.php cal[lng] Traversal Local File
Inclusion
sabros.us thumbnails.php img Variable Traversal Arbitrary File Access
phpAddressBook view.php id Variable SQL Injection
joomlaXplorer Component for Mambo / Joomla! index.php dir Variable
Traversal Arbitrary Directory Listing
Blog Pixel Motion index.php categorie Variable SQL Injection
Blog Pixel Motion admin/sauvBase.php Database Backup Remote
Information Disclosure
ChartDirector phpdemo/viewsource.php file Variable Remote File Access
RedDot CMS ioRD.asp LngId Variable SQL Injection
Blogator-script bs_auth.php msg Variable XSS
ContRay cgi-bin/contray/search.cgi search Variable XSS
Wikepage Opus index.php wiki Variable XSS
BlogWorx view.asp id Variable SQL Injection
PHP-Fusion submit.php submit_info[] Variable SQL Injection
Apartment Search Script listtest.php r Variable SQL Injection
5th Avenue Shopping Cart store_pages/category_list.php category_ID
Variable SQL Injection
Crazy Goomba commentaires.php id Variable SQL Injection
Web Calendar Pro one_day.php user_id Variable SQL Injection
MyBoard rep.php id Variable XSS
Philboard philboard_reply.asp Multiple Variable SQL Injection
Philboard philboard_newtopic.asp forumid Variable SQL Injection
AMFPHP browser/methodTable.php class Variable XSS
AMFPHP browser/code.php Multiple Variable XSS
AMFPHP browser/details class Variable XSS
xeCMS view.php list Variable Traversal Arbitrary File Access
Kronolith addevent.php url Variable XSS
TR News news.php nb Variable SQL Injection
phShoutBox admin.php Crafted phadmin Cookie Authentication Bypass
Chat Module for e107 123flashchat.php e107path Variable Remote File
Inclusion
EsContacts add_groupe.php msg Variable XSS
SunShop Shopping Cart admin/adminindex.php Multiple Variable SQL
Injection
WordPress Spreadsheet Plugin (wpSS) wpSS/ss_load.php ss_id Variable
SQL Injection
EsContacts contacts.php msg Variable XSS
EsContacts groupes.php msg Variable XSS
EsContacts importer.php msg Variable XSS
EsContacts login.php msg Variable XSS
EsContacts search.php msg Variable XSS
TR News admin/main.php File Upload Arbitrary PHP Code Execution
Acidcat CMS main_login2.asp username Variable SQL Injection
CVE-2008-1712
CVE-2008-1896
CVE-2008-1787
CVE-2008-1896
CVE-2008-1895
CVE-2008-1895
CVE-2008-1894
CVE-2008-1789
CVE-2008-1889
CVE-2008-1791
CVE-2008-1795
CVE-2008-1798
CVE-2008-1799
CVE-2008-1847
CVE-2008-1849
CVE-2008-1867
CVE-2008-1868
CVE-2008-1782
CVE-2008-1613
CVE-2008-1892
CVE-1960
CVE-2008-1956
CVE-2008-1915
CVE-2008-1918
CVE-2008-1919
CVE-2008-1921
CVE-2008-1934
CVE-2008-1954
CVE-2008-1955
CVE-2008-1939
CVE-2008-1939
CVE-2008-1917
CVE-2008-1917
CVE-2008-1917
CVE-2007-6508
Acidcat CMS default_mail_aspemail.asp Security Bypass
Acidcat CMS admin/admin_colors_swatch.asp field Variable XSS
EncapsGallery core/misc.class.php file_upload Function File Upload
Arbitrary PHP Code Execution
F5 FirePass 4100 SSL VPN installControl.php3 XSS
MegaBBS send-private-message.asp toid Variable XSS
MegaBBS profile/controlpanel.asp Multiple Variable SQL Injection
Download Monitor Plugin for WordPress wp-download_monitor/
download.php id Variable SQL Injection
Prozilla Hosting Index directory.php cat_id Variable SQL Injection
miniBB bb_admin.php whatus Variable XSS
Sugar Community Edition RSS Module cache/feeds Directory Remote
Information Disclosure
Joovili browse.videos.php category Variable SQL Injection
Jokes Site Script jokes.php catagorie Variable SQL Injection
AV Arcade admin/index.php ava_userid Cookie Privilege Escalation
Minb Is Not a Blog (minb) db/users.db Direct Request User Database
Disclosure
phpMyConferences PageTraiteDownload.php dir Variable Traversal
Arbitrary File Access
phpCoupon user.php Crafted URL Account Status Upgrade
Commute small_head.php retun Variable XSS
vBulletin Multiple Script Remote File Inclusion
Phorm fileupload.php Arbitrary PHP File Upload
RGameScript Pro page.php id Variable Remote File Inclusion
Joomla! CMS com_search Component default_results.php searchword
Variable Remote Command Execution
Falcon Series One CMS sitemap.xml.php dir[classes] Variable Remote File
Inclusion
ViArt Multiple Products block_site_map.php root_folder_path Variable
Remote File Inclusion
FCKeditor connector.php Trailing Period Arbitrary File Manipulation
MMS Gallery PHP get_image.php id Variable Traversal Local File Inclusion
MMS Gallery PHP get_file.php id Variable Traversal Local File Inclusion
AdultScript admin/administrator.php Direct Request Remote Security
Bypass
Pluck data/inc/theme.php file Variable Traversal Local File Inclusion
Pluck data/inc/theme.php dir Variable Remote File Inclusion
GF-3XPLORER index_3x.php newdir Variable XSS
phpSCMS includes/functions.php dir Variable Remote File Inclusion
Nexty includes/functions/layout.php rel Variable Remote File Inclusion
UniversiBO topic_review.php phpbb_root_path Variable Remote File
Inclusion
xml2owl filedownload.php file Variable Traversal Arbitrary File Access
MySpace Content Zone uploadgames.php Unrestricted Remote File Upload
Absolute News Manager .NET pages/default.aspx template Variable
Remote File Access
Absolute News Manager .NET xlaabsolutenm.aspx Multiple Variable SQL
Injection
Absolute News Manager .NET xlaabsolutenm.aspx rmore Variable XSS
Absolute News Manager .NET pages/default.aspx template Variable XSS
Absolute News Manager .NET getpath.aspx Direct Request Error Message
Information Disclosure
Falcon Series One CMS errors.php error Variable Remote File Inclusion
TikiWiki tiki-edit_css.php Unspecified Issue
TikiWiki tiki-list_games.php Unspecified Issue
TikiWiki tiki-g-admin_shared_source.php Unspecified Issue
RunCMS modules/system/admin.php Multiple Variable Arbitrary PHP Code
Execution
CVE-2007-3643
CVE-2007-4093
CVE-2007-5811
CVE-2007-4143
CVE-2007-3980
CVE-2007-4187
CVE-2007-6488
CVE-2007-6347
CVE-2007-6323
CVE-2007-6323
CVE-2007-6414
CVE-2007-4180
CVE-2007-4181
CVE-2007-6474
CVE-2007-5565
CVE-2007-5163
CVE-2007-5164
CVE-2007-6322
CVE-2007-6668
CVE-2007-6268
CVE-2007-6269
CVE-2007-6270
CVE-2007-6270
CVE-2007-6271
CVE-2007-6488
CVE-2007-6529
CVE-2007-6529
CVE-2007-6529
CVE-2007-6548
RunCMS modules/news/submit.php subject Variable XSS
CVE-2007-6545
RunCMS modules/mydownloads/brokenfile.php lid Variable SQL Injection CVE-2007-6544
RunCMS modules/mydownloads/visit.php lid Variable SQL Injection
CVE-2007-6544
RunCMS modules/mydownloads/ratefile.php lid Variable SQL Injection
CVE-2007-6544
RunCMS modules/mylinks/ratelink.php lid Variable SQL Injection
CVE-2007-6544
RunCMS modules/mylinks/modlink.php lid Variable SQL Injection
CVE-2007-6544
RunCMS modules/mylinks/brokenlink.php lid Variable SQL Injection
CVE-2007-6544
RunCMS modules/news/index.php PATH_INFO Variable XSS
CVE-2007-6545
RunCMS edituser.php Avatar Image XSS
CVE-2007-6545
RunCMS modules/mydownloads/admin/index.php disclaimer Variable
CVE-2007-6548
mydownloadsConfigAdmin Action Arbitrary PHP Code Execution
RunCMS modules/newbb_plus/admin/forum_config.php disclaimer Variable
CVE-2007-6548
Arbitrary PHP Code Execution
RunCMS modules/mylinks/admin/index.php disclaimer Variable
CVE-2007-6548
myLinksConfigAdmin Action Arbitrary PHP Code Execution
RunCMS modules/sections/admin/index.php intro Variable secconfig Action
CVE-2007-6548
Arbitrary PHP Code Execution
GF-3XPLORER explorer/phpinfo.php phpinfo Function Direct Request
CVE-2007-6476
Information Disclosure
phpProfiles include/body_comm.inc.php content Variable Remote File
CVE-2008-1051
Inclusion
Quinsonnas Mail Checker footer.php op[footer_body] Variable Remote File
CVE-2008-1046
Inclusion
LWS php User Base templates/default/header.inc.php menu Variable
CVE-2008-1043
Remote File Inclusion
Books Module for PHP-Nuke modules.php cid Variable SQL Injection
CVE-2008-0827
Docum Module for PHP-Nuke modules.php artid Variable SQL Injection
CVE-2008-0906
Inhalt module for PHP-Nuke modules.php cid Variable SQL Injection
CVE-2008-0907
Kose_Yazilari Module for PHP-Nuke modules.php artid Variable SQL
CVE-2008-1053
Injection
Music Module for phpBasic URI view Action id Variable SQL Injection
CVE-2007-5678
PHP-Nuke modules/Forums/favorites.php nuke_bb_root_path Variable
CVE-2007-5676
Remote File Inclusion
Site-Up index.cgi Multiple Field XSS
CVE-2007-5433
netOffice Dwins projects_site/uploadfile.php demoSession Variable Remote
Code Execution
Dynamic Photo Gallery album.php albumID Variable SQL Injection
CVE-2008-1162
Beehive Forum post.php t_dedupe Variable SQL Injection
CVE-2007-6014
Juniper Networks Secure Access 2000 dana-na/auth/rdremediate.cgi
CVE-2008-1180
delivery_mode Variable XSS
YaPiG sample.php YAPIG_PATH Variable Remote File Inclusion
CVE-2007-4951
PHPortal form/db_form/employee.php DOCUMENT_ROOT Variable
CVE-2007-4950
Remote File Inclusion
PHP-Nuke admin.php AddAuthor Action Multiple Variable CSRF
CVE-2007-5032
TorrentTrader Classic account-inbox.php msg Variable XSS
CVE-2008-1173
KCWiki minimal/wiki.php page Variable Remote File Inclusion
CVE-2008-1170
Ripe Website Manager pages/delete_page.php id Variable SQL Injection
CVE-2007-4522
Ripe Website Manager navigation/delete_menu.php id Variable SQL
CVE-2007-4522
Injection
Ripe Website Manager navigation/delete_item.php id Variable SQL Injection CVE-2007-4522
Ripe Website Manager admin/navigation/do_new_item.php Multiple
CVE-2007-4522
Variable SQL Injection
Ripe Website Manager admin/navigation/do_new_nav.php new_menuname
CVE-2007-4522
Variable SQL Injection
Ripe Website Manager admin/pages/do_new_page.php Multiple Variable
CVE-2007-4522
SQL Injection
GROUP-E head_auth.php CFG[PREPEND_FILE] Variable Remote File
CVE-2008-1074
Inclusion
Juniper Networks Secure Access 2000 remediate.cgi Direct Request Error
CVE-2008-1181
Message Path Disclosure
XM-Memberstats module for XOOPS index.php sortby Variable XSS
Portail Web Php template/Vert/index.php site_path Variable Remote File
Inclusion
Portail Web Php template/Noir/index.php site_path Variable Remote File
Inclusion
Portail Web Php template/Bleu/index.php site_path Variable Remote File
Inclusion
Centreon include/doc/get_image.php img Variable Traversal Arbitrary File
Access
phpMyTourney tourney/index.php page Variable Remote File Inclusion
SiteBuilder Elite files/carprss.php CarpPath Variable Remote File Inclusion
SiteBuilder Elite files/amazon-bestsellers.php CarpPath Variable Remote
File Inclusion
Podcast Generator core/themes.php theme_path Variable Traversal
Arbitrary File Access
Podcast Generator download.php filename Variable Traversal Arbitrary File
Access
Podcast Generator loadparser.php absoluteurl Variable Remote File
Inclusion
Podcast Generator admin.php absoluteurl Variable Remote File Inclusion
Podcast Generator categories.php absoluteurl Variable Remote File
Inclusion
Podcast Generator categories_add.php absoluteurl Variable Remote File
Inclusion
Podcast Generator categories_remove.php absoluteurl Variable Remote
File Inclusion
Podcast Generator edit.php absoluteurl Variable Remote File Inclusion
Podcast Generator editdel.php absoluteurl Variable Remote File Inclusion
Podcast Generator ftpfeature.php absoluteurl Variable Remote File
Inclusion
Podcast Generator login.php absoluteurl Variable Remote File Inclusion
Podcast Generator pgRSSnews.php absoluteurl Variable Remote File
Inclusion
Podcast Generator showcat.php absoluteurl Variable Remote File Inclusion
Podcast Generator upload.php absoluteurl Variable Remote File Inclusion
Podcast Generator archive_cat.php absoluteurl Variable Remote File
Inclusion
Podcast Generator archive_nocat.php absoluteurl Variable Remote File
Inclusion
Podcast Generator recent_list.php absoluteurl Variable Remote File
Inclusion
Barryvan Compo Manager main.php pageURL Variable Remote File
Inclusion
RMSOFT Gallery System Module for XOOPS images.php q Variable XSS
BosDates calendar.php type Variable XSS
WebContent M1 redirect.do sid Variable XSS
BosDates calendar_search.php category Variable XSS
UploadImage admin.php pass Variable Remote Privilege Escalation
Math Comment Spam Protection Plugin for Wordpress wp-admin/optionsgeneral.php Multiple Variable CSRF
mcRefer install.php bgcolor Variable Arbitrary PHP Code Execution
Kutub-i Sitte Module for PHP-Nuke modules.php kid Variable SQL Injection
BosClassifieds Classified Ads System account.php returnTo Variable XSS
PHP Webquest admin/backup_phpwebquest.php Direct Request Database
Credentials Disclosure
Moodle install.php dbname Variable XSS
Math Comment Spam Protection Plugin for Wordpress wp-admin/optionsgeneral.php Multiple Variable XSS
Falcon Web Server URI Multiple Error Message XSS
MySimpleNews vider.php3 Direct Request Arbitrary Message Deletion
CVE-2008-1063
CVE-2008-1068
CVE-2008-1068
CVE-2008-1068
CVE-2008-1119
CVE-2008-1128
CVE-2008-1123
CVE-2008-1123
CVE-2008-1125
CVE-2008-1125
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1124
CVE-2008-1126
CVE-2008-1064
CVE-2008-1211
CVE-2008-1209
CVE-2008-1211
CVE-2008-0245
CVE-2008-0205
CVE-2007-1073
CVE-2008-1219
CVE-2008-1224
CVE-2008-0249
CVE-2008-0123
CVE-2008-0204
CVE-2002-2318
CVE-2002-2320
BM Classifieds showad.php cat Variable SQL Injection
CVE-2008-1272
BM Classifieds pfriendly.php ad Variable SQL Injection
CVE-2008-1272
QuickTicket qti_usr.php id Variable SQL Injection
Filebased guestbook gbook.php Comment Section XSS
CVE-2003-1546
Splatt Forum Module for PHP-Nuke block-Forums.php subject Variable XSS CVE-2003-1547
MyABraCaDaWeb header.php ma_kw Variable XSS
CVE-2003-1549
Savvy Content Manager searchresults.cfm searchterms Variable XSS
CVE-2008-1306
KCWiki simplest/wiki.php page Variable Remote File Inclusion
CVE-2008-1170
Centreon include/doc/index.php page Variable Traversal Arbitrary File
CVE-2008-1178
Access
Savvy Content Manager search_results.cfm searchterms Variable XSS
CVE-2008-1306
Savvy Content Manager search_results/index.cfm searchterms Variable
CVE-2008-1306
XSS
Alkacon OpenCms logfileViewSettings.jsp filePath Variable XSS
CVE-2008-1300
ManageEngine ServiceDesk Plus SolutionSearch.do searchText Variable
CVE-2008-1299
XSS
Hadith Module for PHP-Nuke modules.php cat Variable SQL Injection
CVE-2008-1298
MG2 admin.php list Variable XSS
CVE-2008-1228
Alkacon OpenCms logfileViewSettings.jsp filePath.0 Variable Arbitrary File
CVE-2008-1301
Access
4nChat Module for PHP-Nuke modules.php roomid Variable SQL Injection CVE-2008-1220
QuickTalk Forum qtf_ind_search_ov.php id Variable SQL Injection
CVE-2008-1316
Podcast Generator set_permissions.php scriptlang Variable XSS
CVE-2008-1212
imageVue popup.php path Variable XSS
CVE-2008-1273
imageVue dir2.php path Variable XSS
CVE-2008-1273
imageVue upload.php path Variable XSS
CVE-2008-1273
imageVue dirxml.php path Variable XSS
CVE-2008-1273
Mapbender mapFiler.php factor Variable Arbitrary PHP Code Execution
CVE-2008-0300
Mapbender mod_gazetteer_edit.php gaz Variable SQL Injection
CVE-2008-0301
TorrentTrader Classic account-inbox.php CSRF
CVE-2008-1172
Affiliate Market function/sideblock.php sideblock4 Variable XSS
CVE-2008-1176
Affiliate Market shop/detail.php id Variable SQL Injection
CVE-2008-1177
Bama Galerie Module for eXV2 viewcat.php cid Variable SQL Injection
CVE-2008-1349
EasyGallery staticpages/easygallery/index.php catid Variable SQL Injection CVE-2008-1346
EasyGallery staticpages/easygallery/index.php q Variable XSS
CVE-2008-1347
Fully Modded phpBB kb.php k Variable SQL Injection
CVE-2008-1350
Tutorials Module for XOOPS printpage.php tid Variable SQL Injection
CVE-2008-1351
StoreFront SearchResults.aspx CategoryId Variable SQL Injection
CVE-2008-1341
EasyCalendar calendar_backend.php year Variable SQL Injection
CVE-2008-1344
EasyCalendar ajaxp_backend.php page Variable SQL Injection
CVE-2008-1344
EasyCalendar calendar_backend.php day Variable XSS
CVE-2008-1345
Simple Machines Forum (SMF) Itemid Argument XSS
CVE-2008-0284
Simple Machines Forum (SMF) topic Argument XSS
CVE-2008-0284
UploadScript admin.php nopass Action pass Variable Remote Privilege
CVE-2008-0246
Escalation
Cryptographp Plugin for Wordpress wp-admin/options-general.php Multiple
CVE-2008-0203
Variable XSS
Virtual Support Office-XP MyIssuesView.asp Issue_ID Variable SQL
CVE-2008-1354
Injection
IntraLearn /library/description_link.cfm Multiple Variable XSS
IntraLearn /library/courses_catalog.cfm Multiple Variable XSS
IntraLearn /help/1/Instructor/Knowledge_Impact_Course.htm Direct Request
Path Disclosure
IntraLearn /help/1/Instructor/LRN-formatted_Course.htm Direct Request
Path Disclosure
IntraLearn /help/1/Instructor/Create_Course.htm Direct Request Path
Disclosure
Nukestyles.com viewpage.php Addon for PHP-Nuke File Variable Traversal
Arbitrary File Access
D-Link DSL-G604T Router cgi-bin/webcm var:category Variable XSS
D-Link DI-604 Router prim.htm rf Variable XSS
Siemens SpeedStream 6520 Router basehelp_English.htm HTTP Request
Handling DoS
MoinMoin formatter/text_gedit.py XSS
Beehive Forum edit_poll.php XSS
BadBlue soinfo.php phpinfo Function Remote Information Disclosure
OwnServer URL Traversal Arbitrary File Access
Super Site Searcher site_searcher.cgi page Variable Arbitrary Remote
Command Execution
acFreeProxy URL Error Page XSS
OmniStar Article Manager article.php favorite op Action page_id Variable
SQL Injection
Webmedia Explorer includes/rss.class.php path_include Variable Remote
File Inclusion
Webmedia Explorer templates/main.tpl.php path_template Variable Remote
File Inclusion
Webmedia Explorer templates/folder_messages_link_message_
name.tpl.php path_template Variable Remote File Inclusion
Webmedia Explorer templates/sidebar.tpl.php path_templates Variable
Remote File Inclusion
MoinMoin PageEditor.py Multiple Variable XSS
myphpPagetool help1.php ptinclude Variable Remote File Inclusion
myphpPagetool help2.php ptinclude Variable Remote File Inclusion
myphpPagetool help3.php ptinclude Variable Remote File Inclusion
myphpPagetool help4.php ptinclude Variable Remote File Inclusion
myphpPagetool help5.php ptinclude Variable Remote File Inclusion
myphpPagetool help6.php ptinclude Variable Remote File Inclusion
myphpPagetool help7.php ptinclude Variable Remote File Inclusion
myphpPagetool help8.php ptinclude Variable Remote File Inclusion
myphpPagetool help9.php ptinclude Variable Remote File Inclusion
GoAhead WebServer goform/QuickStart_c0 typepassword Field Password
Disclosure
Web Wiz Multiple Products RTE_file_browser.asp Traversal Remote File /
Directory Disclosure
myannonces Module for eXV2 annonces-p-f.php lid Variable SQL Injection
aliTalk inc/elementz.php lilil Variable Arbitrary User Account Creation
AuraCMS stat.php X-Forwarded-For HTTP Header PHP Code Injection
phpBP includes/functions/banners-external.php id Variable SQL Injection
Viso (Industry Book) Module for eXV2 index.php kid Variable SQL Injection
WebChat Module for eXV2 index.php roomid Variable SQL Injection
Digital Hive Unspecified Program selectskin Variable SQL Injection
Digital Hive gestion_membre.php user_id Variable SQL Injection
Multiple Time Sheets index.php tab Variable XSS
Sun Java System Identity Manager /idm/help/index.jsp helpUrl Variable
Remote Frame Injection
Mod Block Statistik for AuraCMS stat.php X-Forwarded-For HTTP Header
PHP Code Injection
eForum busca.php Multiple Variable XSS
Wp-FileManager Plugin for Wordpress ajaxfilemanager.php Unrestricted
File Upload
WP-ContactForm Plugin for Wordpress wp-admin/admin.php Multiple
Variable CSRF
WP-ContactForm Plugin for Wordpress wp-admin/admin.php Multiple
Variable XSS
WP-ContactForm Plugin for Wordpress wp-admin/admin.php IFRAME
Element SRC Attribute XSS
CVE-2003-1545
CVE-2008-1253
CVE-2008-1258
CVE-2008-1267
CVE-2008-1098
CVE-2002-2289
CVE-2004-2745
CVE-2002-2420
CVE-2002-2418
CVE-2007-4952
CVE-2007-4948
CVE-2007-4948
CVE-2007-4948
CVE-2007-4948
CVE-2008-1098
CVE-2007-4947
CVE-2007-4947
CVE-2007-4947
CVE-2007-4947
CVE-2007-4947
CVE-2007-4947
CVE-2007-4947
CVE-2007-4947
CVE-2007-4947
CVE-2007-6702
CVE-2008-0466
CVE-2008-1406
CVE-2008-0391
CVE-2008-0390
CVE-2008-1408
CVE-2008-1404
CVE-2008-1407
CVE-2008-0290
CVE-2008-0290
CVE-2008-1414
CVE-2008-0240
CVE-2008-0390
CVE-2008-1477
CVE-2008-0222
CVE-2008-0198
CVE-2008-0197
CVE-2008-0197
PHPauction GPL includes/converter.inc.php include_path Variable Remote
File Inclusion
PHPauction GPL includes/messages.inc.php include_path Variable Remote
File Inclusion
PHPauction GPL includes/settings.inc.php include_path Variable Remote
File Inclusion
Drake CMS install/index.php d_root Variable Traversal Arbitrary File Access
ManageEngine SupportCenter Plus SolutionSearch.do searchText Variable
XSS
Jeebles Directory index.php path Variable XSS
EdiorCMS search.php SearchTemplate Variable Traversal Arbitrary File
Access
eWeather Module for PHP-Nuke modules.php chart Variable XSS
KAPhotoservice album.asp albumid Variable SQL Injection
Gallarific search.php query Variable XSS
ZClassifieds Module for PHP-Nuke modules.php cat Variable SQL Injection
gaestebuch Module for PHP-Nuke modules.php id Variable SQL Injection
CS-Cart index.php q Variable XSS
NukeC30 Module for PHP-Nuke modules.php id_catg Variable SQL
Injection
EncapsGallery watermark.php file Variable XSS
EncapsGallery catalog_watermark.php file Variable XSS
Filebase Mod for phpBB filebase.php id Variable SQL Injection
Wordpress wp-admin/users.php inviteemail Variable XSS
Wordpress wp-admin/invites.php to Variable XSS
Namazu namazu.cgi UTF-7 XSS
Wordpress wp-admin/edit.php backup Variable XSS
PEEL membre.php email Variable SQL Injection
Wordpress wp-admin/edit.php wp-db-backup.php Action backup Variable
Arbitrary File Manipulation
WordPress /wp-admin/admin.php Multiple Variable Traversal Arbitrary File
Access
JBrowser upload.php3 Unspecified Arbitrary PHP Code Execution
phpTrafficA plotStatBar.php file Variable Unspecified Remote Security Issue
phpTrafficA plotStatPie.php file Variable Unspecified Remote Security Issue
Vanilla ajax/sortcategories.php Remote Unauthenticated Administrative
Action
Vanilla ajax/sortroles.php Remote Unauthenticated Administrative Action
PRO-search URI q Variable XSS
Stride login.php Default Administrative Credentials
PEEL administrer/produits.php Unrestricted File Upload Arbitrary PHP Code
Execution
PEEL factures/facture_html.php timestamp Variable SQL Injection
PEEL achat/historique_commandes.php timestamp Variable SQL Injection
Stride Content Management System main.php p Variable SQL Injection
Stride Merchant Subsystem shop.php id Variable SQL Injection
Stride Courses Subsystem detail.php Multiple Variable SQL Injection
Linksys WAG54GS ADSL Gateway setup.cgi Restore Factory Defaults
Action mtenRestore Variable CSRF
Linksys WAG54GS ADSL Gateway setup.cgi sysname Variable User
Account Creation CSRF
SimpNews admin/index.php lang Variable Remote Information Disclosure
SimpNews admin/dbg_infos.php Direct Request Error Message Path
Disclosure
SimpNews admin/heading.php Direct Request Error Message Path
Disclosure
SimpNews evsearch.php Direct Request Error Message Path Disclosure
CVE-2008-1416
CVE-2008-1416
CVE-2008-1416
CVE-2008-1371
CVE-2008-1432
CVE-2008-1355
CVE-2008-1352
CVE-2008-1348
CVE-2008-1426
CVE-2008-1326
CVE-2008-1315
CVE-2008-1314
CVE-2008-1458
CVE-2008-1308
CVE-2008-1296
CVE-2008-1296
CVE-2008-1305
CVE-2008-1304
CVE-2008-1304
CVE-2008-1468
CVE-2008-0193
CVE-2008-1496
CVE-2008-0194
CVE-2008-0196
CVE-2007-1775
CVE-2007-3428
CVE-2007-3428
CVE-2007-5644
CVE-2007-5644
CVE-2007-5434
CVE-2007-5432
CVE-2008-1495
CVE-2008-1496
CVE-2008-1496
CVE-2007-5430
CVE-2007-5430
CVE-2007-5430
CVE-2007-6708
CVE-2007-6708
CVE-2007-4872
CVE-2007-4872
CVE-2007-4872
CVE-2007-4872
NFN Address Book Component for Mambo / Joomla! components/com_nfn_
addressbook/nfnaddressbook.php mosConfig_absolute_path Variable
CVE-2007-1596
Remote File Inclusion
NFN Address Book Component for Mambo / Joomla! administrator/
CVE-2007-1596
components/com_nfn_addressbook/nfnaddressbook.php mosConfig_
absolute_path Variable Remote File Inclusion
Moodle moodledata/sessions/ Session Files Remote Information Disclosure CVE-2007-1647
WordPress /wp-admin/themes.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/edit.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/templates.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/edit-pages.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/categories.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/edit-comments.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/moderation.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/post.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/page-new.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/index.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/link-manager.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/link-add.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/link-categories.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/link-import.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/theme-editor.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/plugin-editor.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/profile.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/users.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/options-general.php page Variable Traversal
CVE-2008-0196
Arbitrary File Access
WordPress /wp-admin/options-writing.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/options-reading.php page Variable Traversal
CVE-2008-0196
Arbitrary File Access
WordPress /wp-admin/options-discussion.php page Variable Traversal
CVE-2008-0196
Arbitrary File Access
WordPress /wp-admin/options-permalink.php page Variable Traversal
CVE-2008-0196
Arbitrary File Access
WordPress /wp-admin/options-misc.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/import.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/admin.php page Variable Traversal Arbitrary File
CVE-2008-0196
Access
WordPress /wp-admin/bookmarklet.php page Variable Traversal Arbitrary
CVE-2008-0196
File Access
WordPress /wp-admin/cat-js.php page Variable Traversal Arbitrary File
Access
WordPress /wp-admin/inline-uploading.php page Variable Traversal
Arbitrary File Access
WordPress /wp-admin/options.php page Variable Traversal Arbitrary File
Access
WordPress /wp-admin/profile-update.php page Variable Traversal Arbitrary
File Access
WordPress /wp-admin/sidebar.php page Variable Traversal Arbitrary File
Access
WordPress /wp-admin/user-edit.php page Variable Traversal Arbitrary File
Access
Translation Module for SiteBar (translator.php) upd cmd Action edit Variable
Arbitrary PHP Code Execution
TikiWiki tiki-index.php Multiple Variable Absolute Pathname Local File
Inclusion
TikiWiki tiki-graph_formula.php Blacklist Bypass Arbitrary Code Execution
TikiWiki tiki-imexport_languages.php imp_language Variable Encoded
Traversal Local File Inclusion
i-Gallery igallery.asp d Variable Encoded Traversal Arbitrary File Access
Flatnuke Download Module description.it.php PHP Code Injection
JContentSubscription Component for Joomla! view/jcs.function.php
mosConfig_absolute_path Variable Remote File Inclusion
JContentSubscription Component for Joomla! view/add.php mosConfig_
absolute_path Variable Remote File Inclusion
JContentSubscription Component for Joomla! view/history.php mosConfig_
absolute_path Variable Remote File Inclusion
JContentSubscription Component for Joomla! view/register.php mosConfig_
absolute_path Variable Remote File Inclusion
JContentSubscription Component for Joomla! views/list.sub.html.php
mosConfig_absolute_path Variable Remote File Inclusion
JContentSubscription Component for Joomla! views/list.user.sub.html.php
mosConfig_absolute_path Variable Remote File Inclusion
JContentSubscription Component for Joomla! views/reports.html.php
mosConfig_absolute_path Variable Remote File Inclusion
MP3 Allopass Component for Joomla! allopass.php mosConfig_live_site
Variable Remote File Inclusion
MP3 Allopass Component for Joomla! allopass-error.php mosConfig_live_
site Variable Remote File Inclusion
CARE2X language/en_copyrite.php root_path parameter Variable Remote
File Inclusion
CARE2X language/vi_copyrite.php root_path parameter Variable Remote
File Inclusion
CARE2X language/ar_copyrite.php root_path parameter Variable Remote
File Inclusion
CARE2X include/care_api_classes/class_access.php root_path parameter
Variable Remote File Inclusion
CARE2X include/care_api_classes/class_department.php root_path
parameter Variable Remote File Inclusion
CARE2X include/care_api_classes/class_config.php root_path parameter
Variable Remote File Inclusion
CARE2X include/care_api_classes/class_imclass_product.phpage.php
root_path parameter Variable Remote File Inclusion
CARE2X include/care_api_classes/class_ward.php root_path parameter
Variable Remote File Inclusion
CARE2X include/care_api_classes/ root_path parameter Variable Remote
File Inclusion
CARE2X gui/smarty_template/smarty_care.class.php root_path parameter
Variable Remote File Inclusion
eXtreme Styles Module for phpBB admin/admin_xs.php phpEx Variable
Traversal Local File Inclusion
phpAddressBook install.php skin Variable Traversal Local File Inclusion
CVE-2008-0196
CVE-2008-0196
CVE-2008-0196
CVE-2008-0196
CVE-2008-0196
CVE-2008-0196
CVE-2007-5693
CVE-2007-5684
CVE-2007-5682
CVE-2007-5684
CVE-2007-5776
CVE-2007-5772
CVE-2007-5407
CVE-2007-5407
CVE-2007-5407
CVE-2007-5407
CVE-2007-5407
CVE-2007-5407
CVE-2007-5407
CVE-2007-5412
CVE-2007-5412
CVE-2007-5418
CVE-2007-5418
CVE-2007-5418
CVE-2007-5418
CVE-2007-5418
CVE-2007-5418
CVE-2007-5418
CVE-2007-5418
CVE-2007-5418
CVE-2007-5418
CVE-2008-1512
CVE-2008-1492
phpAddressBook index.php info Variable XSS
e-Xoops mylinks/ratelink.php lid Variable SQL Injection
e-Xoops adresses/ratefile.php lid Variable SQL Injection
e-Xoops mydownloads/ratefile.php lid Variable SQL Injection
e-Xoops mysections/ratefile.php lid Variable SQL Injection
e-Xoops myalbum/ratephoto.php lid Variable SQL Injection
e-Xoops modules/banners/click.php bid Variable SQL Injection
e-Xoops modules/arcade/index.php gid Variable SQL Injection
ManageEngine EventLog Analyzer searchAction.do searchText Variable
XSS
IBM Tivoli Provisioning Manager /tpmx URI Multiple Field XSS
123tkShop shop/admin.php admin Variable SQL Injection
Anon Proxy Server diagdns.php host Variable Arbitrary Remote Command
Execution
Anon Proxy Server diagconnect.php Multiple Variable Arbitrary Remote
Command Execution
Kvaliitti WebDoc categories.asp Multiple Variable SQL Injection
Kvaliitti WebDoc subcategory.asp Multiple Variable SQL Injection
BolinOS system/_b/contentFiles/gbincluder.php _bFileToInclude Variable
Traversal Arbitrary File Access
Photo Module for RunCMS viewcat.php cid Variable SQL Injection
PowerBook pb_inc/admincenter/index.php page Variable Traversal Local
File Inclusion
BolinOS /system/actionspages/_b/contentFiles/gBImageViewer.php url
Variable XSS
BolinOS /system/actionspages/_b/contentFiles/gBselectorContents.php
ForEditor Variable XSS
BolinOS /system/actionspages/_b/contentFiles/gBLoginPage.php XSS
BolinOS /system/actionspages/_b/contentFiles/gBPassword.php XSS
BolinOS /system/actionspages/_b/contentFiles/gBLoginPage.php formlogin
Variable XSS
BolinOS /help/index.php bolini_searchengine46Search Variable XSS
BolinOS gBphpInfo.php System Information Disclosure
Aeries Browser Interface Login.asp usr Variable XSS
LinPHA ftp/index.php Unspecified XSS
Aeries Browser Interface loginproc.asp SchlCode Variable SQL Injection
LinPHA viewer.php Unspecified XSS
LinPHA functions/other.php Unspecified XSS
LinPHA include/left_menu.class.php Unspecified XSS
LinPHA plugins/stats/stats_view.php Unspecified XSS
Puzzle Apps CMS core/modules/my/my.module.php MODULEDIR Variable
Remote File Inclusion
Puzzle Apps CMS core/modules/xml/xml.module.php MODULEDIR Variable
Remote File Inclusion
Puzzle Apps CMS core/config.loader.php COREROOT Variable Remote
File Inclusion
Puzzle Apps CMS core/platform.loader.php COREROOT Variable Remote
File Inclusion
Puzzle Apps CMS core/core.loader.php COREROOT Variable Remote File
Inclusion
Puzzle Apps CMS core/person.loader.php COREROOT Variable Remote
File Inclusion
Puzzle Apps CMS core/module.loader.php COREROOT Variable Remote
File Inclusion
Puzzle Apps CMS install/steps/step_3.php COREROOT Variable Remote
File Inclusion
Puzzle Apps CMS core/modules/admin/libs/people.lib.php THISDIR
Variable Remote File Inclusion
Puzzle Apps CMS core/modules/admin/libs/general.lib.php THISDIR
Variable Remote File Inclusion
CVE-2007-6380
CVE-2007-6380
CVE-2007-6380
CVE-2007-6380
CVE-2007-6380
CVE-2007-6380
CVE-2007-6380
CVE-2007-6407
CVE-2007-6458
CVE-2007-6459
CVE-2007-6459
CVE-2007-6491
CVE-2007-6491
CVE-2008-1487
CVE-2008-1487
CVE-2008-1487
CVE-2008-1487
CVE-2008-1487
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
Puzzle Apps CMS core/modules/admin/libs/content.lib.php THISDIR
Variable Remote File Inclusion
Puzzle Apps CMS core/modules/admin/libs/templates.lib.php THISDIR
Variable Remote File Inclusion
Puzzle Apps CMS core/modules/webstat/MEC/index.php THISDIR Variable
Remote File Inclusion
Translation Module for SiteBar (translator.php) value Variable Arbitrary PHP
Code Execution
Flash RSS Reader Component for Joomla! admin.wmtrssreader.php
mosConfig_live_site Variable Remote File Inclusion
UMI CMS search_do/ Default URI search_string Variable XSS
SecurityReporter file.cgi name Variable Traversal Arbitrary File Download
SNewsCMS Rus search.php query Variable XSS
Iatek Multiple Products links.asp CatId Variable SQL Injection
ManageEngine Applications Manager Search.do query Variable XSS
DigiDomain lookup_result.asp domain Variable XSS
DigiDomain suggest_result.asp Multiple Variable XSS
phpMyChat setup.php3 Lang Variable XSS
Alkacon OpenCMS system/workplace/admin/accounts/users_list.jsp
Multiple Variable XSS
ooComments classes/class_admin.php PathToComment Variable Remote
File Inclusion
ooComments classes/class_comments.php PathToComment Variable
Remote File Inclusion
FreeWebshop.org customer.php Unspecified Remote Privilege Escalation
phpstats phpstats.php baseDir Variable XSS
AuraCMS online.php X-Forwarded-For Header SQL Injection
Default Theme for Exero CMS usercp/index.php theme Variable Traversal
Local File Inclusion
Default Theme for Exero CMS usercp/editpassword.php theme Variable
Traversal Local File Inclusion
Default Theme for Exero CMS usercp/avatar.php theme Variable Traversal
Local File Inclusion
Default Theme for Exero CMS members/custompage.php theme Variable
Traversal Local File Inclusion
Default Theme for Exero CMS members/errors/404.php theme Variable
Traversal Local File Inclusion
Default Theme for Exero CMS members/memberslist.php theme Variable
Traversal Local File Inclusion
Default Theme for Exero CMS members/profile.php theme Variable
Traversal Local File Inclusion
Default Theme for Exero CMS news/index.php theme Variable Traversal
Local File Inclusion
Default Theme for Exero CMS news/fullview.php theme Variable Traversal
Local File Inclusion
Default Theme for Exero CMS nopermission.php theme Variable Traversal
Local File Inclusion
Multiple Time Sheets clientinfo.php tab Variable XSS
Multiple Time Sheets invoices.php tab Variable XSS
Multiple Time Sheets smartlinks.php tab Variable XSS
Multiple Time Sheets todo.php tab Variable XSS
Multiple Time Sheets index.php tab Variable Traversal Arbitrary File Access
ASPapp links.asp CatId Variable SQL Injection
Gallarific Free Edition search.php query Variable SQL Injection
Gallarific Free Edition login.php Multiple Variable SQL Injection
Gallarific Free Edition gadmin/index.php Multiple Variable SQL Injection
W-Agora add_user.php bn_dir_default Variable Remote File Inclusion
W-Agora create_forum.php bn_dir_default Variable Remote File Inclusion
W-Agora create_user.php bn_dir_default Variable Remote File Inclusion
W-Agora delete_notes.php bn_dir_default Variable Remote File Inclusion
CVE-2007-5147
CVE-2007-5147
CVE-2007-5147
CVE-2007-5492
CVE-2007-5410
CVE-2007-5428
CVE-2007-3985
CVE-2008-1413
CVE-2008-1430
CVE-2008-1504
CVE-2008-1510
CVE-2008-1511
CVE-2008-1511
CVE-2007-6711
CVE-2008-0125
CVE-2008-1398
CVE-2008-1409
CVE-2008-1409
CVE-2008-1409
CVE-2008-1409
CVE-2008-1409
CVE-2008-1409
CVE-2008-1409
CVE-2008-1409
CVE-2008-1409
CVE-2008-1409
CVE-2008-1414
CVE-2008-1414
CVE-2008-1414
CVE-2008-1414
CVE-2008-1415
CVE-2008-1430
CVE-2008-1464
CVE-2008-1464
CVE-2008-1464
CVE-2008-1466
CVE-2008-1466
CVE-2008-1466
CVE-2008-1466
W-Agora delete_user.php bn_dir_default Variable Remote File Inclusion
W-Agora edit_forum.php bn_dir_default Variable Remote File Inclusion
W-Agora mail_users.php bn_dir_default Variable Remote File Inclusion
W-Agora moderate_notes.php bn_dir_default Variable Remote File
Inclusion
W-Agora reorder_forums.php bn_dir_default Variable Remote File Inclusion
Iatek Multiple Products content_by_cat.asp cattid Variable SQL Injection
Cuteflow Bin login.php language Variable Traversal Local File Inclusion
Easy-Clanpage inc/module/online.php id Variable SQL Injection
cPanel frontend/x/manpage.html Query String XSS
iASP Remote Console Applet HTTP Request Handling Traversal Arbitrary
File Access
PEEL phpinfo.php phpinfo function Direct Request Information Disclosure
Smoothflash admin_view_image.php cid Variable SQL Injection
eCart Professional cartView.asp rp Variable XSS
Nilsons Blogger comments.php thispost Variable Local File Inclusion
Endian Firewall vpnum/userslist.php psearch Variable XSS
fGallery Plugin for Wordpress fim_rss.php album Variable SQL Injection
Clansphere install.php lang Variable Traversal Local File Inclusion
VB Marketing tseekdir.cgi location Variable Traversal Local File Inclusion
Web Wiz Rich Text Editor RTE_popup_save_file.asp Unspecified Remote
File Upload
Flinx category.php id Variable SQL Injection
Easysitenetwork Recipe list.php categoryid Variable SQL Injection
Siteman articles.php cat Variable Traversal Arbitrary File Access
phpSearch utils/class_HTTPRetriever.php libcurlemuinc Variable Remote
File Inclusion
DeluxeBB attachments_header.php lang_listofmatches Variable XSS
MegaBBS profile-upload/upload.asp target Variable XSS
360 Web Manager form.php IDFM Variable SQL Injection
Frimousse explorerdir.php name Variable Traversal Arbitrary File Access
Mooseguy Blog System blog.php month Variable SQL Injection
boastMachine mail.php id Variable SQL Injection
PacerCMS siteadmin/article-edit.php id Variable SQL Injection
PacerCMS siteadmin/submitted-edit.php Unspecified Variable SQL Injection
PacerCMS siteadmin/page-edit.php Unspecified Variable SQL Injection
PacerCMS siteadmin/section-edit.php Unspecified Variable SQL Injection
PacerCMS siteadmin/staff-edit.php Unspecified Variable SQL Injection
PacerCMS siteadmin/staff-access.php Unspecified Variable SQL Injection
BLOG:CMS index.php DIR_PLUGINS Variable Remote File Inclusion
BLOG:CMS media.php DIR_LIBS Variable Remote File Inclusion
BLOG:CMS xmlrpc/server.php DIR_LIBS Variable Remote File Inclusion
VP-ASP Shopping Cart paypalresult.asp Unspecified Variable SQL Injection
sIFR SWF File txt Variable XSS
Immobilier agentadmin.php Multiple Variable SQL Injection
MyPHPLinks checksession.php idsession Variable SQL Injection
Thatware artlist.php root_path Variable Remote File Inclusion
YaBB YaBB.pl num Variable XSS
Web Oddity URI Traversal Arbitrary File Access
Apache Tomcat Calendar Examples Application cal2.jsp Multiple Variable
CSRF
WP-Footnotes Plugin for WordPress admin_panel.php Multiple Variable
XSS
Virtual War (Vwar) convert/mvcw_conver.php vwar_root Variable Remote
File Inclusion
Domain Trader catalog.php id Variable XSS
MPCSoftWeb Photo mpcsoftweb_photo.mdb Direct Request Database
Disclosure
CVE-2008-1466
CVE-2008-1466
CVE-2008-1466
CVE-2008-1466
CVE-2008-1466
CVE-2008-1430
CVE-2008-1493
CVE-2008-1494
CVE-2008-1499
CVE-2002-2292
CVE-2008-1506
CVE-2008-0558
CVE-2008-0559
CVE-2008-0494
CVE-2008-0491
CVE-2008-0489
CVE-2008-0488
CVE-2008-0473
CVE-2008-0468
CVE-2008-0453
CVE-2008-0452
CVE-2008-0448
CVE-2008-0439
CVE-2008-0436
CVE-2008-0430
CVE-2008-0425
CVE-2008-0424
CVE-2008-0422
CVE-2008-0451
CVE-2008-0451
CVE-2008-0451
CVE-2008-0451
CVE-2008-0451
CVE-2008-0451
CVE-2008-0450
CVE-2008-0450
CVE-2008-0450
CVE-2008-0449
CVE-2008-0438
CVE-2002-2305
CVE-2002-2304
CVE-2002-2297
CVE-2002-2296
CVE-2007-4726
CVE-2007-4724
CVE-2008-0691
CVE-2007-4606
CVE-2008-0688
VigileCMS index.php changepass Module CSRF
CVE-2007-6087
bcoos include/common.php xoopsOption[pagetype] Traversal Local File
CVE-2007-6079
Inclusion
SkyPortal nc_top.asp Unspecified Variable SQL Injection
CVE-2007-6078
SkyPortal inc_bookmarks.asp Unspecified Variable SQL Injection
CVE-2007-6078
SkyPortal inc_profile_functions.asp Unspecified Variable SQL Injection
CVE-2007-6078
SkyPortal inc_SUBSCRIPTIONS.asp Unspecified Variable SQL Injection
CVE-2007-6078
SkyPortal cp_main.asp Multiple Variable SQL Injection
CVE-2007-6078
Youtube Clone Script load_message.php lang[please_wait] Variable XSS
CVE-2008-0687
Wordspew Plugin for Wordpress wordspew-rss.php id Variable SQL
CVE-2008-0682
Injection
ClanLite modules/serveur_jeux.php root_path Variable Remote File
CVE-2007-5168
Inclusion
ClanLite conf/conf-php.php root_path Variable Remote File Inclusion
CVE-2007-5168
myIpacNG-stats init.php MINGS_BASE Variable Remote File Inclusion
CVE-2007-5165
Proverbs Web Calendar caladmin.inc.php Multiple Variable SQL Injection
CVE-2007-6158
LightBlog cp_upload_image.php Unrestricted File Upload Direct Request
CVE-2008-0632
Arbitrary Code Execution
ITechClassifieds ViewCat.php CatID Variable SQL Injection
CVE-2008-0685
ITechClassifieds ViewCat.php CatID Variable XSS
CVE-2008-0684
Banner Student ss/bwgkoemr.P_UpdateEmrgContacts add1 Variable XSS
phpBB Advanced Quick Reply Hack quick_reply.php phpbb_root_path
CVE-2002-2287
Variable Remote File Inclusion
PortailPHP mod_search/index.php Multiple Variable XSS
CVE-2002-2278
PortailPHP mod_search/index.php Multiple Variable SQL Injection
CVE-2002-2277
Banner Student ss/bwgkoemr.P_UpdateEmrgContacts add1 Variable CSRF
Textpattern textpattern/index.php Local File Inclusion
Open Webmail (OWM) openwebmail-main.pl Multiple Variable XSS
CVE-2007-4172
Open Webmail (OWM) openwebmail-prefs.pl Multiple Variable XSS
CVE-2007-4172
Open Webmail (OWM) openwebmail-send.pl Multiple Variable XSS
CVE-2007-4172
Open Webmail (OWM) openwebmail-folder.pl Multiple Variable XSS
CVE-2007-4172
Open Webmail (OWM) openwebmail-webdisk.pl Multiple Variable XSS
CVE-2007-4172
Open Webmail (OWM) openwebmail-advsearch.pl folder Variable XSS
CVE-2007-4172
Open Webmail (OWM) openwebmail-abook.pl Multiple Variable XSS
CVE-2007-4172
Zero CMS forums/index.php Multiple Variable SQL Injection
CVE-2008-0232
Captcha! Plugin for Wordpress captcha\captcha.php Multiple Variable XSS CVE-2008-0206
ITechBids bidhistory.php item_id Variable SQL Injection
CVE-2008-0692
ITechBids bidhistory.php item_id Variable XSS
Belkin Wireless G Plus MIMO Router SaveCfgFile.cgi Direct Request
CVE-2008-0403
Authentication Bypass
VHD Web Pack index.php page Variable Local File Inclusion
CVE-2008-0609
WordPress MU wp-admin/options.php Arbitrary PHP Code Upload /
Execution
Album.pl Alternative Configuration File Remote Command Execution
CVE-2003-1456
SiteBar translator.php dir Variable Traversal Arbitrary File Access
CVE-2007-5694
Customer Testimonials Addon for osCommerce customer_testimonials.php
CVE-2008-0719
testimonial_id Variable SQL Injection
Webmin webmin_search.cgi search Variable XSS
CVE-2008-0720
Usermin webmin_search.cgi search Variable XSS
CVE-2008-0720
XOOPS htdocs/install/index.php lang Variable Traversal Local File Inclusion CVE-2008-0612
RMSOFT Gallery System Module for XOOPS rmgs/images.php id Variable
CVE-2008-0611
SQL Injection
AstroSoft HelpDesk operator/article/article_search_results.asp txtSearch
CVE-2008-0605
Variable XSS
AstroSoft HelpDesk operator/article/article_attachment.asp Attach_Id
CVE-2008-0605
Variable XSS
Mihalism Multi Host users.php username Variable SQL Injection
CVE-2008-0714
Mindmeld acweb/admin_index.ph MM_GLOBALS[home] Variable Remote
CVE-2008-0572
File Inclusion
Mindmeld include/ask.inc.php MM_GLOBALS[home] Variable Remote File
Inclusion
Mindmeld include/learn.inc.php MM_GLOBALS[home] Variable Remote File
Inclusion
Mindmeld include/manage.inc.php MM_GLOBALS[home] Variable Remote
File Inclusion
Mindmeld include/mind.inc.php MM_GLOBALS[home] Variable Remote File
Inclusion
Mindmeld include/sensory.inc.php MM_GLOBALS[home] Variable Remote
File Inclusion
DMSGuestbook Plugin for WordPress wp-admin/admin.php file Variable
XSS
WS_FTP Server Manager FTPLogServer/LogViewer.asp Remote Security
Bypass
DeltaScripts PHP Links includes/smarty.php full_path_to_public_program
Variable Remote File Inclusion
DeltaScripts PHP Links vote.php id Variable SQL Injection
Bubbling Library yui-menu.tpl.php uri Variable Traversal Local File Inclusion
Bubbling Library simple.tpl.php uri Variable Traversal Local File Inclusion
Bubbling Library advanced.tpl.php uri Variable Traversal Local File Inclusion
Bubbling Library yui-menu.php page Variable Traversal Local File Inclusion
Bubbling Library simple.php page Variable Traversal Local File Inclusion
Bubbling Library advanced.php page Variable Traversal Local File Inclusion
ChronoEngine ChronoForms Component for Joomla! PPS/File.php
mosConfig_absolute_path Variable Remote File Inclusion
ChronoEngine ChronoForms Component for Joomla! Writer.php
mosConfig_absolute_path Variable Remote File Inclusion
ChronoEngine ChronoForms Component for Joomla! PPS.php mosConfig_
absolute_path Variable Remote File Inclusion
ChronoEngine ChronoForms Component for Joomla! BIFFwriter.php
mosConfig_absolute_path Variable Remote File Inclusion
ChronoEngine ChronoForms Component for Joomla! Workbook.php
mosConfig_absolute_path Variable Remote File Inclusion
ChronoEngine ChronoForms Component for Joomla! Worksheet.php
mosConfig_absolute_path Variable Remote File Inclusion
ChronoEngine ChronoForms Component for Joomla! Format.php
mosConfig_absolute_path Variable Remote File Inclusion
MODx manager/index.php search Variable XSS
Sift Unity search.cgi qt Variable XSS
trixbox user/index.php Query String XSS
trixbox maint/index.php Query String XSS
WebCalendar pref.php Query String XSS
WebCalendar search.php adv Variable XSS
1024 CMS pages/print/default/ops/news.php lang Variable Traversal Local
File Inclusion
1024 CMS pages/download/default/ops/search.php theme_dir Variable
Traversal Local File Inclusion
1024 CMS admin/ops/reports/ops/download.php admin_theme_dir Variable
Traversal Local File Inclusion
1024 CMS admin/ops/reports/ops/forum.php admin_theme_dir Variable
Traversal Local File Inclusion
1024 CMS admin/ops/reports/ops/news.php admin_theme_dir Variable
Traversal Local File Inclusion
OpenBiblio shared/footer.php Direct Request Path Disclosure
OpenBiblio circ/mbr_fields.php Direct Request Path Disclosure
OpenBiblio admin/custom_marc_form_fields.php Direct Request Path
Disclosure
TikiWiki tiki-remind_password.php username Variable XSS
TikiWiki db/tiki-db.php local_php Variable XSS
minimal Gallery php_info.php Direct Request Information Disclosure
CVE-2008-0572
CVE-2008-0572
CVE-2008-0572
CVE-2008-0572
CVE-2008-0572
CVE-2008-0617
CVE-2008-0566
CVE-2008-0565
CVE-2008-0545
CVE-2008-0545
CVE-2008-0545
CVE-2008-0545
CVE-2008-0545
CVE-2008-0545
CVE-2008-0567
CVE-2008-0567
CVE-2008-0567
CVE-2008-0567
CVE-2008-0567
CVE-2008-0567
CVE-2008-0567
CVE-2008-0669
CVE-2008-0540
CVE-2008-0540
CVE-2007-6696
CVE-2007-6696
CVE-2007-6584
CVE-2007-6584
CVE-2007-6584
CVE-2007-6584
CVE-2007-6584
CVE-2007-6607
CVE-2007-6607
CVE-2007-6607
CVE-2007-5683
CVE-2007-5683
CVE-2008-0260
eTicket admin.php CSRF
CVE-2008-0266
Liferay Portal service/impl/UserLocalServiceImpl.java User-Agent HTTP
CVE-2008-0179
Header XSS
Liferay Portal themes/_unstyled/templates/init.vm User Profile Greeting Field CVE-2008-0180
XSS
Liferay Portal service/impl/UserLocalServiceImpl.java User-Agent HTTP
CVE-2008-0563
Header CSRF
SiteBar integrator.php lang Variable XSS
CVE-2007-5692
SiteBar command.php Modify User Action uid Variable XSS
CVE-2007-5692
MyMarket form_header.php noticemsg Variable XSS
CVE-2002-2362
Freetag Plugin for Serendipity URL XSS
CVE-2008-0751
Bubbling Library examples/dispatcher/framework/dispatcher.php uri
CVE-2008-0521
Variable Traversal Arbitrary File Access
Bubbling Library examples/dispatcher/dispatcher.php uri Variable Traversal
CVE-2008-0521
Arbitrary File Access
Bubbling Library examples/wizard/dispatcher.php uri Variable Traversal
CVE-2008-0521
Arbitrary File Access
Bubbling Library PHP/dispatcher.php uri Variable Traversal Arbitrary File
CVE-2008-0521
Access
PowerNews pnadmin/categories.inc.php subpage Variable Traversal Local
CVE-2008-0742
File Inclusion
Loris Hotel Reservation System search.cgi hotel_name Variable XSS
CVE-2008-0774
SAPID CMF vendors/adodb_lite/adodb-perf-module.inc.php last_module
Variable Arbitrary PHP Code Execution
Open-Realty include/class/adodb/adodb-perf-module.inc.php last_module
Variable Arbitrary PHP Code Execution
ITechBids detail.php item_id Variable SQL Injection
CVE-2008-0776
Journalness includes/database/adodb-perf-module.inc.php last_module
Variable Arbitrary PHP Code Execution
PacerCMS includes/adodb_lite/adodb-perf-module.inc.php last_module
Variable Arbitrary PHP Code Execution
Husrev BlackBoard philboard_forum.asp forumid Variable SQL Injection
CVE-2008-0750
Cacti graph_view.php graph_list Variable SQL Injection
CVE-2008-0785
Astanda Directory Project (ADP) detail.php link_id Variable SQL Injection
CVE-2008-0649
Simple OS CMS login.php username Field SQL Injection
CVE-2008-0650
Codice CMS login.php username Field SQL Injection
CVE-2008-0651
Azucar CMS html/sitio/index.php view Variable Traversal Local File
CVE-2008-0654
Inclusion
Azucar CMS src/sistema/vistas/template/tpl_inicio.php _VIEW Variable
CVE-2008-0654
Traversal Local File Inclusion
OpenSiteAdmin indexFooter.php path Variable Remote File Inclusion
CVE-2008-0648
OpenSiteAdmin DatabaseManager.php path Variable Remote File Inclusion CVE-2008-0648
OpenSiteAdmin FieldManager.php path Variable Remote File Inclusion
CVE-2008-0648
OpenSiteAdmin Filter.php path Variable Remote File Inclusion
CVE-2008-0648
OpenSiteAdmin Form.php path Variable Remote File Inclusion
CVE-2008-0648
OpenSiteAdmin FormManager.php path Variable Remote File Inclusion
CVE-2008-0648
OpenSiteAdmin LoginManager.php path Variable Remote File Inclusion
CVE-2008-0648
OpenSiteAdmin SingleFilter.php path Variable Remote File Inclusion
CVE-2008-0648
Simple Machines Forum (SMF) Shoutbox sboxDB.php sboxText Variable
CVE-2008-0775
XSS
Portail Web Php config/conf-activation.php site_path Variable Remote File
CVE-2008-0645
Inclusion
Portail Web Php menu/item.php site_path Variable Remote File Inclusion
CVE-2008-0645
Portail Web Php modules/conf_modules.php site_path Variable Remote File
CVE-2008-0645
Inclusion
Portail Web Php system/login.php site_path Variable Remote File Inclusion CVE-2008-0645
AuraCMS mod/gallery/ajax/gallery_data.php albums Variable SQL Injection CVE-2008-0735
The Everything Development System cms/index.pl node_id Variable SQL
CVE-2008-0675
Injection
A-Blog search.php words Variable XSS
CVE-2008-0676
A-Blog blog.php id Variable SQL Injection
CVE-2008-0677
phpShop index.php product_id Variable SQL Injection
CVE-2008-0681
st_newsletter Plugin for Wordpress shiftthis-preview.php newsletter Variable CVE-2008-0683
SQL Injection
Tendenci CMS search.asp Multiple Variable XSS
CVE-2008-0793
CruxCMS search.php search Variable XSS
CVE-2008-0700
WinIPDS ipdsserver.exe URI Traversal Arbitrary File Access
CVE-2008-0790
sflog! index.php Multiple Variable Traversal Arbitrary File Access
CVE-2008-0703
artmedic weblog artmedic_print.php date Variable XSS
CVE-2008-0765
artmedic weblog artmedic_index.php jahrneu Variable XSS
CVE-2008-0765
ibProArcade arcade.php g_display_order Cookie Variable SQL Injection
CVE-2008-0770
Virtual War (VWar) calendar.php month Variable SQL Injection
CVE-2008-0753
DomPHP aides/index.php page Variable Traversal Local File Inclusion
CVE-2008-0745
Pre Hotels & Resorts Management System user_login.asp Login Page SQL
CVE-2008-0744
Injection
JSPWiki Edit.jsp editor Variable XSS
OpenCA RAServer CSRF
CVE-2008-0556
CandyPress admin/SA_shipFedExMeter.asp FedExAccount Variable
CVE-2008-0736
Remote Path Disclosure
iTheora lib/download.php url Variable Traversal Arbitrary File Access
CVE-2008-0797
Joovili members_help.php hlp Variable Remote File Inclusion
CVE-2008-0743
Limbo CMS class_auth.php cuid Variable SQL Injection
CVE-2008-0734
Civica display.asp Entry Variable SQL Injection
CVE-2006-7231
phpWebFileManager plugins/file.php fm_path Variable Traversal Arbitrary
CVE-2003-1542
File Access
SiteBar command.php forward Variable Arbitrary Site Redirect
CVE-2007-5695
Snitz Forums Forums/login.asp target Variable Arbitrary Site Redirect
CVE-2008-0209
ExpressionEngine index.php URL Variable XSS
CVE-2008-0201
freePHPgallery comment.php lang Variable Traversal Local File Inclusion CVE-2008-0818
freePHPgallery show.php lang Variable Traversal Local File Inclusion
CVE-2008-0818
Dokeos whoisonline.php id Variable SQL Injection
CVE-2008-0850
Search Unleashed Plugin for WordPress s Variable XSS
CVE-2008-0837
XOOPS htdocs/user.php xoops_redirect Variable Arbitrary Site Redirect
CVE-2008-0613
PhotoKorn update/update3.php Direct Request Credentials Disclosure
CVE-2008-0297
Dokeos main/admin/class_list.php X-Fowarded-For HTTP Header SQL
CVE-2008-0850
Injection
Dokeos main/auth/inscription.php username Variable XSS
CVE-2008-0851
Dokeos main/calendar/myagenda.php courseCode Variable XSS
CVE-2008-0851
Dokeos main/admin/course_category.php category Variable XSS
CVE-2008-0851
Dokeos main/admin/session_list.php cmessage Variable XSS
CVE-2008-0851
JSPWiki Edit.jsp editor Variable Traversal Local File Inclusion
PowerNews pnadmin/news.inc.php subpage Variable Traversal Local File
CVE-2008-0742
Inclusion
PowerNews pnadmin/other.inc.php subpage Variable Traversal Local File
CVE-2008-0742
Inclusion
PowerNews pnadmin/permissions.inc.php subpage Variable Traversal Local
CVE-2008-0742
File Inclusion
PowerNews pnadmin/templates.inc.php subpage Variable Traversal Local
CVE-2008-0742
File Inclusion
PowerNews pnadmin/users.inc.php subpage Variable Traversal Local File
CVE-2008-0742
Inclusion
PowerNews pnadmin/index.php page Variable Traversal Local File Inclusion CVE-2008-0742
Cacti graph.php view_type Variable XSS
CVE-2008-0783
StatCounteX admin.asp Direct Request Information Disclosure
CVE-2008-0843
Nokia Intellisync Mobile Suite Login.do loginType Variable XSS
XPWeb Download.php url Variable Arbitrary File Access
CVE-2008-0813
BanPro DMS index.php action Variable Traversal Local File Inclusion
CVE-2008-0812
Sophos Email Appliance Login Page Multiple Variable XSS
CVE-2008-0838
MoinMoin action/AttachFile.py Multiple Variable XSS
Cacti graph_view.php filter Variable XSS
Cacti index.php/login Multiple Variable XSS
Cacti tree.php Multiple Variable SQL Injection
Cacti graph_xport.php local_graph_id Variable SQL Injection
Cacti index.php/login login_username Variable SQL Injection
LI-Countdown countdown.php years Variable SQL Injection
Affiliate Market user/header.php language Variable Traversal Local File
Inclusion
Nuboard threads.php ssid Variable SQL Injection
ProjectPier index.php Multiple Variable XSS
Cacti graph.php local_graph_id Variable Path Disclosure
artmedic webdesign weblog index.php ta Variable Traversal Arbitrary File
Access
artmedic webdesign weblog artmedic_print.php date Variable Traversal
Arbitrary File Access
LightBlog view_member.php username Variable Traversal Local File
Inclusion
LookStrike Lan Manager modules\class\Table.php sys_conf[path][real]
Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_admins.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_alert.php sys_conf[path][real]
Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_double.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_games.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_matches.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_match_teams.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_news.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_platform.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_players.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_server_group.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_server_ip.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_teams.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_team_players.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_tournaments.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_tournament_teams.php sys_
conf[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\db\db_trees.php sys_conf[path]
[real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\Match.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\MatchTeam.php sys_
conf[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\Rule.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\RuleBuilder.php sys_
conf[path][real] Variable Remote File Inclusion
CVE-2008-0781
CVE-2008-0783
CVE-2008-0783
CVE-2008-0785
CVE-2008-0785
CVE-2008-0785
CVE-2008-0789
CVE-2008-0794
CVE-2008-0796
CVE-2008-0784
CVE-2008-0798
CVE-2008-0798
CVE-2008-0840
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
LookStrike Lan Manager modules\class\tournament\RulePool.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\RuleSingle.php sys_
conf[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\RuleTree.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\Tournament.php sys_
conf[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\TournamentTeam.php
sys_conf[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\Tree.php sys_conf
[path][real] Variable Remote File Inclusion
LookStrike Lan Manager modules\class\tournament\TreeSingle.php sys_
conf[path][real] Variable Remote File Inclusion
Managed Workplace Service Center About/SC_About.htm Direct Request
Information Disclosure
Schoolwires Academic Portal browse.asp c Variable SQL Injection
Schoolwires Academic Portal browse.asp c Variable XSS
Xoops viewtopic.php Multiple Variable XSS
MS TopSites Add-on for PHP-Nuke edit.php uname Variable CSRF
Bandersnatch index.php Multiple Variable XSS
iScripts MultiCart productdetails.php productid Variable SQL Injection
Globsy globsy_edit.php file Variable Traversal Arbitrary File Access
astatsPRO Component for Joomla count_dl_or_link.inc.php id Variable SQL
Injection
PunBB moderate.php get_host Variable XSS
OSSIM session/login.php dest Variable XSS
OSSIM session/login.php dest Variable SQL Injection
beContent news.php id Variable SQL Injection
Monkey HTTP Daemon test2.pl Unspecified Variable XSS
Textpattern textarea/index.php Body Variable XSS
Sun Java System Identity Manager /idm/user/login.jsp nextPage Variable
Arbitrary Site Redirect
Cache' Server Page (CSP) loop.csp TO Variable XSS
Cache' Server Page (CSP) cookie.csp VALUE Variable XSS
Cache' Server Page (CSP) showsource.csp PAGE Variable XSS
Cache' Server Page (CSP) csp/samples/xmlclasseserror.csp ERROR
Variable XSS
Cache' Server Page (CSP) csp/samples/object.csp XSS
Cache' Server Page (CSP) csp/samples/lotteryhistory.csp XSS
Aeries Browser Interface Comments.asp FC Variable SQL Injection
Aeries Browser Interface Labels.asp Term Variable SQL Injection
Aeries Browser Interface ClassList.asp Term Variable SQL Injection
XM-Memberstats Module for Xoops xmmemberstats/index.php Multiple
Variable SQL Injection
Matt's Whois mwhois.php domain Variable XSS
phpQLAdmin ezmlm.php _SESSION[path] Variable Remote File Inclusion
TikiWiki tiki-edit_article.php Unspecified Variable XSS
phpQLAdmin tools/update_translations.php _SESSION[path] Variable
Remote File Inclusion
IBM Lotus QuickPlace leg/Main.nsf PreSetFields Variable XSS
php Download Manager include/body.inc.php content Variable Traversal
Local File Inclusion
Quantum Star server_request.php CONFIG[gameroot] Variable Remote File
Inclusion
Quantum Star qlib/smarty.inc.php CONFIG[gameroot] Variable Remote File
Inclusion
Thecus N5200Pro NAS Server usrgetform.html name Variable Remote File
Inclusion
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0803
CVE-2008-0636
CVE-2008-0908
CVE-2008-0909
CVE-2004-2756
CVE-2007-5918
CVE-2007-6001
CVE-2008-0911
CVE-2008-0905
CVE-2008-0918
CVE-2008-0919
CVE-2008-1921
CVE-2002-1852
CVE-2008-0241
CVE-2007-0437
CVE-2007-0437
CVE-2007-0437
CVE-2007-0437
CVE-2007-0437
CVE-2007-0437
CVE-2008-0943
CVE-2008-0943
CVE-2008-0943
CVE-2008-1041
CVE-2008-1047
CVE-2008-0861
CVE-2008-1042
CVE-2008-0804
AuraCMS mod/dl.php kid Variable SQL Injection
AuraCMS mod/links.php kid Variable SQL Injection
AuraCMS search.php query Variable SQL Injection
TRUC download.php upload_filename Variable Traversal Arbitrary File
Access
PlutoStatus Locator index.php page Variable Traversal Local File Inclusion
DBHcms mod.extmanager.php extmanager_install Variable Remote File
Inclusion
PHP Live! admin/traffic/knowledge_searchm.php questid Variable SQL
Injection
Simple CMS indexen.php area Variable SQL Injection
WP-People Plugin for Wordpress wp-people-popup.php person Variable
SQL Injection
Crafty Syntax Live Help (CSLH) lostsheep.php XSS
MyAnnonces Module for RunCMS index.php cid Variable SQL Injection
Plume CMS manager/xmedia.php dir Variable XSS
Porar Webboard question.asp QID Variable SQL Injection
Aeries Browser Interface GradebookStuScores.asp GrdBk Variable SQL
Injection
astatsPRO Component for Joomla! refer.php id Variable SQL Injection
Serendipity serendipity_admin.php realname Variable XSS
Dokeos main/mySpace/index.php tracking_list_coaches_column Variable
SQL Injection
Dokeos main/create_course/add_course.php tutor_name Variable SQL
Injection
e-Vision CMS iframe.php id Variable SQL Injection
e-Vision CMS print.php id Variable SQL Injection
jlmZone Classifieds Module for XOOPS index.php cid Variable SQL
Injection
Sniplets Plugin for WordPress /modules/syntax_highlight.php libpath
Variable Remote File Inclusion
eEmpregos Module for XOOPS index.php cid Variable SQL Injection
Web_Links Module for PHP-Nuke module.php cid Variable SQL Injection
Sniplets Plugin for WordPress view/sniplets/warning.php text Variable XSS
Sniplets Plugin for WordPress view/sniplets/notice.php text Variable XSS
Sniplets Plugin for WordPress view/sniplets/inset.php text Variable XSS
Sniplets Plugin for WordPress view/admin/submenu.php url Variable XSS
Sniplets Plugin for WordPress modules/execute.php text Variable XSS
Sniplets Plugin for WordPress view/admin/pager.php page Variable XSS
Sniplets Plugin for WordPress modules/execute.php text Variable Arbitrary
Command Execution
EasyContent Module for PHP-Nuke modules.php page_id Variable SQL
Injection
Okul Module for PHP-Nuke Modules.php okulid Variable SQL Injection
OSSIM port/modifyportform.php portname Variable SQL Injection
Manuales Module for PHP-Nuke modules.php cid Variable SQL Injection
NukeC Module for PHP-Nuke modules.php id_catg Variable SQL Injection
Spyce - Python Server Pages (PSP) docs/examples/redirect.spy Multiple
Variable XSS
Spyce - Python Server Pages (PSP) docs/examples/handlervalidate.spy x
Variable XSS
Spyce - Python Server Pages (PSP) spyce/examples/request.spy name
Variable XSS
Spyce - Python Server Pages (PSP) spyce/examples/getpost.spy Name
Variable XSS
Spyce - Python Server Pages (PSP) spyce/examples/formtag.spy Multiple
Variable XSS
Spyce - Python Server Pages (PSP) demos/chat/ URI newline Variable XSS
CVE-2008-0811
CVE-2008-0811
CVE-2008-0811
CVE-2008-0814
CVE-2008-0819
CVE-2008-1038
CVE-2008-0821
CVE-2008-0835
CVE-2008-0845
CVE-2008-0848
CVE-2008-0878
CVE-2008-1048
CVE-2008-1039
CVE-2008-0942
CVE-2008-0839
CVE-2008-0124
CVE-2008-0850
CVE-2008-0850
CVE-2008-0856
CVE-2008-0856
CVE-2008-0873
CVE-2008-0874
CVE-2008-0879
CVE-2008-0880
CVE-2008-0881
CVE-2008-0920
CVE-2008-0922
CVE-2008-0934
CVE-2008-0980
CVE-2008-0980
CVE-2008-0980
CVE-2008-0980
CVE-2008-0980
CVE-2008-0980
Spyce - Python Server Pages (PSP) docs/examples/formintro.spy text1
Variable XSS
Spyce - Python Server Pages (PSP) docs/examples/formtag.spy Multiple
Variable XSS
Spyce - Python Server Pages (PSP) spyce/examples/redirect.spy url
Variable Arbitrary Site Redirect
Spyce - Python Server Pages (PSP) spyce/examples/automaton.spy Direct
Request Error Message Information Disclosure
myTopics Module for XOOPS print.php articleid Variable SQL Injection
Interspire Shopping Cart search.php search_query Variable XSS
AuthentiX aspAdmin/editUser.asp username Variable XSS
AuthentiX aspAdmin/deleteUser.asp username Variable XSS
Bajie Http Web Server Query String XSS
Centreon color_picker.php Multiple Variable XSS
Packeteer Multiple Products File Listing Function Error Report page
FILELIST Variable XSS
XRMS CRM /admin/users/self.php msg Variable XSS
Alkacon OpenCms tree_files.jsp resource Variable XSS
Centreon get_image.php Multiple Variable Traversal Local File Inclusion
Serendipity serendipity_admin.php Crafted File Upload XSS
Crafty Syntax Live Help (CSLH) livehelp.php XSS
Crafty Syntax Live Help (CSLH) user_questions.php XSS
Crafty Syntax Live Help (CSLH) leavemessage.php XSS
HFS (HTTP File Server) Cross-Site Scripting (XSS) and Host Field XSS
HFS (HTTP File Server) Information Disclosure Vulnerability
HFS (HTTP File Server) Arbitrary File/Folder Creation Vulnerability
HFS (HTTP File Server) Denial of Service (DoS) Vulnerability
HFS (HTTP File Server) Username Spoofing
HFS (HTTP File Server) Log Forging/Injection Vulnerability
Softbiz Banner Exchange Network Script campaign_stats.php id Variable
SQL Injection
Softbiz Ad Management ads.php package Variable SQL Injection
Softbiz Auctions Script product_desc.php id Variable SQL Injection
Broadcast Machine login.php username Variable XSS
ExoPHPdesk index.php fn Action user Variable SQL Injection
XZero Community Classifieds config.inc.php path_escape Variable Remote
File Inclusion
LiveCart user/remindPassword return Variable XSS
LiveCart category q Variable XSS
LiveCart order return Variable XSS
LiveCart user/remindComplete email Variable XSS
PHP ZLink go.php id Variable SQL Injection
1024 CMS search.php ip Variable SQL Injection
Plogger plog-rss.php id Variable SQL Injection
InstantSoftwares Dating Site login_form.asp msg Variable XSS
InstantSoftwares Dating Site login_form.asp Multiple Variable SQL Injection
Dokeos forum/viewthread.php forum Variable XSS
Dokeos forum/viewforum.php forum Variable XSS
Dokeos work/work.php display_upload_form Action origin Variable XSS
Ip Reg vlanview.php vlan_id Variable SQL Injection
Ip Reg vlanedit.php vlan_id Variable SQL Injection
Ip Reg vlandel.php vlan_id Variable SQL Injection
Ip Reg assetclassgroupview.php assetclassgroup_id Variable SQL Injection
Ip Reg nodelist.php subnet_id Variable SQL Injection
MyPHP Forum faq.php id Variable SQL Injection
MyPHP Forum member.php member Variable SQL Injection
MyPHP Forum search.php Multiple Variable SQL Injection
Redirection dir.php cat Variable XSS
CVE-2008-0980
CVE-2008-0980
CVE-2008-0981
CVE-2008-0982
CVE-2008-0847
CVE-2003-1543
CVE-2008-1037
CVE-2008-1045
CVE-2008-0124
CVE-2008-0409
CVE-2008-0410
CVE-2008-0405
CVE-2008-0406
CVE-2008-0407
CVE-2008-0408
CVE-2007-5997
CVE-2007-5998
CVE-2007-5999
CVE-2007-3694
CVE-2007-5991
CVE-2007-6568
CVE-2007-6646
CVE-2007-6646
CVE-2007-6646
CVE-2007-6646
CVE-2007-6578
CVE-2007-6583
CVE-2007-6587
CVE-2008-0131
CVE-2007-6671,2008-0130
CVE-2007-6574
CVE-2007-6574
CVE-2007-6574
CVE-2007-6579
CVE-2007-6579
CVE-2007-6579
CVE-2007-6579
CVE-2007-6579
CVE-2007-6667
CVE-2007-6667
CVE-2008-0099
CVE-2007-6641
Zenphoto rss.php albumnr Variable SQL Injection
CMS Made Simple modules/TinyMCE/content_css.php templateid Variable
SQL Injection
Logaholic update.php page Variable SQL Injection
Logaholic index.php parameter Variable SQL Injection
Logaholic profiles.php newconfname Variable XSS
eSyndiCat Link Exchange Script suggest-link.php id Variable SQL Injection
iSupport index.php include_file Variable Local File Inclusion
Arcadem LE frontpage_right.php loadadminpage Variable Remote File
Inclusion
TeamCal tcuser.class.php CONF[app_root] Variable Remote File Inclusion
TeamCal absencecount.inc.php CONF[app_root] Variable Remote File
Inclusion
TeamCal avatar.inc.php CONF[app_root] Variable Remote File Inclusion
TeamCal csvhandler.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal functions.tcpro.php CONF[app_root] Variable Remote File
Inclusion
TeamCal header.html.inc.php CONF[app_root] Variable Remote File
Inclusion
TeamCal joomlajack.tcpro.php CONF[app_root] Variable Remote File
Inclusion
TeamCal menu.inc.php CONF[app_root] Variable Remote File Inclusion
TeamCal other.inc.php CONF[app_root] Variable Remote File Inclusion
TeamCal tcabsence.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal tcabsencegroup.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal tcallowance.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal tcannouncement.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal tcconfig.class.php CONF[app_root] Variable Remote File Inclusion
TeamCal tcdaynote.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal tclogin.class.php CONF[app_root] Variable Remote File Inclusion
TeamCal tcmonth.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal tctemplate.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal tcusergroup.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal tcuseroption.class.php CONF[app_root] Variable Remote File
Inclusion
TeamCal register.php lang Variable Traversal Local File Inclusion
TeamCal login.php lang Variable Traversal Local File Inclusion
TeamCal statistics.php lang Variable Traversal Local File Inclusion
Makale Scripti Ara/default.asp ara Variable XSS
NoseRub identity.php Login Script username Variable SQL Injection
Kontakt Formular includes/function.php root_path Variable Remote File
Inclusion
JBrowser browser.php directory Variable Traversal Arbitrary File Access
JLMForo System buscador.php clave Variable XSS
OpenBiblio staff_del_confirm.php Multiple Variable XSS
OpenBiblio theme_del_confirm.php name Variable XSS
OpenBiblio theme_preview.php themeName Variable XSS
XOOPS system_blocks.php b_system_comments_show() Information
Disclosure
AGENCY4NET WEBFTP download2.php file Variable Traversal Arbitrary
File Access
CVE-2007-6666
CVE-2007-6656
CVE-2007-6559
CVE-2007-6559
CVE-2007-6560
CVE-2007-6543
CVE-2007-6539
CVE-2007-6542
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6553
CVE-2007-6554
CVE-2007-6554
CVE-2007-6554
CVE-2007-6673
CVE-2007-6602
CVE-2007-6655
CVE-2004-2750
CVE-2007-5954
CVE-2007-6608
CVE-2007-6608
CVE-2007-6608
CVE-2007-6675
CVE-2008-0091
PNphpBB2 printview.php phpEx Variable Traversal Local File Inclusion
xml2owl showCode.php path Variable Arbitrary Command Execution
milliscripts dir.php browse Action cat Variable XSS
Mihalism Multi Host download.php file Variable Traversal Arbitrary File
Access
CuteNews file.php file Variable Traversal Arbitrary File Disclosure
ClipShare uprofile.php UID Variable SQL Injection
oneSCHOOL admin/login.asp txtLoginID Variable SQL Injection
CCMS admin.php/vars.php Console Page p Variable SQL Injection
Mihalism Multi Forum Host load_forum.php mfh_root_path Variable Remote
File Inclusion
MultiCart search.php ddlCategory Variable SQL Injection
MultiCart categorydetail.php catid Variable SQL Injection
Ossigeno CMS upload/common/footer.php level Variable Remote File
Inclusion
Bitweaver wiki/edit.php suck_url Variable Traversal Source Code Disclosure
Bilder Galerie includes/tumbnail.php config[root_ordner] Variable Remote
File Inclusion
samPHPweb Template for SAM Broadcaster common/db.php commonpath
Variable Remote File Inclusion
MODx Content Management System AjaxSearch.php as_language Variable
Local File Inclusion
MODx Content Management System htcmime.php file Variable Local File
Inclusion
RapidShare Database Default.asp Arayalim Variable XSS
NetRisk index.php page Variable XSS
Neuron News /patch Default URI q Variable SQL Injection
mosDirectory Component for Joomla! mod_pxt_latest.php GLOBALS
[mosConfig_absolute_path] Variable Remote File Inclusion
MeGaCheatZ comments.php ItemID Variable SQL Injection
MeGaCheatZ view.php ItemID Variable SQL Injection
MeGaCheatZ siteadmin/ViewItem.php ItemID Variable SQL Injection
Snitz Forums 2000 setup.asp Multiple Variable XSS
SiteSys inc/pagehead.inc.php doc_root Variable Remote File Inclusion
SiteSys inc/pageinit.inc.php doc_root Variable Remote File Inclusion
Tribisur cat_main.php id Variable SQL Injection
Tribisur forum.php cat Variable SQL Injection
ClipShare uprofile.php UID Variable SQL Injection
Oracle E-Business Suite okxLOV.jsp Unspecified SQL Injection
SineCMS mods/Integrated/index.php sine[config][index_main] Variable
Remote File Inclusion
Newbb_plus Module for RunCms modules/newbb_plus/index.php Client-IP
HTTP Header SQL Injection
Linksys WRT54GL apply.cgi CSRF
PHPNews change_action.php format_menue Variable Remote File
Inclusion
AL-Athkar Main.php include Variable Remote File Inclusion
AL-Athkar get.php include Variable Remote File Inclusion
AL-Athkar count.php exec Variable Remote File Inclusion
DomPHP welcome/inscription.php mail Variable SQL Injection
osDate php121db.php php121dir Variable Remote File Inclusion
Docebo lib.regset.php Accept-Language HTTP Header SQL Injection
Bitweaver wiki/index.php editcomments Action Arbitrary PHP Code Injection
Joovili include/images.inc.php picture Variable Traversal Arbitrary File
Access
Bitweaver fisheye/upload.php GIF Content Type Unrestricted Arbitrary File
Upload
WebEvent webevent.cgi cmd Variable XSS
WebEvent webevent.pl cmd Variable XSS
CVE-2007-6624
CVE-2007-6632
CVE-2007-6641
CVE-2007-6653
CVE-2007-6662
CVE-2008-0089
CVE-2007-6665
CVE-2007-6658
CVE-2007-6657
CVE-2007-5261
CVE-2007-5261
CVE-2007-5234
CVE-2007-6651
CVE-2007-6649
CVE-2008-0143
CVE-2008-0094
CVE-2008-0094
CVE-2007-6674
CVE-2008-0186
CVE-2007-6540
CVE-2007-6555
CVE-2007-6557
CVE-2007-6557
CVE-2007-6557
CVE-2008-0134
CVE-2007-5166
CVE-2007-5166
CVE-2008-0133
CVE-2008-0133
CVE-2007-5766
CVE-2008-0224
CVE-2008-0228
CVE-2007-4232
CVE-2007-4170
CVE-2007-4170
CVE-2007-4170
CVE-2008-0282
CVE-2008-0230
CVE-2007-6412
CVE-2007-6620
CVE-2007-6650
Xcomputer Search.asp EXPS Variable XSS
PHCDownload search.php string Variable XSS
PHCDownload search.php string Variable SQL Injection
eTicket newticket.php Multiple Variable XSS
Site@School slideshow_full.php album_name Variable SQL Injection
PHP CLASSIFIEDS config.inc.php path_escape Variable Remote File
Inclusion
Loudblog loudblog/inc/parse_old.php template Variable Arbitrary Remote
Code Execution
Uebimiau Webmail error.php selected_theme Variable Arbitrary File Access
W3-mSQL Error Page URI XSS
EvilBoard index.php c Variable SQL Injection
EvilBoard index.php c Variable XSS
Snitz Forums forum/snitz_forums_2000.mdb Direct Request Database
Disclosure
Snitz Forums forum/whereami.asp Direct Request Path Disclosure
mod_gallery Module for XOOPS xoopsgallery/init_basic.php GALLERY_
BASEDIR Variable Remote File Inclusion
WebPortal CMS actions.php user_name Variable SQL Injection
IceWarp Mail Server admin/index.html message Variable XSS
Snitz Forums login.asp target Variable XSS
RotaBanner Local account/index.html Multiple Variable XSS
WordPress wp-admin/post.php popuptitle Variable XSS
WordPress wp-admin/page-new.php popuptitle Variable XSS
samPHPweb songinfo.php songid Variable SQL Injection
NetRisk index.php pid Variable SQL Injection
ht://dig htsearch sort Variable XSS
Novell NetWare Enterprise Web Server webacc Servlet error Variable
Remote HTT File Access
PHP MySQL Banner Exchange inc/lib.inc Direct Request Database
Disclosure
Merak Mail Server admin/index.html message Variable XSS
Strawberry (CuteNews) plugins/wacko/highlight/html.php text Variable
Arbitrary Code Execution
TutorialCMS activate.php userName Variable SQL Injection
FreeSeat cron.php Administrator Bypass
Dansie Search Engine search.pl keywords Variable XSS
iGaming CMS archive.php section Variable SQL Injection
RichStrong CMS showproduct.asp cat Variable SQL Injection
Form Tools admin_page_open.php g_root_dir Variable Remote File
Inclusion
Form Tools client_page_open.php g_root_dir Variable Remote File
Inclusion
Dansie Photo Album photo_album.pl search Variable XSS
vcart checkout.php abs_path Variable Remote File Inclusion
Apache HTTP Server mod_status refresh XSS
WebPortal CMS actions.php lostpass Action Remote Arbitrary Account
Access
Shop-Script index.php aux_page Variable Traversal Arbitrary File Access
CA eTrust SiteMinder Agent forms/smpwservices.fcc SMAUTHREASON
Variable XSS
Philex download.php file Variable Arbitrary File Access
phPay on Windows main.php config Variable Traversal Local File Inclusion
Article Dashboard admin/login.php Multiple Variable SQL Injection
Site2Nite Real Estate Web default.asp Multiple Variable SQL Injection
php-residence visualizza_tabelle.php cognome_cerca Variable SQL
Injection
aliTalk inc/receivertwo.php mohit Variable SQL Injection
aliTalk inc/usercp.php id Variable SQL Injection
CVE-2007-5479
CVE-2007-6669
CVE-2007-6670
CVE-2008-0093
CVE-2008-0129
CVE-2008-0137
CVE-2008-0139
CVE-2008-0140
CVE-2008-0146
CVE-2008-0154
CVE-2008-0155
CVE-2008-0135
CVE-2008-0136
CVE-2008-0138
CVE-2008-0142
CVE-2008-0218
CVE-2008-0208
CVE-2008-0200
CVE-2008-0192
CVE-2008-0192
CVE-2008-0187
CVE-2008-0185
CVE-2007-6110
CVE-2004-2105
CVE-2007-6512
CVE-2008-0218
CVE-2008-0254
CVE-2008-0293
CVE-2008-0257
CVE-2008-0255
CVE-2008-0291
CVE-2007-6464
CVE-2007-6464
CVE-2008-0292
CVE-2008-0287
CVE-2007-6388
CVE-2008-0141
CVE-2008-0158
CVE-2007-5923
CVE-2007-1698
CVE-2007-6471
CVE-2008-0286
CVE-2008-0353
CVE-2008-0371
CVE-2008-0371
aliTalk admin/index.php username Variable SQL Injection
bcoos modules/adresses/ratefile.php lid Variable SQL Injection
bcoos modules/arcade/index.php gid Variable SQL Injection
bcoos modules/myalbum/ratephoto.php lid Variable SQL Injection
bcoos modules/mylinks/ratelink.php lid Variable SQL Injection
Binn SBuilder full_text.php nid Variable SQL Injection
minimal Gallery _mg/php/mg_thumbs.php Multiple Variable Traversal
Arbitrary Remote File Access
Xforum liretopic.php topic Variable SQL Injection
Clever Copy gallery.php album Variable XSS
Clever Copy gallery.php album Variable SQL Injection
Clever Copy postcomment.php ID Variable SQL Injection
Famp3 show.php id Variable SQL Injection
ASP Photo Gallery thumb.asp id Variable SQL Injection
ASP Photo Gallery thumbricerca.asp Multiple Variable SQL Injection
ASP Photo Gallery Imgbig.asp id Variable SQL Injection
ImageAlbum classes/IADomain.php id Variable SQL Injection
ImageAlbum classes/IACollection.php id Variable SQL Injection
ImageAlbum classes/IAUser.php id Variable SQL Injection
DomPHP aides/index.php page Variable Remote File Inclusion
ID-Commerce liste.php idFamille Variable SQL Injection
MTCMS index.php Multiple Variable SQL Injection
eTicket view.php s Variable XSS
eTicket search.php Multiple Variable SQL Injection
eTicket admin.php Multiple Variable SQL Injection
F5 BIG-IP list_system.jsp SearchString Variable XSS
F5 BIG-IP list_pktfilter.jsp SearchString Variable XSS
F5 BIG-IP list_ltm.jsp SearchString Variable XSS
F5 BIG-IP resources_audit.jsp SearchString Variable XSS
F5 BIG-IP list_asm.jsp SearchString Variable XSS
F5 BIG-IP list.jsp SearchString Variable XSS
PhpAutoVideo includes/articleblock.php articlecat Variable SQL Injection
Mini File Host pages/upload.php language Variable Local File Inclusion
Faname page.php id Variable SQL Injection
FaPersian Petition show.php Variable id SQL Injection
FaPersianHack show.php id Variable SQL Injection
FaMp3 show.php id Variable SQL Injection
Wallpaper Site category.php catid Variable SQL Injection
Wallpaper Site editadgroup.php groupid Variable SQL Injection
Social Engine admin_header_group.php global_lang Variable Traversal
Local File Inclusion
Social Engine admin_header_blog.php global_lang Variable Traversal
Local File Inclusion
Social Engine admin_header_album.php global_lang Variable Traversal
Local File Inclusion
Social Engine header_group.php global_lang Variable Traversal Local File
Inclusion
Social Engine header_blog.php global_lang Variable Traversal Local File
Inclusion
Social Engine header_album.php global_lang Variable Traversal Local File
Inclusion
OpenBiblio phpinfo.php phpinfo Function Direct Request Information
Disclosure
Singapore default.php gallery Variable XSS
PHP Webquest soporte_horizontal_w.php id_actividad Variable SQL
Injection
AwesomeTemplateEngine templates/example_template.php Multiple
Variable XSS
CVE-2008-0371
CVE-2007-6275
CVE-2007-6266
CVE-2007-6266
CVE-2007-6266
CVE-2008-0253
CVE-2008-0259
CVE-2008-0279
CVE-2008-0362
CVE-2008-0363
CVE-2008-0363
CVE-2008-0256
CVE-2008-0256
CVE-2008-0256
CVE-2008-0288
CVE-2008-0288
CVE-2008-0288
CVE-2008-0283
CVE-2008-0281
CVE-2008-0280
CVE-2008-0268
CVE-2008-0267
CVE-2008-0267
CVE-2008-0265
CVE-2008-0265
CVE-2008-0265
CVE-2008-0265
CVE-2008-0265
CVE-2008-0265
CVE-2008-0262
CVE-2008-0357
CVE-2008-0325
CVE-2008-0326
CVE-2008-0327
CVE-2007-6580
CVE-2007-6580
CVE-2007-6581
CVE-2007-6581
CVE-2007-6581
CVE-2007-6581
CVE-2007-6581
CVE-2007-6581
CVE-2007-6606
CVE-2008-0400
CVE-2008-0219
CVE-2008-0190
Hackish shoutbox/blocco.php go_shout Variable XSS
phpAutoVideo sidebar.php loadpage Variable Remote File Inclusion
MyBB inc/datahandlers/pm.php options[disablesmilies] Variable SQL
Injection
SocketMail content/fnc-readmail3.php __SOCKETMAIL_ROOT Variable
Remote File Inclusion
Small Axe Weblog linkbar.php Multiple Variable Remote File Inclusion
PacerCMS submit.php Multiple Field XSS
bloofoxCMS admin/index.php Multiple Variable SQL Injection
bloofoxCMS file.php file Variable Traversal Arbitrary File Access
PMachine Pro pm/language/spanish/preferences.php L_PREF_NAME[855]
Variable XSS
aria arias/help/effect.php page Variable Traversal Local File Inclusion
Lama Software inc.steps.access_error.php MY_CONF[classRoot] Variable
Remote File Inclusion
Lama Software inc.steps.check_login.php MY_CONF[classRoot] Variable
Remote File Inclusion
Lama Software inc.steps.init_system.php MY_CONF[classRoot] Variable
Remote File Inclusion
PHP-Nuke modules/Search/index.php sid Variable SQL Injection
aflog view.php id Variable SQL Injection
aflog comments.php id Variable SQL Injection
IDMOS administrator/download.php fileName Variable Traversal Arbitrary
File Download
OZJournals index.php id Variable Remote File Access
PHP File Sharing System index.php cam Variable Traversal Arbitrary File
Access
aconon Mail archiv.cgi template Variable Traversal Arbitrary File Access
Web Wiz Forums RTE_file_browser.asp sub Variable Traversal Arbitrary
File Access
Web Wiz Forums file_browser.asp sub Variable Traversal Arbitrary File
Access
Web Wiz Rich Text Editor RTE_file_browser.asp sub Variable Traversal
Arbitrary File Access
Web Wiz NewsPad RTE_file_browser.asp sub Variable Traversal Arbitrary
File Access
Liquid-Silver CMS update/index.php update Variable Traversal Local File
Inclusion
MediaWiki api.php Unspecified XSS
GradMan agregar_info.php tabla Traversal Local File Inclusion
cPanel dohtaccess.html rurl Variable XSS
Kayako SupportSuite syncml/index.php Direct Request Remote Information
Disclosure
Seagull PHP Framework optimizer.php files Variable Traversal Arbitrary File
Access
BLOG:CMS photo/admin.php PATH_INFO Variable XSS
BLOG:CMS photo/index.php PATH_INFO Variable XSS
BLOG:CMS action.php user Variable SQL Injection
BLOG:CMS admin/plugins/table/index.php field Variable SQL Injection
GradMan info.php tabla Variable Traversal Local File Inclusion
Hot or Not Clone control/backup/backup.php Direct Request Remote
Password Disclosure
Justice Guestbook cfooter.php3 Direct Request Error Message Remote
Path Disclosure
Justice Guestbook jgb.php3 Multiple Variable XSS
PhpPass accesscontrol.php Multiple Variable SQL Injection
PhpMyShop compte.php Multiple Variable SQL Injection
Ceilidh testcgi.exe query Variable XSS
Flash Uploader Component for Joomla! install.joomla_flash_uploader.php
mosConfig_absolute_path Variable Remote File Inclusion
CVE-2007-5677
CVE-2008-0433
CVE-2007-5627
CVE-2008-0376,2008-0442
CVE-2008-0426
CVE-2008-0428
CVE-2008-0427
CVE-2008-0334
CVE-2008-0332
CVE-2008-0423
CVE-2008-0423
CVE-2008-0423
CVE-2008-0461
CVE-2008-0397
CVE-2008-0397
CVE-2008-0431
CVE-2008-0435
CVE-2007-5454
CVE-2008-0464
CVE-2008-0481
CVE-2008-0480
CVE-2008-0481
CVE-2008-0479
CVE-2008-0459
CVE-2008-0460
CVE-2008-0361
CVE-2008-0370
CVE-2008-0395
CVE-2008-0465
CVE-2008-0359
CVE-2008-0359
CVE-2008-0360
CVE-2008-0360
CVE-2008-0393
CVE-2007-6603
CVE-2003-1535
CVE-2003-1534
CVE-2003-1533
CVE-2003-1532
CVE-2003-1531
CVE-2007-5457
Flash Uploader Component for Joomla! uninstall.joomla_flash_
uploader.php mosConfig_absolute_path Variable Remote File Inclusion
Php-Stats php-stats.recjs.php Multiple Variable SQL Injection
com_colorlab Component for Joomla! admin.color.php mosConfig_live_site
Variable Remote File Inclusion
BBPortalS tnews.php id Variable SQL Injection
Woltlab Burning Board modcp.php thread_del Action CSRF
The Online Web Library Site src/scripture.php pageHeaderFile Variable
Remote File Inclusion
phpBB privmsg.php deleteall Action CSRF
CaupoShop Pro index.php action Variable Remote File Inclusion
emagiC CMS.Net emc.asp pageId Variable SQL Injection
FireConfig dl.php file Variable Traversal Arbitrary File Access
teatro pub/pub08_comments.php basePath Variable Remote File Inclusion
phpFaber URLInn urlinn_includes/config.php dir_ws Variable Remote File
Inclusion
F5 BIG-IP Application Security Manager rep_request.php report_type
Variable XSS
Pre Dynamic Institution login.asp Multiple Variable SQL Injection
Pre Dynamic Institution siteadmin/login.asp Multiple Variable SQL Injection
CandyPress Store ajax/ajax_getTiers.asp idcust Variable SQL Injection
CandyPress Store ajax/ajax_getCust.asp idcust Variable SQL Injection
CandyPress Store ajax/ajax_getBrands.asp recid Variable SQL Injection
CandyPress Store ajax/ajax_tableFields.asp tableName Variable SQL
Injection
CandyPress Store admin/utilities_ConfigHelp.asp helpfield Variable SQL
Injection
CandyPress Store admin/SA_shipFedExMeter.asp FedExAccount Variable
SQL Injection
CandyPress Store ajax/ajax_optInventory.asp Multiple Variable SQL
Injection
CandyPress Store admin/utilities_ConfigHelp.asp helpfield Variable XSS
GoSamba HTML_oben.php include_path Variable Remote File Inclusion
GoSamba inc_freigabe.php include_path Variable Remote File Inclusion
GoSamba inc_freigabe1.php include_path Variable Remote File Inclusion
GoSamba inc_freigabe3.php include_path Variable Remote File Inclusion
GoSamba inc_group.php include_path Variable Remote File Inclusion
GoSamba inc_manager.php include_path Variable Remote File Inclusion
GoSamba inc_newgroup.php include_path Variable Remote File Inclusion
GoSamba inc_smb_conf.php include_path Variable Remote File Inclusion
GoSamba inc_user.php include_path Variable Remote File Inclusion
GoSamba main.php include_path Variable Remote File Inclusion
phpIP Management login.php password Variable SQL Injection
phpIP Management display.php id Variable SQL Injection
Alice Gate2 Plus Wi-Fi cp06_wifi_m_nocifr.cgi CSRF
PHP Image xarg_corner.php xarg Variable Remote File Inclusion
PHP Image xarg_corner_bottom.php xarg Variable Remote File Inclusion
PHP Image xarg_corner_top.php xarg Variable Remote File Inclusion
MicroNews admin.php Direct Request Privilege Escalation
Sun Java System Identity Manager /idm/login.jsp Multiple Variable XSS
Sun Java System Identity Manager /idm/account/findForSelect.jsp
resultsForm Variable XSS
Sun Java System Identity Manager /idm/user/main.jsp activeControl
Variable XSS
Simple Forum forum.php Multiple Variable XSS
WP-Cal Plugin for WordPress functions/editevent.php id Variable SQL
Injection
ASPired2Protect login.asp Multiple Variable SQL Injection
SoftCart SoftCart.exe Multiple Variable XSS
CVE-2007-5457
CVE-2007-5452
CVE-2007-5451
CVE-2007-5630
CVE-2008-0472
CVE-2007-5628
CVE-2008-0471
CVE-2007-5784
CVE-2007-5783
CVE-2007-5782
CVE-2007-5780
CVE-2007-5754
CVE-2007-5786
CVE-2007-5786
CVE-2007-5786
CVE-2007-5786
CVE-2007-5786
CVE-2007-5786
CVE-2007-5786
CVE-2007-5786
CVE-2007-5786
CVE-2007-5786
CVE-2007-5697
CVE-2007-5697
CVE-2007-5697
CVE-2008-0377
CVE-2008-0239
CVE-2008-0239
CVE-2008-0239
CVE-2008-0490
CVE-2008-0487
Nucleus CMS action.php URL XSS
AdServe Plugin for WordPress adclick.php id Variable SQL Injection
Smart Publisher admin/op/disp.php filedata Variable Arbitrary Remote Code
Execution
SQLiteManager spaw/dialogs/confirm.php spaw_root Variable Remote File
Inclusion
Connectix Boards part_userprofile.php template_path Variable Remote File
Inclusion
Bigware Shop main_bigware_53.php pollid Variable SQL Injection
Nukebrowser nukebrowser.php filhead Variable Remote File Inclusion
Thatware thatfile.php root_path Variable Remote File Inclusion
Simple Forum thumbnail.php file Variable Traversal Arbitrary File Access
PHP Links vote.php id Variable SQL Injection
WordPress WassUp Plugin spy.php to_date Variable SQL Injection
Vulnerability
ZyXEL P-330W ping.asp pingstr Variable XSS
CVE-2008-0497
CVE-2008-0498
CVE-2003-1436
CVE-2002-2299
Vulnerability Name
CVE
AL-Caricatier cat_viewed.php CatName Variable Remote File Inclusion
Absolute Banner Manager .NET abm.aspx z Variable SQL Injection
Ace Image Hosting Script albums.php id Variable SQL Injection
Aceboard Forum Recherche.php Unspecified SQL Injection
ActiveKB NX index.php browse Action catId Variable SQL Injection
AdultScript links.php id Variable SQL Injection
AdultScript videolink_count.php id Variable SQL Injection
Aeries Browser Interface LostPwd.asp EmailAddress Variable SQL
Injection
Ajax File Browser _includes/settings.inc.php approot Variable Remote File
Inclusion
Apache Tomcat SendMailServlet sendmail.jsp XSS
Apache Tomcat examples/servlet/CookieExample Multiple Variable XSS
Banners Module for bcoos modules/banners/click.php bid Variable SQL
Injection
Bitweaver search/index.php highlight Variable SQL Injection
Bitweaver wiki/list_pages.php sort_mode Variable SQL Injection
Buddy Zone video_gallery.php member_id Variable SQL Injection
Buddy Zone view_events.php cat_id Variable SQL Injection
Buddy Zone view_news.php news_id Variable SQL Injection
Buddy Zone view_sub_cat.php cat_id Variable SQL Injection
Carousel Flash Image Gallery Component for Joomla! admin.jjgallery.php
mosConfig_absolute_path Variable Remote File Inclusion
Centreon MakeXML.php fileOreonConf Variable Remote File Inclusion
Centreon MakeXML4statusCounter.php fileOreonConf Variable Remote
File Inclusion
Citrix Netscaler ws/generic_api_call.pl standalone Variable XSS
CityWriter head.php path Variable Remote File Inclusion
Claroline inc/lib/language.lib.php language Variable Traversal Local File
Inclusion
Confixx Professional fehler.inc.php Unspecified Variable Remote File
Inclusion
Content Component for Joomla! (com_content) archive.php filter Variable
archive Action SQL Injection
Content Component for Joomla! (com_content) category.php filter
Variable archive Action SQL Injection
Content Component for Joomla! (com_content) section.php filter Variable
archive Action SQL Injection
CuteNews search.php Unspecified Information Disclosure
DM Guestbook admin/admin.guestbook.php lng Traversal Variable Local
File Inclusion
DM Guestbook auto/ch_lng.php lngdefault Traversal Variable Local File
Inclusion
DM Guestbook auto/glob_new.php lng Traversal Variable Local File
Inclusion
DM Guestbook guestbook.php lng Traversal Variable Local File Inclusion
Easy Hosting Control Panel dbutil.bck.php confdir Variable Remote File
Inclusion
Easy Hosting Control Panel dbutil.php confdir Variable Remote File
Inclusion
Eurologon CMS articles.php id Variable SQL Injection
Eurologon CMS links.php id Variable SQL Injection
Eurologon CMS reviews.php id Variable SQL Injection
CVE-2007-4167
CVE-2007-6291
CVE-2007-6393
CVE-2007-4209
CVE-2007-5131
CVE-2007-6576
CVE-2007-6576
CVE-2007-6517
CVE-2007-4921
CVE-2007-3383
CVE-2007-3384
CVE-2007-6080
CVE-2007-6375
CVE-2007-6375
CVE-2007-3526
CVE-2007-3526
CVE-2007-3526
CVE-2007-3549
CVE-2007-6027
CVE-2007-6037
CVE-2007-4718
CVE-2007-6042
CVE-2007-4778,2007-4777
CVE-2007-4777,2007-4778
CVE-2007-4777,2007-4778
CVE-2007-5821
CVE-2007-5821
CVE-2007-5821
CVE-2007-5821
CVE-2007-6178
CVE-2007-6178
CVE-2007-6164
CVE-2007-6164
CVE-2007-6164
Vulnerability checks
added in 2007
Eurologon CMS users/files.php file Variable Traversal Remote Arbitrary
CVE-2007-6185
File Access
Event Calendar for bcoos modules/ecal/display.php month Variable XSS CVE-2007-6365
F5 FirePass 4100 SSL VPN my.activation.php3 URL XSS
F5 FirePass 4100 SSL VPN my.logon.php3 URL XSS
FAQMasterFlexPlus faq.php cat_name Variable XSS
CVE-2007-6633
FAQMasterFlexPlus faq.php category_id Variable SQL Injection
CVE-2007-6634
Falt4Extreme index.php handler Variable XSS
CVE-2007-6310
Falt4Extreme index.php nav_ID Variable SQL Injection
CVE-2007-6311
Falt4Extreme modules/feed/feed.php topic Variable XSS
CVE-2007-6310
Fastpublish CMS designconfig.php config[fsBase] Variable Remote File
CVE-2007-6325
Inclusion
Force Download downloadfile.php file Variable Traversal Arbitrary File
CVE-2007-5732
Access
Galmeta Post upload_config.php DDS Variable Remote File Inclusion
CVE-2007-5567
Ganglia web/get_context.php Multiple Variable XSS
CVE-2007-6465
Ganglia web/graph.php Multiple Variable XSS
CVE-2007-6465
Ganglia web/host_gmetrics.php Multiple Variable XSS
CVE-2007-6465
GestDown catdownload.php categorie Variable SQL Injection
CVE-2007-6373
GestDown download.php id Variable SQL Injection
CVE-2007-6373
GestDown hitcounter.php id Variable SQL Injection
CVE-2007-6373
HotScripts Clone Script software-description.php id Variable SQL Injection CVE-2007-6084
IPortalX blogs.asp Date Variable XSS
CVE-2007-6597
IPortalX forum/login_user.asp Multiple Variable XSS
CVE-2007-6597
IT!CMS (itcms) lang-en.php wndtitle Variable XSS
CVE-2007-4115
IT!CMS (itcms) menu-ed.php wndtitle Variable XSS
CVE-2007-4115
IT!CMS (itcms) titletext-ed.php wndtitle Variable XSS
CVE-2007-4115
J! Reactions for Joomla! (com_jreactions) langset.php comPath Variable
CVE-2007-4244
Remote File Inclusion
JLMForo System modificarPerfil.php signature XSS
CVE-2007-6364
JUser Component for Joomla! xajax_functions.php mosConfig_absolute_
CVE-2007-6038
path Variable Remote File Inclusion
Japanese PHP Gallery Hosting upload/upload.php ServerPath Variable
CVE-2007-5733
Unrestricted Arbitrary File Upload
Joomla! Modifier.php Direct Request Multiple Error Message Information
CVE-2007-4185
Disclosure
Joomla! Output.php Direct Request Multiple Error Message Information
CVE-2007-4185
Disclosure
Joomla! OutputCache.php Direct Request Multiple Error Message
CVE-2007-4185
Information Disclosure
Joomla! OutputFilter.php Direct Request Multiple Error Message
CVE-2007-4185
Information Disclosure
Joomla! Reader.php Direct Request Multiple Error Message Information
CVE-2007-4185
Disclosure
Joomla! Stat.php Direct Request Multiple Error Message Information
CVE-2007-4185
Disclosure
Joomla! TemplateCache.php Direct Request Multiple Error Message
CVE-2007-4185
Information Disclosure
Joomla! pollwindow.php pollid Variable SQL Injection
CVE-2007-4184
Joovili joovili.images.php picture Variable Traversal Local File Inclusion CVE-2007-6621
KML share region.php layer Variable Traversal Arbitrary File Access
CVE-2007-6212
LearnLoop include/file_download.php sFilePath Variable Traversal
CVE-2007-6214
Arbitrary File Access
Learning Management System userlogin.jsp user Variable SQL Injection CVE-2007-6338
Limbo CMS admin.php com_option Variable XSS
CVE-2007-6564
LineShout shout.php Multiple Variable XSS
MRBS Module for Moodle view_entry.php id Variable SQL Injection
CVE-2007-6538
MWOpen leggi_commenti.asp id Variable SQL Injection
CVE-2007-6292
MailMachinePRO showMsg.php id Variable SQL Injection
CVE-2007-6551
ManageEngine OpManager admin/DeviceAssociation.do Multiple
Variable XSS
ManageEngine OpManager admin/ServiceConfiguration.do operation
Variable XSS
ManageEngine OpManager map/ping.do name Variable XSS
ManageEngine OpManager map/traceRoute.do name Variable XSS
ManageEngine OpManager reports/ReportViewAction.do Multiple
Variable XSS
Mantis view.php Filename XSS
Mcms Easy Web Make modules/cms/index.php template Traversal
Variable Traversal Local File Inclusion
ModuleBuilder DownloadModule.php file Variable Traversal Arbitrary File
Access
Munch Pro /admin Login Field SQL Injection
News Module for Envolution module.php topic Variable SQL Injection
NmnNewsletter confirmUnsubscription.php output Variable Remote File
Inclusion
Novus buscar.asp p Variable XSS
NuclearBB tasks/send_queued_emails.php root_path Variable Remote
File Inclusion
OpenNewsletter compose.php type Variable XSS
PHMe function_list.php action Variable Local File Inclusion
PHP Content Architect css_file.php filepath Variable Traversal Remote
File Inclusion
PHP Content Architect js_file.php filepath Variable Traversal Remote File
Inclusion
PHP Content Architect xml_file.php filepath Variable Traversal Remote
File Inclusion
PHP Lite Calendar Express auth.php cid Variable SQL Injection
PHP Lite Calendar Express login.php cid Variable SQL Injection
PHP Lite Calendar Express subscribe.php cid Variable SQL Injection
PHP Real Estate Classifieds fullnews.php id Variable SQL Injection
PHP-Nuke autohtml.php filename Variable Traversal Local File Inclusion
PHP-Stats tracking.php online Action id Variable XSS
PHPDJ djpage.php page Variable Remote File Inclusion
PHPMyChat chat/deluser.php3 LIMIT Variable XSS
PHPMyChat chat/edituser.php3 Link Variable XSS
PHPMyChat chat/users_popupL.php3 Multiple Variable XSS
PenPal login-verify.asp Multiple Variable SQL Injection
PenPal search-results.asp mcity Variable SQL Injection
PictPress Plugin for Wordpress resize.php Multiple Variable Traversal
Arbitrary File Access
PolDoc CMS download_file.php filename Variable Traversal Arbitrary File
Access
PowerPhlogger include/get_userdata.php username Variable SQL
Injection
Prozilla Pub Site Directory directory.php cat Variable SQL Injection
QuickTalk guestbook qtg_msg_view.php id Variable SQL Injection
RaidenHTTPD raidenhttpd-admin/workspace.php ulang Variable Local
File Inclusion
Rayzz Script class_HeaderHandler.lib.php CFG[site][project_path]
Variable Remote File Inclusion
Rayzz Script class_HeaderHandler.lib.php CFG[site][project_path]
Variable Traversal Local File Inclusion
Restaurant Management System boxConnection.php DIR_PAGE
Variable Remote File Inclusion
Restaurant Management System global.php DIR_ROOT Variable Remote
File Inclusion
Restaurant Management System page.php DIR_PAGE Variable Remote
File Inclusion
CVE-2007-3594
CVE-2007-3594
CVE-2007-3594
CVE-2007-3594
CVE-2007-3594
CVE-2007-6611
CVE-2007-5812
CVE-2007-3966
CVE-2007-4253
CVE-2007-6585
CVE-2007-5142
CVE-2007-4906
CVE-2007-6301
CVE-2007-6187
CVE-2007-6187
CVE-2007-6187
CVE-2007-3627
CVE-2007-3627
CVE-2007-3627
CVE-2007-6376
CVE-2007-4917
CVE-2007-5574
CVE-2007-6297
CVE-2007-6297
CVE-2007-6297
CVE-2007-6369
CVE-2007-6400
CVE-2007-3595,2007-3399
CVE-2007-4258
CVE-2007-3538
CVE-2007-6229
CVE-2007-6230
CVE-2007-5160
CVE-2007-5160
CVE-2007-5160
SERweb js/get_js.php Multiple Variable Traversal Arbitrary File Access
CVE-2007-6290
SERweb load_lang.php _SERWEB[configdir] Variable Remote File
CVE-2007-6289
Inclusion
SERweb load_phplib.php _PHPLIB[libdir] Variable Remote File Inclusion CVE-2007-6289
SERweb main_prepend.php _SERWEB[functionsdir] Variable Remote
CVE-2007-6289
File Inclusion
SH-News patch/comments.php id Variable SQL Injection
CVE-2007-6391
Scribe forum.php username Variable Register Action Traversal Arbitrary
CVE-2007-5823
File Overwrite
Secure login.php Multiple Variable XSS
CVE-2007-4021
Seditio pfs.php Multiple Filename Unrestricted Arbitrary File Upload
CVE-2007-4057
SimpleForum simpleforum.cgi searchkey Variable XSS
CVE-2007-6616
SimpleGallery index.php album Variable XSS
CVE-2007-6157
SineCms mods.php Multiple Variable XSS
CVE-2007-6367
SineCms mods.php id Variable SQL Injection
CVE-2007-6366
Sisfo Kampus blanko.preview.php nmf Variable Traversal Remote File
CVE-2007-4820
Access
SiteScape Forum support/dispatch.cgi TCL Command Injection
CVE-2007-6515
SiteX CMS search.php search Variable SQL Injection
CVE-2007-5141
Snitz Forums 2000 active.asp BuildTime Variable SQL Injection
CVE-2007-6240
SoftBiz Classifieds store_info.php id Variable SQL Injection
CVE-2007-5122
Softbiz Link Directory Script searchresult.php sbcat_id Variable SQL
CVE-2007-5996
Injection
SpeedTech PHP Library stphpbutton.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphpcheckbox.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphpcheckboxwithcaption.php STPHPLIB_DIR
CVE-2007-4738
Variable Remote File Inclusion
SpeedTech PHP Library stphpcheckgroup.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphpcomponent.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphpcontrolwithcaption.php STPHPLIB_DIR
CVE-2007-4738
Variable Remote File Inclusion
SpeedTech PHP Library stphpedit.php STPHPLIB_DIR Variable Remote
CVE-2007-4738
File Inclusion
SpeedTech PHP Library stphpeditwithcaption.php STPHPLIB_DIR
CVE-2007-4738
Variable Remote File Inclusion
SpeedTech PHP Library stphphr.php STPHPLIB_DIR Variable Remote
CVE-2007-4738
File Inclusion
SpeedTech PHP Library stphpimage.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphpimagewithcaption.php STPHPLIB_DIR
CVE-2007-4738
Variable Remote File Inclusion
SpeedTech PHP Library stphplabel.php STPHPLIB_DIR Variable Remote
CVE-2007-4738
File Inclusion
SpeedTech PHP Library stphplistbox.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphplistboxwithcaption.php STPHPLIB_DIR
CVE-2007-4738
Variable Remote File Inclusion
SpeedTech PHP Library stphplocale.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphppanel.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphpradiobutton.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphpradiobuttonwithcaption.php STPHPLIB_
CVE-2007-4738
DIR Variable Remote File Inclusion
SpeedTech PHP Library stphpradiogroup.php STPHPLIB_DIR Variable
CVE-2007-4738
Remote File Inclusion
SpeedTech PHP Library stphprichbutton.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphpspacer.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphptable.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphptablecell.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphptablerow.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphptabpanel.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphptabtitle.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphptextarea.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphptextareawithcaption.php STPHPLIB_DIR
Variable Remote File Inclusion
SpeedTech PHP Library stphptoolbar.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphpwindow.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphpxmldoc.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library stphpxmlelement.php STPHPLIB_DIR Variable
Remote File Inclusion
SpeedTech PHP Library utils/stphpimage_show.php Multiple Variable
Remote File Inclusion
TYPO3 indexed_search System Extension SQL Injection
Tilde CMS index.php yeardetail Action aarstal Variable SQL Injection
Tilde CMS index.php yeardetail Action aarstal Variable XSS
Tour de France Pool for Joomla! (com_tour_toto) admin.tour_toto.php
mosConfig_absolute_path Variable Remote File Inclusion
UseBB install/upgrade-0-2-3.php PHP_SELF Variable XSS
UseBB install/upgrade-0-3.php PHP_SELF Variable XSS
UseBB install/upgrade-0-4.php PHP_SELF Variable XSS
VietPHP _functions.php dirpath Variable Remote File Inclusion
VietPHP admin/index.php language Variable Remote File Inclusion
VietPHP index.php language Variable Remote File Inclusion
Virtual War (Vwar) convert/mvcw.php vwar_root Variable Remote File
Inclusion
Web-MeetMe play.php Multiple Variable Traversal Arbitrary File Access
WebED mod/chat/index.php Multiple Variable Traversal Arbitrary File
Access
WebEvent webevent.cgi cmd Variable XSS
WebSPELL calendar.php Multiple Variable XSS
WebSPELL usergallery.php galleryID Variable XSS
Woltlab Burning Board Lite search.php Multiple Variable SQL Injection
WordPress wp-includes/query.php s Variable SQL Injection
Wordpress options-discussion.php page_options Variable SQL Injection
Wordpress options-general.php page_options Variable SQL Injection
Wordpress options-misc.php page_options Variable SQL Injection
Wordpress options-permalink.php page_options Variable SQL Injection
Wordpress options-privacy.php page_options Variable SQL Injection
Wordpress options-reading.php page_options Variable SQL Injection
Wordpress options-writing.php page_options Variable SQL Injection
WorkingOnWeb events.php idevent Variable SQL Injection
X-Cart admin/auth.php xcart_dir Variable Remote File Inclusion
X-Cart config.php xcart_dir Variable Remote File Inclusion
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-4738
CVE-2007-6381
CVE-2007-6159
CVE-2007-6160
CVE-2007-4186
CVE-2007-3963
CVE-2007-3963
CVE-2007-3963
CVE-2007-4235
CVE-2007-4235
CVE-2007-4235
CVE-2007-4605
CVE-2007-6215
CVE-2007-6213
CVE-2007-4146
CVE-2007-6309
CVE-2007-6309
CVE-2007-6518
CVE-2007-6318
CVE-2007-4154
CVE-2007-4154
CVE-2007-4154
CVE-2007-4154
CVE-2007-4154
CVE-2007-4154
CVE-2007-4154
CVE-2007-6128
CVE-2007-4907
CVE-2007-4907
X-Cart customer/product.php xcart_dir Variable Remote File Inclusion
X-Cart prepare.php xcart_dir Variable Remote File Inclusion
X-Cart provider/auth.php xcart_dir Variable Remote File Inclusion
X-Cart smarty.php xcart_dir Variable Remote File Inclusion
XCMS Module/Galerie.php Multiple Variable Traversal Arbitrary File
Access
YNP Portal System showpage.cgi p Variable Traversal Arbitrary File
Access
ZeusCMS image_viewer.php dir Variable Arbitrary Directory Information
Disclosure
ZeusCMS security.php Referer HTTP Header SQL Injection
b1gBB visitenkarte.php user Variable XSS
b1gbb showboard.php id Variable SQL Injection
b1gbb showthread.php id Variable SQL Injection
bitweaver search/index.php URL XSS
bitweaver users/register.php URL XSS
bwired index.php newsID Variable SQL Injection
eFileMan efileman_config.pm Direct Request Unspecified Information
Disclosure
eFileMan upload.cgi Unrestricted Arbitrary File Upload
ezContents index.php link Variable Traversal Remote File Access
jPORTAL mailer.php to Variable SQL Injection
lustig.cms forum/forum.php view Variable Remote File Inclusion
oneWallet user/forgotPassStep2.jsp loginID Variable XSS
p.mapper incphp/globals.php _SESSION[PM_INCPHP] Variable Remote
File Inclusion
p.mapper plugins/export/mc_table.php _SESSION[PM_INCPHP] Variable
Remote File Inclusion
patBBcode bbcodeSource.php example Variable Remote File Inclusion
phpAutoVideo admin/frontpage_right.php loadadminpage Variable
Remote File Inclusion
phpAutoVideo includes/block.php selected_provider Variable Local File
Inclusion
phpBB Garage garage.php search Action make_id Variable SQL Injection
phpFFL admin.php PHPFFL_FILE_ROOT Variable Remote File Inclusion
phpFFL custom_pages.php PHPFFL_FILE_ROOT Variable Remote File
Inclusion
phpFFL draft.php PHPFFL_FILE_ROOT Variable Remote File Inclusion
phpFFL faq.php PHPFFL_FILE_ROOT Variable Remote File Inclusion
phpFFL leagues.php PHPFFL_FILE_ROOT Variable Remote File
Inclusion
phpFFL livedraft.php PHPFFL_FILE_ROOT Variable Remote File
Inclusion
phpFFL login.php PHPFFL_FILE_ROOT Variable Remote File Inclusion
phpFFL my_team.php PHPFFL_FILE_ROOT Variable Remote File
Inclusion
phpFFL profile.php PHPFFL_FILE_ROOT Variable Remote File Inclusion
phpFFL program_files/admin/custom_pages.php PHPFFL_FILE_ROOT
Variable Remote File Inclusion
phpFFL program_files/common.php PHPFFL_FILE_ROOT Variable
Remote File Inclusion
phpFFL signup.php PHPFFL_FILE_ROOT Variable Remote File Inclusion
phpFFL statistics.php PHPFFL_FILE_ROOT Variable Remote File
Inclusion
phpFFL transactions.php PHPFFL_FILE_ROOT Variable Remote File
Inclusion
phpFidoNode phfito-post.php SRC_PATH Variable Remote File Inclusion
phpLister .systeme/fonctions.php nom_rep_systeme Variable Remote File
Inclusion
CVE-2007-4907
CVE-2007-4907
CVE-2007-4907
CVE-2007-4907
CVE-2007-3523
CVE-2007-4256
CVE-2007-6623
CVE-2007-6622
CVE-2007-3590
CVE-2007-3589
CVE-2007-3589
CVE-2007-6374
CVE-2007-6374
CVE-2007-3976
CVE-2007-5735
CVE-2007-5734
CVE-2007-6368
CVE-2007-5912
CVE-2007-5138
CVE-2007-4239
CVE-2007-6191
CVE-2007-6191
CVE-2007-5995
CVE-2007-6614
CVE-2007-6615
CVE-2007-6223
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-4935
CVE-2007-5157
CVE-2007-5167
phpMyChat users_popupL.php3 From Variable Remote File Inclusion
phpMyRealty admin/findlistings.php listing_updated_days Variable SQL
Injection
phpMyRealty search.php type Variable SQL Injection
phpRPG /tmp Directory PHPSESSID Cookie Session Hijacking
phpVoter functions.inc.php sitepath Variable Remote File Inclusion
sPHPell spellcheckpageinc.php SpellIncPath Variable Remote File
Inclusion
sPHPell spellchecktext.php SpellIncPath Variable Remote File Inclusion
sPHPell spellcheckwindow.php SpellIncPath Variable Remote File
Inclusion
sPHPell spellcheckwindowframeset.php SpellIncPath Variable Remote
File Inclusion
tellmatic Classes.inc.php tm_includepath Variable Remote File Inclusion
tellmatic libchart-1.1/libchart.php tm_includepath Variable Remote File
Inclusion
tellmatic statistic.inc.php tm_includepath Variable Remote File Inclusion
tellmatic status.inc.php tm_includepath Variable Remote File Inclusion
tellmatic status_top_x.inc.php tm_includepath Variable Remote File
Inclusion
wwwstats clickstats.php link Variable XSS
yappa-ng check_noimage.php config[path_src_include] Variable Remote
File Inclusion
eVisit Analyst idsp1.pl id SQL Injection
eVisit Analyst ip.pl id SQL Injection
Plesk auth.php3 PLESKSESSID Cookie SQL Injection
Basic Analysis and Security Engine (BASE) Redirect Authentication
Bypass
Basic Analysis and Security Engine (BASE) base_qry_main.php Multiple
Variable XSS
Particle Gallery viewimage.php imageid Variable SQL Injection
abarcar Realty Portal slistl.php slid Variable SQL Injection
PHPX auth.inc.php username Field SQL Injection (Updated)
DUware Multiple Product type.asp iType SQL Injection (Updated)
Jax Calendar jax_calendar.php cal_id Variable SQL Injection (Updated)
Web4Future eDating Professional fq.php cid Variable SQL Injection
(Updated)
Web4Future Portal Solutions comentarii.php idp Variable SQL Injection
(Updated)
Web4Future Portal Solutions arhiva.php dir Variable Traversal Arbitrary
File Access (Updated)
SiteBeater MP3 Catalog Search.asp XSS (Updated)
Widget Property property.php Multiple Variable SQL Injection (Updated)
Widget Property property.php lang Variable Path Disclosure (Updated)
phpYellow search_result.php haystack Variable SQL Injection (Updated)
phpYellow print_me.php ckey Variable SQL Injection (Updated)
Solupress News search.asp keywords Variable XSS (Updated)
LandShop ls.php Multiple Variable SQL Injection (Updated)
LandShop ls.php lang Variable Path Disclosure (Updated)
Widget Imprint create.php product_id Variable SQL Injection (Updated)
SiteBeater News System Archive.asp sKeywords Variable XSS (Updated)
Amazon Search Directory search.cgi search Variable XSS (Updated)
Warm Links search.cgi search Variable XSS (Updated)
WowBB search.php q Variable SQL Injection (Updated)
WowBB view_user.php sort_by Variable SQL Injection (Updated)
Blog System blog.php note Variable SQL Injection (Updated)
PHP-addressbook view.php id Variable SQL Injection (Updated)
Web4Future Affiliate Manager Pro functions.php pid SQL Injection
(Updated)
CVE-2007-6296
CVE-2007-4118
CVE-2007-3522
CVE-2007-3522
CVE-2007-3522
CVE-2007-3522
CVE-2007-6231
CVE-2007-6231
CVE-2007-6231
CVE-2007-6231
CVE-2007-6231
CVE-2007-6307
CVE-2007-5994
CVE-2007-3677
CVE-2007-3677
CVE-2007-4892
CVE-2006-2862
CVE-2006-5840
CVE-2005-3968
CVE-2005-3976
CVE-2005-4008
CVE-2005-4034
CVE-2005-4038
CVE-2005-4039
CVE-2005-3999
CVE-2005-4016
CVE-2005-4017
CVE-2005-4001
CVE-2005-4001
CVE-2005-3998
CVE-2005-4018
CVE-2005-4020
CVE-2005-4000
CVE-2005-4044
CVE-2005-4042
CVE-2005-4431
CVE-2005-4431
CVE-2005-4049
CVE-2005-4164
CVE-2005-4037
OOApp Guestbook home.php page Variable XSS (Updated)
phpDocumentor bug-559668.php FORUM[LIB] Variable Remote File
Inclusion (Updated)
Active News Manager activeNews_categories.asp catID Variable SQL
Injection
Active News Manager activeNews_comments.asp articleID Variable SQL
Injection
Ace Helpdesk ticketview.php Multiple Variable XSS
tDiary tdiary.rb conf Variable XSS
ActiveNews Manager activenews_view.asp articleID Variable SQL
Injection
ActiveNews Manager default.asp page Variable SQL Injection
ac4p Mobile polls.php Multiple Variable XSS
A-Cart Pro product.asp productid Variable SQL Injection
A-Cart Pro search.asp search Variable SQL Injection
Edit-X ecommerce edit_address.php include_dir Variable Remote File
Inclusion
Ace Helpdesk ticket.php email Variable XSS
Active Link Engine default.asp catid Variable SQL Injection
Active Auction Pro default.asp catid Variable SQL Injection
Active Newsletter ViewNewspapers.asp NewsPaperID Variable SQL
Injection
aBitWhizzy whizzypic.php d Variable XSS
aBitWhizzy whizzylink.php d Variable XSS
ACGVannu templates/modif.html id_mod Variable SQL Injection
ac4p Mobilelib contact_us.php Multiple Variable XSS
ACP3 feeds.php mode Variable SQL Injection
ACP3 news/list/index.php form[cat] Variable SQL Injection
ACP3 certain news/details/id_*/action_create/index.php form[cat] Variable
SQL Injection
ACP3 search/list/action_search/index.php form[mods][] Variable SQL
Injection
ACP3 contact/contact/index.php form[mail] Variable XSS
ACP3 search/list/action_search/index.php Multiple Variable XSS
ACP3 modules/dl/download.php id Variable XSS
ACP3 news/list/index.php form[cat] Variable XSS
ACP3 news/details/id_*/action_create/index.php Multiple Variable XSS
ACP3 newsletter/create/index.php form[mail] Variable XSS
activeWeb contentserver errors/rights.asp msg Variable XSS
activeWeb contentserver errors/transaction.asp msg Variable XSS
GetMyOwnArcade search.php query Variable SQL Injection
activeWeb contentserver admin/picture/picture_real_edit.asp id Variable
SQL Injection
ACG News printable.php aid Variable SQL Injection
Absolute Poll Manager XE AbsolutePollManager/xlaapmview.asp msg
Variable XSS
a.shopKart addcustomer.asp Multiple Variable SQL Injection
a.shopKart addprod.asp Multiple Variable SQL Injection
a.shopKart process.asp Multiple Variable SQL Injection
ac4p Mobile up.php Taaa Variable XSS
ac4p Mobile polls.php Multiple Variable XSS
access2asp suppliersList.asp Multiple Variable XSS
access2asp contactsList.asp Multiple Variable XSS
Aleris Web Publishing Server calendar/page.asp mode Variable SQL
Injection
BosMarket account.php newEmail Variable XSS
husrevforum philboard_forum.asp forumid Variable SQL Injection
husrevforum philboard_search.asp Multiple Variable XSS
CVE-2005-4598
CVE-2005-4593
CVE-2006-6094
CVE-2006-6094
CVE-2006-6158
CVE-2006-6174
CVE-2006-6095
CVE-2006-6095
CVE-2006-5770
CVE-2006-6111
CVE-2006-6111
CVE-2007-0190
CVE-2006-6158
CVE-2007-1630
CVE-2007-1712
CVE-2007-1696
CVE-2007-1774
CVE-2007-1774
CVE-2007-0698
CVE-2006-6851
CVE-2007-2577
CVE-2007-2577
CVE-2007-2577
CVE-2007-2577
CVE-2007-2579
CVE-2007-2579
CVE-2007-2579
CVE-2007-2579
CVE-2007-2579
CVE-2007-2579
CVE-2007-3014
CVE-2007-3014
CVE-2007-4386
CVE-2007-3013
CVE-2007-4603
CVE-2007-4630
CVE-2003-1268
CVE-2003-1268
CVE-2003-1268
CVE-2006-6389
CVE-2006-6389
CVE-2007-3414
CVE-2007-3414
CVE-2007-3884,2007-3885
CVE-2007-3884,2007-3885
SWAMP swamp/action/LoginActions username Variable XSS
Ahhp-Portal page.php Multiple Variable Remote File Inclusion
Toms Gästebuch form.php Multiple Variable XSS
Toms Gästebuch admin/header.php Multiple Variable XSS
eNetman index.php page Variable Remote File Inclusion
anyInventory environment.php DIR_PREFIX Variable Remote File
Inclusion
Focus/SIS CategoryBreakdownTime.php FocusPath Variable Remote
File Inclusion
Focus/SIS StudentFieldBreakdown.php FocusPath Variable Remote File
Inclusion
Focus/SIS CategoryBreakdownTime.php staticpath Variable Remote File
Inclusion
Focus/SIS StudentFieldBreakdown.php staticpath Variable Remote File
Inclusion
Joomla Radio 5 for Joomla! admin.joomlaradiov5.php mosConfig_live_
site Variable Remote File Inclusion
PHP Webquest webquest/soporte_derecha_w.php id_actividad Variable
SQL Injection
Raymond BERTHOU Script Collection tForum user_confirm.asp Multiple
Variables SQL Injection
Traffic Stats referralUrl.php offset Variable SQL Injection
PhpHostBot order/login.php svr_rootscript Variable Remote File Inclusion
PSY Auction email_request.php user_id Variable XSS
Moodle index.php search Variable XSS
TorrentTrader account-inbox.php Unspecified Variable SQL Injection
TorrentTrader account-settings.php Unspecified Variable SQL Injection
TorrentTrader backend/functions.php Unspecified Variable SQL Injection
Utopia News Pro login.php password Variable XSS
Unobtrusive Ajax Star Rating Bar db.php Multiple Variable SQL Injection
Unobtrusive Ajax Star Rating Bar rpc.php Multiple Variable SQL Injection
Unobtrusive Ajax Star Rating Bar rpc.php q Variable XSS
Unobtrusive Ajax Star Rating Bar db.php HTTP_REFERER CRLF
Injection
DapperDesk news.php page Variable SQL Injection
cSupport tickets.php pg Variable SQL Injection (Updated)
iSupport index.php include_file Variable SQL Injection (Updated)
ActiveCampaign SupportTrio index.php page Variable SQL Injection
(Updated)
Systems Panel /knowledgebase/index.php cid Variable SQL Injection
(Updated)
Systems Panel /knowledgebase/view.php aid Variable SQL Injection
(Updated)
Systems Panel /contact/update.php cid Variable SQL Injection (Updated)
Systems Panel /links/index.php letter Variable SQL Injection (Updated)
Systems Panel /messageboard/view.php mid Variable SQL Injection
(Updated)
Systems Panel /tickets/view.php tid Variable SQL Injection (Updated)
Lore article.php id Variable SQL Injection (Updated)
Instant Photo Gallery portfolio.php cat_id Variable SQL Injection
(Updated)
Instant Photo Gallery content.php cid Variable SQL Injection (Updated)
LogicBill helpdesk.php Multiple Variable SQL Injection (Updated)
EZ Invoice Inc invoices.php i Variable SQL Injection (Updated)
GhostScripter Amazon Shop search.php query Variable XSS (Updated)
SDMS list.php folder_id Variable SQL Injection (Updated)
SDMS messages.php mid Variable SQL Injection (Updated)
NetClassifieds ViewCat.php CatID Variable SQL Injection (Updated)
NetClassifieds gallery.php CatID Variable SQL Injection (Updated)
CVE-2007-2428
CVE-2007-4711
CVE-2007-4711
CVE-2007-4712
CVE-2007-4744
CVE-2007-4806
CVE-2007-4942
CVE-2007-4807
CVE-2007-4807
CVE-2007-4923
CVE-2007-4920
CVE-2007-0642
CVE-2007-3840
CVE-2007-4231
CVE-2006-7004
CVE-2007-3555
CVE-2007-4435
CVE-2007-4435
CVE-2007-4435
CVE-2007-3129
CVE-2007-3684
CVE-2007-3684
CVE-2007-3685
CVE-2007-3686
CVE-2005-4615
CVE-2005-4617
CVE-2005-4616
CVE-2005-4634
CVE-2005-4719
CVE-2005-4719
CVE-2005-4719
CVE-2005-4719
CVE-2005-4719
CVE-2005-4719
CVE-2005-3988
CVE-2005-3986
CVE-2005-3986
CVE-2005-4430
CVE-2005-3845
CVE-2005-3908
CVE-2005-3877
CVE-2005-3877
CVE-2005-3978
CVE-2005-3978
NetClassifieds ViewItem.php ItemNum Variable SQL Injection (Updated)
WebCalendar edit_report_handler.php time_range Variable SQL Injection
(Updated)
WebCalendar layers_toggle.php ret Variable HTTP Response Splitting
(Updated)
PHP-Nuke Top Music Module Multiple Variable SQL Injection (Updated)
PHP Lite Calendar Express day.php Multiple Variable SQL Injection
(Updated)
PHP Lite Calendar Express week.php Multiple Variable SQL Injection
(Updated)
PHP Lite Calendar Express month.php Multiple Variable SQL Injection
(Updated)
PHP Lite Calendar Express year.php Multiple Variable SQL Injection
(Updated)
phpAlbum main.php Multiple Variable Traversal Arbitrary File Access
(Updated)
Zen Cart password_forgotten.php Email Field SQL Injection (Updated)
PHP-Fusion messages.php srch_text Variable SQL Injection (Updated)
FileLister definesearch.jsp searchwhat Variable SQL Injection (Updated)
HobSR view.php Multiple Variable SQL Injection (Updated)
Web4Future eDating Professional gift.php cid Variable SQL Injection
(Updated)
Web4Future eDating Professional articles.php cat Variable SQL Injection
(Updated)
phpDocumentor file_dialog.php root_dir Variable Remote File Inclusion
(Updated)
TinyMCE Compressor tiny_mce_gzip.php Arbitrary File Access (Updated)
MyBulletinBoard (MyBB) usercp.php Multiple Variable POST Method SQL
Injection (Updated)
MyBulletinBoard (MyBB) member.php rating Variable POST Method SQL
Injection (Updated)
MyBulletinBoard (MyBB) ratethread.php rating Variable POST Method
SQL Injection (Updated)
Enterprise Connector main.php loginid Variable SQL Injection (Updated)
YACS articles/populate.php context[path_to_root] Variable Remote File
Inclusion
YACS categories/category.php context[path_to_root] Variable Remote
File Inclusion
YACS categories/populate.php context[path_to_root] Variable Remote
File Inclusion
YACS comments/populate.php context[path_to_root] Variable Remote
File Inclusion
YACS files/file.php context[path_to_root] Variable Remote File Inclusion
YACS sections/section.php context[path_to_root] Variable Remote File
Inclusion
YACS sections/populate.php context[path_to_root] Variable Remote File
Inclusion
YACS tables/populate.php context[path_to_root] Variable Remote File
Inclusion
YACS users/user.php context[path_to_root] Variable Remote File
Inclusion
YACS users/populate.php context[path_to_root] Variable Remote File
Inclusion
F5 FirePass my.logon.php3 xcho Variable XSS
WSPortal content.php page Variable SQL Injection
TaskHopper for Joomla/Mambo inc/contact_type.php mosConfig_
absolute_path Variable Remote File Inclusion
TaskHopper for Joomla/Mambo inc/itemstatus_type.php mosConfig_
absolute_path Variable Remote File Inclusion
TaskHopper for Joomla/Mambo inc/projectstatus_type.php mosConfig_
absolute_path Variable Remote File Inclusion
CVE-2005-3978
CVE-2005-3984
CVE-2005-3982
CVE-2005-4781
CVE-2005-4009
CVE-2005-4009
CVE-2005-4009
CVE-2005-4009
CVE-2005-3948
CVE-2005-3996
CVE-2005-4005
CVE-2005-4040
CVE-2005-4043
CVE-2005-4034
CVE-2005-4034
CVE-2005-4593
CVE-2006-0218,2006-0219
CVE-2005-4563
CVE-2006-4559
CVE-2006-4559
CVE-2006-4559
CVE-2006-4559
CVE-2006-4559
CVE-2006-4559
CVE-2006-4559
CVE-2006-4559
CVE-2006-4559
CVE-2006-4559
CVE-2007-0186
CVE-2007-3127,2007-3128
CVE-2007-2005
CVE-2007-2005
CVE-2007-2005
TaskHopper for Joomla/Mambo inc/request_type.php mosConfig_
CVE-2007-2005
absolute_path Variable Remote File Inclusion
TaskHopper for Joomla/Mambo inc/responses_type.php mosConfig_
CVE-2007-2005
absolute_path Variable Remote File Inclusion
TaskHopper for Joomla/Mambo inc/timelog_type.php mosConfig_
CVE-2007-2005
absolute_path Variable Remote File Inclusion
TaskHopper for Joomla/Mambo inc/urgency_type.php mosConfig_
CVE-2007-2005
absolute_path Variable Remote File Inclusion
Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS (Updated)
CVE-2005-4838
Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS (Updated)
CVE-2005-4838
F5 FirePass 4100 SSL VPN my.activation.php3 username Variable
CVE-2007-3097
Arbitrary Command Injection
phpwebnews iklan.php m_txt Variable XSS
CVE-2007-2300
phpwebnews index.php m_txt Variable XSS
CVE-2007-2300
phpwebnews bukutamu.php m_txt Variable XSS
CVE-2007-2300
Invision Power Board sources/action_public/xmlout.php Arbitrary Profile
Manipulation
ReviewPost PHP Pro showcat.php si Variable XSS (Updated)
CVE-2005-0270
ReviewPost PHP Pro showproduct.php Multiple Variable XSS (Updated) CVE-2005-0270
ReviewPost PHP Pro reportproduct.php report Variable XSS (Updated)
CVE-2005-0270
ReviewPost PHP Pro showcat.php cat Parameter SQL Injection (Updated) CVE-2005-0271
ReviewPost PHP Pro addfav.php product Parameter SQL Injection
CVE-2005-0271
(Updated)
Apache Tomcat examples/jsp2/el/functions.jsp XSS (Updated)
CVE-2005-4838
PhotoPost Classifieds showcat.php si Variable XSS (Updated)
PhotoPost Classifieds reportproduct.php report Variable XSS (Updated)
PhotoPost Classifieds contact.php productid Variable XSS (Updated)
PhotoPost Classifieds showproduct.php Multiple Parameter SQL Injection
(Updated)
PhotoPost Classifieds contact.php productid Parameter SQL Injection
(Updated)
PhotoPost Classifieds addfav.php product Parameter SQL Injection
(Updated)
PhotoPost Classifieds showcat.php cat Parameter SQL Injection
(Updated)
PhotoPost Classifieds comments.php cedit Parameter SQL Injection
(Updated)
PhotoPost PHP Pro showgallery.php Multiple Variable XSS (Updated)
CVE-2005-0274
PhotoPost PHP Pro showgallery.php Multiple Parameter SQL Injection
CVE-2005-0273
(Updated)
MyBulletinBoard (MyBB) member.php uid Parameter SQL Injection
CVE-2005-0282,2005-2697
(Updated)
PHPKIT userinfo.php id Parameter SQL Injection (Updated)
eMotion MediaPartner Web Server Arbitrary User Password Change
(Updated)
WoltLab Burning Book addentry.php user-agent Variable SQL Injection
CVE-2005-0284
(Updated)
ZeroBoard _head.php Traversal Arbitrary File Access (Updated)
CVE-2005-0379
ZeroBoard write.php Traversal Arbitrary File Access (Updated)
CVE-2005-0379
ZeroBoard outlogin.php Traversal Arbitrary File Access (Updated)
CVE-2005-0379
ZeroBoard print_category.php Arbitrary Command Execution (Updated)
ZeroBoard login.php Arbitrary Command Execution (Updated)
ZeroBoard setup.php Arbitrary Command Execution (Updated)
ZeroBoard ask_password.php Arbitrary Command Execution (Updated)
ZeroBoard error.php Arbitrary Command Execution (Updated)
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
CVE-2005-0116
(Updated)
Gallery add_comment.php index Variable XSS (Updated)
CVE-2005-0219
Gallery slideshow_low.php Multiple Variable XSS (Updated)
CVE-2005-0219
Gallery search.php searchstring Variable XSS (Updated)
Gallery login.php username Variable XSS (Updated)
Gallery do_command.php return Variable XSS (Updated)
Gallery main.php Path Disclosure (Updated)
SparkleBlog journal.php id Variable XSS (Updated)
SparkleBlog journal.php Path Disclosure (Updated)
SparkleBlog archives.php Path Disclosure (Updated)
SparkleBlog update.php Path Disclosure (Updated)
GForge controller.php Traversal Arbitrary Directory Listing (Updated)
GForge controlleroo.php Traversal Arbitrary Directory Listing (Updated)
JSBoard session.php Arbitrary File Access (Updated)
3Com OfficeConnect Wireless 11g AP Router Information Disclosure
(Updated)
Siteman users.php Arbitrary Admin Account Creation (Updated)
Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous
Process Manipulation (Updated)
Comersus ASP Shopping Cart comersus_backoffice_install10.asp Admin
Authentication Bypass (Updated)
Comersus ASP Shopping Cart default.asp Referer Tag SQL Injection
(Updated)
Comersus ASP Shopping Cart comersus_supportError.asp error Variable
XSS (Updated)
Comersus ASP Shopping Cart comersus_backofficelite_supportError.asp
XSS (Updated)
Exponent CMS index.php module Variable XSS (Updated)
Exponent CMS mod.php module Variable XSS (Updated)
Winmail Server download.php Traversal Arbitrary File Access (Updated)
Winmail Server upload.php Traversal Arbitrary File Upload (Updated)
GoAhead WebServer Malformed File Request Source Disclosure
(Updated)
IceWarp WebMail login.html username Variable XSS (Updated)
IceWarp WebMail accountsettings_add.html accountid Variable XSS
(Updated)
IceWarp WebMail calendar_addnote.html Title Variable XSS (Updated)
IceWarp WebMail calendar_addtask.html Note Variable XSS (Updated)
IceWarp WebMail calendar_addevent.html Multiple Variable XSS
(Updated)
IceWarp WebMail calendar_d.html id Variable Path Disclosure (Updated)
IceWarp WebMail calendar_m.html id Variable Path Disclosure (Updated)
IceWarp WebMail calendar_w.html id Variable Path Disclosure (Updated)
IceWarp WebMail calendar_y.html id Variable Path Disclosure (Updated)
IceWarp WebMail importaction.html Arbitrary File Manipulation (Updated)
Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure (Updated)
Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
(Updated)
Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure (Updated)
Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure (Updated)
Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure (Updated)
Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure (Updated)
Apache Tomcat comments.jsp Test JSP Script Path Disclosure (Updated)
Apache Tomcat extends1.jsp Test JSP Script Path Disclosure (Updated)
Apache Tomcat extends2.jsp Test JSP Script Path Disclosure (Updated)
Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
(Updated)
Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
(Updated)
Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
(Updated)
CVE-2005-0219
CVE-2005-0220
CVE-2005-0222
CVE-2005-0299
CVE-2005-0299
CVE-2005-0300
CVE-2005-0112
CVE-2005-0301
CVE-2005-0302
CVE-2005-0303
CVE-2005-0303
CVE-2005-0309
CVE-2005-0309
CVE-2005-0313
CVE-2005-0313
CVE-2002-1603
CVE-2005-0320
CVE-2005-0320
CVE-2005-0320
CVE-2005-0320
CVE-2005-0320
CVE-2005-0321
CVE-2005-0321
CVE-2005-0321
CVE-2005-0321
CVE-2002-2007
Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
(Updated)
Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
(Updated)
Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
(Updated)
Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
(Updated)
Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
(Updated)
Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
(Updated)
PhotoPost PHP Pro showgallery.php Multiple Variable XSS (Updated)
F5 FirePass my.activation.php vhost Variable XSS
F5 FirePass vdesk/admincon/webyfiers.php Multiple Variable XSS
F5 FirePass vdesk/admincon/index.php bro Action ua Variable XSS
F5 FirePass vdesk/admincon/index.php per Action Multiple Variable XSS
Maian Search search.php path_to_folder Variable Remote File Inclusion
comus accept.php DOCUMENT_ROOT Variable Remote File Inclusion
Campsite Alias.php g_documentRoot Variable Remote File Inclusion
Campsite Article.php g_documentRoot Variable Remote File Inclusion
Campsite ArticleAttachment.php g_documentRoot Variable Remote File
Inclusion
Campsite ArticleComment.php g_documentRoot Variable Remote File
Inclusion
Campsite ArticleData.php g_documentRoot Variable Remote File
Inclusion
Campsite ArticleImage.php g_documentRoot Variable Remote File
Inclusion
Campsite ArticleIndex.php g_documentRoot Variable Remote File
Inclusion
Campsite ArticlePublish.php g_documentRoot Variable Remote File
Inclusion
Campsite ArticleTopic.php g_documentRoot Variable Remote File
Inclusion
Campsite ArticleType.php g_documentRoot Variable Remote File
Inclusion
Campsite ArticleTypeField.php g_documentRoot Variable Remote File
Inclusion
Campsite Attachment.php g_documentRoot Variable Remote File
Inclusion
Campsite Country.php g_documentRoot Variable Remote File Inclusion
Campsite DatabaseObject.php g_documentRoot Variable Remote File
Inclusion
Campsite Event.php g_documentRoot Variable Remote File Inclusion
Campsite IPAccess.php g_documentRoot Variable Remote File Inclusion
Campsite Image.php g_documentRoot Variable Remote File Inclusion
Campsite Issue.php g_documentRoot Variable Remote File Inclusion
Campsite IssuePublish.php g_documentRoot Variable Remote File
Inclusion
Campsite Language.php g_documentRoot Variable Remote File Inclusion
Campsite Log.php g_documentRoot Variable Remote File Inclusion
Campsite LoginAttempts.php g_documentRoot Variable Remote File
Inclusion
Campsite Publication.php g_documentRoot Variable Remote File
Inclusion
Campsite Section.php g_documentRoot Variable Remote File Inclusion
Campsite ShortURL.php g_documentRoot Variable Remote File Inclusion
Campsite Subscription.php g_documentRoot Variable Remote File
Inclusion
CVE-2007-0186
CVE-2007-0186
CVE-2007-0186
CVE-2007-0186
CVE-2007-2077
CVE-2007-2287
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
CVE-2006-5911
Campsite SubscriptionDefaultTime.php g_documentRoot Variable
CVE-2006-5911
Remote File Inclusion
Campsite SubscriptionSection.php g_documentRoot Variable Remote
CVE-2006-5911
File Inclusion
Campsite SystemPref.php g_documentRoot Variable Remote File
CVE-2006-5911
Inclusion
Campsite Template.php g_documentRoot Variable Remote File Inclusion CVE-2006-5911
Campsite TimeUnit.php g_documentRoot Variable Remote File Inclusion CVE-2006-5911
Campsite Topic.php g_documentRoot Variable Remote File Inclusion
CVE-2006-5911
Campsite UrlType.php g_documentRoot Variable Remote File Inclusion CVE-2006-5911
Campsite User.php g_documentRoot Variable Remote File Inclusion
CVE-2006-5911
Campsite UserType.php g_documentRoot Variable Remote File Inclusion CVE-2006-5911
Campsite implementation/management/configuration.php g_
CVE-2006-5911
documentRoot Variable Remote File Inclusion
Campsite implementation/management/db_connect.php g_documentRoot
CVE-2006-5911
Variable Remote File Inclusion
Campsite LocalizerConfig.php g_documentRoot Variable Remote File
CVE-2006-5911
Inclusion
Campsite LocalizerLanguage.php g_documentRoot Variable Remote File
CVE-2006-5911
Inclusion
DGNews news.php newsid Variable Path Disclosure
CVE-2007-0692
DGNews news.php Multiple Variable SQL Injection
CVE-2007-0693
DGNews footer.php copyright Variable XSS
CVE-2007-0694
Absolute Image Gallery XE gallery.asp categoryid Variable SQL Injection CVE-2007-1469
realGuestbook welcome_admin.php Multiple Variable XSS
CVE-2007-1623
realGuestbook save_entry.php Multiple Variable SQL Injection
CVE-2007-1624
realGuestbook save_entry.php homepage Variable XSS
CVE-2007-1625
Kaqoo Auction Software Free Edition include/core/support.inc.php install_
CVE-2007-1790
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/core/function.inc.php install_
CVE-2007-1790
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/core/rdal_object.inc.php
CVE-2007-1790
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/core/rdal_editor.inc.php
CVE-2007-1790
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/core/login.inc.php install_
CVE-2007-1790
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/core/request.inc.php install_
CVE-2007-1790
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/core/categories.inc.php
CVE-2007-1790
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/item/save.inc.php
CVE-2007-1790
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/item/preview.inc.php
CVE-2007-1790
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/item/edit_
CVE-2007-1790
item.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/item/new_
CVE-2007-1790
item.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/item/item_
CVE-2007-1790
info.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/search.inc.php
CVE-2007-1790
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/item_edit.inc.php
CVE-2007-1790
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/register_
CVE-2007-1790
succsess.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/context_
CVE-2007-1790
menu.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/item_repost.inc.php
CVE-2007-1790
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/balance.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/featured.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/user.inc.php install_
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/buynow.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/install_
complete.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/fees_info.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/user_
feedback.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/admin_
balance.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/activate.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/user_info.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/member.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/add_bid.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/items_filter.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/my_info.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/register.inc.php
install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/leave_
feedback.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/display/user_
auctions.inc.php install_root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/design/form.inc.php install_
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/processor.inc.php install_
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/interfaces.inc.php install_
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/left_menu.inc.php install_
root Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/login.inc.php install_root
Variable Remote File Inclusion
Kaqoo Auction Software Free Edition include/categories.inc.php install_
root Variable Remote File Inclusion
TagIt! Tagboard (tagit2b) tagviewer.php Multiple Variable Remote File
Inclusion
TagIt! Tagboard (tagit2b) tag_process.php Multiple Variable Remote File
Inclusion
TagIt! Tagboard (tagit2b) CONFIG/errmsg.inc.php configpath Variable
Remote File Inclusion
TagIt! Tagboard (tagit2b) tagmin/addTagmin.php configpath Variable
Remote File Inclusion
TagIt! Tagboard (tagit2b) tagmin/ban_watch.php configpath Variable
Remote File Inclusion
TagIt! Tagboard (tagit2b) tagmin/delTagmin.php configpath Variable
Remote File Inclusion
TagIt! Tagboard (tagit2b) tagmin/delTag.php configpath Variable Remote
File Inclusion
TagIt! Tagboard (tagit2b) tagmin/editTagmin.php configpath Variable
Remote File Inclusion
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-1790
CVE-2007-0900
CVE-2007-0900
CVE-2007-0900
CVE-2007-0900
CVE-2007-0900
CVE-2007-0900
CVE-2007-0900
CVE-2007-0900
TagIt! Tagboard (tagit2b) tagmin/editTag.php configpath Variable Remote
CVE-2007-0900
File Inclusion
TagIt! Tagboard (tagit2b) tagmin/manageTagmins.php configpath Variable CVE-2007-0900
Remote File Inclusion
TagIt! Tagboard (tagit2b) tagmin/verify.php configpath Variable Remote
CVE-2007-0900
File Inclusion
TagIt! Tagboard (tagit2b) tagmin/index.php adminpath Variable Remote
CVE-2007-0900
File Inclusion
TagIt! Tagboard (tagit2b) tagmin/readconf.php admin Variable Remote
CVE-2007-0900
File Inclusion
TagIt! Tagboard (tagit2b) tagmin/updateconf.php admin Variable Remote
CVE-2007-0900
File Inclusion
TagIt! Tagboard (tagit2b) tagmin/updatefilter.php admin Variable Remote
CVE-2007-0900
File Inclusion
TagIt! Tagboard (tagit2b) tagmin/wordfilter.php admin Variable Remote
CVE-2007-0900
File Inclusion
Crea-book admin/admin.php Multiple Variable SQL Injection
CVE-2007-2000
Crea-book admin/configurer2.php Fond de la page Field Arbitrary Code
CVE-2007-2001
Execution
Crea-book admin/configurer.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/connect.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/delete.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/delete2.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/index.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/infos.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/membres.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/modif-infos.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/modif-message.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/modif.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/uninstall.php Multiple Variable SQL Injection
CVE-2007-2314
Crea-book admin/uninstall_table.php Multiple Variable SQL Injection
CVE-2007-2314
Coppermine Photo Gallery image_processor.php cmd Variable Remote
CVE-2007-1414
File Inclusion
Coppermine Photo Gallery include/functions.php path Variable Remote
CVE-2007-1414
File Inclusion
Coppermine Photo Gallery include/picmgmt.inc.php cmd Variable Remote
CVE-2007-1414
File Inclusion
Coppermine Photo Gallery include/plugin_api.inc.php path Variable
CVE-2007-1414
Remote File Inclusion
Coppermine Photo Gallery pluginmgr.php path Variable Remote File
CVE-2007-1414
Inclusion
PMB Services includes/resa_func.inc.php class_path Variable Remote
CVE-2007-1415
File Inclusion
PMB Services includes/bull_info.inc.php include_path Variable Remote
CVE-2007-1415
File Inclusion
PMB Services includes/options/options_date_box.php include_path
CVE-2007-1415
Variable Remote File Inclusion
PMB Services includes/options/options_file_box.php include_path
CVE-2007-1415
Variable Remote File Inclusion
PMB Services includes/options/options_list.php include_path Variable
CVE-2007-1415
Remote File Inclusion
PMB Services includes/options/options_query_list.php include_path
CVE-2007-1415
Variable Remote File Inclusion
PMB Services includes/options/options_text.php include_path Variable
CVE-2007-1415
Remote File Inclusion
PMB Services includes/options_empr/options.php include_path Variable
CVE-2007-1415
Remote File Inclusion
PMB Services includes/options_empr/options_comment.php include_path
CVE-2007-1415
Variable Remote File Inclusion
PMB Services includes/options_empr/options_date_box.php include_path
CVE-2007-1415
Variable Remote File Inclusion
PMB Services includes/options_empr/options_list.php include_path
Variable Remote File Inclusion
PMB Services includes/options_empr/options_query_list.php include_
path Variable Remote File Inclusion
PMB Services includes/options_empr/options_text.php include_path
Variable Remote File Inclusion
PMB Services admin/import/iimport_expl.php include_path Variable
Remote File Inclusion
PMB Services admin/netbase/clean.php include_path Variable Remote
File Inclusion
PMB Services admin/notices/perso.inc.php class_path Variable Remote
File Inclusion
PMB Services admin/quotas/main.inc.php class_path Variable Remote
File Inclusion
PMB Services admin/param/param_func.inc.php include_path Variable
Remote File Inclusion
PMB Services admin/sauvegarde/lieux.inc.php include_path Variable
Remote File Inclusion
PMB Services opac_css/rec_panier.php base_path Variable Remote File
Inclusion
PMB Services opac_css/includes/author_see.inc.php base_path Variable
Remote File Inclusion
PMB Services autorites.php include_path Variable Remote File Inclusion
PMB Services account.php include_path Variable Remote File Inclusion
PMB Services cart.php include_path Variable Remote File Inclusion
PMB Services edit.php include_path Variable Remote File Inclusion
Oracle Application Server DMS servlet/Spy table Variable XSS
SQL-Ledger admin.pl Administrative Authentication Bypass
LedgerSMB admin.pl Administrative Authentication Bypass
LedgerSMB am.pl Traversal Arbitrary File Execution
Minerva forum.php c Variable SQL Injection
CARE2X inc_charset_fx.php root_path Variable Remote File Inclusion
CARE2X inc_config_color.php root_path Variable Remote File Inclusion
CARE2X inc_currency_set.php root_path Variable Remote File Inclusion
CARE2X inc_db_makelink.php root_path Variable Remote File Inclusion
CARE2X inc_diagnostics_report_fx.php root_path Variable Remote File
Inclusion
CARE2X inc_environment_global.php root_path Variable Remote File
Inclusion
CARE2X inc_front_chain_lang.php root_path Variable Remote File
Inclusion
CARE2X inc_init_crypt.php root_path Variable Remote File Inclusion
CARE2X inc_load_copyrite.php root_path Variable Remote File Inclusion
CARE2X inc_news_save.php root_path Variable Remote File Inclusion
CARE2X inc_checkdate_lang.php root_path Variable Remote File
Inclusion
CARE2X main/diagnostics-report-index.php root_path Variable Remote
File Inclusion
CARE2X main/config_options_mascot.php root_path Variable Remote
File Inclusion
CARE2X main/barcode-labels.php root_path Variable Remote File
Inclusion
CARE2X main/chg-color.php root_path Variable Remote File Inclusion
CARE2X main/config_options_gui_template.php root_path Variable
Remote File Inclusion
Plesk for Windows login.php3 locale_id Arbitrary File Retrieval
Flip-search-add-on everything.php incpath Variable Remote File Inclusion
Apache Axis Non-Existent Java Web Service Path Disclosure
Lighttpd Unexpected Capitalization File Extension Request Source
Disclosure
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1415
CVE-2007-1609
CVE-2007-1436
CVE-2007-1436
CVE-2007-1540
CVE-2007-1555
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-1458
CVE-2007-2268
CVE-2007-2140
CVE-2007-2353
CVE-2006-0760
YACS article.php context[path_to_root] Variable Remote File Inclusion
WebYep WYImage.php webyep_sIncludePath Variable Remote File
Inclusion
WebYep WYLanguage.php webyep_sIncludePath Variable Remote File
Inclusion
WebYep WYLink.php webyep_sIncludePath Variable Remote File
Inclusion
WebYep WYPath.php webyep_sIncludePath Variable Remote File
Inclusion
WebYep WYPopupWindowLink.php webyep_sIncludePath Variable
Remote File Inclusion
WebYep WYSelectMenu.php webyep_sIncludePath Variable Remote File
Inclusion
WebYep WYTextArea.php webyep_sIncludePath Variable Remote File
Inclusion
WebYep WYGalleryElement.php webyep_sIncludePath Variable Remote
File Inclusion
WebYep WYGuestbookElement.php webyep_sIncludePath Variable
Remote File Inclusion
WebYep WYImageElement.php webyep_sIncludePath Variable Remote
File Inclusion
WebYep WYLogonButtonElement.php webyep_sIncludePath Variable
Remote File Inclusion
WebYep WYLongTextElement.php webyep_sIncludePath Variable
Remote File Inclusion
Redaction System conn.php lang_prefix Variable Remote File Inclusion
Redaction System sesscheck.php lang_prefix Variable Remote File
Inclusion
Redaction System wap/conn.php lang_prefix Variable Remote File
Inclusion
Redaction System wap/sesscheck.php lang_prefix Variable Remote File
Inclusion
PhotoPost PHP adm-modcom.php PP_PATH Variable Remote File
Inclusion
phpProfiles /include/account.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/admin_newcomm.inc.php incpath Variable Remote
File Inclusion
phpProfiles /include/body.inc.php Multiple Variable Remote File Inclusion
phpProfiles /include/body_admin.inc.php Multiple Variable Remote File
Inclusion
phpProfiles /include/comm_post.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/commrecc.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/do_reg.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/friends.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/header.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/header_admin.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/index.inc.php incpath Variable Remote File Inclusion
phpProfiles /include/menu_u.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/menu_v.inc.php incpath Variable Remote File
Inclusion
phpProfiles /include/notify.inc.php incpath Variable Remote File Inclusion
PHP iCalendar day.php Multiple Variable XSS
PHP iCalendar month.php Multiple Variable XSS
CVE-2006-4532
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5302
CVE-2006-5302
CVE-2006-5302
CVE-2006-5302
CVE-2006-4990
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6740
CVE-2006-6824
CVE-2006-6824
PHP iCalendar year.php Multiple Variable XSS
CVE-2006-6824
PHP iCalendar week.php Multiple Variable XSS
CVE-2006-6824
PHP iCalendar search.php Multiple Variable XSS
CVE-2006-6824
PHP iCalendar rss/index.php getdate Variable XSS
CVE-2006-6824
PHP iCalendar print.php getdate Variable XSS
CVE-2006-6824
PHP iCalendar preferences.php Multiple Variable XSS
CVE-2006-6824
Acidcat CMS acidcat.mdb Remote Information Disclosure
CVE-2005-4371
w-Agora globals.inc Direct Request Path Disclosure
CVE-2007-0607
ac4p Mobile index.php Multiple Variable XSS
CVE-2006-5770
ac4p Mobile MobileNews.php Multiple Variable XSS
CVE-2006-5770
ac4p Mobile polls.php Multiple Variable XSS
CVE-2006-5770
ac4p Mobile send.php cats Variable XSS
CVE-2006-5770
ac4p Mobile up.php Multiple Variable XSS
CVE-2006-5770
ac4p Mobile cp/index.php pagenav Variable XSS
CVE-2006-5770
Fix And Chips CMS System delete-announce.php id Variable XSS
CVE-2007-0146
Fix And Chips CMS System staff.php Announcement Field XSS
CVE-2007-0146
Fix And Chips CMS System new_customer.php Multiple Field XSS
CVE-2007-0146
Fix And Chips CMS System search.php XSS
CVE-2007-0146
Fix And Chips CMS System client-results.php XSS
CVE-2007-0146
Magic Photo Storage Website include/common_function.php _config[site_
CVE-2007-0181
path] Variable Remote File Inclusion
Indexu upgrade.php gateway Variable XSS
CVE-2007-0364
Indexu suggest_category.php error_msg Variable XSS
CVE-2007-0364
Indexu user_detail.php u Variable XSS
CVE-2007-0364
Indexu tell_friend.php Multiple Variable XSS
CVE-2007-0364
Indexu sendmail.php Multiple Variable XSS
CVE-2007-0364
Indexu send_pwd.php Multiple Variable XSS
CVE-2007-0364
Indexu search.php keyword Variable XSS
CVE-2007-0364
Indexu register.php Multiple Variable XSS
CVE-2007-0364
Indexu power_search.php Multiple Variable XSS
CVE-2007-0364
Indexu new.php multiple Variable XSS
CVE-2007-0364
Indexu modify.php query Variable XSS
CVE-2007-0364
Indexu mailing_list.php Multiple Variables XSS
CVE-2007-0364
Indexu login.php error_msg Variable XSS
CVE-2007-0364
Horde NLS.php Language Selection Function XSS
CVE-2007-1473
ActiveCalendar data/flatevents.php css Variable XSS
CVE-2007-1111
ActiveCalendar data/js.php css Variable XSS
CVE-2007-1111
ActiveCalendar data/mysqlevents.php css Variable XSS
CVE-2007-1111
ActiveCalendar data/m_2.php css Variable XSS
CVE-2007-1111
ActiveCalendar data/m_3.php css Variable XSS
CVE-2007-1111
ActiveCalendar data/m_4.php css Variable XSS
CVE-2007-1111
ActiveCalendar data/xmlevents.php css Variable XSS
CVE-2007-1111
ActiveCalendar data/y_2.php css Variable XSS
CVE-2007-1111
ActiveCalendar data/y_3.php css Variable XSS
CVE-2007-1111
osCommerce admin/configuration.php gID Variable XSS
osCommerce admin/modules.php Multiple Variable XSS
osCommerce admin/products_attributes.php Multiple Variable XSS
osCommerce admin/languages.php lID Variable XSS
osCommerce admin/customers.php Multiple Variable XSS
osCommerce admin/geo_zones.php Multiple Variable XSS
Secure Login Manager set_preferences.asp SQL Injection
CVE-2006-6816
Secure Login Manager send_password_preferences.asp SQL Injection
CVE-2006-6816
Secure Login Manager SecureLoginManager/list.asp SQL Injection
CVE-2006-6816
Secure Login Manager login.asp sent Variable SQL Injection
CVE-2006-6816
Secure Login Manager content.asp sent Variable SQL Injection
CVE-2006-6816
Secure Login Manager members.asp sent Variable SQL Injection
CVE-2006-6816
Magic Photo Storage Website admin/admin_password.php _config[site_
path] Variable Remote File Inclusion
Magic Photo Storage Website admin/add_welcome_text.php _config
[site_path] Variable Remote File Inclusion
Magic Photo Storage Website admin/admin_email.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website admin/add_templates.php _config[site_
path] Variable Remote File Inclusion
Magic Photo Storage Website admin/admin_paypal_email.php _config
[site_path] Variable Remote File Inclusion
Magic Photo Storage Website admin/approve_member.php _config[site_
path] Variable Remote File Inclusion
Magic Photo Storage Website admin/delete_member.php _config[site_
path] Variable Remote File Inclusion
Magic Photo Storage Website admin/index.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website admin/list_members.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website admin/membership_pricing.php _config
[site_path] Variable Remote File Inclusion
Magic Photo Storage Website admin/send_email.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website include/config.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website include/db_config.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website user/add_category.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website user/add_news.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website user/change_catalog_template.php _config
[site_path] Variable Remote File Inclusion
Magic Photo Storage Website user/couple_milestone.php _config[site_
path] Variable Remote File Inclusion
Magic Photo Storage Website user/couple_profile.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website user/delete_category.php _config[site_
path] Variable Remote File Inclusion
Magic Photo Storage Website user/index.php _config[site_path] Variable
Remote File Inclusion
Magic Photo Storage Website user/login.php _config[site_path] Variable
Remote File Inclusion
Magic Photo Storage Website user/logout.php _config[site_path] Variable
Remote File Inclusion
Magic Photo Storage Website user/register.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website user/upload_photo.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website user/user_catelog_password.php _config
[site_path] Variable Remote File Inclusion
Magic Photo Storage Website user/user_email.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website user/user_extend.php _config[site_path]
Variable Remote File Inclusion
Magic Photo Storage Website user/user_membership_password.php _
config[site_path] Variable Remote File Inclusion
WGS-PPC (PPC Search Engine) config/config_admin.php INC Variable
Remote File Inclusion
WGS-PPC (PPC Search Engine) config/config_main.php INC Variable
Remote File Inclusion
WGS-PPC (PPC Search Engine) config/config_member.php INC Variable
Remote File Inclusion
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0182
CVE-2007-0167
CVE-2007-0167
CVE-2007-0167
WGS-PPC (PPC Search Engine) config/mysql_config.php INC Variable
Remote File Inclusion
WGS-PPC (PPC Search Engine) admini/admin.php INC Variable Remote
File Inclusion
WGS-PPC (PPC Search Engine) admini/index.php INC Variable Remote
File Inclusion
WGS-PPC (PPC Search Engine) paypalipn/ipnprocess.php INC Variable
Remote File Inclusion
WGS-PPC (PPC Search Engine) members/index.php INC Variable
Remote File Inclusion
WGS-PPC (PPC Search Engine) members/registration.php INC Variable
Remote File Inclusion
WGS-PPC (PPC Search Engine) main/ppcbannerclick.php INC Variable
Remote File Inclusion
WGS-PPC (PPC Search Engine) main/ppcclick.php INC Variable Remote
File Inclusion
phpChamber search_result.php needle Variable XSS
AccelSite CMS qsearch_handler.php3 CDSearch Variable HTML
Injection
Thomson SpeedTouch 500 Series LocalNetwork Page name Variable
XSS
PHP Upload Center Direct Request User Password Hash Disclosure
D2KBlog profile.asp Cookie memName Field SQL Injection
vCard PRO create.php Multiple Variable XSS
Prayer Request Board (PRB) addRequest.php Request Field XSS
SoftBB reg.php mail Variable SQL Injection
Absolute Image Gallery XE gallery.asp shownew Variable XSS
PHP phpinfo() Function Long Array XSS
Adobe Document Server for Reader Extensions ads-readerext actionID
Variable XSS
Adobe Document Server for Reader Extensions AlterCast op Variable
XSS
CiscoWorks WLSE archiveApplyDisplay.jsp displayMsg Variable XSS
Dynamic Galerie index.php pfad Variable XSS
Dynamic Galerie galerie.php id Variable XSS
Achievo class.employee.inc atkselector Variable SQL Injection
Activity Mod Plus for phpBB phpbb_root_path Variable Remote File
Inclusion
WordPress PC_REMOTE_ADDR vars.php IP Spoofing
iFlance acc_verify.php vk Variable XSS
iFlance project.php New Project Box XSS
iFlance admincp/login.php adminU Variable XSS
iFlance account/login.php Multiple Variable XSS
iFlance action/create.php project_name Variable XSS
TikiWiki tiki-lastchanges.php Multiple Variable XSS
TikiWiki tiki-orphan_pages.php Multiple Variable XSS
TikiWiki tiki-listpages.php Multiple Variable XSS
TikiWiki tiki-remind_password.php Unspecified XSS
TikiWiki tiki-admin.php Metatag Action XSS
TikiWiki tiki-admin_rssmodules.php offset Variable XSS
TikiWiki tiki-syslog.php Multiple Variable XSS
TikiWiki tiki-adminusers.php numrows Variable XSS
TikiWiki tiki-adminusers.php Unspecified XSS
TikiWiki tiki-admin_hotwords.php Unspecified XSS
TikiWiki tiki-admin_modules.php Multiple Field XSS
TikiWiki tiki-admin_notifications.php Multiple Field XSS
TikiWiki tiki-admin_dsn.php Multiple Field XSS
TikiWiki tiki-admin_content_templates.php Multiple Variable XSS
TikiWiki tiki-admin_chat.php offset Variable XSS
CVE-2007-0167
CVE-2007-0167
CVE-2007-0167
CVE-2007-0167
CVE-2007-0167
CVE-2007-0167
CVE-2007-0167
CVE-2007-0167
CVE-2006-0152
CVE-2006-0946
CVE-2006-1207
CVE-2006-1123
CVE-2006-1230
CVE-2006-1976
CVE-2006-1327
CVE-2006-1411
CVE-2006-0996,2006-1663
CVE-2006-1627,2006-1786
CVE-2006-1786
CVE-2006-1960
CVE-2006-2294
CVE-2006-2294
CVE-2006-2688
CVE-2006-2735
CVE-2006-2702
CVE-2006-2663
CVE-2006-2663
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
CVE-2006-2635
Pre News Manager news_detail.php nid Variable XSS
Pre News Manager email_story.php nid Variable XSS
Pre News Manager thankyou.php nid Variable XSS
Pre News Manager printable_view.php nid Variable XSS
Pre News Manager tella_friend.php nid Variable XSS
Pre News Manager send_comments.php nid Variable XSS
Pre News Manager news_detail.php nid Variable SQL Injection
Pre News Manager email_story.php nid Variable SQL Injection
Pre News Manager thankyou.php nid Variable SQL Injection
Pre News Manager printable_view.php nid Variable SQL Injection
Pre News Manager tella_friend.php nid Variable SQL Injection
Pre News Manager send_comments.php nid Variable SQL Injection
Pre Shopping Mall search.php search Variable XSS
Pre Shopping Mall detail.php prodid Variable XSS
Pre Shopping Mall products.php cid Variable XSS
CosmicShoppingCart search.php max Variable SQL Injection
CosmicShoppingCart search.php query Variable XSS
CosmicShoppingCart search_cat.php doc Variable XSS
CosmicShoppingCart search_price.php XSS
CosmicShoppingCart product_details.php XSS
F@cile Interactive Web p-popupgallery.php l Variable Remote File
Inclusion
F@cile Interactive Web p-editpage.php pathfile Variable Remote File
Inclusion
F@cile Interactive Web p-editbox.php pathfile Variable Remote File
Inclusion
F@cile Interactive Web index.php lang Variable XSS
F@cile Interactive Web Multiple p-themes Directory index.inc.php myskin
Variable XSS
Enigma Haber e_mesaj_yas.asp id Variable SQL Injection
Enigma Haber edi_haber.asp id Variable SQL Injection
Enigma Haber haber_devam.asp id Variable SQL Injection
Enigma Haber yazdir.asp hid Variable SQL Injection
Enigma Haber yorum.asp hid Variable SQL Injection
Enigma Haber arsiv.asp e Variable SQL Injection
Enigma Haber admin/y_admin.asp yid Variable SQL Injection
Enigma Haber admin/reklam_detay.asp bid Variable SQL Injection
Enigma Haber admin/detay_yorum.asp hid Variable SQL Injection
Enigma Haber admin/haber_sil.asp hid Variable SQL Injection
Enigma Haber admin/kategori_d.asp kid Variable SQL Injection
Enigma Haber admin/haber_ekle.asp tur Variable SQL Injection
Enigma Haber admin/e_mesaj_yaz.asp s Variable SQL Injection
Enigma Haber admin/admin_sil.asp id Variable SQL Injection
fastpublish CMS drucken.php config[fsBase] Variable Remote File
Inclusion
fastpublish CMS drucken2.php config[fsBase] Variable Remote File
Inclusion
fastpublish CMS email_an_benutzer.php config[fsBase] Variable Remote
File Inclusion
fastpublish CMS rechnung.php config[fsBase] Variable Remote File
Inclusion
fastpublish CMS suche/search.php config[fsBase] Variable Remote File
Inclusion
fastpublish CMS adminbereich/admin.php config[fsBase] Variable
Remote File Inclusion
abarcar Realty Portal content.php cat Variable SQL Injection
a.shopKart scart.mdb Direct Request Customer Information Disclosure
MyScrapbook singlepage.php Multiple Field XSS
CVE-2006-2678
CVE-2006-2678
CVE-2006-2678
CVE-2006-2678
CVE-2006-2678
CVE-2006-2678
CVE-2006-2763
CVE-2006-2763
CVE-2006-2763
CVE-2006-2763
CVE-2006-2763
CVE-2006-2763
CVE-2006-2669
CVE-2006-2669
CVE-2006-2669
CVE-2006-2650
CVE-2006-2649
CVE-2006-2649
CVE-2006-2649
CVE-2006-2649
CVE-2006-2744
CVE-2006-2745
CVE-2006-2745
CVE-2006-2746
CVE-2006-2746
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2731
CVE-2006-2726
CVE-2006-2726
CVE-2006-2726
CVE-2006-2726
CVE-2006-2726
CVE-2006-2726
CVE-2006-2853
CVE-2006-2823
CVE-2006-3033
CMS Faethon data/footer.php mainpath Variable Remote File Inclusion
aeDating join_form.php ProfileType Variable XSS
aeDating forgot.php Email Variable XSS
Hostflow Help Desk new_ticket.cgi Authentication Replay
ActionApps include/config.php3 GLOBALS[AA_INC_PATH] Variable
Remote File Inclusion
ActionApps modules/ Directory Multiple Script Remote File Inclusion
ActionApps cron.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps discussion.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps filldisc.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps filler.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps fillform.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps go.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps hiercons.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps cached.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps jsview.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps live_checkbox.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps offline.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps post2shtml.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps search.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps slice.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps sql_update.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps view.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps auth.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps csn_util.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps discussion.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps event.class.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps event_handler.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps extauth.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps item_content.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps item.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps formutil.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps fileman.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps feeding.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps extauthnobody.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps notify.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps menu.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps mailman.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps mail.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
CVE-2006-3186
CVE-2006-3279
CVE-2006-3279
CVE-2006-3328
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
ActionApps javascript.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps itemview.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps pagecache.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps perm_sql.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps profile.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps searchbar.class.php3 GLOBALS[AA_INC_PATH] Remote
File Inclusion
ActionApps searchlib.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps sliceobj.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps slicewiz.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps stringexpand.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps tabledit.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps tabledit_util.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps tv_email.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps tv_misc.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps um_uedit.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps um_util.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps xml_fetch.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps xml_rssparse.php3 GLOBALS[AA_INC_PATH] Remote File
Inclusion
ActionApps zids.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
IceWarp WebMail accounts/inc/include.php language Variable Traversal
Local File Inclusion
PhpHostBot order/index.php page Variable Remote File Inclusion
SimpleBoard for Mambo image_upload.php sbp Variable Remote File
Inclusion
Etomite manager/index.php username Variable SQL Injection
WWWthreads calendar.php week Variable XSS
PHPProBid viewfeedback.php Multiple Variable SQL Injection
PHPProBid categories.php orderType Variable SQL Injection
ZyXEL Prestige 660H-61 rpSysAdmin a Variable XSS
a6MamboCredits for Mambo admin.a6mambocredits.php mosConfig_
live_site Variable Remote File Inclusion
UHP for Mambo install.uhp.php mosConfig_absolute_path Variable
Remote File Inclusion
UHP for Mambo functions.php mosConfig_absolute_path Variable
Remote File Inclusion
UHP for Mambo uninstall.uhp.php mosConfig_absolute_path Variable
Remote File Inclusion
WebAdmin logfile_view.wdm file Variable Traversal Arbitrary File Access
auraCMS teman.php judul_artikel Variable XSS
MyBulletinBoard (MyBB) admin/index.php XSS
Indexu admin/inv_send.php theme_path Variable Remote File Inclusion
Indexu admin/app_mod_rewrite.php theme_path Variable Remote File
Inclusion
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-2686
CVE-2006-0817
CVE-2006-3776
CVE-2006-3528
CVE-2006-3904
CVE-2006-3909
CVE-2006-3926
CVE-2006-3926
CVE-2006-3929
CVE-2006-4288
CVE-2006-3995
CVE-2006-3995
CVE-2006-3995
CVE-2006-4371
CVE-2006-3558
Indexu admin/cat_struc.php theme_path Variable Remote File Inclusion
Indexu admin/app_change_email.php theme_path Variable Remote File
Inclusion
Indexu admin/app_change_pwd.php theme_path Variable Remote File
Inclusion
Indexu admin/app_page_caching.php theme_path Variable Remote File
Inclusion
Indexu admin/cat_search.php theme_path Variable Remote File Inclusion
Indexu admin/summary.php theme_path Variable Remote File Inclusion
Indexu admin/template_delete theme_path Variable Remote File
Inclusion
Indexu admin/user_add.php theme_path Variable Remote File Inclusion
Indexu admin/checkurl_web.php base_path Variable Remote File
Inclusion
Indexu admin/db_alter.php base_path Variable Remote File Inclusion
Indexu admin/inv_markpaid.php base_path Variable Remote File
Inclusion
Indexu admin/link_duplicate.php base_path Variable Remote File
Inclusion
Indexu admin/log_search.php base_path Variable Remote File Inclusion
Indexu admin/message_create.php base_path Variable Remote Remote
File Inclusion
Indexu admin/message_send.php base_path Variable Remote File
Inclusion
Indexu admin/whos.php base_path Variable Remote File Inclusion
Indexu admin/user_edit.php base_path Variable Remote File Inclusion
Indexu admin/user_search.php base_path Variable Remote File Inclusion
Indexu become_editor.php theme_path Variable Remote File Inclusion
Indexu add.php theme_path Variable Remote File Inclusion
Indexu bad_link.php theme_path Variable Remote File Inclusion
Indexu browse.php theme_path Variable Remote File Inclusion
Indexu detail.php theme_path Variable Remote File Inclusion
Indexu fav.php theme_path Variable Remote File Inclusion
Indexu get_rated.php theme_path Variable Remote File Inclusion
Indexu login.php theme_path Variable Remote File Inclusion
Indexu mailing_list.php theme_path Variable Remote File Inclusion
Indexu new.php theme_path Variable Remote File Inclusion
Indexu modify.php theme_path Variable Remote File Inclusion
Indexu pick.php theme_path Variable Remote File Inclusion
Indexu power_search.php theme_path Variable Remote File Inclusion
Indexu rating.php theme_path Variable Remote File Inclusion
Indexu register.php theme_path Variable Remote File Inclusion
Indexu review.php theme_path Variable Remote File Inclusion
Indexu rss.php theme_path Variable Remote File Inclusion
Indexu search.php theme_path Variable Remote File Inclusion
Indexu send_pwd.php theme_path Variable Remote File Inclusion
Indexu sendmail.php theme_path Variable Remote File Inclusion
Indexu tell_friend.php theme_path Variable Remote File Inclusion
Indexu top_rated.php theme_path Variable Remote File Inclusion
Indexu user_detail.php theme_path Variable Remote File Inclusion
Indexu user_search.php theme_path Variable Remote File Inclusion
SimpleBoard for Mambo file_upload.php sbp Variable Remote File
CVE-2006-3528
Inclusion
ACGV News article.php PathNews Variable Remote File Inclusion
CVE-2006-4638
miniBB Forum com_minibb.php absolute_path Variable Remote File
CVE-2006-3690
Inclusion
phpBB XS bb_usage_stats.php phpbb_root_path Variable Remote File
CVE-2006-4893
Inclusion
aeDating /inc/admin_design.inc.php dir[inc] Variable Remote File Inclusion CVE-2006-4870
aeDating /inc/design.inc.php dir[inc] Variable Remote File Inclusion
Advanced Poll for Joomla common.inc.php Remote File Inclusion
Simple Discussion Board blank.php Multiple Variable Remote File
Inclusion
Advanced-Clan-Script mcf.php content Variable Remote File Inclusion
Panda ActiveScan ascan_6.asp email Variable XSS
phpMyAgenda agendaplace.php3 rootagenda Variable Remote File
Inclusion
phpMyAgenda agendaplace2.php3 rootagenda Variable Remote File
Inclusion
phpMyAgenda infoevent.php3 rootagenda Variable Remote File Inclusion
phpMyAgenda agenda2.php3 rootagenda Variable Remote File Inclusion
faceStones personal fs_form_links.php fsinit[objpath] Variable Remote
File Inclusion
A-Blog menu.php navigation_start Variable Remote File Inclusion
ASPPlayground.NET Forum Advanced Edition calendar.asp calendarID
XSS
CubeCart /admin/print_order.php order_id Variable XSS
CubeCart view_order.php order_id Variable XSS
CubeCart /admin/nav.php Multiple Variable XSS
CubeCart /admin/image.php image Variable XSS
CubeCart /admin/header.inc.php Multiple Variable XSS
CubeCart /footer.inc.php la_pow_by Variable XSS
CubeCart header.inc.php Multiple Variable XSS
BSQ Sitestats for Joomla rssfeeds.php baseDir Variable Remote File
Inclusion
Comdev FAQ Support include.php path[docroot] Variable Remote File
Inclusion
Comdev Events Calendar include.php path[docroot] Variable Remote File
Inclusion
Comdev Photo Gallery include.php path[docroot] Variable Remote File
Inclusion
Comdev News Publisher include.php path[docroot] Variable Remote File
Inclusion
Comdev Web Blogger include.php path[docroot] Variable Remote File
Inclusion
Comdev CSV Importer include.php path[docroot] Variable Remote File
Inclusion
Comdev Guestbook include.php path[docroot] Variable Remote File
Inclusion
Comdev Links Directory include.php path[docroot] Variable Remote File
Inclusion
Comdev eCommerce include.php path[docroot] Variable Remote File
Inclusion
Comdev Customer Helpdesk include.php path[docroot] Variable Remote
File Inclusion
Comdev Contact Form include.php path[docroot] Variable Remote File
Inclusion
Comdev Vote Caster include.php path[docroot] Variable Remote File
Inclusion
Comdev Newsletter include.php path[docroot] Variable Remote File
Inclusion
ackerTodo gadget/login.php Multiple Variable SQL Injection
WebYep WYFile.php webyep_sIncludePath Variable Remote File
Inclusion
WebYep WYHTMLTag.php webyep_sIncludePath Variable Remote File
Inclusion
DotClear /ecrire/tools/blogroll/edit_cat.php Direct Request Path
Disclosure
DotClear /ecrire/tools/blogroll/index.php Direct Request Path Disclosure
CVE-2006-4870
CVE-2003-1179
CVE-2006-4918
CVE-2006-5061
CVE-2006-4295
CVE-2006-5132
CVE-2006-5132
CVE-2006-5132
CVE-2006-5132
CVE-2006-5070
CVE-2006-5092
CVE-2006-4206
CVE-2006-5108
CVE-2006-5108
CVE-2006-5108
CVE-2006-5108
CVE-2006-5108
CVE-2006-5108
CVE-2006-5108
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5101
CVE-2006-5228
CVE-2006-3938
CVE-2006-3938
DotClear /ecrire/tools/blogroll/edit_link.php Direct Request Path
Disclosure
DotClear /ecrire/tools/syslog/index.php Direct Request Path Disclosure
DotClear /ecrire/tools/thememng/index.php Direct Request Path
Disclosure
DotClear /ecrire/tools/toolsmng/index.php Direct Request Path Disclosure
DotClear /ecrire/tools/utf8convert/index.php Direct Request Path
Disclosure
DotClear /inc/session.php Direct Request Path Disclosure
DotClear /inc/classes/class.blog.php Direct Request Path Disclosure
DotClear /inc/classes/class.blogcomment.php Direct Request Path
Disclosure
DotClear /inc/classes/class.blogpost.php Direct Request Path Disclosure
DotClear /layout/append.php Direct Request Path Disclosure
DotClear /layout/class.xblog.php Direct Request Path Disclosure
DotClear /layout/class.xblogcomment.php Direct Request Path Disclosure
DotClear /layout/class.xblogpost.php Direct Request Path Disclosure
DotClear /themes/default/form.php Direct Request Path Disclosure
DotClear /themes/default/list.php Direct Request Path Disclosure
DotClear /themes/default/post.php Direct Request Path Disclosure
DotClear /themes/default/template.php Direct Request Path Disclosure
UeberProject Management System login/secure.php cfg[homepath]
Variable Remote File Inclusion
mp3SDS Core/core.inc.php fullpath Variable Remote File Inclusion
Faq Administrator faq_reply.php email Variable Remote File Inclusion
QnECMS admin/include/headerscripts.php adminfolderpath Variable
Remote File Inclusion
QnECMS admin/include/footerhome.php adminfolderpath Variable
Remote File Inclusion
QnECMS admin/include/footermain.php adminfolderpath Variable
Remote File Inclusion
QnECMS photogallery/headerscripts.php adminfolderpath Variable
Remote File Inclusion
QnECMS templates/footerhome.php adminfolderpath Variable Remote
File Inclusion
QnECMS templates/footermain.php adminfolderpath Variable Remote
File Inclusion
QnECMS templates/headermain.php adminfolderpath Variable Remote
File Inclusion
QnECMS templates/sitemapfooter.php adminfolderpath Variable Remote
File Inclusion
QnECMS templates/sitemapheader.php adminfolderpath Variable
Remote File Inclusion
Free Image Hosting forgot_pass.php AD_BODY_TEMP Variable Remote
File Inclusion
Simple Website Software common.php SWSDIR Variable Remote File
Inclusion
PunBB include/common.php Local File Inclusion
PunBB search.php result_list array Parameter SQL Injection
PunBB Predictable cookie_seed Weakness
phpProfiles include/body.inc.php reqpath Variable Remote File Inclusion
phpProfiles body_blog.inc.php reqpath Variable Remote File Inclusion
phpProfiles upload_ht.inc.php usrinc Variable Remote File Inclusion
Free File Hosting forgot_pass.php AD_BODY_TEMP Variable Remote
File Inclusion
Free File Hosting login.php AD_BODY_TEMP Variable Remote File
Inclusion
Free File Hosting register.php AD_BODY_TEMP Variable Remote File
Inclusion
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-3938
CVE-2006-5539
CVE-2006-5613
CVE-2006-5637
CVE-2006-5670
CVE-2006-5636
CVE-2006-5735
CVE-2006-5736
CVE-2006-5737
CVE-2006-5634
CVE-2006-5634
CVE-2006-5634
CVE-2006-5762
CVE-2006-5763
CVE-2006-5763
Free File Hosting send.php AD_BODY_TEMP Variable Remote File
Inclusion
abarcar Realty Portal newsdetails.php neid Variable SQL Injection
bitweaver articles/edit.php Message Title Field XSS
bitweaver blogs/post.php Message Title Field XSS
bitweaver wiki/edit.php Message Description Field XSS
cPanel seldir.html dir Variable XSS
cPanel newuser.html Multiple Variable XSS
A+ Store E-Commerce browse.asp ParentID Variable SQL Injection
A+ Store E-Commerce account_login.asp Multiple Variable XSS
Dragon Internet Events Listing admin_login.asp Multiple Field SQL
Injection
Dragon Internet Events Listing event_searchdetail.asp ID Variable SQL
Injection
Dragon Internet Events Listing venue_detail.asp VenueID Variable SQL
Injection
phpMyAdmin tbl_create.php Table Comments Field XSS
phpMyAdmin tbl_properties_operations.php Table Comments Field XSS
Rapid Classified view_print.asp id Variable XSS
Rapid Classified search.asp SH1 Variable XSS
Rapid Classified reply.asp Multiple Variable XSS
Rapid Classified advsearch.asp dosearch Variable XSS
Rialto listmain.asp cat Variable XSS
Rialto searchkey.asp Keyword Variable XSS
Rialto searchmain.asp cat Variable XSS
Rialto forminfo.asp refno Variable XSS
CuteNews search.php XSS
dt_guestbook index.php error Variable XSS
Limbo CMS event Module mod_eventcal.php lm_absolute_path Variable
Remote File Inclusion
Nortel Networks MIPCD Password Disclosure
Makit News Poster include.asp uid SQL Injection
phpCommunityCalendar week.php LoName Variable XSS
phpCommunityCalendar month.php LoName Variable XSS
phpCommunityCalendar event.php AddressLink Variable XSS
tDiary skel/conf.html conf Variable XSS
SignKorn Guestbook includes/functions.gb.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook includes/functions.admin.php dir_path Variable
Remote File Inclusion
SignKorn Guestbook includes/admin.inc.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook help.php dir_path Variable Remote File Inclusion
SignKorn Guestbook smile.php dir_path Variable Remote File Inclusion
SignKorn Guestbook help/en/adminhelp0.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook help/en/adminhelp1.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook help/en/adminhelp2.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook help/en/adminhelp3.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook help/de/adminhelp0.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook help/de/adminhelp1.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook help/de/adminhelp2.php dir_path Variable Remote
File Inclusion
CVE-2006-5763
CVE-2006-5840
CVE-2006-5883
CVE-2006-5883
CVE-2006-5959
CVE-2006-5960
CVE-2006-6066
CVE-2006-6066
CVE-2006-6066
CVE-2006-6487
CVE-2006-6800
CVE-2006-2798
CVE-2006-2798
CVE-2006-2798
CVE-2006-6174
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
SignKorn Guestbook help/de/adminhelp3.php dir_path Variable Remote
File Inclusion
SignKorn Guestbook entry.php dir_path Variable Remote File Inclusion
SignKorn Guestbook admin/preview.php dir_path Variable Remote File
Inclusion
SignKorn Guestbook admin/log.php dir_path Variable Remote File
Inclusion
SignKorn Guestbook admin/index.php dir_path Variable Remote File
Inclusion
SignKorn Guestbook admin/config.php dir_path Variable Remote File
Inclusion
SignKorn Guestbook admin/admin.php dir_path Variable Remote File
Inclusion
PhotoPost PHP addfav.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-admlog.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP adm-approve.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP adm-backup.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP adm-cats.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-cinc.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-db.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-editcfg.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP adm-inc.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-index.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-modcom.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP adm-move.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-options.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP adm-order.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-pa.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-photo.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-purge.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-style.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-templ.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-userg.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-users.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP bulkupload.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP cookies.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP comments.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP ecard.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP editphoto.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP register.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP showgallery.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP showmembers.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP useralbums.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP uploadphoto.php PP_PATH Variable Remote File
Inclusion
PhotoPost PHP search.php PP_PATH Variable Remote File Inclusion
PhotoPost PHP adm-menu.php PP_PATH Variable Remote File Inclusion
SolidState DeleteProductPage.class.php base_path Variable Remote File
Inclusion
SolidState DeleteServerPage.class.php base_path Variable Remote File
Inclusion
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4889
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-4990
CVE-2006-5020
CVE-2006-5020
SolidState DomainServicesPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState DomainsPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState EditProductPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState EditHostingServicePage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState EditPaymentPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState EditAccountPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState EditDomainPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState EditDomainServicePage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState LoginPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState IPManagerPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState InactiveAccountsPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState GenerateInvoicesPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState HomePage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState FulfilledOrdersPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState ExpiredDomainsPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState ExecuteOrderPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState EmailInvoicePage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState EditServerPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState LogPage.class.php base_path Variable Remote File Inclusion CVE-2006-5020
SolidState ModulesPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState NewAccountPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState NewDomainServicePage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState NewProductPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState OutstandingInvoicesPage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState PendingAccountsPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState PendingOrdersPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState PrintInvoicePage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState ProductsPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState RegisterDomainPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState RegisteredDomainsPage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState ServersPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState ServicesHostingServicesPage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState ServicesNewHostingPage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState ServicesPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState ServicesWebHostingPage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState SettingsPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState TaxesPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState TransferDomainPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState ViewDomainServicePage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState ViewAccountPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState ViewHostingServicePage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState ViewInvoicePage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState ViewLogMessagePage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState ViewOrderPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState ViewProductPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState ViewServerPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState WelcomeEmailPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState RegistrarModule.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState SolidStateModule.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState authorizeaim.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState AAIMConfigPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
Plume CMS articles.php _PX_config[manager_path] Variable Remote File
CVE-2006-4533
Inclusion
Plume CMS categories.php _PX_config[manager_path] Variable Remote
CVE-2006-4533
File Inclusion
Plume CMS news.php _PX_config[manager_path] Variable Remote File
CVE-2006-4533
Inclusion
Plume CMS prefs.php _PX_config[manager_path] Variable Remote File
CVE-2006-4533
Inclusion
Plume CMS sites.php _PX_config[manager_path] Variable Remote File
CVE-2006-4533
Inclusion
Plume CMS subtypes.php _PX_config[manager_path] Variable Remote
CVE-2006-4533
File Inclusion
Plume CMS users.php _PX_config[manager_path] Variable Remote File
CVE-2006-4533
Inclusion
Plume CMS xmedia.php _PX_config[manager_path] Variable Remote File
CVE-2006-4533
Inclusion
Plume CMS frontinc/class.template.php _PX_config[manager_path]
CVE-2006-4533
Variable Remote File Inclusion
Plume CMS inc/lib.text.php _PX_config[manager_path] Variable Remote
CVE-2006-4533
File Inclusion
Plume CMS install/index.php _PX_config[manager_path] Variable
CVE-2006-4533
Remote File Inclusion
Plume CMS install/upgrade.php _PX_config[manager_path] Variable
CVE-2006-4533
Remote File Inclusion
Plume CMS tools/htaccess/index.php _PX_config[manager_path]
CVE-2006-4533
Variable Remote File Inclusion
SolidState AccountsPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState AddInvoicePage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState AddIPAddressPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState AddPaymentPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState AddTaxRulePage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState AssignDomainPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState AssignHostingPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState AssignProductPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState BillingPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState BillingPaymentPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState BrowseAccountsPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState BrowseInvoicesPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState ConfigureEditUserPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState ConfigureNewUserPage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState ConfigureNewUserReceiptPage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState ConfigureUsersPage.class.php base_path Variable Remote
CVE-2006-5020
File Inclusion
SolidState DeleteAccountPage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
SolidState DeleteDomainServicePage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState DeleteHostingServicePage.class.php base_path Variable
CVE-2006-5020
Remote File Inclusion
SolidState DeleteInvoicePage.class.php base_path Variable Remote File
CVE-2006-5020
Inclusion
BirdBlog comment.php entryid Variable XSS
CVE-2006-5064
BirdBlog index.php page Variable XSS
CVE-2006-5064
BirdBlog user.php uid Variable XSS
CVE-2006-5064
Vulnerability Name
Netegrity SiteMinder SmMakeCookie.ccc TARGET Variable
Arbitrary Site Redirection
e107 contact.php Query String (PATH_INFO) Variable XSS
e107 admin.php Query String (PATH_INFO) Variable XSS
e107 fpw.php Query String (PATH_INFO) Variable XSS
e107 news.php Query String (PATH_INFO) Variable XSS
e107 search.php Query String (PATH_INFO) Variable XSS
e107 signup.php Query String (PATH_INFO) Variable XSS
e107 submitnews.php Query String (PATH_INFO) Variable
XSS
e107 user.php Query String (PATH_INFO) Variable XSS
e107 download.php Query String (PATH_INFO) Variable XSS
miniBB bb_func_txt.php pathToFiles Variable Remote File
Inclusion
DigiOz Guestbook list.php page Variable Path Disclosure
Spider Friendly for phpBB admin/modules_data.php phpbb_
root_path Variable Remote File Inclusion
phpDynaSite function_log.php racine Variable Remote File
Inclusion
phpDynaSite function_balise_url.php racine Variable Remote
File Inclusion
phpDynaSite connection.php racine Variable Remote File
Inclusion
MODx Thumbnail.php base_path Variable Remote File
Inclusion
SazCart cart.php _saz[settings][shippingfolder] Variable
Remote File Inclusion
Cyberfolio view.php av Variable Remote File Inclusion
Cyberfolio admin/incl_voir_compet.php av Variable Remote
File Inclusion
Soholaunch Pro pgm-shopping_css.inc.php _SESSION
[docroot_path] Variable Remote File Inclusion
Soholaunch Pro shared_functions.php _SESSION[docroot_
path] Variable Remote File Inclusion
DodosMail dodosmail.php Multiple Variable Remote File
Inclusion
LetterIt inc/session.php lang Variable Remote File Inclusion
MyAlbum language.inc.php langs_dir Variable Remote File
Inclusion
Verity Ultraseek /highlight/index.html Arbitrary Proxy
Verity Ultraseek Multiple Script Malformed Request Path
Disclosure
Verity Ultraseek urlstatusgo.html url Variable Path Disclosure
Verity Ultraseek logfile.txt name Variable Arbitrary File
Retrieval
phpJobScheduler add-modify.php installed_config_file
Variable Remote File Inclusion
phpJobScheduler delete.php installed_config_file Variable
Remote File Inclusion
phpJobScheduler modify.php installed_config_file Variable
Remote File Inclusion
phpJobScheduler phpjobscheduler.php installed_config_file
Variable Remote File Inclusion
EncapsCMS core.php root Variable Remote File Inclusion
CVE
CVE-2006-4794
CVE-2006-4794
CVE-2006-4794
CVE-2006-4794
CVE-2006-4794
CVE-2006-4794
CVE-2006-4794
CVE-2006-4794
CVE-2006-4794
CVE-2006-5651
CVE-2006-5665
CVE-2006-5760
CVE-2006-5760
CVE-2006-5760
CVE-2006-5730
CVE-2006-5727
CVE-2006-5796
CVE-2006-5796
CVE-2006-5863
CVE-2006-5865
CVE-2006-5819
CVE-2006-5970
CVE-2006-5970
CVE-2006-5971
Vulnerability checks
added in 2006
Aigaion _basicfunctions.php DIR Variable Remote File
Inclusion
Aigaion pageactionauthor.php DIR Variable Remote File
Inclusion
phpPeanuts Inspect.php Include Variable Remote File
Inclusion
DeluxeBB sig.php templatefolder Variable Local File Inclusion
BasiliX settings.php3 BSX_LIBDIR Variable Remote File
Inclusion
Nivisec Static Topics for phpBB includes/functions_static_
topics.php phpbb_root_path Variable Remote File Inclusion
PhpMyTeam smileys_packs.php smileys_dir Variable Remote
File Inclusion
Webmedia Explorer includes/core.lib.php path_include
Variable Remote File Inclusion
Compteur compteur.php cp Variable Remote File Inclusion
WebYep WYApplication.php webyep_sIncludePath Variable
Remote File Inclusion
WebYep WYDocument.php webyep_sIncludePath Variable
Remote File Inclusion
WebYep WYEditor.php webyep_sIncludePath Variable
Remote File Inclusion
WebYep WYElement.php webyep_sIncludePath Variable
Remote File Inclusion
WebYep WYLoopElement.php webyep_sIncludePath Variable
Remote File Inclusion
WebYep WYMenuElement.php webyep_sIncludePath
Variable Remote File Inclusion
WebYep WYShortTextElement.php webyep_sIncludePath
Variable Remote File Inclusion
Flatnuke sections/none_Sondaggio/Vecchi_sondaggi/
sections.php file_da_canc Variable Arbitrary File Deletion
Leicestershire Community Portals includes/import-archive.php
cp_root_path Variable Remote File Inclusion
Keyword Replacer for miniBB addon_keywords.php
pathToFiles Variable Remote File Inclusion
AFGB Guestbook add.php Htmls Variable Remote File
Inclusion
AFGB Guestbook admin.php Htmls Variable Remote File
Inclusion
AFGB Guestbook look.php Htmls Variable Remote File
Inclusion
AFGB Guestbook re.php Htmls Variable Remote File Inclusion
ACP User Registration for phpBB functions_mod_user.php
phpbb_root_path Variable Remote File Inclusion
osCommerce admin/banner_manager.php page Variable XSS
osCommerce admin/banner_statistics.php page Variable XSS
osCommerce admin/countries.php page Variable XSS
osCommerce admin/currencies.php page Variable XSS
osCommerce admin/languages.php page Variable XSS
osCommerce admin/manufacturers.php page Variable XSS
osCommerce admin/newsletters.php page Variable XSS
osCommerce admin/orders_status.php page Variable XSS
osCommerce admin/products_attributes.php page Variable
XSS
osCommerce admin/products_expected.php page Variable
XSS
osCommerce admin/reviews.php page Variable XSS
osCommerce admin/specials.php page Variable XSS
osCommerce admin/stats_products_purchased.php page
Variable XSS
CVE-2006-5948
CVE-2006-5154
CVE-2006-5167
CVE-2006-5191
CVE-2006-5207
CVE-2006-5252
CVE-2006-5260
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5220
CVE-2006-5280
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
osCommerce admin/stats_products_viewed.php page
Variable XSS
osCommerce admin/tax_classes.php page Variable XSS
osCommerce admin/tax_rates.php page Variable XSS
osCommerce admin/zones.php page Variable XSS
Comdev Misc Tools adminfoot.php path[docroot] Variable
Remote File Inclusion
Comdev Forum adminfoot.php path[docroot] Variable Remote
File Inclusion
Comdev Form Designer adminfoot.php path[docroot] Variable
Remote File Inclusion
Comdev Web Blogger adminfoot.php path[docroot] Variable
Remote File Inclusion
pandaBB displayCategory.php Multiple Variable Remote File
Inclusion
PH Pexplorer explorer_load_lang.php Language Variable
Remote File Inclusion
OpenDock Full Core sw/lib_cart/cart.php doc_directory
Variable Remote File Inclusion
OpenDock Full Core sw/lib_cart/lib_cart.php doc_directory
Variable Remote File Inclusion
OpenDock Full Core sw/lib_cart/lib_read_cart.php doc_
directory Variable Remote File Inclusion
OpenDock Full Core sw/lib_cart/lib_sys_cart.php doc_
directory Variable Remote File Inclusion
OpenDock Full Core sw/lib_cart/txt_info_cart.php doc_
directory Variable Remote File Inclusion
OpenDock Full Core sw/lib_comment/comment.php doc_
directory Variable Remote File Inclusion
OpenDock Full Core sw/lib_comment/find_comment.php doc_
directory Variable Remote File Inclusion
OpenDock Full Core sw/lib_comment/lib_comment.php doc_
directory Variable Remote File Inclusion
OpenDock Full Core sw/lib_find/find.php doc_directory
Variable Remote File Inclusion
OpenDock Full Core sw/index_sw.php doc_directory Variable
Remote File Inclusion
RSSonate config_local.php PROJECT_ROOT Variable
Remote File Inclusion
RSSonate rssonate.php PROJECT_ROOT Variable Remote
File Inclusion
RSSonate sql2xml.php PROJECT_ROOT Variable Remote
File Inclusion
RSSonate xml2rss.php PROJECT_ROOT Variable Remote
File Inclusion
Wiclear admin/inc/prepend.inc.php path Variable Remote File
Inclusion
Wiclear admin/inc/lib/boxes.lib.php path Variable Remote File
Inclusion
Wiclear admin/inc/lib/tools.lib.php path Variable Remote File
Inclusion
Wiclear admin/tools/trackback/index.php path Variable
Remote File Inclusion
Wiclear inc/lib/boxes.lib.php path Variable Remote File
Inclusion
Wiclear inc/lib/history.lib.php path Variable Remote File
Inclusion
Der Dirigent insert_line.php cfg_dedi[dedi_path] Variable
Remote File Inclusion
Der Dirigent insert_page.php cfg_dedi[dedi_path] Variable
Remote File Inclusion
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5190
CVE-2006-5506
CVE-2006-5506
CVE-2006-5506
CVE-2006-5506
CVE-2006-5506
CVE-2006-5506
CVE-2006-5507
CVE-2006-5507
Der Dirigent find.php cfg_dedi[dedi_path] Variable Remote File
CVE-2006-5507
Inclusion
Der Dirigent fullscreen.php cfg_dedi[dedi_path] Variable
CVE-2006-5507
Remote File Inclusion
Der Dirigent changecase.php cfg_dedi[dedi_path] Variable
CVE-2006-5507
Remote File Inclusion
Der Dirigent insert_link.php cfg_dedi[dedi_path] Variable
CVE-2006-5507
Remote File Inclusion
Der Dirigent insert_table.php cfg_dedi[dedi_path] Variable
CVE-2006-5507
Remote File Inclusion
Der Dirigent table_cellprop.php cfg_dedi[dedi_path] Variable
CVE-2006-5507
Remote File Inclusion
Der Dirigent table_prop.php cfg_dedi[dedi_path] Variable
CVE-2006-5507
Remote File Inclusion
Der Dirigent table_rowprop.php cfg_dedi[dedi_path] Variable
CVE-2006-5507
Remote File Inclusion
Trawler Web CMS redaktion/artikel/up/index.php path_red2
CVE-2006-5495
Variable Remote File Inclusion
Trawler Web CMS richtext/addtort.php path_red2 Variable
CVE-2006-5495
Remote File Inclusion
Trawler Web CMS richtext/colorpik2.php path_red2 Variable
CVE-2006-5495
Remote File Inclusion
Trawler Web CMS richtext/colorpik3.php path_red2 Variable
CVE-2006-5495
Remote File Inclusion
Trawler Web CMS richtext/extras_menu.php path_red2
CVE-2006-5495
Variable Remote File Inclusion
Trawler Web CMS richtext/farbpalette.php path_red2 Variable
CVE-2006-5495
Remote File Inclusion
Trawler Web CMS richtext/lese_inc.php path_red2 Variable
CVE-2006-5495
Remote File Inclusion
Trawler Web CMS richtext/newfile.php path_red2 Variable
CVE-2006-5495
Remote File Inclusion
Trawler Web CMS share/insert1.php path_scr_dat2 Variable
CVE-2006-5495
Remote File Inclusion
Trawler Web CMS extras/downloads/index.php path_red
CVE-2006-5495
Variable Remote File Inclusion
Open Meetings Filing Application editmeetings/session.php
CVE-2006-5517
PROJECT_ROOT Variable Remote File Inclusion
Open Meetings Filing Application email/session.php
CVE-2006-5517
PROJECT_ROOT Variable Remote File Inclusion
Open Meetings Filing Application entityproperties/session.php
CVE-2006-5517
PROJECT_ROOT Variable Remote File Inclusion
Open Meetings Filing Application inc/mail.php PROJECT_
CVE-2006-5517
ROOT Variable Remote File Inclusion
Pheap config.php lpref Variable Remote File Inclusion
LearnCenter learncenter.asp id Variable XSS
Membrepass recherchemembre.php recherche Variable SQL
Injection
Membrepass /include/change.php aifon Variable Arbitrary PHP
Code Execution
Membrepass recherchemembre.php recherche Variable XSS
Membrepass test.php email Variable XSS
FlashChat aedatingCMS.php dir[inc] Variable Remote File
Inclusion
FlashChat aedatingCMS2.php dir[inc] Variable Remote File
Inclusion
FlashChat aedating4CMS.php dir[inc] Variable Remote File
Inclusion
MyBace Light includes/login_check.php hauptverzeichniss
Variable Remote File Inclusion
MyBace Light user_daten.php template_back Variable
Remote File Inclusion
php-revista index.php adodb Variable Remote File Inclusion
PwsPHP profil.php aff_news_form Variable Arbitrary SQL
Injection
php-revista busqueda.php cadena Variable SQL Injection
php-revista autor.php id_autor Variable SQL Injection
php-revista lista.php email Variable SQL Injection
php-revista articulo.php id_articulo Variable SQL Injection
php-revista Admin Variable Manipulation Authentication
Bypass
php-revista busqueda.php cadena Variable XSS
php-revista lista.php email Variable XSS
php-revista busqueda_tema.php id_temas Variable SQL
Injection
TikiWiki jhot.php File Upload Arbitrary PHP Code Execution
vtiger CRM fileupload.html Arbitrary PHP Code Execution
MyHeadlines for PHP_nuke myh_op Variable XSS
SimpleBlog default.asp id Variable SQL Injection
Tr Forum /membres/modif_profil.php id Variable Arbitrary
Profile Modification
Tr Forum /membres/change_mdp.php Unauthorized Password
Modification
Tr Forum /admin/insert_admin.php Authentication Bypass
Tr Forum /admin/editer.php id2 Variable SQL Injection
C-News commentaires.php path Variable Remote File
Inclusion
GrapAgenda index.php page Variable Remote File Inclusion
Sponge News news.php sndir Variable Remote File Inclusion
SoftBB addmembre.php groupe Variable SQL Injection
SoftBB moveto.php select Variable SQL Injection
SoftBB admin/save_opt.php Arbitrary PHP Code Execution
Plesk filemanager.php file Variable XSS
photokorn cart.inc.php dir_path Variable Remote File Inclusion
photokorn ext_cats.php dir_path Variable Remote File
Inclusion
BLOG:CMS /admin/plugins/NP_Log.php Multiple Variable
SQL Injection
BLOG:CMS /admin/plugins/NP_Poll.php pitem Variable SQL
Injection
BLOG:CMS /admin/plugins/NP_Referrer.php pageRef
Variable SQL Injection
RunCms /class/sessions.class.php uid Variable SQL Injection
RunCms /class/xoopsuser.php Multiple Variable SQL Injection
iManage CMS themes/default.php absolute_path Variable
Remote File Inclusion
iManage CMS articles.php absolute_path Variable Remote
File Inclusion
iManage CMS contact.php absolute_path Variable Remote
File Inclusion
iManage CMS displaypage.php absolute_path Variable
Remote File Inclusion
iManage CMS faq.php absolute_path Variable Remote File
Inclusion
iManage CMS mainbody.php absolute_path Variable Remote
File Inclusion
iManage CMS news.php absolute_path Variable Remote File
Inclusion
iManage CMS registration.php absolute_path Variable
Remote File Inclusion
iManage CMS whosOnline.php absolute_path Variable
Remote File Inclusion
CVE-2006-0942
CVE-2006-4602
CVE-2006-4563
CVE-2006-3737
CVE-2006-4667
CVE-2006-4667
CVE-2006-3771
CVE-2006-3771
CVE-2006-3771
CVE-2006-3771
CVE-2006-3771
CVE-2006-3771
CVE-2006-3771
CVE-2006-3771
CVE-2006-3771
iManage CMS components/com_calendar.php absolute_path
CVE-2006-3771
Variable Remote File Inclusion
iManage CMS components/com_forum.php absolute_path
CVE-2006-3771
Variable Remote File Inclusion
iManage CMS components/minibb/index.php absolute_path
CVE-2006-3771
Variable Remote File Inclusion
iManage CMS components/minibb/bb_admin.php absolute_
CVE-2006-3771
path Variable Remote File Inclusion
iManage CMS components/minibb/bb_plugins.php absolute_
CVE-2006-3771
path Variable Remote File Inclusion
iManage CMS modules/mod_calendar.php absolute_path
CVE-2006-3771
Variable Remote File Inclusion
iManage CMS modules/mod_browser_prefs.php absolute_
CVE-2006-3771
path Variable Remote File Inclusion
iManage CMS modules/mod_counter.php absolute_path
CVE-2006-3771
Variable Remote File Inclusion
iManage CMS modules/mod_online.php absolute_path
CVE-2006-3771
Variable Remote File Inclusion
iManage CMS modules/mod_stats.php absolute_path Variable
CVE-2006-3771
Remote File Inclusion
iManage CMS modules/mod_weather.php absolute_path
CVE-2006-3771
Variable Remote File Inclusion
iManage CMS themes/bizz.php absolute_path Variable
CVE-2006-3771
Remote File Inclusion
iManage CMS themes/simple.php absolute_path Variable
CVE-2006-3771
Remote File Inclusion
iManage CMS themes/original.php absolute_path Variable
CVE-2006-3771
Remote File Inclusion
iManage CMS themes/portal.php absolute_path Variable
CVE-2006-3771
Remote File Inclusion
iManage CMS themes/purple.php absolute_path Variable
CVE-2006-3771
Remote File Inclusion
miniBB news.php absolute_path Variable Remote File
CVE-2006-3955
Inclusion
miniBB search.php absolute_path Variable Remote File
CVE-2006-3955
Inclusion
miniBB whosOnline.php absolute_path Variable Remote File
CVE-2006-3955
Inclusion
MosCom for Joomla tradetop.php mosConfig_absolute_path
Variable Remote File Inclusion
Mosets Tree Savant2_Compiler_basic.php mosConfig_
CVE-2006-3990
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Error_pear.php mosConfig_absolute_
CVE-2006-3990
path Variable Remote File Inclusion
Mosets Tree Savant2_Error_stack.php mosConfig_absolute_
CVE-2006-3990
path Variable Remote File Inclusion
Mosets Tree Savant2_Filter_colorizeCode.php mosConfig_
CVE-2006-3990
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Filter_trimwhitespace.php mosConfig_
CVE-2006-3990
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahref.php mosConfig_absolute_
CVE-2006-3990
path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefcontact.php mosConfig_
CVE-2006-3990
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahreflisting.php mosConfig_
CVE-2006-3990
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahreflistingimage.php
CVE-2006-3990
mosConfig_absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefmap.php mosConfig_
CVE-2006-3990
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefownerlisting.php
CVE-2006-3990
mosConfig_absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefprint.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefrating.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefrecommend.php
mosConfig_absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefreport.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefreview.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_ahrefvisit.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_checkbox.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_cycle.php mosConfig_absolute_
path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_dateformat.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_editor.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_form.php mosConfig_absolute_
path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_image.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_input.php mosConfig_absolute_
path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_javascript.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_listalpha.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_listingname.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_modify.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_mtpath.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_options.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_radios.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_rating.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_stylesheet.php mosConfig_
absolute_path Variable Remote File Inclusion
Mosets Tree Savant2_Plugin_textarea.php mosConfig_
absolute_path Variable Remote File Inclusion
Tagger LE tags.php PHP eval() Arbitrary Code Injection
Tagger LE sign.php PHP eval() Arbitrary Code Injection
Tagger LE index.php PHP eval() Arbitrary Code Injection
vCAP Malformed String DoS
vCAP Traversal Arbitrary File Access
vCAP Error Message XSS
vCAP RegisterPage.cgi statusmsg Variable XSS
Stefan Ernst Newsscript (WM-News) print.php ide Variable
Traversal Arbitrary File Access
Stefan Ernst Newsscript (WM-News) modify.php ide Variable
Arbitrary File Access
Stefan Ernst Newsscript (WM-News) article.php ide Variable
Remote File Inclusion
Stefan Ernst Newsscript (WM-News) add_go.php var Variable
File Overwrite Code Execution
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-3990
CVE-2006-4437
CVE-2006-4437
CVE-2006-4437
CVE-2006-4666
CVE-2006-4666
CVE-2006-4666
CVE-2006-4768
Snitz Forums 2000 forum.asp sortorder Variable XSS
Shadowed Portal bottom.php root Variable Remote File
Inclusion
Shadowed Portal footer.php root Variable Remote File
Inclusion
Shadowed Portal header.php root Variable Remote File
Inclusion
Q-Shop browse.asp OrderBy Variable SQL Injection
MobilePublisherPHP header.php abspath Variable Remote
File Inclusion
Site@School slideshow.php cmsdir Variable Remote File
Inclusion
Site@School include.php cmsdir Variable Remote File
Inclusion
Site@School main.inc.php cmsdir Variable Remote File
Inclusion
PHP-Post footer.php template Variable Remote File Inclusion
PHP-Post header.php table_prefix Variable SQL Injection
PHP-Post profile.php Multiple Variable SQL Injection
PHP-Post pm.php replyuser Variable XSS
PHP-Post footer.php template Variable Path Disclosure
JD-WordPress for Joomla wp-comments-post.php Remote
File Inclusion
JD-WordPress for Joomla wp-feed.php Remote File Inclusion
JD-WordPress for Joomla wp-trackback.php Remote File
Inclusion
A.l-Pifou livre_lire.php ze_langue_02 Cookie Variable Local
File Inclusion
BrudaNews/BrudaGB admin/index.php o Variable Remote File
Inclusion
Pie Cart Pro affiliates.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro orders.php Inc_Dir Variable Remote File Inclusion
Pie Cart Pro events.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro index.php Inc_Dir Variable Remote File Inclusion
Pie Cart Pro articles.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro faqs.php Inc_Dir Variable Remote File Inclusion
Pie Cart Pro guestbook.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro catalog.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro wholesale.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro weblinks.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro certificates.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro sitesearch.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro contact.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro sitemap.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro search.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro registry.php Inc_Dir Variable Remote File
Inclusion
Pie Cart Pro error.php Inc_Dir Variable Remote File Inclusion
ATutor links/index.php Multiple Variable SQL Injection
CVE-2006-4826
CVE-2006-4849
CVE-2006-4920
CVE-2006-4921
CVE-2006-4920
CVE-2006-4878
CVE-2006-4877
CVE-2006-4877
CVE-2006-4881
CVE-2006-4880
CVE-2006-4914
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-4969
CVE-2006-3996
MyNewsGroups layersmenu.inc.php myng_root Variable
CVE-2006-3966
Remote File Inclusion
Knusperleicht Shoutbox index.php sb_include_path Variable CVE-2006-3989
Remote File Inclusion
Jetbox CMS admin/cms/index.php login Variable XSS
CVE-2006-3585
ME Download System header.php Vb8878b936c2bd8ae0cab
CVE-2006-4053
Variable Remote File Inclusion
ME Download System inc/sett_style.php
CVE-2006-4054
Vb8878b936c2bd8ae0cab Variable Remote File Inclusion
ME Download System inc/sett_smilies.php
CVE-2006-4054
Vb8878b936c2bd8ae0cab Variable Remote File Inclusion
ME Download System inc/datei.php Multiple Variable Remote
CVE-2006-4054
File Inclusion
vBulletin global.php Encoded URL XSS
Torbstoff News news.php pfad Variable Remote File Inclusion CVE-2006-4045
PHP Simple Shop admin/index.php abs_path Variable Remote
CVE-2006-4052
File Inclusion
PHP Simple Shop admin/adminindex.php abs_path Variable
CVE-2006-4052
Remote File Inclusion
PHP Simple Shop admin/adminglobal.php abs_path Variable
CVE-2006-4052
Remote File Inclusion
PHP Simple Shop admin/login.php abs_path Variable Remote
CVE-2006-4052
File Inclusion
PHP Simple Shop admin/menu.php abs_path Variable
CVE-2006-4052
Remote File Inclusion
PHP Simple Shop admin/header.php abs_path Variable
CVE-2006-4052
Remote File Inclusion
Simplog archive.php keyw Variable XSS
CVE-2006-4058
YenerTurk Haber Script default.asp id Variable SQL Injection CVE-2006-4064
DeluxeBB newpost.php Topic Title Field XSS
CVE-2006-4079
NEWSolved Lite newsscript_lyt.php abs_path Variable
CVE-2006-4059
Remote File Inclusion
NEWSolved Lite newsticker/newsscript_get.php abs_path
CVE-2006-4059
Variable Remote File Inclusion
NEWSolved Lite inc/output/news_theme1.php abs_path
CVE-2006-4059
Variable Remote File Inclusion
NEWSolved Lite inc/output/news_theme2.php abs_path
CVE-2006-4059
Variable Remote File Inclusion
NEWSolved Lite inc/output/news_theme3.php abs_path
CVE-2006-4059
Variable Remote File Inclusion
docpile:we lib/folder.class.php INIT_PATH Variable Remote
File Inclusion
docpile:we lib/email.inc.php INIT_PATH Variable Remote File
Inclusion
docpile:we lib/document.class.php INIT_PATH Variable
Remote File Inclusion
docpile:we lib/auth.inc.php INIT_PATH Variable Remote File
Inclusion
docpile:we lib/access.inc.php INIT_PATH Variable Remote
File Inclusion
docpile:we lib/folders.inc.php INIT_PATH Variable Remote File
Inclusion
docpile:we lib/init.inc.php INIT_PATH Variable Remote File
Inclusion
docpile:we lib/templates.inc.php INIT_PATH Variable Remote
File Inclusion
hitweb genpage-cgi.php REP_INC Variable Remote File
Inclusion
PHPMyRing view_com.php idsite Variable SQL Injection
BlogHoster previewcomment.php nickname Variable XSS
Spaminator Login.php page Variable Remote File Inclusion
MVCnPHP BaseCommand.php glConf[path_library] Variable
Remote File Inclusion
MVCnPHP BaseLoader.php glConf[path_library] Variable
Remote File Inclusion
MVCnPHP BaseView.php glConf[path_library] Variable
Remote File Inclusion
Chaussette Evenement.php _BASE Variable Remote File
Inclusion
Chaussette Event.php _BASE Variable Remote File Inclusion
Chaussette Event_for_month.php _BASE Variable Remote
File Inclusion
Chaussette Event_for_week.php _BASE Variable Remote File
Inclusion
Chaussette My_Log.php _BASE Variable Remote File
Inclusion
Chaussette My_Smarty.php _BASE Variable Remote File
Inclusion
SaralBlog view.php website XSS
Apache on Windows mod_alias URL Validation
Canonicalization CGI Source Disclosure
Douran FollowWeb register.aspx XSS
PowerPortal index.php search Variable XSS
PowerPortal search.php search Variable XSS
CubeCart gateway/Protx/confirmed.php oid Variable SQL
Injection
CubeCart gateway/Authorize/confirmed.php x_invoice_num
Variable SQL Injection
CubeCart admin/login.php email Variable XSS
Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Variable
Remote File Inclusion
Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Variable
Remote File Inclusion
Tutti Nova class.novaRead.mysql.php TNLIB_DIR Variable
Remote File Inclusion
bigAPE-Backup for Mambo Tar.php mosConfig_absolute_path
Variable Remote File Inclusion
phpCodeGenie Core.php BEAUT_PATH Variable Remote File
Inclusion
LBlog comments.asp id Variable SQL Injection
SportsPHool plain.footer.php mainnav Variable Remote File
Inclusion
cPanel dohtaccess.html dir Variable XSS
cPanel editit.html file Variable XSS
cPanel showfile.html file Variable XSS
NES Game & NES System includes.php phphtmllib
Variable Remote File Inclusion
NES Game & NES System divtag_utils.php phphtmllib
Variable Remote File Inclusion
NES Game & NES System form_utils.php phphtmllib
Variable Remote File Inclusion
NES Game & NES System html_utils.php phphtmllib
Variable Remote File Inclusion
NES Game & NES System tag_utils/localinc.php
phphtmllib Variable Remote File Inclusion
NES Game & NES System FooterNav.php phphtmllib
Variable Remote File Inclusion
NES Game & NES System HTMLPageClass.php
phphtmllib Variable Remote File Inclusion
NES Game & NES System InfoTable.php phphtmllib
Variable Remote File Inclusion
CVE-2006-4216
CVE-2006-4216
CVE-2006-4216
CVE-2006-4216
CVE-2006-4216
CVE-2006-4216
CVE-2006-0346
CVE-2006-4110
CVE-2006-0373
CVE-2006-0358
CVE-2006-0358
CVE-2006-4267
CVE-2006-4267
CVE-2006-4268
CVE-2006-4276
CVE-2006-4277
CVE-2006-4277
CVE-2006-4284
CVE-2006-4278
NES Game & NES System widgets/localinc.php
phphtmllib Variable Remote File Inclusion
NES Game & NES System NavTable.php phphtmllib
Variable Remote File Inclusion
NES Game & NES System TextNav.php phphtmllib
Variable Remote File Inclusion
FreeQboard about.php qb_path Variable Remote File
Inclusion
FreeQboard contact.php qb_path Variable Remote File
Inclusion
FreeQboard delete.php qb_path Variable Remote File
Inclusion
FreeQboard faq.php qb_path Variable Remote File Inclusion
FreeQboard features.php qb_path Variable Remote File
Inclusion
FreeQboard history.php qb_path Variable Remote File
Inclusion
Links Manager admin.php nick Variable SQL Injection
Links Manager add_url.php Multiple Variable XSS
Doika Guestbook gbook.php page XSS
indexcity list.php cate_id Variable SQL Injection
indexcity add_url2.php url Variable XSS
TikiWiki tiki-searchindex.php highlight Variable XSS
Diesel Paid Mail getad.php ps Variable XSS
Diesel Job Site forgot.php Multiple Variable XSS
Diesel Pay index.php read Variable XSS
XennoBB topic_post.php icon_topic Variable SQL Injection
Empire CMS e/class/CheckLevel.php check_path Remote File
Inclusion
Cool Manager Cool_CoolID.exe username Variable SQL
Injection
WebAdmin configfile_view.wdm file Variable Traversal
Arbitrary File Access
VistaBB functions_mod_user.php phpbb_root_path Variable
Remote File Inclusion
VistaBB functions_portal.php phpbb_root_path Variable
Remote File Inclusion
Zen Cart ipn_main_handler.php SQL Injection
Zen Cart ot_coupon.php dc_redeem_code Variable SQL
Injection
mambo-phpShop mod_phpshop.php mosConfig_absolute_
path Variable Remote File Inclusion
mambo-phpShop mod_phpshop_allinone.php mosConfig_
absolute_path Variable Remote File Inclusion
mambo-phpShop mod_phpshop_cart.php mosConfig_
absolute_path Variable Remote File Inclusion
mambo-phpShop mod_phpshop_featureprod.php mosConfig_
absolute_path Variable Remote File Inclusion
mambo-phpShop mod_phpshop_latestprod.php mosConfig_
absolute_path Variable Remote File Inclusion
mambo-phpShop mod_product_categories.php mosConfig_
absolute_path Variable Remote File Inclusion
mambo-phpShop mod_productscroller.php mosConfig_
absolute_path Variable Remote File Inclusion
mambo-phpShop mosproductsnap.php mosConfig_absolute_
path Variable Remote File Inclusion
PHP iAddressBook person.php Multiple Variable XSS
ATutor registration.php Multiple Variable POST Method XSS
ATutor index_list.php lang Variable XSS
ATutor index.php fid Variable SQL Injection
CVE-2006-3475
CVE-2006-3475
CVE-2006-3475
CVE-2006-3475
CVE-2006-3475
CVE-2006-3475
CVE-2006-4328
CVE-2006-4327
CVE-2006-4325
CVE-2006-4323
CVE-2006-4324
CVE-2006-4279
CVE-2006-4347
CVE-2006-4214
CVE-2006-4214
CVE-2006-4263
CVE-2006-4263
CVE-2006-4263
CVE-2006-4263
CVE-2006-4263
CVE-2006-4263
CVE-2006-4263
CVE-2006-4263
CVE-2006-4460
CVE-2006-3821
CVE-2006-3821
Webvizyon Portal SayfalaAltList.asp ID Variable SQL Injection CVE-2006-3518
phpCOIN constants.php _CCFG[_PKG_PATH_INCL] Variable
CVE-2006-4424
Remote File Inclusion
phpCOIN api.php _CCFG[_PKG_PATH_INCL] Variable
CVE-2006-4425
Remote File Inclusion
phpCOIN common.php _CCFG[_PKG_PATH_INCL] Variable
CVE-2006-4425
Remote File Inclusion
phpCOIN core.php _CCFG[_PKG_PATH_INCL] Variable
CVE-2006-4425
Remote File Inclusion
phpCOIN custom.php _CCFG[_PKG_PATH_INCL] Variable
CVE-2006-4425
Remote File Inclusion
phpCOIN db.php _CCFG[_PKG_PATH_INCL] Variable
CVE-2006-4425
Remote File Inclusion
phpCOIN redirect.php _CCFG[_PKG_PATH_INCL] Variable
CVE-2006-4425
Remote File Inclusion
phpCOIN session_set.php _CCFG[_PKG_PATH_INCL]
Variable Remote File Inclusion
eFiction loggedin Variable Manipulation Authentication Bypass CVE-2006-4427
HLstats hlstats.php q Variable XSS
Community Builder for Joomla plugin.class.php mosConfig_
absolute_path Variable Remote File Inclusion
Fotopholder index.php path Variable XSS
CVE-2006-4259
Fotopholder index.php path Variable Traversal Arbitrary File
CVE-2006-4260
Access
Ay System WCS main.php path[ShowProcessHandle] Variable
Remote File Inclusion
Ay System WCS home.php path[ShowProcessHandle]
Variable Remote File Inclusion
Ay System WCS impressum.php path[ShowProcessHandle]
Variable Remote File Inclusion
Web3news _class.security.php PHPSECURITYADMIN_PATH
Variable Remote File Inclusion
ExBB Italia userstop.php exbb[home_path] Variable Remote
File Inclusion
DUpoll DUpoll.mdb User Database Disclosure
VBZooM sendmail.php UserID Variable SQL Injection
CVE-2006-3691
MiniBill ipn.php config[include_dir] Variable Remote File
Inclusion
MiniBill initPlugins.php config[include_dir] Variable File
Inclusion
Cybozu Share360 s360.exe id Variable Traversal Arbitrary File
Access
Cybozu Multiple Product ag.exe id Variable Traversal Arbitrary
File Access
Xoops edituser.php user_avatar Variable SQL Injection
CVE-2006-4417
JS ASP Faq Manager admin/default.asp Multiple Field SQL
Injection
Freekot login_verif.asp Multiple Field SQL Injection
CubeCart viewCat.inc.php searchArray[] Variable SQL
Injection
Shadows Rising RPG smarty.inc.php CONFIG[gameroot]
CVE-2006-4329
Variable Remote File Inclusion
Shadows Rising RPG security.inc.php CONFIG[gameroot]
CVE-2006-4329
Variable Remote File Inclusion
phpECard functions.php include_path Variable Remote File
Inclusion
ezContents loginreq2.php subgroupname Variable XSS
CVE-2006-4479
ezContents headeruserdata.php groupname Variable SQL
CVE-2006-4478
Injection
ezContents event_list.php GLOBALS[admin_home] Variable
CVE-2006-4477
Remote File Inclusion
ezContents calendar.php GLOBALS[language_home]
CVE-2006-4477
Variable Remote File Inclusion
ezContents gallery_summary.php GLOBALS[admin_home]
CVE-2006-4477
Variable Remote File Inclusion
ezContents showguestbook.php GLOBALS[admin_home]
CVE-2006-4477
Variable Remote File Inclusion
ezContents showlinks.php GLOBALS[admin_home] Variable
CVE-2006-4477
Remote File Inclusion
ezContents shownews.php GLOBALS[admin_home] Variable
CVE-2006-4477
Remote File Inclusion
ezContents showpoll.php GLOBALS[admin_home] Variable
CVE-2006-4477
Remote File Inclusion
ezContents review_summary.php GLOBALS[admin_home]
CVE-2006-4477
Variable Remote File Inclusion
ezContents search.php GLOBALS[language_home] Variable
CVE-2006-4477
Remote File Inclusion
ezContents toprated.php GLOBALS[language_home] Variable
CVE-2006-4477
Remote File Inclusion
ezContents whatsnew.php GLOBALS[language_home]
CVE-2006-4477
Variable Remote File Inclusion
Cybozu Garoon todo Facility Multiple Variable SQL Injection CVE-2006-4444
Cybozu Garoon workflow Facility Multiple Variable SQL
CVE-2006-4444
Injection
Cybozu Garoon schedule Facility uid Variable SQL Injection
CVE-2006-4444
Cybozu Garoon phonemessage Facility uid Variable SQL
CVE-2006-4444
Injection
Cybozu Garoon memo Facility iid Variable SQL Injection
CVE-2006-4444
Cybozu Garoon schedule Facility Multiple Variable SQL
CVE-2006-4444
Injection
Dolphin about_us.php dir[inc] Variable Remote File Inclusion CVE-2006-4189
Dolphin activation_email.php dir[inc] Variable Remote File
CVE-2006-4189
Inclusion
Dolphin aemodule.php dir[inc] Variable Remote File Inclusion CVE-2006-4189
Dolphin affiliates.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin blog.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin browse.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin cart.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin cart_pop.php dir[inc] Variable Remote File Inclusion CVE-2006-4189
Dolphin cc.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin change_status.php dir[inc] Variable Remote File
CVE-2006-4189
Inclusion
Dolphin checkout.php dir[inc] Variable Remote File Inclusion CVE-2006-4189
Dolphin click.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin compose.php dir[inc] Variable Remote File Inclusion CVE-2006-4189
Dolphin contact.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin event.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin explanation.php dir[inc] Variable Remote File Inclusion CVE-2006-4189
Dolphin faq.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin forgot.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin freemail.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin gallery.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin getmem.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin guestbook.php dir[inc] Variable Remote File Inclusion CVE-2006-4189
Dolphin im.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin imctrl.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin inbox.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin join_aff.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin join_form.php dir[inc] Variable Remote File Inclusion CVE-2006-4189
Dolphin list_pop.php dir[inc] Variable Remote File Inclusion
CVE-2006-4189
Dolphin logout.php dir[inc] Variable Remote File Inclusion
Dolphin member.php dir[inc] Variable Remote File Inclusion
Dolphin membership.php dir[inc] Variable Remote File
Inclusion
Dolphin messages_inbox.php dir[inc] Variable Remote File
Inclusion
Dolphin messages_outbox.php dir[inc] Variable Remote File
Inclusion
Dolphin news.php dir[inc] Variable Remote File Inclusion
Dolphin news_view.php dir[inc] Variable Remote File Inclusion
Dolphin outbox.php dir[inc] Variable Remote File Inclusion
Dolphin photos_gallery.php dir[inc] Variable Remote File
Inclusion
Dolphin poll.php dir[inc] Variable Remote File Inclusion
Dolphin polls.php dir[inc] Variable Remote File Inclusion
Dolphin privacy.php dir[inc] Variable Remote File Inclusion
Dolphin profile.php dir[inc] Variable Remote File Inclusion
Dolphin profile_activate.php dir[inc] Variable Remote File
Inclusion
Dolphin profile_customize.php dir[inc] Variable Remote File
Inclusion
Dolphin profile_edit.php dir[inc] Variable Remote File Inclusion
Dolphin profile_photos.php dir[inc] Variable Remote File
Inclusion
Dolphin profile_sound.php dir[inc] Variable Remote File
Inclusion
Dolphin profile_video.php dir[inc] Variable Remote File
Inclusion
Dolphin rate.php dir[inc] Variable Remote File Inclusion
Dolphin result.php dir[inc] Variable Remote File Inclusion
Dolphin sdating.php dir[inc] Variable Remote File Inclusion
Dolphin search.php dir[inc] Variable Remote File Inclusion
Dolphin search_result.php dir[inc] Variable Remote File
Inclusion
Dolphin service.php dir[inc] Variable Remote File Inclusion
Dolphin shoutbox.php dir[inc] Variable Remote File Inclusion
Dolphin sound_pop.php dir[inc] Variable Remote File Inclusion
Dolphin stories.php dir[inc] Variable Remote File Inclusion
Dolphin story.php dir[inc] Variable Remote File Inclusion
Dolphin story_view.php dir[inc] Variable Remote File Inclusion
Dolphin tellfriend.php dir[inc] Variable Remote File Inclusion
Dolphin terms_of_use.php dir[inc] Variable Remote File
Inclusion
Dolphin unregister.php dir[inc] Variable Remote File Inclusion
Dolphin video_pop.php dir[inc] Variable Remote File Inclusion
Dolphin vkiss.php dir[inc] Variable Remote File Inclusion
DZCP index.php id Variable SQL Injection
MoniWiki wiki.php XSS
SiteBuilder-FX admin/top.php admindir Variable Remote File
Inclusion
NewsPHP inc/rss_feed.php category Variable SQL Injection
Buddy Zone view_sub_forum.php main_cat Variable SQL
Injection
Buddy Zone view_classifieds.php cat_id Variable SQL
Injection
Buddy Zone view_ad.php id Variable SQL Injection
Buddy Zone view_event.php event_id Variable SQL Injection
Buddy Zone delete_event.php event_id Variable SQL Injection
Buddy Zone edit_event.php event_id Variable SQL Injection
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-4189
CVE-2006-3347
CVE-2006-3358
Buddy Zone view_group.php group_id Variable SQL Injection
Buddy Zone view_sub_forum.php XSS
Buddy Zone view_post.php XSS
Buddy Zone view_classifieds.php XSS
Buddy Zone view_ad.php XSS
Buddy Zone view_event.php XSS
Buddy Zone delete_event.php XSS
Buddy Zone edit_event.php XSS
Buddy Zone view_group.php XSS
Galleria for Mambo galleria.html.php mosConfig_absolute_
path Variable Remote File Inclusion
phpSysInfo index.php lng Variable Traversal File Existence
Enumeration
PHPMailList maillist.php email Variable XSS
PHPMailList list.dat Subscriber E-mail List Disclosure
PHPMailList ml_config.dat Cleartext Administrator Password
Disclosure
ATutor create_course.php Multiple Variable XSS
ATutor documentation/admin/index.php XSS
ATutor password_reminder.php forgot Variable XSS
ATutor users/browse.php cat Variable XSS
ATutor admin/fix_content.php submit Variable XSS
Glendown Shopping Cart edititem.php product Variable XSS
Glendown Shopping Cart editshop.php name Variable XSS
BLOG:CMS photo/thumb.php image Variable Arbitrary Image
Upload
TTCalc loan.php Multiple Variable XSS
TTCalc mortgage.php Multiple Variable XSS
Sport Slo Advanced Guestbook guestbook.php Multiple Field
XSS
Lazarus Guestbook codes-english.php show Variable XSS
Lazarus Guestbook picture.php img Variable XSS
Photocycle photocycle Script phpage Variable XSS
Actinic Catalog ca000007.pl REFPAGE Variable XSS
Actinic Catalog ss000007.pl PRODREF Variable XSS
Actinic Catalog ca000001.pl hop Variable XSS
HiveMail search.results.php fields[] Variable SQL Injection
HiveMail addressbook.view.php Multiple Variable XSS
HiveMail compose.email.php data[to] Variable XSS
HiveMail read.markas.php markas Variable XSS
HiveMail search.results.php Multiple Variable Path Disclosure
Fantastic Guestbook guestbook.php Multiple Field XSS
Papoo interna/hilfe.php Multiple Variable XSS
Papoo forumthread.php msgid Variable SQL Injection
Pivot insert_image.php Multiple Extension Arbitrary File
Upload Code Execution
Pivot blogroll.php Multiple Variable XSS
Pivot edit_menu.php Multiple Variable XSS
Pivot photo.php Multiple Variable XSS
Phorum posting.php mode Variable POST Method XSS
Phorum control.php Local File Inclusion
BosClassifieds Classified Ads System recent.php insPath
Variable Remote File Inclusion
BosClassifieds Classified Ads System account.php insPath
Variable Remote File Inclusion
BosClassifieds Classified Ads System classified.php insPath
Variable Remote File Inclusion
CVE-2006-3396
CVE-2006-3360
CVE-2006-3483
CVE-2006-3616
CVE-2006-3616
CVE-2002-1732
CVE-2002-1732
CVE-2002-1732
CVE-2006-3565
CVE-2006-3564
CVE-2006-3564
CVE-2006-3564
CVE-2006-3568
CVE-2006-3571
CVE-2006-3572
CVE-2006-3531
CVE-2006-3533
CVE-2006-3533
CVE-2006-3533
CVE-2006-3615
CVE-2006-3527
CVE-2006-3527
CVE-2006-3527
BosClassifieds Classified Ads System search.php insPath
Variable Remote File Inclusion
Mail2Forum for phpBB m2f_phpbb204.php m2f_root_path
Variable Remote File Inclusion
Mail2Forum for phpBB m2f_forum.php m2f_root_path Variable
Remote File Inclusion
Mail2Forum for phpBB m2f_mailinglist.php m2f_root_path
Variable Remote File Inclusion
Mail2Forum for phpBB m2f_cron.php m2f_root_path Variable
Remote File Inclusion
Eskolar CMS php/esa.php Multiple Variable SQL Injection
Eskolar CMS del.php SQL Injection
Eskolar CMS download_backup.php SQL Injection
Eskolar CMS navig.php SQL Injection
Eskolar CMS restore.php SQL Injection
Eskolar CMS set_12.php SQL Injection
Eskolar CMS set_14.php SQL Injection
Eskolar CMS upd_doc.php SQL Injection
SiteDepth CMS constants.php SD_DIR Variable Remote File
Inclusion
Top XL add.php Multiple Variable XSS
Top XL /members/index.php id Variable XSS
Micro Guestbook add.php Multiple Field XSS
PHP Live! help.php css_path Variable Remote File Inclusion
PHP Live! setup/header.php css_path Variable Remote File
Inclusion
mcGuestbook admin.php lang Variable Remote File Inclusion
mcGuestbook ecrire.php lang Variable Remote File Inclusion
mcGuestbook lire.php lang Variable Remote File Inclusion
sNews snews.php search_query Variable XSS
Contenido contenido/classes/class.inuse.php Multiple Variable
Remote File Inclusion
Pivot edit_new.php Paths[extensions_path] Variable Remote
File Inclusion
LinksCaffe links.php Multiple Variable SQL Injection
LinksCaffe counter.php tablewidth Variable XSS
LinksCaffe links.php newdays Variable XSS
LinksCaffe menu.inc.php Multiple Variable XSS
Codewalkers PHP Event Calendar calendar.php id Variable
SQL Injection
DreamAccount /admin/index.php path Variable Remote File
Inclusion
QaTraq top.inc Multiple Variable XSS
QaTraq components_copy_content.php Multiple Variable XSS
QaTraq components_modify_content.php Multiple Variable
XSS
QaTraq components_new_content.php Multiple Variable XSS
QaTraq design_copy_content.php Multiple Variable XSS
QaTraq design_copy_plan_search.php Multiple Variable XSS
QaTraq design_modify_content.php Multiple Variable XSS
QaTraq design_new_content.php Multiple Variable XSS
QaTraq design_new_search.php Multiple Variable XSS
QaTraq download.php file_name Variable XSS
QaTraq login.php Multiple Variable XSS
QaTraq phase_copy_content.php Multiple Variable XSS
QaTraq phase_delete_search.php content Variable XSS
QaTraq phase_modify_content.php Multiple Variable XSS
QaTraq phase_modify_search.php Multiple Variable XSS
QaTraq phase_view_search.php content Variable XSS
CVE-2006-3527
CVE-2006-3735
CVE-2006-3735
CVE-2006-3735
CVE-2006-3735
CVE-2006-3727
CVE-2006-3727
CVE-2006-3727
CVE-2006-3727
CVE-2006-3727
CVE-2006-3727
CVE-2006-3727
CVE-2006-3727
CVE-2006-3175
CVE-2006-3175
CVE-2006-3175
CVE-2005-4132
CVE-2006-3532
CVE-2005-4011,2006-3248
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
CVE-2006-3312
QaTraq products_copy_content.php Multiple Variable XSS
QaTraq products_copy_search.php Multiple Variable XSS
Coppermine Photo Gallery init.inc.php System Array
Manipulation
ADOdb tmssql.php do Variable XSS
OpenForum openforum.asp Multiple Variable XSS
AWBS contact.php Multiple Variable XSS
X-Poll top.php poll Variable SQL Injection
X-Protection protect.php password username Variables POST
Method SQL Injection
X-Statistics x-statistics.php User-Agent HTTP Header SQL
Injection
Ajax Chat operator_chattranscript.php chatid Variable
Traversal Arbitrary File Access
Ajax Chat chat.php userid Variable XSS
MGM for Mambo help.mgm.php mosConfig_absolute_path
Variable Remote File Inclusion
UHP for Mambo uhp_config.php mosConfig_absolute_path
Variable Remote File Inclusion
UHP for Mambo footer.php mosConfig_absolute_path
Variable Remote File Inclusion
Mambatstaff for Mambo mambatstaff.php mosConfig_
absolute_path Variable Remote File Inclusion
a6MamboHelpDesk for Mambo admin.a6mambohelpdesk.php
mosConfig_live_site Variable Remote File Inclusion
Security Images for Joomla configinsert.php mosConfig_
absolute_path Variable Remote File Inclusion
Security Images for Joomla lang.php mosConfig_absolute_
path Variable Remote File Inclusion
Security Images for Joomla client.php mosConfig_absolute_
path Variable Remote File Inclusion
Security Images for Joomla server.php mosConfig_absolute_
path Variable Remote File Inclusion
Colophon for Joomla admin.colophon.php mosConfig_
absolute_path Variable Remote File Inclusion
Php Blue Dragon CMS team_admin.php vsDragonRootPath
Variable Remote File Inclusion
Php Blue Dragon CMS rss_admin.php vsDragonRootPath
Variable Remote File Inclusion
Php Blue Dragon CMS manual_admin.php vsDragonRootPath
Variable Remote File Inclusion
Php Blue Dragon CMS forum_admin.php vsDragonRootPath
Variable Remote File Inclusion
Ottoman index.php default_path Variable Remote File
Inclusion
Ottoman error.php default_path Variable Remote File
Inclusion
Ottoman classes/main_class.php default_path Variable
Remote File Inclusion
Ottoman format_css.php default_path Variable Remote File
Inclusion
Ottoman js.php default_path Variable Remote File Inclusion
Ottoman rss.php default_path Variable Remote File Inclusion
ByteHoard server.php bhconfig[bhfilepath] Variable Remote
File Inclusion
LabWiki recentchanges.php help Variable XSS
dotWidget CMS feedback.php file_path Variable Remote File
Inclusion
dotWidget CMS printfriendly.php file_path Variable Remote
File Inclusion
CVE-2006-3312
CVE-2006-3312
CVE-2006-3064
CVE-2006-3321
CVE-2006-3956
CVE-2006-3959
CVE-2006-3950
CVE-2006-3980
CVE-2006-3969
CVE-2006-2767
CVE-2006-2767
CVE-2006-2767
CVE-2006-2850
CVE-2006-2852
CVE-2006-2852
WebspotBlogging inc/logincheck.inc.php path Variable
CVE-2006-2860
Remote File Inclusion
WebspotBlogging inc/adminheader.inc.php path Variable
CVE-2006-2860
Remote File Inclusion
WebspotBlogging inc/global.php path Variable Remote File
CVE-2006-2860
Inclusion
WebspotBlogging inc/mainheader.inc.php path Variable
CVE-2006-2860
Remote File Inclusion
BlueShoes Framework faq/Bs_Faq.class.php?APP[path]
[applications] Variable Remote File Inclusion
BlueShoes Framework filebrowser/fileBrowserInner.php?APP
[path][core] Variable Remote File Inclusion
BlueShoes Framework filemanager/file.php?APP[path][core]
Variable Remote File Inclusion
BlueShoes Framework filemanager/viewer.php?APP[path]
[core] Variable Remote File Inclusion
BlueShoes Framework imagearchive/Bs_
ImageArchive.class.php?APP[path][core] Variable Remote File
Inclusion
BlueShoes Framework mailinglist/Bs_Ml_User.class.php
GLOBALS[APP][path][core] Variable Remote File Inclusion
BlueShoes Framework websearchengine/Bs_Wse_
Profile.class.php APP[path][plugins] Variable Remote File
Inclusion
myNewsletter adminLogin.asp UserName Variable SQL
CVE-2006-2887
Injection
AssoCIateD admin/menu.php root_path Variable Remote File
CVE-2006-2841
Inclusion
AssoCIateD admin/profile.php root_path Variable Remote File
CVE-2006-2841
Inclusion
AssoCIateD admin/users.php root_path Variable Remote File
CVE-2006-2841
Inclusion
AssoCIateD includes/cache_mngt.php root_path Variable
CVE-2006-2841
Remote File Inclusion
AssoCIateD includes/gallery_functions.php root_path Variable
CVE-2006-2841
Remote File Inclusion
DreamAccount auth.cookie.inc.php da_path Variable Remote
CVE-2006-2881
File Inclusion
DreamAccount auth.header.inc.php da_path Variable Remote
CVE-2006-2881
File Inclusion
DreamAccount auth.sessions.inc.php da_path Variable
CVE-2006-2881
Remote File Inclusion
KnowledgeTree Open Source view.php fDocumentId Variable
CVE-2006-2885
XSS
KnowledgeTree Open Source search/simpleSearch.php
CVE-2006-2885
fSearchableText Variable XSS
MiraksGalerie pcltar.lib.php g_pcltar_lib_dir Variable Remote
File Inclusion
MiraksGalerie galimage.lib.php listconfigfile[0] Variable
Remote File Inclusion
MiraksGalerie galsecurity.lib.php listconfigfile[0] Variable
Remote File Inclusion
Open Business Management publication_index.php tf_lang
Variable XSS
Open Business Management group_index.php Multiple
Variable XSS
Open Business Management user_index.php tf_lastname
Variable XSS
Open Business Management list_index.php Multiple Variable
XSS
Open Business Management company_index.php Multiple
Variable XSS
Open Business Management group_index.php Multiple
Variable SQL Injection
Open Business Management user_index.php order_dir
Variable SQL Injection
Open Business Management list_index.php Multiple Variable
SQL Injection
Open Business Management company_index.php Multiple
Variable SQL Injection
Clan Manager Pro cmpro.intern/login.inc.php rootpath Variable
Remote File Inclusion
Clan Manager Pro cmpro.extern/cmpro.ext/
comment.core.inc.php sitepath Variable Remote File Inclusion
Clan Manager Pro cmpro.intern/comment.core.inc.php
rootpath Variable Remote File Inclusion
CMS-Bandits td.php spaw_root Variable Remote File Inclusion
CMS-Bandits img.php spaw_root Variable Remote File
Inclusion
SelectaPix view_album.php albumID Variable SQL Injection
SelectaPix popup.php imageID Variable SQL Injection
SelectaPix admin/member.php Multiple Variable SQL Injection
SelectaPix popup.php albumID Variable XSS
SelectaPix view_album.php albumID Variable XSS
Enterprise Payroll Systems footer.php absolutepath Variable
Remote File Inclusion
myNewsletter validatelogin.asp UserName Variable SQL
Injection
KAPhotoservice album.asp cat Variable XSS
KAPhotoservice albums.asp albumid Variable XSS
KAPhotoservice edtalbum.asp Multiple Variable XSS
My Photo Scrapbook display.asp key_m Variable XSS
My Photo Scrapbook Displayview.asp key Variable SQL
Injection
My Photo Scrapbook Details_Photo_bv.asp key Variable SQL
Injection
NPDS header.php Direct Request Path Disclosure
NPDS contact.php Direct Request Path Disclosure
NPDS forum_extender.php Direct Request Path Disclosure
NPDS header.php Default_Theme Variable Traversal
Arbitrary File Access
NPDS cluster-E.php ModPath Variable Traversal Arbitrary File
Access
NPDS header.php Multiple Variable XSS
NPDS meta.php nuke_url Variable XSS
NPDS viewforum.php forum Variable XSS
NPDS editpost.php Multiple Variable XSS
NPDS user.php email Variable XSS
KnowledgeTree Open Source view.php fDocumentId Variable
Path Disclosure
Ringlink next.cgi ringid Variable XSS
Ringlink stats.cgi ringid Variable XSS
Ringlink list.cgi ringid Variable XSS
LogiSphere URI Error Page XSS
webprojectdb nav.php INCDIR Variable Remote File Inclusion
webprojectdb lang.php INCDIR Variable Remote File Inclusion
Content*Builder col_man/column.inc.php lang_path Variable
Remote File Inclusion
Content*Builder poll/poll.inc.php lang_path Variable Remote
File Inclusion
Content*Builder user_managment/usrPortrait.inc.php lang_
path Variable Remote File Inclusion
CVE-2006-2928
CVE-2006-2928
CVE-2006-2912
CVE-2006-2912
CVE-2006-2912
CVE-2006-2913
CVE-2006-2913
CVE-2006-2982
CVE-2006-2887
CVE-2006-2955
CVE-2006-2955
CVE-2006-2955
CVE-2006-2992
CVE-2006-2993
CVE-2006-2993
CVE-2006-2950
CVE-2006-2950
CVE-2006-2950
CVE-2006-2952
CVE-2006-2952
CVE-2006-2951
CVE-2006-2951
CVE-2006-2951
CVE-2006-2951
CVE-2006-2951
CVE-2006-2886
CVE-2006-2995
CVE-2006-2995
Content*Builder user_managment/user.inc.php lang_path
Variable Remote File Inclusion
Content*Builder events/permanent.eventMonth.inc.php lang_
path Variable Remote File Inclusion
Content*Builder media_manager/media.inc.php lang_path
Variable Remote File Inclusion
Content*Builder events/events.inc.php lang_path Variable
Remote File Inclusion
Content*Builder newsletter2/newsletter.inc.php lang_path
Variable Remote File Inclusion
Content*Builder guestbook/guestbook.inc.php path[cb]
Variable Remote File Inclusion
Content*Builder shoutbox/shoutBox.php path[cb] Variable
Remote File Inclusion
Content*Builder sitemap/sitemap.inc.php path[cb] Variable
Remote File Inclusion
Content*Builder download/overview.inc.php rel Variable
Remote File Inclusion
Content*Builder download/detailView.inc.php rel Variable
Remote File Inclusion
Content*Builder article/fullarticle.inc.php rel Variable Remote
File Inclusion
Content*Builder article/comments.inc.php rel Variable Remote
File Inclusion
Content*Builder article2/overview.inc.php rel Variable Remote
File Inclusion
Content*Builder article2/fullarticle.inc.php rel Variable Remote
File Inclusion
Content*Builder article2/comments.inc.php rel Variable
Remote File Inclusion
Content*Builder headline/headlineBox.php rel Variable
Remote File Inclusion
Content*Builder headline/showHeadline.inc.php rel Variable
Remote File Inclusion
ePhotos subphotos.asp CAT_ID Variable SQL Injection
ePhotos photo.asp AL_ID Variable SQL Injection
ePhotos subLevel2.asp Multiple Variable SQL Injection
EZGallery common/galleries.asp Multiple Variable XSS
EZGallery common/pupload.asp Multiple Variable XSS
EZGallery common/upload.asp Multiple Variable XSS
EZGallery public.asp msg Variable XSS
CS-Forum read.php Multiple Variable XSS
CS-Forum ajouter.php Multiple Variable XSS
CS-Forum read.php Multiple Variable SQL Injection
CS-Forum ajouter.php email Variable Mail Header Injection
phpCMS counter.php PHPCMS_INCLUDEPATH Variable
Remote File Inclusion
phpCMS parser.php PHPCMS_INCLUDEPATH Variable
Remote File Inclusion
phpCMS include/class.parser_phpcms.php PHPCMS_
INCLUDEPATH Variable Remote File Inclusion
phpCMS include/class.session_phpcms.php PHPCMS_
INCLUDEPATH Variable Remote File Inclusion
phpCMS include/class.edit_phpcms.php PHPCMS_
INCLUDEPATH Variable Remote File Inclusion
phpCMS include/class.http_indexer_phpcms.php PHPCMS_
INCLUDEPATH Variable Remote File Inclusion
phpCMS include/class.cache_phpcms.php PHPCMS_
INCLUDEPATH Variable Remote File Inclusion
phpCMS include/class.search_phpcms.php PHPCMS_
INCLUDEPATH Variable Remote File Inclusion
phpCMS include/class.lib_indexer_universal_phpcms.php
PHPCMS_INCLUDEPATH Variable Remote File Inclusion
phpCMS include/class.layout_phpcms.php PHPCMS_
INCLUDEPATH Variable Remote File Inclusion
Xtreme ASP Photo Gallery displaypic.asp Multiple Variable
XSS
Xtreme ASP Photo Gallery displaythumbs.asp catname
Variable XSS
DwZone Shopping Cart ProductDetailsForm.asp Multiple
Variable XSS
DwZone Shopping Cart LogIn/VerifyUserLog.asp Multiple
Variable XSS
Enterprise Payroll Systems cal.php absolutepath Variable
Remote File Inclusion
EvGenius Counter monthly.php page Variable XSS
EvGenius Counter daily.php page Variable XSS
Enterprise Payroll Systems admin/addpayrollbonus.php
absolutepath Variable Remote File Inclusion
Minerva module.php phpbb_root_path Variable Remote File
Inclusion
Cisco WebVPN Clientless Mode dnserror.html domain
Variable XSS
Cisco WebVPN Clientless Mode connecterror.html XSS
DeluxeBB deluxe/postreply.php templatefolder Variable
Remote File Inclusion
DeluxeBB deluxe/posting.php templatefolder Variable Remote
File Inclusion
DeluxeBB deluxe/pm/newpm.php templatefolder Variable
Remote File Inclusion
DeluxeBB default/postreply.php templatefolder Variable
Remote File Inclusion
DeluxeBB default/posting.php templatefolder Variable Remote
File Inclusion
DeluxeBB default/pm/newpm.php templatefolder Variable
Remote File Inclusion
PhpMyFactures pays/modifier_pays.php id_pays Variable
SQL Injection
PhpMyFactures produits/ajouter_cat.php titre Variable SQL
Injection
PhpMyFactures stocks/ajouter.php Multiple Variable SQL
Injection
PhpMyFactures produits/modifier_cat.php id_cat Variable SQL
Injection
PhpMyFactures clients/modifier_client.php id_client Variable
SQL Injection
PhpMyFactures remises/index.php id_remise Variable SQL
Injection
PhpMyFactures tva/index.php id_taux Variable SQL Injection
PhpMyFactures stocks/index.php Multiple Variable SQL
Injection
PhpMyFactures pays/index.php id_pays Variable SQL
Injection
PhpMyFactures produits/index.php id_cat Variable SQL
Injection
PhpMyFactures Unauthenticated Data Manipulation
PhpMyFactures inc/header.php prefixe_dossier Variable XSS
PhpMyFactures ajouter_remise.php Multiple Variable XSS
PhpMyFactures ajouter_produit.php msg Variable XSS
PhpMyFactures ajouter_tva.php msg Variable XSS
PhpMyFactures ajouter.php Multiple Variable XSS
PhpMyFactures ajouter_pays.php Multiple Variable XSS
CVE-2006-3032
CVE-2006-3032
CVE-2006-3030
CVE-2006-3030
CVE-2006-2983
CVE-2006-3073
CVE-2006-3073
PhpMyFactures ajouter_cat.php msg Variable XSS
PhpMyFactures modifier_cat.php msg Variable XSS
PhpMyFactures verif.php Direct Request Path Disclosure
PhpMyFactures inc/footer.php Direct Request Path Disclosure
PhpMyFactures ajouter_remise.php Direct Request Path
Disclosure
Car Classifieds index.php make_id Variable XSS
Event Registration view-event-details.php event_id Variable
CVE-2006-3052
XSS
Event Registration event-registration.php select_events
CVE-2006-3052
Variable XSS
Five Star Review Script index2.php sort Variable XSS
Five Star Review Script report.php item_id Variable XSS
Five Star Review Script search_reviews.php search_term
Variable XSS
PictureDis Products thumstbl.php lang Variable Remote File
CVE-2006-3075
Inclusion
PictureDis Products wpfiles.php lang Variable Remote File
CVE-2006-3075
Inclusion
PictureDis Products wallpapr.php lang Variable Remote File
CVE-2006-3075
Inclusion
Flipper Poll poll.php root_path Variable Remote File Inclusion
35mm Slide Gallery index.php imgdir Variable XSS
CVE-2006-3036
35mm Slide Gallery popup.php Multiple Variable XSS
CVE-2006-3036
phpBannerExchange resetpw.php email Variable SQL
CVE-2006-3013
Injection
phpBannerExchange stats.php Multiple Variable SQL Injection CVE-2006-3012
Horde test.php url Variable XSS
CVE-2006-2195
Horde /templates/problem/problem.inc Multiple Variable XSS CVE-2006-2195
iPostMX 2005 userlogin.cfm RETURNURL Variable XSS
iPostMX 2005 account.cfm RETURNURL Variable XSS
Calendarix Basic cal_event.php id Variable SQL Injection
Calendarix Basic cal_popup.php id Variable SQL Injection
Cisco Secure ACS for Unix LogonProxy.cgi Multiple Variable
CVE-2006-3101
XSS
SSPwiz Plus index.cfm message Variable XSS
Virtual War war.php Multiple Variable SQL Injection
Tamber Forum show_forum.asp frm_id Variable SQL Injection CVE-2006-2674
Tamber Forum forum_search.asp Search Field SQL Injection CVE-2006-2674
Tamber Forum admin/index.asp Multiple Field SQL Injection CVE-2006-2674
Tamber Forum browse_forum_cat.asp frm_cat_id Variable
CVE-2006-2674
SQL Injection
Tamber Forum post_message.asp Multiple Field SQL Injection CVE-2006-2674
APBoard board.php PHPSESSID Variable SQL Injection
APBoard main.php viewcatmod Variable SQL Injection
bitweaver articles/edit.php Arbitrary File Upload
bitweaver articles/index.php feedback Variable XSS
bitweaver users/index.php sort_mode Information Disclosure
LabWiki search.php query Variable XSS
CVE-2006-2968
Bible Portal Project Admin/rtf_parser.php destination Variable
Remote File Inclusion
Bookmark4U inc/dbase.php env[include_prefix] Variable
CVE-2006-2877
Remote File Inclusion
Bookmark4U inc/config.php env[include_prefix] Variable
CVE-2006-2877
Remote File Inclusion
Bookmark4U inc/common.php env[include_prefix] Variable
CVE-2006-2877
Remote File Inclusion
Bookmark4U inc/function.php env[include_prefix] Variable
CVE-2006-2877
Remote File Inclusion
Confixx Pro tools_ftp_pwaendern.php account Variable XSS
Confixx Pro ftp_index.php path Variable XSS
tplShop category.php first_row Variable SQL Injection
xarancms xarancms_haupt.php id Variable SQL Injection
easy-CMS Multiple Extension File Upload Code Execution
CMS Faethon data/footer.php mainpath Variable XSS
CMS Faethon data/header.php mainpath Variable XSS
Tradingeye Shop details.cfm image Variable XSS
Xtreme Downloads download.php root Variable Remote File
CVE-2006-2964
Inclusion
Xtreme Downloads manager.php root Variable Remote File
CVE-2006-2964
Inclusion
Xtreme Downloads admin/scripts/category.php root Variable
CVE-2006-2964
Remote File Inclusion
Xtreme Downloads includes/add_allow.php root Variable
CVE-2006-2964
Remote File Inclusion
Xtreme Downloads admin/index.php root Variable Remote File
CVE-2006-2964
Inclusion
Xtreme Downloads admin/login.php root Variable Remote File
CVE-2006-2964
Inclusion
Particle Gallery viewimage.php imageid Variable XSS
Particle Gallery viewalbum.php albumid Variable Traversal
Arbitrary File Access
Cisco CallManager Web Interface ccmadmin/phonelist.asp
pattern Variable XSS
Cisco CallManager Web Interface ccmuser/logon.asp XSS
Simple File Manager fm.php msg Variable XSS
Free Realty propview.php sort Variable SQL Injection
CVE-2006-3165
phpMyDirectory offers-pix.php PIC Variable XSS
phpMyDirectory cp/index.php from Variable XSS
phpMyDirectory cp/admin_index.php action Variable XSS
Ad Manager Pro ad.php ipath Variable Remote File Inclusion
Ad Manager Pro common.php ipath Variable Remote File
Inclusion
Micro CMS microcms-include.php microcms_path Variable
CVE-2006-3144
Remote File Inclusion
phpMyForum topic.php highlight Variable XSS
Clubpage sites.php sites_id Variable XSS
CVE-2006-3131
Clubpage news_more.php news_id Variable XSS
CVE-2006-3131
IMGallery galerie.php Multiple Variable SQL Injection
CVE-2006-3163
phpTRADER printad.php Multiple Variable SQL Injection
phpTRADER note_ad.php Multiple Variable SQL Injection
CVE-2006-3152
phpTRADER showmemberads.php Multiple Variable SQL
CVE-2006-3152
Injection
phpTRADER buynow.php Multiple Variable SQL Injection
CVE-2006-3152
phpTRADER login.php sectio Variable SQL Injection
CVE-2006-3152
phpTRADER write_newad.php sectio Variable SQL Injection CVE-2006-3152
phpTRADER newad.php sectio Variable SQL Injection
CVE-2006-3152
phpTRADER askseller.php sectio Variable SQL Injection
CVE-2006-3152
phpTRADER browse.php sectio Variable SQL Injection
CVE-2006-3152
phpTRADER abuse.php sectio Variable SQL Injection
CVE-2006-3152
phpTRADER confirm_newad.php sectio Variable SQL
CVE-2006-3152
Injection
Docebo CMS news_class.php GLOBALS[where_framework]
CVE-2006-3107
Variable Remote File Inclusion
Docebo CMS content_class.php GLOBALS[where_framework]
CVE-2006-3107
Variable Remote File Inclusion
Docebo CMS util.media.php GLOBALS[where_cms] Variable
CVE-2006-3107
Remote File Inclusion
Docebo CMS body.php GLOBALS[where_framework] Variable
Remote File Inclusion
Docebo CMS lib.php GLOBALS[where_framework] Variable
Remote File Inclusion
Docebo CMS class.definition.php GLOBALS[where_lms]
Variable Remote File Inclusion
Docebo CMS scorm_utils.php GLOBALS[where_lms] Variable
Remote File Inclusion
Ultimate Estate index.pl id Variable SQL Injection
Ultimate Estate index.pl cat Variable XSS
CVE-2006-3153
thinkWMS printarticle.php id Variable SQL Injection
Atlassian JIRA Enterprise Edition ConfigureReleaseNote.jspa
XSS
Atlassian JIRA Enterprise Edition secure/
ConfigureReleaseNote.jspa projectId Variable Path Disclosure
Ultimate eShop index.cgi subid Variable XSS
CVE-2006-3156
SmartSiteCMS comment.php root Variable Remote File
Inclusion
SmartSiteCMS admin/test.php root Variable Remote File
Inclusion
SmartSiteCMS admin/index.php root Variable Remote File
Inclusion
SmartSiteCMS admin/include/inc_adminfoot.php root Variable
Remote File Inclusion
SmartSiteCMS admin/comedit.php root Variable Remote File
Inclusion
Ralf Image Gallery check_entry.php dir_abs_src Variable
CVE-2006-3210
Remote File Inclusion
Ralf Image Gallery admin_album.php Multiple Variable
CVE-2006-3210
Remote File Inclusion
Ralf Image Gallery admin_image.php Multiple Variable
CVE-2006-3210
Remote File Inclusion
Ralf Image Gallery admin_util.php dir_abs_src Variable
CVE-2006-3210
Remote File Inclusion
Azureus Tracker index.tmpl search Variable XSS
CVE-2006-3230
Some Chess board.php gameID Variable SQL Injection
GL-SH Deaf Forum show.php Multiple Variable XSS
CVE-2006-3247,2006-3246
MyBulletinBoard (MyBB) editpost.php Cross-Site Request
Forgery
Bee-hive Lite conad/include/rootGui.inc.php header Variable
CVE-2006-3266
Remote File Inclusion
Bee-hive Lite conad/changeEmail.inc.php mysqlCall Variable
CVE-2006-3266
Remote File Inclusion
Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall
CVE-2006-3266
Variable Remote File Inclusion
Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Variable
CVE-2006-3266
Remote File Inclusion
Bee-hive Lite conad/login.inc.php mysqlCall Variable Remote
CVE-2006-3266
File Inclusion
Bee-hive Lite conad/logout.inc.php mysqlCall Variable Remote
CVE-2006-3266
File Inclusion
Bee-hive Lite conad/include/mysqlCall.inc.php config Variable
CVE-2006-3266
Remote File Inclusion
Bee-hive Lite include/listall.inc.php mysqlcall Variable Remote
CVE-2006-3266
File Inclusion
Bee-hive Lite include/rootGui.inc.php header Variable Remote
CVE-2006-3266
File Inclusion
Bee-hive Lite show/index.php prefix Variable Remote File
CVE-2006-3266
Inclusion
CBSMS Mambo Module mod_cbsms_messages.php
CVE-2006-3294
mosConfig_absolute_path Variable Remote File Inclusion
H-Sphere psoft.hsphere.CP Multiple Variable XSS
CVE-2006-3278
MF Piadas admin/admin.php page Variable Remote File
CVE-2006-3323
Inclusion
MF Piadas admin/admin.php page Variable XSS
SiteBar command.php command Variable XSS
CVE-2006-3320
Scout Portal Toolkit SPT--ForumTopics.php forumid Variable
CVE-2006-3309
SQL Injection
phpMySms gateway.php ROOT_PATH Variable Remote File
CVE-2006-3300
Inclusion
phpRaid announcements.php phpraid_dir Variable Remote
CVE-2006-3317
File Inclusion
phpRaid rss.php phpraid_dir Variable Remote File Inclusion
CVE-2006-3317
phpRaid configuration.php phpraid_dir Variable Remote File
CVE-2006-3116
Inclusion
phpRaid guilds.php phpraid_dir Variable Remote File Inclusion CVE-2006-3116
phpRaid locations.php phpraid_dir Variable Remote File
CVE-2006-3116
Inclusion
phpRaid login.php phpraid_dir Variable Remote File Inclusion CVE-2006-3116
phpRaid lua_output.php phpraid_dir Variable Remote File
CVE-2006-3116
Inclusion
phpRaid permissions.php phpraid_dir Variable Remote File
CVE-2006-3116
Inclusion
phpRaid profile.php phpraid_dir Variable Remote File
CVE-2006-3116
Inclusion
phpRaid raids.php phpraid_dir Variable Remote File Inclusion CVE-2006-3116
phpRaid register.php phpraid_dir Variable Remote File
CVE-2006-3116
Inclusion
phpRaid roster.php phpraid_dir Variable Remote File Inclusion CVE-2006-3116
phpRaid view.php phpraid_dir Variable Remote File Inclusion CVE-2006-3116
phpRaid logs.php phpraid_dir Variable Remote File Inclusion CVE-2006-3316
phpRaid users.php phpraid_dir Variable Remote File Inclusion CVE-2006-3316
THoRCMS for phpBB functions_cms.php phpbb_root_path
CVE-2006-3269
Variable Remote File Inclusion
Pearlinger Multiple Product functions_cms.php phpbb_root_
CVE-2006-3340
path Variable Remote File Inclusion
Pearlinger Multiple Product adminSensored.php
GlobalSettings[templatesDirectory] Variable Remote File
CVE-2006-3340
Inclusion
Pearlinger Multiple Product adminBoards.php GlobalSettings
CVE-2006-3340
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product adminAttachments.php
GlobalSettings[templatesDirectory] Variable Remote File
CVE-2006-3340
Inclusion
Pearlinger Multiple Product adminAvatars.php GlobalSettings
CVE-2006-3340
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product adminBackupdatabase.php
GlobalSettings[templatesDirectory] Variable Remote File
CVE-2006-3340
Inclusion
Pearlinger Multiple Product adminBanned.php GlobalSettings
CVE-2006-3340
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product adminForums.php GlobalSettings
CVE-2006-3340
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product adminPolls.php GlobalSettings
CVE-2006-3340
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product adminSmileys.php GlobalSettings
CVE-2006-3340
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product poll.php GlobalSettings
CVE-2006-3340
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product password.php Multiple Variable
Remote File Inclusion
Pearlinger Multiple Product adminDocumentation.php
Document[languagePreference] Variable Remote File
Inclusion
Pearlinger Multiple Product adminEmails.php GlobalSettings
[templatesDirectory]Variable Remote File Inclusion
Pearlinger Multiple Product adminErrorlogs.php
GlobalSettings[templatesDirectory] Variable Remote File
Inclusion
Pearlinger Multiple Product adminGroups.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product adminMembers.php
GlobalSettings[templatesDirectory] Variable Remote File
Inclusion
Pearlinger Multiple Product adminReserved.php
GlobalSettings[templatesDirectory] Variable Remote File
Inclusion
Pearlinger Multiple Product adminSettings.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product help.php Document
[languagePreference] Variable Remote File Inclusion
Pearlinger Multiple Product locale.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product initialize.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product login.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product members.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product merge.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product notify.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product post.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product profile.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product register.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product search.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product split.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Pearlinger Multiple Product terms.php Document
[languagePreference] Variable Remote File Inclusion
Pearlinger Multiple Product topics.php GlobalSettings
[templatesDirectory] Variable Remote File Inclusion
Ovidentia topman.php babInstallPath Variable Remote File
Inclusion
Ovidentia vacadmb.php babInstallPath Variable Remote File
Inclusion
Ovidentia vacadma.php babInstallPath Variable Remote File
Inclusion
Ovidentia vacadm.php babInstallPath Variable Remote File
Inclusion
Ovidentia statart.php babInstallPath Variable Remote File
Inclusion
Ovidentia search.php babInstallPath Variable Remote File
Inclusion
Ovidentia posts.php babInstallPath Variable Remote File
Inclusion
Ovidentia options.php babInstallPath Variable Remote File
Inclusion
CVE-2006-2811
CVE-2006-2811
CVE-2006-2811
CVE-2006-2811
CVE-2006-2811
CVE-2006-2811
CVE-2006-2811
CVE-2006-2811
Ovidentia login.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia frchart.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia flbchart.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia fileman.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia faq.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia index.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia event.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia directory.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia articles.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia artedit.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia approb.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
Ovidentia calday.php babInstallPath Variable Remote File
CVE-2006-2811
Inclusion
BandSite CMS contact_content.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addbioform.php root_path Variable Remote
CVE-2006-3193
File Inclusion
BandSite CMS addfliersform.php root_path Variable Remote
CVE-2006-3193
File Inclusion
BandSite CMS addgenmerchform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addinterviewsform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addlinksform.php root_path Variable Remote
CVE-2006-3193
File Inclusion
BandSite CMS addlyricsform.php root_path Variable Remote
CVE-2006-3193
File Inclusion
BandSite CMS addmerchform.php root_path Variable Remote
CVE-2006-3193
File Inclusion
BandSite CMS addmerchpicform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addnewsform.php root_path Variable Remote
CVE-2006-3193
File Inclusion
BandSite CMS addphotosform.php root_path Variable Remote
CVE-2006-3193
File Inclusion
BandSite CMS addreleaseform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addreleasepicform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addmembioform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addrelmerchform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addreviewsform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS addshowsform.php root_path Variable Remote
CVE-2006-3193
File Inclusion
BandSite CMS addwearmerchform.php root_path Variable
CVE-2006-3193
Remote File Inclusion
BandSite CMS disphtmltbl.php root_path Variable Remote File
CVE-2006-3193
Inclusion
BandSite CMS dispxls.php root_path Variable Remote File
CVE-2006-3193
Inclusion
MaxTrade pocategories.php Multiple Variable SQL Injection
CVE-2006-2126
PHP Pro Publish admin/login.php Multiple Variable SQL
CVE-2006-2128
Injection
PHP Pro Publish cat.php catid Variable SQL Injection
CVE-2006-2128
PHP Pro Publish search.php find_str Variable SQL Injection CVE-2006-2128
PHP Pro Publish art.php artid Variable SQL Injection
CVE-2006-2128
PHP Pro Publish set_inc.php Arbitrary PHP Code Execution
Artmedic Event index.php page Variable Remote File Inclusion CVE-2006-2119
PHP Newsfeed deltables.php name Variable SQL Injection
CVE-2006-2139
PHP Newsfeed manualsubmit.php Multiple Variable SQL
CVE-2006-2139
Injection
PHP Newsfeed delete.php num Variable SQL Injection
CVE-2006-2139
PHP Newsfeed searchnews.php tablename Variable SQL
CVE-2006-2139
Injection
OpenPHPNuke master.php root_path Variable Remote File
Inclusion
OrbitHYIP signup.php referral Variable XSS
OrbitHYIP members.php id Variable XSS
CPS popup_image pos Variable XSS
X7 Chat index.php help_file Traversal Local File Inclusion
CVE-2006-2156
DMCounter kopf.php rootdir Variable Remote File Inclusion
CVE-2006-2144
4images top.php sessionid Variable SQL Injection
CVE-2006-2214
4images member.php sessionid Variable SQL Injection
CVE-2006-2214
WEBInsta Limbo sql.php classes_dir Variable Remote File
CVE-2006-2142
Inclusion
Aardvark Topsites PHP sources/lostpw.php CONFIG[path]
CVE-2006-2149
Variable Remote File Inclusion
Advanced Poll include/class_poll.php HTTP User-Agent
CVE-2006-2130
Header SQL Injection
FtrainSoft Fast Click show.php path Variable Remote File
CVE-2006-2175
Inclusion
CyberBuild login.asp SessionID Variable SQL Injection
CyberBuild browse0.htm ProductIndex Variable SQL Injection
CyberBuild login.asp SessionID Variable XSS
CyberBuild browse0.htm ProductIndex Variable XSS
CyberBuild result.asp Multiple Variable XSS
Russcom.Loginphp register.php Uname Variable XSS
CVE-2006-2160
Russcom.Loginphp help.php Arbitrary Mail Relay
CVE-2006-2159
JSBoard login.php table Variable XSS
CVE-2006-2109
MyNews mynews.inc.php Multiple Variable XSS
Invision Gallery post.php album Variable SQL Injection
Albinator eday.php Config_rootdir Variable Remote File
CVE-2006-2182
Inclusion
Albinator eshow.php Config_rootdir Variable Remote File
CVE-2006-2182
Inclusion
Albinator forgot.php Config_rootdir Variable Remote File
CVE-2006-2182
Inclusion
Albinator dlisting.php cid Variable XSS
CVE-2006-2181,2006-2215
Albinator showpic.php preloadSlideShow Variable XSS
CVE-2006-2181,2006-2215
PunBB misc.php redirect_url Variable XSS
CVE-2006-2227
Big Webmaster Guestbook addguest.cgi Multiple Field XSS
phpBB TopList toplist.php phpbb_root_path Variable Remote
CVE-2006-2151
File Inclusion
phpBB phpbb-Auction Module auction_common.php phpbb_
root_path Variable Remote File Inclusion
Fast Click SQL Lite show.php path Variable Remote File
CVE-2006-2241
Inclusion
Newsadmin readarticle.php nid Variable SQL Injection
Cute Guestbook guestbook.php Multiple Variable XSS
CVE-2006-2232
Web4Future Portal Solutions comentarii.php ID Variable SQL
Injection
Web4Future Portal Solutions view.php ID Variable SQL
Injection
Web4Future Portal Solutions comentarii.php ID Variable XSS
Web4Future Portal Solutions view.php ID Variable XSS
FtrainSoft Fast Click top.php path Variable Remote File
CVE-2006-2175
Inclusion
TopList for phpBB list.php returnpath Variable Remote File
CVE-2006-2150
Inclusion
VWar admin.php vwar_root Variable Remote File Inclusion
CuteNews search.php Multiple Variable XSS
CVE-2006-2249
CuteNews show.inc.php Direct Request Path Disclosure
CVE-2006-2250
CuteNews functions.inc.php Direct Request Path Disclosure CVE-2006-2250
Creative Community Portal ArticleView.php article_id Variable
SQL Injection
Creative Community Portal DiscView.php forum_id Variable
SQL Injection
Creative Community Portal Discussions.php forum_id Variable
SQL Injection
Creative Community Portal EventView.php event_id Variable
SQL Injection
Creative Community Portal PollResults.php Multiple Variable
SQL Injection
Creative Community Portal DiscReply.php mid Variable SQL
Injection
Jetbox CMS config.php relative_script_path Variable Remote
CVE-2006-2270
File Inclusion
Claroline ldap.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline casProcess.inc.php claro_CasLibPath Variable
Remote File Inclusion
Claroline export_exe_tracking.class.php Multiple Variable
Remote File Inclusion
Claroline atutor.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline db-generic.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline docebo.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline dokeos.1.6.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline dokeos.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline ganesha.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline mambo.inc.php includePath Variable Remote File
Inclusion
Claroline moodle.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline phpnuke.inc.php clarolineRepositorySys Variable
Remote File Inclusion
Claroline postnuke.inc.php includePath Variable Remote File
Inclusion
Claroline spip.inc.php clarolineRepositorySys Variable Remote
File Inclusion
Claroline init_event_manager.inc.php Multiple Variable
Remote File Inclusion
EPublisherPro moreinfo.asp title Variable XSS
EImagePro subList.asp CatID Variable SQL Injection
EImagePro imageList.asp SubjectID Variable SQL Injection
EImagePro view.asp Pic Variable SQL Injection
EDirectoryPro search_result.asp keyword Variable SQL
CVE-2006-2296
Injection
EQdkp includes/dbal.php eqdkp_root_path Remote File
CVE-2006-2256
Inclusion
ACal embed/day.php path Variable Remote File Inclusion
CVE-2006-2261
Flexcustomer /admin/index.php Multiple Variable SQL
Injection
Ocean12 Calendar Manager Pro admin/main.asp date
CVE-2006-2264
Variable SQL Injection
Ocean12 Calendar Manager Pro admin/view.asp SearchFor
CVE-2006-2264
Variable SQL Injection
Ocean12 Calendar Manager Pro admin/edit.asp ID Variable
CVE-2006-2264
SQL Injection
Ocean12 Calendar Manager Pro admin/main.asp date
CVE-2006-2265
Variable XSS
OpenFAQ submit.php q Variable XSS
CVE-2006-2252
IA-Calendar calendar_new.asp type Variable SQL Injection
CVE-2006-2292
IA-Calendar calendar_detail.asp ID Variable SQL Injection
CVE-2006-2292
IA-Calendar calendar_new.asp TypeName1 Variable XSS
CVE-2006-2291
phpRaid auth.php Multiple Variable Remote File Inclusion
CVE-2006-2283
openEngine website.php template Variable Local File Inclusion CVE-2006-2280
SaphpLesson search.php Find Variable SQL Injection
CVE-2006-2279
SaphpLesson misc.php Multiple Variable SQL Injection
CVE-2006-2279
SaphpLesson show.php hrow Variable Path Disclosure
CVE-2006-2278
SaphpLesson showcat.php Lsnrow Variable Path Disclosure CVE-2006-2278
OzzyWork Galeri admin_default.asp Multiple Field SQL
CVE-2006-2301
Injection
OzzyWork Galeri add.asp Arbitrary File Upload
MultiCalendars all_calendars.asp calsids Variable SQL
CVE-2006-2293
Injection
Dokeos authldap.php includePath Variable Remote File
CVE-2006-2285
Inclusion
MaxxSchedule Logon.asp Error Variable XSS
CVE-2006-2258
MaxxSchedule Logon.asp txtLogon Variable SQL Injection
CVE-2006-2259
StatIt visible_count_inc.php statitpath Variable Remote File
CVE-2006-2253
Inclusion
VP-ASP Shopping Cart shopcurrency.asp cid Variable SQL
CVE-2006-2263
Injection
Ipswitch WhatsUp Professional NmConsole/Navigation.asp
sDeviceView Variable XSS
Ipswitch WhatsUp Professional NmConsole/ToolResults.asp
sHostname Variable XSS
Ipswitch WhatsUp Professional NmConsole/Tools.asp XSS
CVE-2006-2352
Ipswitch WhatsUp Professional NmConsole/
CVE-2006-2352
DeviceSelection.asp XSS
Ipswitch WhatsUp Professional DeviceSelection.asp Arbitrary
Site Redirection
Ipswitch WhatsUp Professional Crafted Request Script Source
Disclosure
Ipswitch WhatsUp Professional RenderMap.asp Information
Disclosure
Ipswitch WhatsUp Professional NmConsole/Login.asp Error
Message Account Enumeration
Ipswitch WhatsUp Professional NmConsole Error Message
Path Disclosure
AliPAGER inc/elementz.php ubild Variable SQL Injection
CVE-2006-2350
AliPAGER inc/elementz.php ubild Variable XSS
CVE-2006-2345
Unclassified NewsBoard unb_lib/abbc.css.php Multiple
CVE-2006-2406
Variable Local File Inclusion
GPhotos index.php rep Variable XSS
GPhotos diapo.php rep Variable XSS
GPhotos affich.php image Variable XSS
FlexChat index.cfm Multiple Variable XSS
FlexChat chat.cfm Multiple Variable XSS
paFileDB pafiledb_constants.php module_root_path Variable
Remote File Inclusion
RadLance Gold popup.php read Variable Traversal Arbitrary
File Access
Squirrelcart cart_content.php cart_isp_root Variable Remote
File Inclusion
PopPhoto popp.config.loader.inc.php cfg[popphoto_base_
path] Variable Remote File Inclusion
Confixx Pro ftplogin/ login Variable XSS
Azboard list.asp Multiple Variable SQL Injection
Azboard admin_ok.asp Multiple Variable SQL Injection
DeluxeBB misc.php name Variable SQL Injection
TR Newsportal poll.php file_newsportal Variable Remote File
Inclusion
Sugar Suite Multiple Script sugarEntry Global Variable Remote
File Inclusion
Php Blue Dragon CMS popup_finduser.php
vsDragonRootPath Variable Remote File Inclusion
PHP-Fusion last_seen_users_panel.php settings[locale]
CVE-2006-2331
Variable Local File Inclusion
PHP-Fusion setup.php localeset Variable Local File Inclusion CVE-2006-2331
ezUserManager ezusermanager_core.inc.php
ezUserManager_Path Variable Remote File Inclusion
PHP-Fusion messages.php srch_where Variable SQL
Injection
Quezza class_template.php quezza_root_path Variable
Remote File Inclusion
phpBB foing Module Multiple Script phpbb_root_path Variable
Remote File Inclusion
Caucho Resin Encoded Traversal Arbitrary File Access
CVE-2006-1953
Caucho Resin viewfile Servlet Arbitrary File Access
phpRemoteView PRV.php Multiple Variable XSS
Florian Amrhein NewsPortal poll.php Remote File Inclusion
sBlog search.php keyword Variable SQL Injection
CVE-2006-2189
ScozNews Multiple Script CONFIG[main_path] Variable
CVE-2006-2487
Remote File Inclusion
BoastMachine admin.php Form Action XSS
CVE-2006-2491
BoastMachine index.php Form Action XSS
CVE-2006-2491
Mobotix IP Network Camera help Script XSS
CVE-2006-2490
Mobotix IP Network Camera events.tar source_ip Variable
CVE-2006-2490
XSS
Mobotix IP Network Camera eventplayer get_image_info_
CVE-2006-2490
abspath Variable XSS
Bitrix Site Manager updater.log Remote Information Disclosure CVE-2006-2476
FCKeditor upload.php Type Variable Arbitrary File Upload
Avactis Shopping Cart store_special_offers.php category_id
CVE-2006-2164
Variable SQL Injection
Avactis Shopping Cart cart.php prod_id Variable SQL Injection CVE-2006-2164
Avactis Shopping Cart store.php category_id Variable SQL
CVE-2006-2164
Injection
Avactis Shopping Cart product_info.php prod_id Variable SQL
CVE-2006-2164
Injection
Avactis Shopping Cart store_special_offers.php category_id
CVE-2006-2165
Variable XSS
Avactis Shopping Cart product_info.php prod_id Variable XSS CVE-2006-2165
Avactis Shopping Cart store.php category_id Variable XSS
CVE-2006-2165
Cosmoshop edit_mailtexte.cgi file Variable Traversal Arbitrary
File Access
Cosmoshop bestmail.cgi file Variable Traversal Arbitrary File
CVE-2005-2786
Access
Cosmoshop lshop.cgi artnum Variable SQL Injection
CVE-2006-2474
ASPBB profile.asp get Variable XSS
CodeAvalanche News /Admin/default.asp password Variable
SQL Injection
CodeAvalanche News add_news.asp Headline Field XSS
Albinator Pro gc.php dirpath Variable Remote File Inclusion
Invision Power Board moderate.php Arbitrary Code Execution CVE-2006-2498
Invision Power Board class_post.php Arbitrary Code Execution CVE-2006-2498
MyBulletinBoard (MyBB) showthread.php comma Variable
CVE-2006-2336
SQL Injection
Dayfox Blog slog_users.txt User Credential Disclosure
Stylish Text Ads tr1.php id Variable SQL Injection
Stylish Text Ads advertise.php XSS
phpListPro config.php Language Cookie Parameter Local File
CVE-2006-2523
Inclusion
phpMyDirectory cron.php ROOT_PATH Variable Remote File
Inclusion
phpBazar classified_right.php language_dir Variable Remote
File Inclusion
phpBazar admin.php Authentication Bypass
Xtreme Topsites lostid.php searchthis Variable XSS
Xtreme Topsites lostid.php searchthis SQL Injection
Xtreme Topsites stats.php id Variable SQL Injection
Xtreme Topsites join.php SQL Injection
singapore index.php image Variable XSS
CVE-2006-2262
Zix Forum settings.asp layid Variable SQL Injection
Alkacon OpenCms search.html query Variable XSS
UBB.threads addpost_newpoll.php thispath Variable Remote
File Inclusion
JemScripts DownloadControl dc.php dcid Variable XSS
JemScripts DownloadControl dc.php dcid Variable SQL
Injection
DSChat send.php ctext Variable XSS
Nucleus PLUGINADMIN.php GLOBALS[DIR_LIBS] Variable
CVE-2006-2583
Remote File Inclusion
Publicist info.php return Variable SQL Injection
Publicist hitlist_editorial_public_info.php visa Variable SQL
Injection
Diesel Joke Site category.php id Variable SQL Injection
Basic Analysis and Security Engine (BASE) BASE_path
Variable Remote File Inclusion
Realty Pro One listings/index.php listingid Variable SQL
Injection
Realty Pro One listings/index_other.php listingid Variable XSS
Realty Pro One search/searchlookup.php propertyid Variable
XSS
Realty Pro One images.php id Variable XSS
Realty Pro One listings/request_info.php agentid Variable XSS
XiTi Tracking Script xiti.js Multiple Variable XSS
ReloadCMS Statistics User-Agent XSS
CVE-2006-1645
Bugzero query.jsp msg Variable XSS
Bugzero edit.jsp Multiple Variable XSS
Bugzero login.jsp msg Variable XSS
Bugzero main.jsp msg Variable XSS
Bugzero error.jsp error Variable XSS
aWebNews visview.php Multiple Variable XSS
aWebNews login.php user123 Variable SQL Injection
aWebNews fpass.php user123 Variable SQL Injection
aWebNews visview.php _GET['cid'] Variable SQL
Injection
aWebBB post.php Multiple Variable XSS
aWebBB register.php Multiple Variable XSS
aWebBB editac.php Multiple Variable XSS
aWebBB accounts.php Username Variable SQL Injection
aWebBB changep.php Username Variable SQL Injection
aWebBB dpost.php p Variable SQL Injection
aWebBB editac.php Username Variable SQL Injection
aWebBB feedback.php Username Variable SQL Injection
aWebBB fpass.php Username Variable SQL Injection
aWebBB list.php c Variable SQL Injection
aWebBB login.php Username Variable SQL Injection
aWebBB ndis.php Multiple Variable SQL Injection
aWebBB post.php Username Variable SQL Injection
aWebBB reply.php Username Variable SQL Injection
aWebBB reply_log.php Username Variable SQL Injection
aWebBB search.php q Variable SQL Injection
phpBB admin_styles.php Theme Name Field XSS
SiteMan admin_login.asp txtpassword Variable SQL Injection
Softbiz Image Gallery image_desc.php Multiple Variable SQL
Injection
Softbiz Image Gallery template.php provided Variable SQL
Injection
Softbiz Image Gallery suggest_image.php cid Variable SQL
Injection
Softbiz Image Gallery insert_rating.php img_id Variable SQL
Injection
Softbiz Image Gallery images.php cid Variable SQL Injection
CzarNews news.php email Variable XSS
CzarNews cn_auth.php Multiple Variable SQL Injection
CzarNews news.php s Variable SQL Injection
CzarNews dpost.php a Variable SQL Injection
Crafty Syntax Image Gallery slides.php limitquery_s Variable
SQL Injection
Interact login.php Error Message Username Enumeration
Interact search.php search_terms Variable XSS
Interact login.php user_name Variable SQL Injection
HP Color LaserJet 2500/4600 Toolbox Traversal Arbitrary File
Access
N.T. ticker.db.php Arbitrary PHP Code Execution
SQuery armygame.php libpath Variable Remote File Inclusion
SQuery ase.php libpath Variable Remote File Inclusion
SQuery devi.php libpath Variable Remote File Inclusion
SQuery doom3.php libpath Variable Remote File Inclusion
SQuery et.php libpath Variable Remote File Inclusion
SQuery flashpoint.php libpath Variable Remote File Inclusion
SQuery gameSpy.php libpath Variable Remote File Inclusion
SQuery gameSpy2.php libpath Variable Remote File Inclusion
SQuery gore.php libpath Variable Remote File Inclusion
SQuery gsvari.php libpath Variable Remote File Inclusion
CVE-2006-1612
CVE-2006-1613
CVE-2006-1613
CVE-2006-1613
CVE-2006-1637
CVE-2006-1637
CVE-2006-1637
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1638
CVE-2006-1586
CVE-2006-1659
CVE-2006-1659
CVE-2006-1659
CVE-2006-1659
CVE-2006-1659
CVE-2006-1640
CVE-2006-1641
CVE-2006-1641
CVE-2006-1641
CVE-2006-1667
CVE-2006-1644
CVE-2006-1642
CVE-2006-1643
CVE-2006-1654
CVE-2006-1658
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
SQuery halo.php libpath Variable Remote File Inclusion
SQuery hlife.php libpath Variable Remote File Inclusion
SQuery igi2.php libpath Variable Remote File Inclusion
SQuery main.lib.php libpath Variable Remote File Inclusion
SQuery hlife2.php libpath Variable Remote File Inclusion
SQuery netpanzer.php libpath Variable Remote File Inclusion
SQuery old_hlife.php libpath Variable Remote File Inclusion
SQuery pkill.php libpath Variable Remote File Inclusion
SQuery q2a.php libpath Variable Remote File Inclusion
SQuery qworld.php libpath Variable Remote File Inclusion
SQuery q3a.php libpath Variable Remote File Inclusion
SQuery rene.php libpath Variable Remote File Inclusion
SQuery rvbshld.php libpath Variable Remote File Inclusion
SQuery savage.php libpath Variable Remote File Inclusion
SQuery simracer.php libpath Variable Remote File Inclusion
SQuery sof1.php libpath Variable Remote File Inclusion
SQuery sof2.php libpath Variable Remote File Inclusion
SQuery unreal.php libpath Variable Remote File Inclusion
SQuery ut2004.php libpath Variable Remote File Inclusion
SQuery vietcong.php libpath Variable Remote File Inclusion
SKForum area.View.action areaID Variable XSS
SKForum planning.View.action time Variable XSS
SKForum user.View.action userID Variable XSS
ARIA (Accounting Receiving and Inventory Administration)
docmgmtadd.php Multiple Variable XSS
ARIA (Accounting Receiving and Inventory Administration)
gencompanyupd.php Multiple Variable XSS
ARIA (Accounting Receiving and Inventory Administration)
gencompanyadd.php Multiple Variable XSS
MWNewsletter unsubscribe.php Multiple Variable SQL
Injection
MWNewsletter subscribe.php user_name Variable XSS
Hosting Controller forum.mdb Remote User Credential
Disclosure
vBWar vBug Tracker Module vbugs.php sortorder Variable
XSS
MD News admin.php id Variable SQL Injection
Interact userinput.php Multiple Variable XSS
Shopweezle login.php itemID Variable SQL Injection
Shopweezle memo.php itemID Variable SQL Injection
Virtual War includes/get_header.php vwar_root Variable
Remote File Inclusion
Virtual War includes/functions_common.php vwar_root
Variable Remote File Inclusion
Virtual War includes/functions_front.php vwar_root Variable
Remote File Inclusion
JetPhoto thumbnail.php page Variable XSS
JetPhoto gallery.php page Variable XSS
JetPhoto slideshow.php name Variable XSS
JetPhoto detail.php page Variable XSS
WebCalendar groups.php Direct Request Path Disclosure
WebCalendar nonusers.php Direct Request Path Disclosure
WebCalendar /tests/add_duration_test.php Direct Request
Path Disclosure
WebCalendar /tests/all_tests.php Direct Request Path
Disclosure
WebCalendar /includes/init.php Direct Request Path
Disclosure
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1610
CVE-2006-1661
CVE-2006-1661
CVE-2006-1661
CVE-2006-1691,2006-1692
CVE-2006-1690
CVE-2006-1673
CVE-2006-1642
CVE-2006-1636
CVE-2006-1636,2006-1602
CVE-2006-1636
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
WebCalendar /includes/index.php Direct Request Path
Disclosure
WebCalendar /includes/settings.php Direct Request Path
Disclosure
WebCalendar /includes/settings.php.orig Direct Request Path
Disclosure
WebCalendar /includes/js/admin.php Direct Request Path
Disclosure
WebCalendar /includes/js/edit_entry.php Direct Request Path
Disclosure
WebCalendar /includes/js/edit_layer.php Direct Request Path
Disclosure
WebCalendar /includes/js/export_import.php Direct Request
Path Disclosure
WebCalendar /includes/js/popups.php Direct Request Path
Disclosure
WebCalendar /includes/js/pref.php Direct Request Path
Disclosure
WebCalendar /includes/menu/index.php Direct Request Path
Disclosure
phpListPro config.php returnpath Variable Remote File
Inclusion
Manila msgReader mode Variable XSS
Simplog /doc/index.php s Variable Remote File Inclusion
Simplog archive.php Multiple Variable SQL Injection
Simplog login.php btag Variable XSS
Indexu Multiple Script theme_path Variable Remote File
Inclusion
Indexu invoice.php base_path Variable Remote File Inclusion
AngelineCMS loadkernel.php installPath Variable Remote File
Inclusion
PAJAX pajax_call_dispatcher.php Arbitrary PHP Code
Execution
Web+Shop store.wml storeid Variable Path Disclosure
RateIt rateit.php rateit_id Variable SQL Injection
Monster Top List sources/functions.php root_path Variable
Remote File Inclusion
vBulletin ImpEx Module ImpExModule.php systempath
Variable Remote File Inclusion
vBulletin ImpEx Module ImpExController.php systempath
Variable Remote File Inclusion
vBulletin ImpEx Module ImpExDisplay.php systempath
Variable Remote File Inclusion
MyBulletinBoard (MyBB) global.php Variable Overwrite
MyBulletinBoard (MyBB) inc/init.php Variable Overwrite
Visale pbpgst.cgi keyval Variable XSS
Visale pblscg.cgi catsubno Variable XSS
Visale pblsmb.cgi listno Variable XSS
myEvent addevent.php event_desc Variable XSS
myEvent addevent.php Multiple Variable SQL Injection
myEvent del.php event_id Variable SQL Injection
myEvent initialize.php myevent_path Variable Remote File
Inclusion
myEvent event.php myevent_path Variable Remote File
Inclusion
myEvent viewevent.php myevent_path Variable Remote File
Inclusion
myEvent myevent.php myevent_path Variable Remote File
Inclusion
BannerFarm banners.cgi Multiple Variable XSS
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1537
CVE-2006-1749
CVE-2006-1769
CVE-2006-1653
CVE-2006-1551
CVE-2006-1798
CVE-2006-1781
CVE-2006-1816
CVE-2006-1816
CVE-2006-1816
CVE-2006-1912
CVE-2006-1912
CVE-2006-1908
CVE-2006-1907
CVE-2006-1907
CVE-2006-1890
CVE-2006-1890
CVE-2006-1950
Article Publisher Pro category.php cname Variable SQL
Injection
Article Publisher Pro articles.php art_id Variable SQL Injection
IntelliLink Pro addlink_lwp.cgi url Variable XSS
IntelliLink Pro edit.cgi Multiple Variable XSS
CommuniMail mailadmin.cgi list_id Variable XSS
CommuniMail templates.cgi form_id Variable XSS
PHP Album language.php data_dir Variable Remote File
Inclusion
TotalCalendar about.php inc_dir Variable Remote File
Inclusion
TotalCalendar auth.php inc_dir Variable Remote File Inclusion
RechnungsZentrale V2 mod/authent.php4 user Variable SQL
Injection
RechnungsZentrale V2 mod/authent.php4 rootpath Variable
Remote File Inclusion
Net Clubs Pro sendim.cgi Multiple Variable XSS
Net Clubs Pro imessage.cgi username Variable XSS
Net Clubs Pro login.cgi password Variable XSS
Net Clubs Pro viewcat.cgi cat_id Variable XSS
KCScripts Portal Pack calendar/Visitor.cgi sort_order Variable
XSS
KCScripts Portal Pack news/NsVisitor.cgi sort_order Variable
XSS
KCScripts Portal Pack search/search.cgi q Variable XSS
KCScripts Portal Pack classifieds/viewcat.cgi cat_id Variable
XSS
ContentBoxX login.php action Variable XSS
Hosting Controller saveuploadfiles.asp Arbitrary File Upload
Hosting Controller AccountActions.asp Unauthenticated
Account Manipulation
I-RATER Platinum include/common.php include_path Variable
Remote File Inclusion
ActualAnalyzer direct.php rf Variable Remote File Inclusion
PMTool inc/user.inc.php order Variable SQL Injection
PMTool inc/customer.inc.php order Variable SQL Injection
PMTool inc/project.inc.php order Variable SQL Injection
phpSurveyor save.php surveyid Variable SQL Injection
phpLDAPadmin compare_form.php dn Variable XSS
phpLDAPadmin copy_form.php dn Variable XSS
phpLDAPadmin rename_form.php dn Variable XSS
phpLDAPadmin delete_form.php dn Variable XSS
phpLDAPadmin search.php scope Variable XSS
phpLDAPadmin template_engine.php Multiple Variable XSS
Bookmark4U config.php 'sqlcmd' Variable SQL
Injection
4images register.php user_name Variable XSS
Bloggage check_login.asp Multiple Variable SQL Injection
ARI includes/main.conf Credential Disclosure
ARI misc/audio.php recording Variable Traversal Arbitrary File
Access
LinPHA RSS/RSS.php Multiple Unspecified XSS
LinPHA functions/db_api.php SQL Injection
PAJAX pajax_call_dispatcher.php className Variable
Traversal Arbitrary File Access
FlexBB function/showprofile.php id Variable SQL Injection
logMethods /lms/a2z.jsp kwd Variable XSS
Simplog preview.php tid Variable SQL Injection
Simplog archive.php Multiple Variable SQL Injection
CVE-2006-1852
CVE-2006-1943
CVE-2006-1943
CVE-2006-1944
CVE-2006-1944
CVE-2006-1839
CVE-2006-1954
CVE-2006-1955
CVE-2006-1965
CVE-2006-1965
CVE-2006-1965
CVE-2006-1965
CVE-2006-1967
CVE-2006-1968
CVE-2006-1969
CVE-2006-1970
CVE-2006-1971
CVE-2006-1621
CVE-2006-1620
CVE-2006-1929
CVE-2006-1959
CVE-2006-1920
CVE-2006-1920
CVE-2006-1920
CVE-2006-2011
CVE-2006-1923
CVE-2006-1924
CVE-2006-1789
Simplog comments.php pid Variable SQL Injection
Simplog imagelist.php imagedir Variable XSS
built2go Movie Review movie_cls.php full_path Variable
Remote File Inclusion
Scry index.php p Variable Traversal Arbitrary File Access
Scry index.php p Variable Path Disclosure
My Gaming Ladder Combo System stats.php dir[base]
Variable Remote File Inclusion
SL_site page.php id_page Variable SQL Injection
SL_site gallerie.php rep Variable Traversal Arbitrary Directory
Listing
SL_site recherche.php recherche Variable XSS
MKPortal pm_popup.php Multiple Variable XSS
MWNewsletter subscribe.php user_name Variable SQL
Injection
ampleShop Customeraddresses_RecordAction.cfm RecordID
Variable SQL Injection
ampleShop youraccount.cfm RecordID Variable SQL Injection
ampleShop category.cfm cat Variable SQL Injection
ampleShop detail.cfm solus Variable SQL Injection
phpMyAgenda agenda.php3 rootagenda Variable Remote File
Inclusion
Cartweaver ColdFusion Results.cfm category Variable SQL
Injection
Cartweaver ColdFusion Details.cfm ProdID Variable SQL
Injection
Cartweaver ColdFusion Results.cfm Multiple Variable Path
Disclosure
Cartweaver ColdFusion Details.cfm ProdID Variable Path
Disclosure
phpWebFTP index.php port Variable XSS
QuickEStore prodpage.cfm CategoryID Variable SQL Injection
QuickEStore index.cfm SubCatID Variable SQL Injection
QuickEStore proddetail.cfm ItemID Variable SQL Injection
QuickEStore checkout.cfm OrderID Variable SQL Injection
QuickEStore shipping.cfm OrderID Variable SQL Injection
photokorn postcard.php id Variable SQL Injection
photokorn print.php cat Variable SQL Injection
Instant Photo Gallery member.php member Variable XSS
Instant Photo Gallery portfolio.php cat_id Variable XSS
Instant Photo Gallery portfolio_photo_popup.php id Variable
XSS
Instant Photo Gallery portfolio_photo_popup.php id Variable
SQL Injection
DCForumLite dcboard.cgi az Variable XSS
DCForumLite dcboard.cgi az Variable SQL Injection
DevBB member.php member Variable XSS
Invision Power Board search.php lastdate Variable Arbitrary
PHP Code Execution
Invision Power Board action_admin/paysubscriptions.php
name Variable Traversal Arbitrary PHP File Inclusion
Invision Power Board Search Action Multiple Variable XSS
Invision Power Board index.php st Variable XSS
Invision Power Board Calendar Action Multiple Variable XSS
Invision Power Board Print Action t Variable XSS
Invision Power Board Mail Action MID Variable XSS
Invision Power Board Help Action HID Variable XSS
Invision Power Board Members Action Multiple Variable XSS
Leadhound agent_links.pl Multiple Variable SQL Injection
CVE-2006-1691,2006-1692
CVE-2006-2038
CVE-2006-2046
CVE-2006-2046
CVE-2006-2047
CVE-2006-2040
CVE-2006-2040
CVE-2006-2052
CVE-2006-2052
CVE-2006-2052
CVE-2006-2049
CVE-2006-2050
CVE-2006-2070
CVE-2006-2059
CVE-2006-2060
CVE-2006-1326
CVE-2006-1326
CVE-2006-1326
CVE-2006-1326
CVE-2006-1326
CVE-2006-1326
CVE-2006-1326
CVE-2006-2062
Leadhound agent_transactions_csv.pl sub Variable SQL
CVE-2006-2062
Injection
Leadhound agent_transactions.pl Multiple Variable SQL
CVE-2006-2062
Injection
Leadhound agent_subaffiliates.pl Multiple Variable SQL
CVE-2006-2062
Injection
Leadhound agent_commission_statement.pl Multiple Variable
CVE-2006-2062
SQL Injection
Leadhound agent_summary.pl offset Variable SQL Injection
CVE-2006-2062
Leadhound agent_camp_det.pl Multiple Variable SQL Injection CVE-2006-2062
Leadhound agent_affil.pl login Variable XSS
CVE-2006-2063
Leadhound agent_help.pl login Variable XSS
CVE-2006-2063
Leadhound agent_faq.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_help_insert.pl Multiple Variable XSS
CVE-2006-2063
Leadhound sign_out.pl login Variable XSS
CVE-2006-2063
Leadhound members.pl Multiple Variable XSS
CVE-2006-2063
Leadhound modify_agent_1.pl Multiple Variable XSS
CVE-2006-2063
Leadhound modify_agent_2.pl Multiple Variable XSS
CVE-2006-2063
Leadhound modify_agent.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_links.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_logoff.pl login Variable XSS
CVE-2006-2063
Leadhound agent_rev_det.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_subaffiliates.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_commission_statement.pl agent_id Variable
CVE-2006-2063
XSS
Leadhound agent_stats_pending_leads.pl Multiple Variable
CVE-2006-2063
XSS
Leadhound agent_transactions.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_payment_history.pl login Variable XSS
CVE-2006-2063
Leadhound agent_summary.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_camp_all.pl Multiple Variable XSS
CVE-2006-2063
Leadhound lost_pwd.pl Password Field XSS
CVE-2006-2063
Leadhound agent_affil_code.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_affil_list.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_stats.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_camp_det.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_camp_sub.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_stats_det.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_camp_expired.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_campaign.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_camp_notsub.pl Multiple Variable XSS
CVE-2006-2063
Leadhound agent_camp_new.pl Multiple Variable XSS
CVE-2006-2063
Kmail main.php Multiple Variable XSS
Kmail compose.php draft Variable XSS
Kmail webdisk.php ordner Variable XSS
Kmail calendar.php Multiple Variable XSS
Kmail calendar.php d Variable Path Disclosure
MyBulletinBoard (MyBB) admin/adminfunctions.php
CVE-2006-2103
querystring Variable SQL Injection
MyBulletinBoard (MyBB) admin/templates.php Multiple
CVE-2006-2103
Variable SQL Injection
Basic Analysis and Security Engine (BASE) Cookie
Authentication Bypass
Clansys index.php page Variable Remote File Inclusion
CVE-2006-2005
bttlxeForum failure.asp err_txt Variable XSS
TOPo inc_header.php gTopNombre Variable XSS
PeHePe Membership Management System sol_menu.php
CVE-2006-1022
uye_klasor Variable Remote File Inclusion
StoreBot 2002 Standard Edition manage.asp ShipMethod
Variable XSS
StoreBot 2005 Professional Edition MgrLogin.asp Pwd
Variable SQL Injection
vBulletin editpassword Function Email Field XSS
Gregarius search.php rss_query Variable XSS
Gregarius tags.php tag Variable XSS
Gregarius feed.php folder Variable SQL Injection
Gregarius search.php rss_query Variable SQL Injection
phpBannerExchange resetpw.php email Field Traversal
Arbitrary File Access
Owl Intranet Engine lib/OWL_API.php xrms_file_root Variable
Remote File Inclusion
Link Bank iframe.php Multiple Variable Arbitrary PHP Code
Injection
Link Bank iframe.php site Variable XSS
manas tungare Site Membership login.asp Error Variable XSS
manas tungare Site Membership login.asp Username Variable
SQL Injection
sBLOG search.php keyword Variable POST Method XSS
sBLOG comments_do.php Multiple Variable POST Method
XSS
Nodez index.php op Variable Traversal Local File Inclusion
Nodez list.gtdat User Database Remote Disclosure
Nodez index.php op Variable XSS
PeerCast procConnectArgs() Function URL Handling Remote
Overflow
JiRos Banner System Professional addadmin.asp
Unauthenticated Privileged Account Creation
QwikiWiki login.php Multiple Variable XSS
QwikiWiki pageindex.php help Variable XSS
QwikiWiki recentchanges.php help Variable XSS
Easy File Sharing Web Server Full Path Request Arbitrary File
Upload
Easy File Sharing Web Server Format String DoS
Hosting Controller search.asp search Variable SQL Injection
Datenbank MOD for Woltlab Burning Board info_db.php fileid
Variable SQL Injection
Datenbank MOD for Woltlab Burning Board info_db.php fileid
Variable XSS
Datenbank MOD for Woltlab Burning Board database.php
fileid Variable SQL Injection
Datenbank MOD for Woltlab Burning Board database.php
fileid Variable XSS
VBZooM comment.php UserID Variable XSS
VBZooM contact.php UserID Variable XSS
RunCMS bigshow.php id Variable XSS
Dawaween poems.php id Variable SQL Injection
WMNews wmview.php ArtCat Variable XSS
WMNews footer.php ctrrowcol Variable XSS
WMNews wmcomments.php ArtID Variable XSS
GuppY dwnld.php pg Variable Arbitrary File Overwrite
@1 File Store signup.php Multiple Variable XSS
@1 File Store password.php Multiple Variable SQL Injection
@1 File Store libs/functions.php id Variable SQL Injection
@1 File Store libs/user.php id Variable SQL Injection
@1 File Store control/files/edit.php id Variable SQL Injection
@1 File Store control/files/delete.php id Variable SQL Injection
@1 File Store control/users/edit.php id Variable SQL Injection
CVE-2006-1041
CVE-2006-1042
CVE-2006-1042
CVE-2006-1200
CVE-2006-1199
CVE-2006-1148
CVE-2006-1224
@1 File Store control/users/delete.php id Variable SQL
Injection
@1 File Store control/folders/edit.php id Variable SQL Injection
@1 File Store control/folders/access.php id Variable SQL
Injection
@1 File Store control/folders/delete.php id Variable SQL
Injection
@1 File Store control/groups/edit.php id Variable SQL Injection
@1 File Store control/groups/delete.php id Variable SQL
Injection
@1 File Store confirm.php id Variable SQL Injection
@1 File Store download.php id Variable SQL Injection
CGI::Session Driver::db_file cgisess.db Remote Disclosure
DSPoll include/results.php pollid Variable SQL Injection
CVE-2006-1217
DSPoll include/topolls.php pollid Variable SQL Injection
CVE-2006-1217
DSPoll include/pollit.php pollid Variable SQL Injection
CVE-2006-1217
DSNewsletter include/sub.php email Variable SQL Injection
CVE-2006-1237
DSNewsletter include/confirm.php email Variable SQL
CVE-2006-1237
Injection
DSNewsletter include/unconfirm.php email Variable SQL
CVE-2006-1237
Injection
DSDownload search.php Multiple Variable SQL Injection
DSDownload downloads.php Multiple Variable SQL Injection
Gemini createissue.aspx rtcDescription$RadEditor1 Variable
CVE-2006-1239
XSS
VPMi Enterprise Service_Requests.asp Request_Name_
Display Variable XSS
Horde go.php url Variable Arbitrary File Access
CVE-2006-1260
Milkeyway Captive Portal auth.php username Variable SQL
Injection
Milkeyway Captive Portal logout.php username Variable SQL
Injection
Milkeyway Captive Portal chgpwd.php Cookie Multiple Field
SQL Injection
Milkeyway Captive Portal admin/authuser.php Multiple
Variable SQL Injection
Milkeyway Captive Portal admin/userstatistics.php Multiple
Variable SQL Injection
Milkeyway Captive Portal admin/authgroup.php teamname
Variable SQL Injection
Milkeyway Captive Portal admin/traffic.php Multiple Variable
SQL Injection
Milkeyway Captive Portal admin/userstatistics.php username
Variable XSS
Milkeyway Captive Portal authuser.php ipAddress Variable
XSS
MyBulletinBoard (MyBB) member.php Multiple Variable XSS
Inprotect zones.php Multiple Field XSS
OxyNews index.php oxynews_comment_id Variable SQL
Injection
Skull-Splitters PHP Guestbook guestbook.php url Variable
CVE-2006-1256
XSS
Maian Support admin/index.php Multiple Variable SQL
Injection
Maian Weblog print.php Multiple Variable SQL Injection
Maian Weblog mail.php Multiple Variable SQL Injection
Maian Events events.php Multiple Variable SQL Injection
txtForum login.php skin Variable Remote File Inclusion
CVE-2006-1203
txtForum index.php Multiple Variable XSS
CVE-2006-1204
txtForum new_topic.php Multiple Variable XSS
CVE-2006-1204
txtForum profile.php Multiple Variable XSS
CVE-2006-1204
txtForum reply.php Multiple Variable XSS
CVE-2006-1204
txtForum view_topic.php Multiple Variable XSS
CVE-2006-1204
PHP-Gastebuch guestbook_newentry.php Kommentar Field
XSS
betaparticle BP Blog template_gallery_detail.asp fldGalleryID
Variable SQL Injection
betaparticle BP Blog template_permalink.asp id Variable SQL
Injection
MusicBox index.php Multiple Variable XSS
MusicBox cart.php Multiple Variable XSS
ExtCalendar calendar.php Multiple Variable XSS
xhawk.net discussion discussion.class.php view Variable SQL
CVE-2006-1265
Injection
Download Counter for Wallpapers count.php Multiple Variable
CVE-2006-1328
SQL Injection
MyBloggie upload.php Multiple Variable XSS
CVE-2006-1205
MyBloggie delcomment.php Multiple Variable XSS
CVE-2006-1205
MyBloggie deluser.php 'id' Variable XSS
CVE-2006-1205
DCP-Portal index.php Multiple Variable XSS
DCP-Portal calendar.php Multiple Variable XSS
DCP-Portal forums.php Multiple Variable XSS
DCP-Portal inbox.php Multiple Variable XSS
DCP-Portal lostpassword.php Multiple Variable XSS
DCP-Portal mycontents.php Multiple Variable XSS
AnyPortal(php) siteman.php3 F Variable Traversal Arbitrary
File Manipulation
MyBloggie addcat.php errormsg Variable XSS
CVE-2006-1205
MyBloggie edituser.php errormsg Variable XSS
CVE-2006-1205
MyBloggie adduser.php errormsg Variable XSS
CVE-2006-1205
MyBloggie editcat.php errormsg Variable XSS
CVE-2006-1205
MyBloggie add.php trackback_url Variable XSS
CVE-2006-1205
MyBloggie delcat.php cat_id Variable XSS
CVE-2006-1205
MyBloggie del.php post_id Variable XSS
CVE-2006-1205
GuppY Crafted Traversal Filter Bypass
CVE-2006-1224
KnowledgebasePublisher PageController.php dir Variable
CVE-2006-1294
Remote File Inclusion
gCards admin/loginfunction.php username Variable SQL
CVE-2006-1347
Injection
ASP Portal download_click.asp downloadid Variable SQL
Injection
1WebCalendar viewEvent.cfm EventID Variable SQL Injection
1WebCalendar /news/newsView.cfm NewsID Variable SQL
Injection
1WebCalendar mainCal.cfm SQL Injection
TuxBank manage_account.php id Variable SQL Injection
CVE-2005-4768
AdMan viewStatement.php transactions_offset Variable SQL
Injection
AdMan editCampaign.php Malformed campaignId Variable
Path Disclosure
AdMan viewPricingScheme.php Malformed schemeId Variable
Path Disclosure
vBulletin ImpEx Module ImpExData.php systempath Variable
CVE-2006-1382
Remote File Inclusion
ASP Portal News_Item.asp content_ID Variable SQL Injection
ASP Portal add_edit_user.asp user_id Variable SQL Injection
ASP Portal banner_add_edit.asp bannerid Variable SQL
Injection
ASP Portal add_edit_cat.asp cat_id Variable SQL Injection
ASP Portal add_edit_news.asp Content_ID Variable SQL
Injection
ASP Portal contactus_add_edit.asp contactid Variable SQL
Injection
ASP Portal add_edit_poll.asp Poll_ID Variable SQL Injection
ASP Portal poll_list.asp sortby Variable SQL Injection
ASP Portal add_edit_download.asp download_id Variable
SQL Injection
CoMoblog img.php i Variable XSS
CVE-2006-1377
EasyMoblog img.php i Variable XSS
CVE-2006-1377
@1 File Store folder.php id Variable SQL Injection
Toast Forums toast.asp Multiple Variable XSS
ssCMS search.aspx keywords Variable XSS
Microsoft Commerce Server 2002 authfiles/login.asp
CVE-2006-1257
Authentication Bypass
dotNetBB iforget.aspx Email Field XSS
uniForum websecadmin.aspx Multiple Field XSS
BlankOL bol.cgi Multiple Variable XSS
CVE-2006-1404
Helm Control Panel domains.asp txtDomainName Variable
XSS
Helm Control Panel default.asp Multiple Variable XSS
E-School Management System default.asp msg Variable XSS
Web Quiz prequiz.asp exam Variable XSS
Web Quiz student.asp msg Variable XSS
EZHomepagePro email.asp Multiple Variable XSS
EZHomepagePro users_search.asp Multiple Variable XSS
EZHomepagePro users_calendar.asp page Variable XSS
EZHomepagePro users_profiles.asp Multiple Variable XSS
EZHomepagePro users_mgallery.asp usid Variable XSS
Metisware Instructor PersonalTaskEdit.asp Task Field XSS
CVE-2006-1400
G-Book guestbook.php g_message Variable XSS
gtd-php newProject.php Multiple Field XSS
gtd-php newList.php Multiple Field XSS
gtd-php newWaitingOn.php Multiple Field XSS
gtd-php newChecklist.php Title Field XSS
gtd-php newContext.php Title Field XSS
gtd-php newCategory.php Category Name Field XSS
gtd-php newGoal.php Title Field XSS
gtd-php listReport.php listTitle Variable XSS
gtd-php projectReport.php projectName Variable XSS
gtd-php checklistReport.php checklistTitle Variable XSS
Calendar Express search.php Multiple Variable XSS
Meeting Reserve searchresult.php search_term Variable XSS CVE-2006-1399
phpmyfamily track.php name Variable XSS
Pixel Motion Blog admin/index.php Multiple Field SQL Injection
CONTROLzx HMS forgotpass.php email Field XSS
CONTROLzx HMS shared_order.php sharedPlanID Variable
XSS
CONTROLzx HMS dedicated_order.php dedicatedPlanID
Variable XSS
CONTROLzx HMS server_management.php plan_id Variable
XSS
CONTROLzx HMS register_domain.php Search Field XSS
couponZONE local.cfm Multiple Variable SQL Injection
CVE-2006-1489
couponZONE local.cfm Multiple Variable XSS
Connect Daily ViewDay.html Multiple Variable XSS
CVE-2006-1508
Connect Daily ViewSearch.html Multiple Variable XSS
CVE-2006-1508
Connect Daily ViewYear.html Multiple Variable XSS
CVE-2006-1508
Connect Daily ViewCal.html item_type_id Variable XSS
CVE-2006-1508
Connect Daily ViewWeek.html week Variable XSS
CVE-2006-1508
realestateZONE index.cfm Multiple Variable XSS
classifiedZONE accountlogon.cfm rtn Variable XSS
phpCOIN mod_print.php fs Variable XSS
phpCOIN mod.php fs Variable XSS
ActiveCampaign SupportTrio index.php Multiple Variable Path
Disclosure
ActiveCampaign SupportTrio pdf.php category Variable Path
Disclosure
PHP Live Helper initiate.php abs_path Variable Remote File
Inclusion
PHP Live Helper waiting.php abs_path Variable Remote File
Inclusion
PHP Live Helper welcome.php abs_path Variable Remote File
Inclusion
PHP Live Helper admin/index.php abs_path Variable Remote
File Inclusion
PHP Live Helper javascript.php abs_path Variable Remote
File Inclusion
PHP Live Helper checkchat.php abs_path Variable Remote
File Inclusion
PHP Live Helper blank.php abs_path Variable Remote File
Inclusion
Mambo AkoComment Module akocomment.php Multiple Field
CVE-2006-1421
SQL Injection
Greymatter gm-upload.cgi Arbitrary File Upload
CVE-2006-1485
VSNS Lemon functions/final_functions.php id Variable SQL
CVE-2006-1553
Injection
Arab Portal download.php title Variable XSS
CVE-2006-1504
PHPCollab sendpassword.php User Name Field SQL Injection CVE-2006-1495
OneOrZero Helpdesk index.php id Variable SQL Injection
CVE-2006-1501
Sourceworkshop newsletter.php newsletteremail Variable SQL
CVE-2006-1533
Injection
NetOffice sendpassword.php User Name Field SQL Injection CVE-2006-1495
PHP Classifieds search.php searchword Variable XSS
CVE-2006-1532
vCounter vCounter.php url Variable SQL Injection
CVE-2006-1499
@1 Event Publisher eventpublisher_admin.htm Multiple
CVE-2006-1436
Variable XSS
@1 Event Publisher eventpublisher_usersubmit.htm Multiple
CVE-2006-1436
Variable XSS
@1 Event Publisher eventpublisher.txt Direct Request Private
CVE-2006-1437
Comment Disclosure
@1 Table Publisher tablepublisher.cgi Title of Table Field XSS CVE-2006-1795
Virtual War includes/functions_install.php vwar_root Variable
CVE-2006-1503
Remote File Inclusion
Null News lostpass.php user_email Variable SQL Injection
CVE-2006-1534
Null News sub.php Multiple Variable SQL Injection
CVE-2006-1534
Null News unsub.php Multiple Variable SQL Injection
CVE-2006-1534
PHP Script Index search.php search Variable XSS
SaphpLesson print.php lessid Variable SQL Injection
CVE-2006-1420
ARIA (Accounting Receiving and Inventory Administration)
CVE-2006-1435
genmessage.php Message Field XSS
EzASPSite Default.asp Scheme Variable SQL Injection
CVE-2006-1541
ExplorerXP dir.php chemin Variable Traversal Arbitrary File
CVE-2006-1492,
Access
ExplorerXP dir.php chemin Variable XSS
CVE-2006-1493
phpNewsManager browse.php SQL Injection
CVE-2006-1560
phpNewsManager category.php SQL Injection
CVE-2006-1560
phpNewsManager gallery.php SQL Injection
CVE-2006-1560
phpNewsManager poll.php SQL Injection
CVE-2006-1560
[V]Book config.php Arbitrary PHP Code Execution
CVE-2006-1563
VNews admin/admin.php loginvar Variable SQL Injection
CVE-2006-1543
VNews news.php Multiple Variable SQL Injection
CVE-2006-1543
VNews news.php Multiple Variable XSS
CVE-2006-1544
VNews admin/config.php Arbitrary PHP Code Execution
CVE-2006-1545
WebAPP index.cgi Multiple Variable XSS
CVE-2006-1427
WebAPP mods/calendar/index.cgi vsSD Variable XSS
CVE-2006-1427
Claroline rqmkhtml.php file Variable Traversal Arbitrary File
Access
Claroline rqmkhtml.php file Variable XSS
Claroline scormExport.inc.php includePath Variable Remote
File Inclusion
Oxygen post.php fid Variable SQL Injection
SiteSearch Indexer searchresults.asp searchField Variable
XSS
QLnews news.php Multiple Variable XSS
CVE-2006-1575
QLnews config.php Arbitrary PHP Code Execution
CVE-2006-1576
Mantis view_all_set.php Multiple Variable XSS
RedCMS register.php Multiple Field XSS
CVE-2006-1568
RedCMS login.php Multiple Variable SQL Injection
CVE-2006-1569
RedCMS profile.php u Variable SQL Injection
CVE-2006-1569
RedCMS register.php SQL Injection
CVE-2006-1569
qliteNews loginprocess.php Multiple Variable SQL Injection
CVE-2006-1571
Annuaire (Directory) /include/lang-en.php Direct Request Path
CVE-2006-1433
Disclosure
Annuaire (Directory) inscription.php Comment Field XSS
CVE-2006-1434
v-creator VCEngine.php OPENSSL Command Injection
Andy's PHP Knowledgebase (aphpkb) submit_article.php
CVE-2006-1438
Multiple Variable XSS
Andy's PHP Knowledgebase (aphpkb) submit_
CVE-2006-1438
question.php Multiple Variable XSS
PHP Download Manager files.php cat Variable SQL Injection CVE-2005-3769
BrowserCRM Search Module results.php query Variable XSS CVE-2006-0521
Cerberus Helpdesk clients.php contact_search Variable XSS CVE-2006-0509
SPIP forum.php3 Multiple Variable SQL Injection
CVE-2006-0517
Zen Cart graphs/banner_daily.php Direct Request Path
CVE-2005-3997
Disclosure
Zen Cart graphs/banner_infobox.phpDirect Request Path
CVE-2005-3997
Disclosure
Zen Cart graphs/banner_yearly.php Direct Request Path
CVE-2005-3997
Disclosure
Zen Cart graphs/banner_monthly.php Direct Request Path
CVE-2005-3997
Disclosure
Zen Cart application_bottom.php Direct Request Path
CVE-2005-3997
Disclosure
Zen Cart attributes_preview.php Direct Request Path
CVE-2005-3997
Disclosure
Zen Cart modules/category_product_listing.php Direct
CVE-2005-3997
Request Path Disclosure
Zen Cart modules/copy_to_confirm.php Direct Request Path
CVE-2005-3997
Disclosure
Zen Cart modules/delete_product_confirm.php Direct Request
CVE-2005-3997
Path Disclosure
Zen Cart modules/move_product_confirm.php Direct Request
CVE-2005-3997
Path Disclosure
FarsiNews loginout.php cutepath Variable Remote File
CVE-2006-0502
Inclusion
Daffodil CRM userlogin.jsp Multiple Field SQL Injection
CVE-2006-0510
MyBulletinBoard (MyBB) global.php templatelist Variable SQL
Injection
cPanel webmailaging.cgi numdays Variable XSS
Outblaze throw.main file Variable XSS
SoftMaker Shop resultat.asp strSok Variable XSS
Loudblog backend_settings.php GLOBALS[path] Variable
Remote File Inclusion
MyQuiz myquiz.pl $ENV{'PATH_INFO'} Arbitrary
Command Execution
PluggedOut Blog exec.php entryid Variable SQL Injection
PluggedOut Blog problem.php data Variable XSS
phpBB admin_smilies.php smile_url Variable XSS
ashNews ashnews.php id Variable XSS
cPanel editquota.html email Variable XSS
cPanel dodelpop.html email Variable XSS
cPanel diskusage.html showtree Variable XSS
cPanel detailbw.html target Variable XSS
cPanel handle.html Multiple Field XSS
MyBulletinBoard (MyBB) moderation.php posts Variable SQL
Injection
cPanel dowebmailforward.cgi fwd Variable XSS
Neomail neomail.pl date Variable XSS
PHP-Fusion shoutbox_panel.php shout_name XSS
PHP-Fusion comments_include.php comments XSS
Hosting Controller AddGatewaySettings.asp
tblGatewayCustomize Variable SQL Injection
Hosting Controller IPManager.asp tblIPManager Variable SQL
Injection
Clever Copy mailarticle.php ID Variable SQL Injection
Indexu application.php base_path Variable Remote File
Inclusion
TMSPublisher search.cfm q Variable XSS
FarsiNews show_archives.php template Variable Traversal
Arbitrary File Access
phphd check.php username Variable POST Method SQL
Injection
2200net Calendar System calendar.php id Variable SQL
Injection
2200net Calendar System adminlogin.php acc Variable SQL
Injection
CPG Dragonfly CMS install.php newlang Variable Local File
Inclusion
CPG Dragonfly CMS linking.php XSS
PHP Event Calendar users.php Multiple Field XSS
SPIP spip_rss.php type_urls Variable Traversal Local File
Inclusion
SPIP spip_acces_doc.php3 file Variable SQL Injection
XMB Forums u2u.inc.php Multiple Function SQL Injection
BirthSys show.php3 Multiple Variable SQL Injection
Plume CMS prepend.php _PX_config[manager_path] Variable
Remote File Inclusion
dotProject /db/ Directory Multiple Script Malformed baseDir
Variable Path Disclosure
dotProject /docs/phpinfo.php Information Disclosure
dotProject /docs/check.php Information Disclosure
dotProject /includes/db_adodb.php baseDir Variable Remote
File Inclusion
dotProject /includes/db_connect.php baseDir Remote File
Inclusion
CVE-2006-0533
CVE-2006-0568
CVE-2006-0532
CVE-2006-0565
CVE-2006-0628
CVE-2006-0563
CVE-2006-0562
CVE-2006-0437
CVE-2006-0524
CVE-2006-0573
CVE-2006-0573
CVE-2006-0573
CVE-2006-0573
CVE-2006-0574
CVE-2006-0638
CVE-2006-0536
CVE-2006-0593
CVE-2006-0593
CVE-2006-0581
CVE-2006-0581
CVE-2006-0583
CVE-2006-0688
CVE-2005-4721
CVE-2006-0608
CVE-2006-0610
CVE-2006-0610
CVE-2006-0644
CVE-2006-0625
CVE-2006-0626
dotProject /includes/session.php baseDir Variable Remote File
Inclusion
dotProject /modules/projects/gantt.php dPconfig[root_dir]
Variable Remote File Inclusion
dotProject /modules/projects/gantt2.php dPconfig[root_dir]
Variable Remote File Inclusion
dotProject /modules/projects/vw_files.php dPconfig[root_dir]
Variable Remote File Inclusion
dotProject /modules/admin/vw_usr_roles.php baseDir Variable
Remote File Inclusion
dotProject /modules/public/calendar.php baseDir Variable
Remote File Inclusion
dotProject /modules/public/date_format.php baseDir Variable
Remote File Inclusion
dotProject /modules/tasks/gantt.php baseDir Variable Remote
File Inclusion
Mantis view_all_set.php Multiple Variable XSS
PHP-Nuke Your_Account Module Nickname Field SQL
Injection
V-webmail preferences.personal.php newid Variable XSS
V-webmail frameset.php rframe Variable Arbitrary Remote
HTML Inclusion
V-webmail help.php Direct Request Path Disclosure
MyBulletinBoard (MyBB) calendar.php Advanced Details Link
XSS
tmsPUBLISHER pagename.cfm Malformed id Variable Path
Disclosure
E-Blah Platinum Code/Routines.pl HTTP_REFERER Admin
Log XSS
Skate Board sendpass.php usern Variable POST Method SQL
Injection
Skate Board login.php Multiple Variable SQL Injection
Skate Board logged.php Multiple Variable SQL Injection
Skate Board config.php Administrator Arbitrary PHP Code
Execution
Skate Board reguser.php Multiple Field XSS
Geeklog lib-sessions.php sessid Variable SQL Injection
Geeklog lib-common.php Local File Inclusion
ADOdb adodb-pager.inc.php Pagination XSS
ADOdb adodb-perf.inc.php XSS
ADOdb perf-oci8.inc.php XSS
ilchClan login.php login_name Variable SQL Injection
Guestbox action.php Admin Authentication Bypass
Guestbox gbshow.php homepage Field XSS
Guestbox /gb/gblog Poster IP Address Disclosure
Bugzilla editparams.cgi whinedays Variable SQL Injection
RunCMS ratefile.php lid Variable XSS
CuteNews show_news.php show Variable XSS
Mambo content.php 'filter' Variable SQL Injection
NOCC footer.php nocc_theme Variable Traversal Arbitrary
File Access
NOCC common.php lang Variable Traversal Arbitrary File
Access
NOCC functions.php Accept-Language HTTP Field Local PHP
File Inclusion
NOCC /profiles/ Directory Direct Request Information
Disclosure
NOCC footer.php nocc_theme Variable XSS
NOCC error.php html_error_occurred Variable XSS
NOCC filter_prefs.php html_filter_select Variable XSS
CVE-2006-0679
CVE-2005-4722
CVE-2006-0829
CVE-2006-0809
CVE-2006-0809
CVE-2006-0809
CVE-2006-0810
CVE-2006-0811
CVE-2006-0806
NOCC no_mail.php html_no_mail Variable XSS
NOCC html_bottom_table.php Multiple Variable XSS
iUser Ecommerce common.php include_path Variable Remote CVE-2006-0854
File Inclusion
Easy Forum join.php image Variable XSS
CVE-2006-0877
DEV web management system register.php mesto Variable
XSS
Simple Machines Forum Register.php X-Forwarded-For XSS CVE-2006-0896
ShoutLIVE savesettings.php Multiple Field Arbitrary PHP Code
Execution
ShoutLIVE post.php Multiple Variable XSS
Ipswitch WhatsUp Professional NmService.exe Malformed
Request CPU Consumption DoS
Mambo mambo.php Multiple Variable SQL Injection
Mambo mambo.php 'mos_change_template'
Variable Local File Inclusion
DirectContact Server Traversal Arbitrary File Access
iGENUS Webmail config_inc.php SG_HOME Variable Local
File Inclusion
Parodia agencyprofile.asp AG_ID Variable XSS
Archangel Weblog Cookie ba_admin Variable Admin
CVE-2006-0944
Authentication Bypass
Archangel Weblog /admin/index.php index Variable Remote
CVE-2006-0945
File Inclusion
VEGO Links Builder login.php username Variable SQL
CVE-2006-0067
Injection
VEGO Web Forum index.php theme_id Variable SQL Injection CVE-2006-0065
Primo Cart user.php email Variable SQL Injection
CVE-2006-0068
Primo Cart search.php q Variable SQL Injection
CVE-2006-0068
Web Wiz Multiple Product check_user.asp txtUserName
CVE-2005-4606
Variable SQL Injection
PHPjournaler index.php readold Variable SQL Injection
CVE-2006-0066
PHPenpals profile.php personalID Variable SQL Injection
CVE-2006-0074
eFileGo Server Traversal Arbitrary Command Execution
CVE-2005-4622
eFileGo upload.exe CPU Consumption DoS
CVE-2005-4623
MyBulletinBoard (MyBB) function_upload.php SQL Injection CVE-2005-4602,2006-0218,2006-0219
phpSurveyor browse.php text Variable SQL Injection
CVE-2005-4586
Advanced Guestbook comment.php gb_id Variable XSS
CVE-2005-4649
B-net Software shout.php Multiple Variable XSS
CVE-2006-0078
B-net Software guestbook.php Multiple Variable XSS
CVE-2006-0078
Lizard Cart CMS pages.php id Variable SQL Injection
CVE-2006-0087
Lizard Cart CMS detail.php id Variable SQL Injection
CVE-2006-0087
Enhanced Simple PHP Gallery index.php dir Variable XSS
CVE-2006-0112
@Card ME PHP index.php cat Variable XSS
CVE-2006-0093
vBulletin calendar.php Add Reminder Field title Variable XSS CVE-2006-0080
vBulletin reminder.php Add Reminder Field title Variable XSS CVE-2006-0080
ScozBook auth.php username Field SQL Injection
CVE-2006-0079
ADN Forum index.php fid Variable SQL Injection
CVE-2006-0123
ADN Forum verpag.php pagid Variable SQL Injection
CVE-2006-0123
ADN Forum crear.php Topic Field XSS
CVE-2006-0124
Modular Merchant Marketplace Shopping Cart category.php
CVE-2006-0109
cat Variable XSS
Aquifer CMS Index.asp Keyword Variable XSS
CVE-2006-0122
OnePlug CMS /press/details.asp Press_Release_ID Variable
CVE-2006-0115
SQL Injection
OnePlug CMS /services/details.asp Service_ID Variable SQL
CVE-2006-0115
Injection
OnePlug CMS /products/details.asp Product_ID Variable SQL
CVE-2006-0115
Injection
iNETstore Ebusiness Software search.inetstore searchterm
Variable XSS
TinyPHPForum action.php txt Variable XSS
TinyPHPForum /users/ Directory User Information Disclosure
TinyPHPForum profile.php uname Variable Traversal Arbitrary
File Manipulation
Domus escribir.php email Variable XSS
Domus escribir.php email Variable SQL Injection
MusicBox index.php Multiple Variable SQL Injection
427BB showthread.php ForumID Variable SQL Injection
427BB posts.php Message Body XSS
NavBoard post.php BBcode XSS
ADOdb server.php sql Variable SQL Injection
ADOdb tmssql.php Variable Arbitrary PHP Function Execution
TheWebForum login.php Username Field SQL Injection
TheWebForum register.php www Variable XSS
VenomBoard add_post.php3 Multiple Variable SQL Injection
Phgstats phgstats.inc.php phgdir Variable Remote File
Inclusion
PHPNuke EV modules/Search/index.php query Variable SQL
Injection
MyPHPim calendar.php3 cal_id Variable SQL Injection
AspTopSites includeloginuser.asp password Field SQL
Injection
ASPSurvey Login_Validate.asp Password Variable SQL
Injection
ACal edit.php Template Modification Arbitrary PHP Code
Execution
QualityEBiz Quality PPC admin.php cpage Variable XSS
QualityEBiz Quality PPC admin.php cpage Variable Path
Disclosure
Boxcar Media Shopping Cart index.php Multiple Variable XSS
TankLogger showInfo.php livestock_id Variable SQL Injection
TankLogger livestock.php tank_id Variable SQL Injection
FogBugz pgLogon.php dest Variable XSS
H-Sphere psoft.hsphere.CP login Variable XSS
sBLOG index.php p Variable XSS
sBLOG search.php keyword Variable XSS
Interspire TrackPoint NX index.php username Variable XSS
PHP Toolkit for PayPal ipn_success.php Spoofed Payment
Generation
inTouch intouch.lib.php user Variable SQL Injection
Mini-NUKE news.asp hid Variable SQL Injection
Mini-NUKE membership.asp Unauthenticated Password
Modification
Plogger plog-admin-functions.php config[basedir] Variable
Remote File Inclusion
WebWiz Forums search_form.asp search Variable XSS
PDFdirectory util.php Multiple Variable SQL Injection
PDFdirectory userpref.php Multiple Variable SQL Injection
PDFdirectory user.php Multiple Variable SQL Injection
PDFdirectory uploadfrm.php Multiple Variable SQL Injection
PDFdirectory title.php Multiple Variable SQL Injection
PDFdirectory team.php Multiple Variable SQL Injection
PDFdirectory stats.php org Variable SQL Injection
PDFdirectory page.php Multiple Variable SQL Injection
PDFdirectory org.php Multiple Variable SQL Injection
PDFdirectory member.php Multiple Variable SQL Injection
CVE-2006-0116
CVE-2006-0102
CVE-2006-0103
CVE-2006-0104
CVE-2006-0110
CVE-2006-0159
CVE-2005-4500,2006-0186
CVE-2006-0154
CVE-2006-0155
CVE-2006-0140
CVE-2006-0146
CVE-2006-0147
CVE-2006-0135
CVE-2006-0134
CVE-2006-0160
CVE-2006-0164
CVE-2006-0163
CVE-2006-0167
CVE-2006-0184
CVE-2006-0192
CVE-2006-0183
CVE-2006-0215
CVE-2006-0216
CVE-2006-0111
CVE-2006-0209
CVE-2006-0209
CVE-2006-0194
CVE-2006-0193
CVE-2006-0101
CVE-2006-0101
CVE-2006-0210
CVE-2006-0201
CVE-2006-0088
CVE-2006-0199
CVE-2006-0203
CVE-2005-4573
CVE-2006-0175
PDFdirectory group.php Multiple Variable SQL Injection
PDFdirectory anniv.php month Variable SQL Injection
Enhanced Simple PHP Gallery sp_helper_functions.php Direct CVE-2006-0113
Request Path Disclosure
Chimera Web Portal System linkcategory.php id Variable SQL
CVE-2006-0137
Injection
Faq-O-Matic fom.cgi _duration Variable XSS
Ultimate Auction item.pl item Variable XSS
CVE-2006-0217
Ultimate Auction itemlist.pl category Variable XSS
CVE-2006-0217
Bit 5 Blog processlogin.php Multiple Field SQL Injection
CVE-2006-0320
Bit 5 Blog addcomment.php comment Variable XSS
CVE-2006-0361
SimpleBlog index.php month Variable SQL Injection
SimpleBlog comments.asp Comment Field XSS
WP-Stats WordPress Plugin wp-stats.php author Variable SQL
Injection
Helm Control Panel forgotPassword.asp txtEmailAddress
CVE-2006-0211
Variable XSS
Netbula Anyboard anyboard.cgi tK Variable XSS
CVE-2006-0247
Widexl Download Tracker down.pl ID Variable XSS
CVE-2006-0246
geoBlog viewcat.php cat Variable SQL Injection
Mantis manage_user_page.php sort Variable XSS
microBlog index.php Multiple Variable SQL Injection
WhiteAlbum pictures.php dir Variable SQL Injection
CVE-2006-0235
aoblogger login.php username Field SQL Injection
CVE-2006-0311
My Amazon Store Manager search.php q Variable XSS
CVE-2006-0334
Netrix X-Site Manager product_details.php product_id Variable
XSS
TYPO3 typo3/t3lib/thumbs.php Direct Request Path
Disclosure
TYPO3 tslib/showpic.php Direct Request Path Disclosure
TYPO3 t3lib/stddb/tables.php Direct Request Path Disclosure
WebspotBlogging login.php Username Field SQL Injection
CVE-2006-0324
Rockliffe MailSite HTTP Management Agent WCONSOLE.DLL
XSS
Rockliffe MailSite HTTP Management Agent WCONSOLE.DLL
Crafted Parameter DoS
ezDatabase index.php p Variable XSS
CVE-2006-0315
Etomite todo.inc.php cij Variable Arbitrary Command
CVE-2006-0325
Execution
Note-A-Day Weblog /archive Directory Direct Request User
Credential Disclosure
e-moBLOG index.php monthy Variable SQL Injection
CVE-2006-0403
e-moBLOG admin/index.php login Variable SQL Injection
CVE-2006-0403
Goldstag Content Management System search.asp text
CVE-2006-0466
Variable XSS
IdeoContent Manager news_full.php page Variable XSS
CVE-2006-0463
active121 Site Manager risultati_ricerca.php cerca Variable
CVE-2006-0465
XSS
CheesyBlog archive.php Multiple Field XSS
CVE-2006-0443
Phpclanwebsite index.php par Variable SQL Injection
CVE-2006-0444
Phpclanwebsite uploader.php Path Disclosure
CVE-2006-0445
Phpclanwebsite pollresults.php poll_id Variable XSS
CVE-2006-0444
miniBloggie login.php Multiple Field SQL Injection
MyBulletinBoard (MyBB) search.php SQL Error Message
CVE-2006-0406
Table Prefix Disclosure
BlogPHP config.php Cookie Fields SQL injection
CVE-2006-0372
SaralBlog search.php SQL Injection
CVE-2006-0345
AlstraSoft Template Seller Pro fullview.php tempid Variable
CVE-2006-0222
XSS
MyBulletinBoard (MyBB) search.php Multiple Variable XSS
eggblog blog.php id Variable SQL Injection
eggblog topic.php message Variable XSS
my little weblog weblog.php BBcode link Tag XSS
AndoNET Blog index.php entrada Variable SQL Injection
SleeperChat index.php pseudo Variable XSS
ASPThai Forums login.asp password Variable SQL Injection
HTMLArea files.php Unauthenticated Arbitrary File Upload
PHPCafe Tutorial Manager index.php id Variable SQL
Injection
UBB.threads showflat.php Number Variable SQL Injection
SZUserMgnt SZUserMgnt.class.php username Variable SQL
Injection
Calendarix cal_functions.inc.php catview Variable SQL
Injection
Calendarix admin/cal_login.php login Variable SQL Injection
phpBB Rlink Module rlink.php url Variable XSS
my little guestbook guestbook.php BBcode link Tag XSS
my little forum functions.php BBcode link Tag XSS
CVE-2006-0349
CVE-2006-0350
CVE-2006-0473
CVE-2006-0462
CVE-2006-0415
CVE-2006-0490
CVE-2005-3478
CVE-2006-0545
CVE-2006-0491
CVE-2006-0492
CVE-2006-0492
CVE-2006-0472
CVE-2006-0471
