Mutiny < 5.0-1.11 Multiple Directory Traversals
Adobe ColdFusion Authentication Bypass (APSB13-13) (intrusive check)
Adobe ColdFusion Authentication Bypass (APSB13-13)
Adobe ColdFusion Multiple Vulnerabilities (APSA13-03)
MantisBT 1.2.12 - 1.2.14 Multiple Vulnerabilities
MediaWiki 1.19.x < 1.19.6 / 1.20.x < 1.20.5 Multiple Vulnerabilities
Joomla! 2.5.x < 2.5.10 / 3.0.x < 3.0.4 Multiple Vulnerabilities
Lexmark Markvision Enterprise Default Credentials
Lexmark Markvision Enterprise Detection
McAfee ePolicy Orchestrator 4.6.x Multiple Vulnerabilities (SB10042)
McAfee ePolicy Orchestrator Application Server Detection
phpMyAdmin 3.5.x < 3.5.8.1 / 4.x < 4.0.0-rc3 Multiple Vulnerabilities
Gallery 3.0.x < 3.0.7 Multiple Vulnerabilities
IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities
op5 Monitor < 5.7.3 Multiple Vulnerabilities
D-Link DIR-645 getcfg.php Admin Password Disclosure
Puppet Multiple Vulnerabilities (2013/03/12)
Puppet Unsafe YAML Unserialization
Puppet Enterprise Console Authentication Bypass (intrusive check)
Puppet Enterprise Console Detection
MediaWiki 1.19 < 1.19.5 / 1.20 < 1.20.4 Multiple Vulnerabilities
JBossWS Endpoint Uses Unsafe Encryption
JBoss Web Services Endpoint Enumeration
Splunk 4.3.x < 4.3.6 Unspecified XSS
Novell iManager < 2.7.6 Patch 1 Multiple Vulnerabilities
Novell iManager Unsupported Version
Citrix Access Gateway 5.x < 5.0.4.223524 Unspecified Security Bypass
Citrix Access Gateway User Web Interface Detection
Citrix Access Gateway Administrative Web Interface Default Credentials
Citrix Access Gateway Administrative Web Interface Detection
Novell Identity Manager Role Based Provisioning Module Unspecified Vulnerability
Novell Identity Manager Role Based Provisioning Module Detection
mnoGoSearch search.cgi QUERY_STRING Parameter Parsing Arbitrary File Access
MediaWiki mwdoc-filter.php Arbitrary File Access
MediaWiki 1.19 < 1.19.4 / 1.20 < 1.20.3 Multiple Vulnerabilities
IBM InfoSphere Data Replication Dashboard Unpassworded User Enumeration
IBM InfoSphere Data Replication Dashboard User Enumeration
IBM InfoSphere Data Replication Dashboard Default Credentials
IBM InfoSphere Data Replication Dashboard Detection
Sophos Web Protection Appliance patience.cgi id Parameter Directory Traversal
Sophos Web Protection Detection
Piwigo install.php dl Parameter Traversal Arbitrary File Access
Gallery < 3.0.5 Multiple Vulnerabilities
Newsletter Plugin for WordPress preview.php data Parameter Directory Traversal
McAfee Vulnerability Manager Detect
NConf delete_attr.php id Parameter SQL Injection
GD Star Rating Plugin for WordPress export.php Authentication Bypass Information Disclosure
Git Repository Served by Web Server
Foscam 11.37.2.x < 11.37.2.49 Directory Traversal
PHP-Fusion Authenticate.class.php Multiple Cookie SQL Injection
Nagios XI < 2012R1.6 Multiple Vulnerabilities
Novell ZENworks Mobile Management MDM.php Local File Inclusion
Novell ZENworks Mobile Management Detection
Adobe InDesign Server RunScript Arbitrary Command Execution
Web Service Description Language File Detected
Foswiki < 1.1.8 MAKETEXT Macro Arbitrary Code Injection
Jenkins < 1.502 / 1.480.3 Multiple Vulnerabilities
Jenkins < 1.498 / 1.480.2 Unspecified Master Cryptographic Key Information Disclosure
Scrutinizer < 10.1.2 Multiple Vulnerabilities
airVision NVR path Parameter Traversal Arbitrary File Access
PHP 5.4.x < 5.4.12 Multiple Vulnerabilities
PHP 5.3.x < 5.3.22 Multiple Vulnerabilities
W3 Total Cache Plugin for WordPress Cache File Direct Request Information Disclosure
Drupal 7.x < 7.20 On-Demand Image Derivative Generation Handling Resource Exhaustion DoS
MyBB < 1.6.9 Multiple Vulnerabilities
MoinMoin < 1.9.6 Multiple Vulnerabilities
Buffalo LinkStation Direct Request Remote File Disclosure
WP Symposium Plugin for WordPress symposium_groups_functions.php gid Parameter SQL Injection
WordPress Poll Plugin poll_id Parameter SQL Injection
Bugzilla < 3.6.13 / 4.0.10 / 4.2.5 / 4.4rc2 Multiple Vulnerabilities
TWiki < 5.1.4 MAKETEXT Variable Tilde Character Command Injection
Cisco Prime LAN Management Solution Web Detection
EMC Data Protection Advisor Web UI Directory Traversal
EMC Data Protection Advisor Web UI Detection
Nagios XI 2011R1.9 Multiple SQL Injection Vulnerabilities
Adobe ColdFusion Authentication Bypass (APSB13-03)
ImpressPages cm_group Parameter Remote PHP Code Execution
Prizm Content Connect default.aspx document Parameter Remote File Inclusion
Joomla! 2.5.x < 2.5.9 / 3.0.x < 3.0.3 Multiple Information Disclosure Vulnerabilities
MantisBT < 1.2.12 Multiple Vulnerabilities
MantisBT 1.2.x < 1.2.13 Multiple Vulnerabilities
php-Charts url.php Remote PHP Code Execution
Gallery Plugin for WordPress load Parameter Remote File Inclusion
Hunt CCTV DVR.cfg Direct Request Information Disclosure
HP Diagnostics Server Default Credentials
HP Diagnostics Server Detection
Collector Component for Joomla! index.php File Upload Arbitrary Code Execution
WordPress xmlrpc.php pingback.ping Server-Side Request Forgery
WordPress < 3.5.1 Multiple Vulnerabilities
ViArt Shop sips_response.php DATA Parameter Request Parsing Remote Shell Command Execution
Uploader Plugin for WordPress File Upload Arbitrary Code Execution
GRAND Flash Album Gallery Plugin for WordPress f Parameter Traversal Arbitrary Directory Enumeration
Forums Plugin for WordPress url Parameter Arbitrary File Disclosure
Browser Rejector Plugin for WordPress wppath Parameter Remote File Inclusion
Portable phpMyAdmin Plugin for WordPress wp-pma-mod Authentication Bypass
WebYaST Host Modification MiTM
Floating Social Media Links Plugin for WordPress wpp Parameter Remote File Inclusion
Movable Type mt-upgrade.cgi Remote Command Execution
ManageEngine AssetExplorer Default Administrator Credentials
ManageEngine AssetExplorer Detection
Drupal 6.x < 6.28 / 7.x < 7.19 Multiple Vulnerabilities
NetIQ Privileged User Manager regclnt.dll Directory Traversal
Google Doc Embedder Plugin for WordPress File Parameter Traversal Arbitrary File Disclosure
MoinMoin twikidraw.py Traversal File Upload Arbitrary File Overwrite
PHP 5.4.x < 5.4.11 cURL X.509 Certificate Domain Name Matching MiTM Weakness
PHP 5.3.x < 5.3.21 cURL X.509 Certificate Domain Name Matching MiTM Weakness
Nagios Core history.cgi Multiple Parameter Buffer Overflow
Prado Framework sr Parameter Directory Traversal
TWiki < 5.1.3 Multiple Vulnerabilities
Snare Agent for Linux < 1.7.0 / 2.0.0 Multiple Vulnerabilities
Advanced Custom Fields Plugin for WordPress acf_abspath Parameter Remote File Inclusion
Drupal 6.x < 6.27 / 7.x < 7.18 Multiple Vulnerabilities
IceWarp Webmail raw.php Information Disclosure
MediaWiki < 1.18.6 / 1.19.3 / 1.20.1 Multiple Vulnerabilities
Ektron CMS XslCompiledTransform Class Request Parsing Remote Code Execution
ManageEngine Security Manager Plus 'f' Directory Traversal Arbitrary File Access
ManageEngine Security Manager Plus Default Administrator Credentials
ManageEngine Security Manager Plus Detection
RWCards Component for Joomla! mosConfig_absolute_path Parameter Remote File Inclusion
NetIQ Privileged User Manager Password Change Authentication Bypass (version check)
NetIQ Privileged User Manager ldapagnt_eval() Function Remote Code Execution (version check)
ManageEngine Applications Manager Default Administrator Credentials
ManageEngine Applications Manager Detection
Narcissus backend.php release Parameter Remote Command Execution
IBM WebSphere Portal Dojo Module Arbitrary File Download
Piwik core/Loader.php Trojaned Distribution
Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-018)
RT < 3.8.15 / 4.0.8 Multiple Vulnerabilities
NetIQ Privileged User Manager ldapagnt_eval() Function Remote Code Execution (intrusive check)
NetIQ Privileged User Manager Password Change Authentication Bypass (intrusive check)
NetIQ Privileged User Manager Default Admin Password
NetIQ Privileged User Manager Detection
Bugzilla < 3.6.12 / 4.0.9 / 4.2.4 / 4.4rc1 Multiple Vulnerabilities
Novell Sentinel Log Manager Authentication Bypass
Novell Sentinel Log Manager Web Detection
CoSoSys Endpoint Protector Detection
Freestyle Testimonials Component for Joomla! Unspecified SQL Injection
Freestyle Support Portal Component for Joomla! prodid Parameter SQL Injection
Liferay Portal 6.1.0 / 6.1.10 Arbitrary File Deletion
SolarWinds Orion NPM < 9.5 Login.asp Blind SQL Injection
Traq admincp/common.php authenticate() Function Authentication Bypass Remote Code Execution
MapServer for Windows (MS4W) Bundled Apache / PHP Configuration Local File Inclusion
MapServer for Windows (MS4W) Detection
ManageEngine OpStor Default Administrator Credentials
ZABBIX Web Interface popup_bitem.php itemid Parameter SQL Injection
IBM Rational ClearQuest Multiple Script Information Disclosure
WANem result.php pc Parameter Remote Command Execution
Mutiny < 4.5-1.12 Unspecified Network Interface Menu Remote Command Injection
Novell ZENworks Asset Management Detection
Drupal 7.x < 7.16 Multiple Vulnerabilities
WordPress A Page Flip Book Plugin for WordPress pageflipbook_language Parameter Local File Inclusion
ZEN Load Balancer global.conf Information Disclosure
MediaWiki < 1.18.5 / 1.19.2 Multiple Vulnerabilities
OpenStack Keystone Default Credentials
Mac Photo Gallery Plugin for WordPress macphtajax.php Access Restriction Bypass
phpMyAdmin server_sync.php Backdoor (PMASA-2012-5)
SAP Host Control SOAP Web Service 'Database/Name' Command Execution (SAP Note 1341333)
SAP Host Control SOAP Web Service Detection
SAP Control SOAP Web Service Detection
Mac Photo Gallery for WordPress albid Parameter Traversal Arbitrary File Access
HP Database Archiving Software Detection
West Wind Web Connection Unprotected Configuration Editor Application
WebPagetest < 2.7.2 file Parameter Traversal Arbitrary File Access
Cisco Prime Security Manager Log Retention DoS (cisco-sa-20120912-asacx)
Cisco Prime Security Manager Web Detection
SolarWinds Orion NPM < 10.3.1 Multiple Vulnerabilities
SolarWinds Orion Network Performance Monitor Detection
HP SiteScope getFileInternal Arbitrary File Download
Bugzilla < 3.6.11 / 4.0.8 / 4.2.3 / 4.3.3 Multiple Vulnerabilities
WordPress < 3.4.2 Multiple Vulnerabilities
SquidClamav Specially Crafted Character Parsing Remote DoS
Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-013)
Symantec Messaging Gateway Detection
Cloudsafe365 Plugin for WordPress file Parameter Traversal Arbitrary File Access
EMail Security Virtual Appliance learn-msg.cgi Remote Code Execution
EMail Security Virtual Appliance Detection
TikiWiki unserialize() Function Arbitrary Code Execution
Bugzilla < 3.6.10 / 4.0.7 / 4.2.2 / 4.3.2 Multiple Information Disclosures
Scrutinizer < 9.5.2 Multiple Vulnerabilities
Oracle Integrated Lights Out Manager Web Detection
Eucalyptus Walrus REST Interface Key Verification Authentication Bypass (ESA-03)
Eucalyptus Cloud Controller Console Detection
Scrutinizer < 9.5.2 d4d/statusFilter.php q Parameter SQL Injection
Scrutinizer Default Credentials Check
IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access
RabidHamster R4 left_console.html cmd Parameter loadfile() Function Traversal Arbitrary File Access
Cyberoam Admin Console Detection
Symantec Web Gateway search.php SQL Injection (SYM12-011)
Symantec Web Gateway Multiple Script Shell Command Execution (SYM12-011)
RT < 3.8.12 / 4.0.6 Multiple Vulnerabilities
Atmail Email Server WebAdmin Control Panel dbconfig.ini Information Disclosure
Nagios XI < 2011R1.9 Multiple Vulnerabilities
Cisco TelePresence Multipoint Switch XML-RPC DoS (cisco-sa-20110223-telepresence-ctms)
Cisco TelePresence Multipoint Switch Web Detection
WordPress < 3.4.1 Multiple Vulnerabilities
Serendipity comment.php url Parameter SQL Injection
PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow
PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
Eaton Network Shutdown Module Default Administrator Credentials
Eaton Network Shutdown Module Detection
WaveMaker < 6.4.6 Security Bypass
WaveMaker Studio Requires No Authentication
Western Digital ShareSpace WEB GUI Information Disclosure
Western Digital ShareSpace Detection
Novell GroupWise WebAccess User.interface Directory Traversal
Basilic diff.php Command Injection
Symantec Message Filter Multiple Vulnerabilities (SYM12-010)
Symantec Message Filter Management Interface Default Credentials
Symantec Message Filter Management Interface Detection
Microsoft IIS 6.0 PHP NTFS Stream Authentication Bypass
HAProxy Statistics Page Detection
Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)
ownCloud Web Interface Detection
Adobe ColdFusion HTTP Response Splitting (APSB12-15)
Kerio WinRoute Firewall Web Server Remote Source Code Disclosure
PHP 5.4.x < 5.4.4 Multiple Vulnerabilities
PHP 5.3.x < 5.3.14 Multiple Vulnerabilities
Cobbler xmlrpc API power_system Method Remote Shell Command Execution
Cobbler Linux Installation Server Detection
Cobbler Admin Interface Detection
Liferay Portal 6.1.0 Forward Target Handling Security Bypass
Liferay Portal 6.1.0 User Enumeration
Atlassian JIRA 5.0.1 XML Parsing Vulnerability
Atlassian FishEye 2.5.8 / 2.6.8 / 2.7.12 XML Parsing Vulnerability
Atlassian Crucible 2.5.8 / 2.6.8 / 2.7.12 XML Parsing Vulnerability
Apache OFBiz FlexibleStringExpander Remote Code Execution
Apache OFBiz Default Credentials
PacketVideo TwonkyServer Directory Traversal
PacketVideo TwonkyServer Detection
Liferay Portal 6.1.0 'addUser()' Security Bypass
Liferay Portal 6.0.5 / 6.0.6 Arbitrary File Download
Liferay Portal < 6.0.6 Multiple Vulnerabilities
Liferay Portal Default Credentials
phpMyAdmin simplexml_load_string() Function Information Disclosure (PMASA-2011-17)
Symantec Web Gateway upload_file() Remote Code Execution (SYM12-006) (intrusive check)
Symantec Web Gateway < 5.0.3 Multiple Vulnerabilities (SYM12-006) (version check)
Symantec Web Gateway ipchange.php Shell Command Injection (SYM12-006) (intrusive check)
SolarWinds Storage Manager Server LoginServlet loginName Parameter SQL Injection
SolarWinds Storage Manager Detection
McAfee WebShield UI mui Directory Traversal
McAfee WebShield UI Authentication Bypass
PHP PHP-CGI Query String Parameter Injection Arbitrary Code Execution
PHP 5.4.x < 5.4.3 Multiple Vulnerabilities
PHP 5.3.x < 5.3.13 CGI Query String Code Execution
WordPress < 3.3.2 Multiple Vulnerabilities
Scrutinizer < 9.0.1 d4d/alarms.php Multiple Parameters SQLi
Scrutinizer NetFlow & sFlow Analyzer Detection
PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution
PHP Unsupported Version Detection
ManageEngine SupportCenter Plus < 7.9 Build 7905 Multiple Vulnerabilities
PHP 5.4.x < 5.4.1 Multiple Vulnerabilities
PHP < 5.3.11 Multiple Vulnerabilities
MediaWiki < 1.17.3 / 1.18.2 Multiple Vulnerabilities
CiscoWorks Common Services HTTP Response Splitting
CGIProxy < 2.1.2 Multiple Unspecified Vulnerabilities
IBM Tivoli Directory Server Web Administration Tool Detection
Citrix XenServer vSwitch Controller < 2.0.0+build11349 Multiple Vulnerabilities
Citrix XenServer vSwitch Controller Detection
Citrix XenServer Workload Balancer Detection
Dolibarr passwordforgotten.php theme Parameter Local File Inclusion
PHP 5.2.x filter_globals Subsequence Request Parsing Remote Code Execution
Lenovo ThinkManagement Console Detection
McAfee Webshield Web UI Detection
Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections
Tivoli Provisioning Manager Express for Software Distribution Detection
HP Data Protector LogClientInstallation Method Userid Field SQL Execution
HP Data Protector DPNECentral Web Service Detection
HP Network Node Manager Detection
Zenphoto viewer_size_image_saved Cookie Value eval() Call Remote PHP Code Execution
Zenphoto < 1.4.2.1 Multiple Vulnerabilities
Novell ZENworks Control Center Detection
ManageEngine DeviceExpert ScheduleResultViewer Remote Directory Traversal
ManageEngine DeviceExpert Default Administrator Credentials
ManageEngine DeviceExpert Detection
WebGlimpse query Parameter Command Injection
TheCartPress Plugin for WordPress tcp_class_path Parameter Remote File Inclusion
WordPress ToolsPack Plugin Backdoor
Tenable Appliance Web Authentication Bypass
Tenable Appliance Web Detection
Citrix XenServer Web Self Service Detection
Astaro Security Gateway Detection
FreePBX gen_amp_conf.php Information Disclosure
PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)
Horde 3.3.12 open_calendar.js Backdoor
Oracle WebCenter Content 'GET_SEARCH_RESULTS' SQL Injection
Oracle WebCenter Content Default Administration Credentials
Oracle WebCenter Content Detection
Kayako SupportSuite 3.x <= 3.70.02 Multiple Vulnerabilities
EMC Celerra Control Station Default Credentials
Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)
CodeMeter TCP Packet Parsing Unspecified Remote DoS
CodeMeter Virtual Directory Traversal Arbitrary File Access (remote check)
CodeMeter Virtual Directory Traversal Arbitrary File Access (banner check)
Symantec Endpoint Protection Manager Detection
HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)
HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities
HP Managed Printing Administration Detection
Apache Struts2 Multiple Remote Code Execution and File Overwrite Vulnerabilities (safe check)
Web Application Information Disclosure
op5 Monitor Persistent Session Cookie
op5 Config Arbitrary Command Execution
op5 Portal Arbitrary Command Execution
MS11-100: ASP.NET Could Allow Denial of Service (2638420) (uncredentialed check)
PHP Version 5 Hash Collision Form Parameter Parsing Remote DoS
PHP < 5.3.9 Multiple Vulnerabilities
TYPO3 AbstractController.php BACK_PATH Parameter Remote File Inclusion
Plone Request Parsing Remote Command Execution
phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 Multiple Vulnerabilities (PMASA-2011-5 - PMASA-2011-8)
JSPWiki Edit.jsp editor Parameter Traversal Local File Inclusion
VMware vCenter Update Manager Directory Traversal (VMSA-2011-0014)
VMware vCenter Update Manager Detection
Metasploit HTTP Server detection
CGI Generic Cross-Site Request Forgery Detection (potential)
Dell KACE K2000 Web Backdoor Account
TimThumb Cache Directory src Parameter Arbitrary PHP File Upload
phpLDAPadmin orderby Parameter Arbitrary PHP Code Execution
SonicWALL ViewPoint Server Default Credentials
SonicWALL ViewPoint Server Detection
WordPress < 3.1.4 / 3.2-RC3 Multiple Blind SQL Injection Vulnerabilities
MODx < 2.0.3-pl class_key Parameter Local File Inclusion
MyBB 1.6.4 Backdoor PHP Code Execution
ManageEngine ADSelfService Plus resetUnLock Authentication Bypass
ManageEngine ADSelfService Plus Default Administrator Credentials
ManageEngine ADSelfService Plus Detection
Cisco Unified Operations Manager < 8.6 Multiple Vulnerabilities
Cisco Unified Operations Manager Detection
CGI Generic XPath Injection (2nd pass)
CGI Generic Tests Load Estimation (quick tests, HTML injection)
CGI Generic Tests Load Estimation (quick tests, text injection)
CGI Generic Tests Load Estimation (full tests)
HP Client Automation Satellite Web Console Detection
Zabbix < 1.8.6 Multiple Vulnerabilities
HP SiteScope Default Credentials
Sitecore CMS < 6.4.1 rev.110720 'url' Parameter URI Redirection
PHP 5.3.7 crypt() MD5 Incorrect Return Value
Oracle GlassFish Server Administration Console GET Request Authentication Bypass
PHP 5.3 < 5.3.7 Multiple Vulnerabilities
Microsoft Remote Desktop Web Access Detection
Computer Associates ARCserve D2D homepageServlet Servlet Information Disclosure
Computer Associates ARCserve D2D Detection
AlphaRegistration Component for Joomla! email Parameter SQL Injection
Oracle Secure Backup Administration Server login.php uname Parameter Arbitrary Command Injection
SQL Dump Files Disclosed via Web Server
Symantec Web Gateway forget.php Blind SQL Injection (SYM11-008)
Symantec Web Gateway login.php Blind SQL Injection (SYM11-001)
Symantec Web Gateway Detection
AllVideos Reloaded! Plugin for Joomla! divid Parameter SQL Injection
Adobe ColdFusion Remote Development Services Enabled Without Authentication
Adobe ColdFusion Remote Development Services
RSA Self-Service Console Detection
RSA Security Console Detection
RSA Operations Console Detection
Trend Micro Data Loss Prevention Virtual Appliance Encoded Traversal Arbitrary File Access
Trend Micro Data Loss Prevention Virtual Appliance Web Console Detection
ManageEngine SupportCenter Plus FileDownload.jsp path Parameter Traversal Arbitrary File Access
ManageEngine SupportCenter Plus Default Administrator Credentials
ManageEngine SupportCenter Plus Detection
ManageEngine ServiceDesk Plus FileDownload.jsp FILENAME Parameter Traversal Arbitrary File Access
ManageEngine ServiceDesk Plus Default Administrator Credentials
ManageEngine ServiceDesk Plus Detection
WPtouch Plugin for WordPress wptouch_redirect Parameter URL Redirection
Movable Type User Registration Restriction Bypass
Polycom SoundPoint IP Phone Default Password
Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure
Active Directory Certificate Services Web Enrollment Anonymous Access
phpMyAdmin < 3.3.10.1 / 3.4.1 Multiple Vulnerabilities (PMASA-2011-03 / PMASA-2011-04
Veri-NAC Appliance unauthenticated URL Directory Traversal
Apache Archiva < 1.3.5 Multiple Vulnerabilities
phpMyAdmin url.php Redirect (PMASA-2011-4)
Vanilla Forum p Parameter Local File Inclusion
eFront js/scripts.php load Parameter Remote File Inclusion
is_human() Plugin for WordPress type Parameter Command Injection
Spreecommerce api/orders.json Search Function Arbitrary Command Execution
Symphony CMS token Parameter SQL Injection
Atlassian Confluence Wiki Detection
EyeOS file Parameter Directory Traversal
GIT gitweb git_search Shell Metacharacter Arbitrary Command Execution
Adobe ColdFusion Admin Requires No Authentication
Oracle BI Publisher Enterprise Detection
BackWPup for WordPress Plugin Remote File Inclusion
Symantec LiveUpdate Administrator < 2.3 CSRF (SYM11-005)
Symantec LiveUpdate Administrator Web Detection
HP Client Automation Default Credentials
HP Client Automation Web Console Detection
PHP 5.3 < 5.3.6 Multiple Vulnerabilities
Vtiger CRM graph.php Directory Traversal
WP Forum Server Plugin for WordPress topic Parameter SQL Injection
Comment Rating Plugin for WordPress id Parameter SQL Injection
Request Tracker 3.0.0-3.8.9rc1 Security Bypass and Information Disclosure
Mod_auth_mysql Multibyte Encoding SQL Injection
F-Secure Internet Gatekeeper for Linux Log Disclosure (FSC-2011-1)
F-Secure Internet Gatekeeper Default Administrator Credentials
F-Secure Internet Gatekeeper Web Console Detection
Check Point Endpoint Security Server Information Disclosure
HP Power Manager Unspecified Cross-Site Request Forgery
Web Common Credentials (HTML form)
Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access
MODx 'ucfg' Parameter Arbitrary File Access
CGI Generic SQL Injection (Parameters Names)
WordPress < 3.0.5 Multiple Vulnerabilities
PRTG Network Monitor Default Credentials
PRTG Network Monitor Detection
WordPress < 3.0.2 'do_trackbacks()' Function SQL Injection
HP OpenView Performance Insight Server Backdoor Account
HP OpenView Performance Insight Server Detection
Micro Focus Enterprise Administration Server Authentication Check
Micro Focus Enterprise Administration Server Detection
ExtCalendar 'cat_id' parameter SQL Injection
HP OpenView Network Node Manager Remote Execution of Arbitrary Code (HPSBMA02621 SSRT100352)
Mingle Forum Plugin for WordPress topic parameter SQL Injection
BlogEngine.NET api/BlogImporter.asmx GetFile Function Unauthorized Access
CGI Generic Command Execution (time-based, intrusive)
Openfiler Management Interface Default Administrator Credentials
Openfiler Management Interface Detection
PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion
PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To Double Conversion DoS
DD-WRT Info.live.htm Information Disclosure
MantisBt 'db_type' Parameter Local File Inclusion
WordPress < 3.0.3 XML-RPC Interface Access Restriction Bypass
Openfire Admin Console Detection
eclime index.php ref Parameter SQL Injection
PHP 5.3 < 5.3.4 Multiple Vulnerabilities
PHP 5.2 < 5.2.15 Multiple Vulnerabilities
Sitefinity CMS Arbitrary File Upload
IceWarp webmail/basic/index.html _c Parameter Directory Traversal
Pandora FMS Console Default Credentials
Pandora FMS Console Authentication Bypass
RSForm! Component for Joomla! lang Parameter Local File Inclusion
vtiger CRM phprint.php lang_crm Parameter Local File Inclusion
Novell GroupWise WebAccess Arbitrary File Download
Novell GroupWise Document Viewer Agent Arbitrary File Download
SEO Tools Plugin for WordPress file Parameter Arbitrary File Access
Apache Shiro URI Path Security Traversal Information Disclosure
jRSS Widget Plugin for WordPress proxy.php url Parameter Arbitrary File Access
HP Systems Insight Manager Multiple Products Authentication Bypass
NetSupport Manager Gateway HTTP Protocol Information Disclosure
NetSupport Manager Gateway Detection
HP Systems Insight Manager Detection
HP Systems Insight Dynamics Detection
HP Systems Insight Control Detection
eLouai's Force Download Script file Parameter File Disclosure
FreeNAS exec_raw.php Arbitrary Command Execution
CGI Generic Path Traversal (quick test)
CGI Generic Fragile Parameters Detection (potential)
HP Systems Insight Manager logfile Parameter Arbitrary File Download
HTTP X-Frame-Options Response Header Usage
HTTP X-Content-Security-Policy Response Header Usage
HTTP Origin Response Header Usage
Artica < 1.4.101900 mailattach Parameter Directory Traversal
Artica mailattach Parameter Directory Traversal
Apache Hadoop HDFS DataNode Web Detection
Apache Hadoop HDFS NameNode Web Detection
Apache Hadoop MapReduce TaskTracker Web Interface
Apache Hadoop MapReduce JobTracker Web Detection
Ubuntu Drupal Theme - Brown images/layout/gradient.php File Disclosure
Super Simple Blog Script entry Parameter SQL Injection
Super Simple Blog Script Detection
Meeting Room Booking System typematch Parameter SQL Injection
Meeting Room Booking System Detection
FreePBX admin/cdr/call-comp.php dst Parameter SQL Injection
mathTeX mathtex.cgi getdirective Function dpi Tag Arbitrary Code Execution
Zen Cart index.php typefilter Parameter Traversal Local File Inclusion
Mura CMS FILEID Parameter Directory Traversal
Mura CMS Default Administrator Credentials
Atmail WebMail < 6.2.0 'MailType' Parameter XSS
Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities
OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution
NextGEN Smooth Gallery Plugin for WordPress galleryID Parameter SQL Injection
SnortReport nmap.php target Parameter Arbitrary Command Execution
Splunk Default Administrator Credentials (splunkd)
Splunk Default Administrator Credentials (Splunk Web)
CGI Generic SQL Injection Detection (potential, 2nd order, 2nd pass)
CGI Generic 2nd Order SQL Injection Detection (potential)
phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)
Open-Realty index.php select_users_lang Parameter Traversal Local File Inclusion
Adobe ColdFusion 'locale' Parameter Directory Traversal
Oracle Business Process Management Detection
Bugzilla 'reporter' field Information Disclosure
Atlassian JIRA ConfigureReport.jspa 'reportKey' Info Disclosure
Xerver Double Slash Authentication Bypass
PHP 5.3 < 5.3.3 Multiple Vulnerabilities
PHP 5.2 < 5.2.14 Multiple Vulnerabilities
TYPO3 Back-end index.php 'redirect_url' Redirect
Huru Helpdesk Component for Joomla! cid[0] Parameter SQL Injection
Apache Struts2 / XWork Remote Code Execution (safe check)
Web Tests Session Expiration Errors
vBulletin Database Credentials Information Disclosure
MapServer Insecure MapServ CGI Command-line Debug Args
CGI Generic On Site Request Forgery (OSRF)
CGI Generic Injectable Parameter
Novell Teaming Default Credentials
Bugzilla 3.7/3.7.1 Information Disclosure
Oracle Secure Backup Administration Server login.php Authentication Bypass
Bitweaver wiki/rankings.php style Parameter Traversal Local File Inclusion
ArtForms Component for Joomla! viewform Parameter SQL Injection
Simple:Press Plugin for WordPress value parameter SQL Injection
Splunk 4.x < 4.0.11/4.1.2 Directory Traversal
IIS 5.x Alternate Data Stream Authentication Bypass
Novell 'modulemanager' Servlet Arbitrary File Upload (safe check)
Novell 'modulemanager' Servlet Arbitrary File Upload (intrusive check)
Microsoft SharePoint Service Help.aspx 'tid' Parameter DoS
Bugzilla 'time-tracking' fields Information Disclosure
Simple Machines Forum Detection
Moodle < 1.9.6 / 1.8.10 Multiple Vulnerabilities
Atlassian JIRA 4.1.x < 4.1.2 Multiple Vulnerabilities
Magnoware DataTrack System Information Disclosure
Magnoware DataTrack System Detection
PRTG Traffic Grapher Detection
Symphony 2.0.6 mode Parameter Local File Inclusion
MySQL Enterprise Monitor < 2.1.2 Multiple CSRF
MySQL Enterprise Monitor Web Detection
ManageEngine ADAudit Plus Default Credentials
ManageEngine ADAudit Plus Detection
ManageEngine ADManager Plus Default Credentials
ManageEngine ADManager Plus Detection
Apache Axis2 xsd Parameter Directory Traversal
Apache Axis2 Default Credentials
Dell OpenManage Server Administrator 'HelpViewer' Redirect
TikiWiki tiki-lastchanges.php Empty sort_mode Parameter Information Disclosure
Open-AudIT include_lang.php language Parameter Traversal Local File Inclusion
e107 BBCode Arbitrary PHP Code Execution
RokModule Component for Joomla! moduleid Parameter SQL Injection
Visitor Data Module for Joomla! X-Forwarded-For Arbitrary Command Execution
Campsite TinyMCE plugin 'attachments.php' 'article_id' Parameter SQL Injection
TaskFreak! loadByKey() SQL Injection
TaskFreak! Default Credentials
Cacti < 0.8.7f Multiple Input Validation Vulnerabilities
Ektron CMS400.net TransformXslt Web Service Directory Traversal
Ektron CMS400.NET Default Credentials
CGI Generic Path Traversal (extended test)
CGI Generic Path Traversal (write test)
Iomega smbwebclient.php Unauthenticated Filesystem Access
Apache ActiveMQ Web Console Test Pages Information Disclosure
Apache ActiveMQ Unprotected Web Console Detection
Computer Associates XOsoft SOAP Request Username Enumeration (CA20100406)
Properties Component for Joomla! aid Parameter SQL Injection
Joomla! / Mambo Component view Parameter Local File Inclusion
AjaXplorer checkInstall.php Arbitrary Command Injection
Apple Mac OS X Wiki Server File Upload Security Bypass
Apple Mac OS X Wiki Server Weblog SACL Security Bypass
Mac OS X Server Web Services Version Detection
MediaWiki Login Cross-Site Request Forgery
SiteX photo.php albumid Parameter SQL Injection
Hyperic HQ Web GUI Default Credentials
eScan MWAdmin forgotpassword.php uname Parameter Arbitrary Command Execution
eScan MWAdmin Interface Detection
Remote Help Default Credentials
eFront langname Parameter Traversal Local File Inclusion
Trouble Ticket Express fid Parameter Arbitrary Remote Code Execution
OSSIM download.php Directory Traversal
eclime login.php SQL Injection
eGroupWare spellchecker.php Arbitrary Shell Command Execution
McAfee LinuxShield Login Username Enumeration
CGI Generic Command Execution (time-based)
SilverStripe debug_profile Parameter Information Disclosure
SilverStripe CMS Running in Development Mode
Multiple Adobe Products XML External Entity (XXE) Injection (APSB10-05)
PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities
trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection
trixbox maint Web Interface Default Credentials
FreePBX / PBXconfig Default Credentials
Asterisk Recording Interface (ARI) Default Administrator Credentials
Joomla! JoomlaWorks AllVideos Plugin file Parameter Directory Traversal
GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution
Scriptegrator Plugin for Joomla! files[] Parameter Remote File Inclusion
Web Application SQL Backend Identification
VMware Host Agent Directory Traversal (VMSA-2009-0015)
VMware Host Agent Web Detection
Bugzilla Directory Access Information Disclosure
IBM Tivoli Monitoring Service Console Detection
OCS Inventory NG Server Administration Console header.php login Parameter SQL Injection
OCS Inventory NG Server Administration Console Detection
MoinMoin 'sys.argv' Information Disclosure
SAP BusinessObjects 'HappyAxis2.jsp' Information Disclosure
Joomla! tinybrowser_lang Cookie Local File Inclusion
phpMyAdmin setup.php unserialize() Arbitrary PHP Code Execution (PMASA-2010-3)
CGI Generic Cookie Injection Scripting
Web Server Generic Cookie Injection
CGI Generic Unseen Parameters Discovery
DokuWiki ajax.php cmd[del] Parameter Security Bypass
OpenX install.php / install-plugin.php Admin Authentication Bypass
JS Jobs Component for Joomla! index.php md Parameter SQL Injection
Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection
Joomla! / Mambo Component controller Parameter Local File Inclusion
SQL-Ledger 'admin.pl' Empty Credentials
phpLDAPadmin cmd.php cmd Parameter Local File Inclusion
Oracle WebLogic Default Credentials
PHP < 5.2.12 Multiple Vulnerabilities
Invision Power Board < 3.0.5 Multiple Vulnerabilities
CGI Generic SQL Injection (blind, time based)
phpShop shop/flypage SQL Injection
HP OpenView Network Node Manager Multiple Scripts hostname Parameter Remote Command Execution
Kiwi Syslog Server Web Access Login Username Enumeration
Zen Cart extras/curltest.php Information Disclosure
GCalendar Component for Joomla! event.php gcid Parameter SQL Injection
LyftenBloggie Component for Joomla! index.php author Parameter SQL Injection
Pligg login.php return Parameter Arbitrary Site Redirect
AWStats < 6.95 awredir.pl Arbitrary Site Redirect
SugarCRM on Apache / Windows .htaccess Direct Request Arbitrary File Access
CubeCart includes/content/viewProd.inc.php productId Parameter SQL Injection
CGI Generic Local File Inclusion (2nd pass)
PHP 5.3 < 5.3.1 Multiple Vulnerabilities
Movable Type mt-check.cgi System Information Disclosure
HP Power Manager Default Credentials
Jumi Component for Joomla! <= 2.0.5 Backdoor
Jumi Component for Joomla! fileid Parameter SQL Injection
WordPress < 2.8.6 Multiple Vulnerabilities
CGI Generic SQL Injection (2nd pass)
CGI Generic SQL Injection (HTTP Headers)
CGI Generic SQL Injection (HTTP Cookies)
CGI Generic SQL Injection (blind)
CGI Generic SSI Injection (HTTP headers)
CubeCart 'admin.php' Authentication Bypass Information Disclosure
CubeCart Admin Authentication Bypass
osCommerce file_manager.php Arbitrary PHP Code Injection (intrusive check)
osCommerce file_manager.php Arbitrary PHP Code Injection
OSSIM 'host/draw_tree.php' Access Restriction Weakness Information Disclosure
OSSIM Web Frontend Default Credentials
MapServer < 5.4.2 / 5.2.3 / 4.10.5 Buffer Overflow
Drupal SA-CONTRIB-2009-080: Simplenews Statistics Open Redirect
Infoblox IPAM Appliance Default Credentials
Trapeze Service Shell - Admin Service Accessible
CGI Generic Local File Inclusion
Adobe RoboHelp Server Security Bypass (APSA09-05 / intrusive check)
Adobe RoboHelp Server Security Bypass (APSA09-05)
IDoBlog Component for Joomla! userid Parameter SQL Injection
Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure
PHP < 5.2.11 Multiple Vulnerabilities
Oracle Secure Backup Administration Server Authentication Bypass
BF Survey Pro Component for Joomla! table Parameter SQL Injection
ChartDirector for .NET cacheId Parameter Arbitrary File Access
Zmanda Recovery Manager for MySQL socket-server.pl MYSQL_BINPATH Variable Command Execution
Kayako SupportSuite Ticket Subject XSS
FlexCMS Login Cookie SQL Injection
phpSANE file_save Parameter Remote File Include
Web Application Potentially Sensitive CGI Parameter Detection
Google Analytics on An Internal Web Server Detection
Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure
WP-Syntax apply_filters function Command Execution
WordPress < 2.8.4 Password Reset
Spiceworks HTTP Response Accept Header Handling Overflow DoS
CMS Made Simple url Parameter Arbitrary File Access
Snitz Forums 2000 <= 3.4.07 register.asp 'Email' Parameter SQL Injection
MODx config.js.php Information Disclosure
OpenWrt Router with a Blank Password (telnet check)
phpMyAdmin Installation Not Password Protected
eAccelerator encoder.php File Backup
Ruby on Rails HTTP Digest Authentication Bypass
Log Rover pword Parameter SQL Injection
FCKeditor.Java Connector Servlet 'CurrentFolder' Infinite Loop DoS
FCKeditor 'CurrentFolder' Arbitrary File Upload
Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload
FireStats < 1.6.2 Multiple Vulnerabilities
HP DDMI on Windows Unspecified Remote Agent Access
HP DDMI Web Interface Default Credentials
BASE < 1.2.5 readRoleCookie() Auth Bypass
Basic Analysis and Security Engine Authentication Check
Zen Cart password_forgotten.php Admin Access Bypass
Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection
PHP < 5.2.10 Multiple Vulnerabilities
CGI Generic Remote File Inclusion
Apache Tomcat RequestDispatcher Directory Traversal Arbitrary File Access
Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass
Sun Java System Directory Server Online Help Feature Information Disclosure
JVideo! Component for Joomla! user_id Parameter SQL Injection
CrashPlan Server Default Administrative Credentials
DokuWiki config_cascade Parameter Remote File Inclusion
WP-Lytebox pg Parameter Local File Inclusion
VICIDIAL Call Center Suite Default Administrative Credentials
VICIDIAL Call Center Suite admin.php SQL Injection
TinyWebGallery lang Parameter Local File Inclusion
Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion
HP System Management Homepage < 3.0.1.73 Multiple Flaws
Flyspeck lang Parameter Local File Inclusion
SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution
Open Virtual Desktop Detection
IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities
Oracle GlassFish Server Administration Console Default Credentials
Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval
LimeSurvey sUser Parameter SQL Injection
Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation
OpenCart route Parameter Local File Inclusion
Symantec Reporting Server Improper URL Handling Exposure
Sun Java System Identity Manager Account Disclosure
Fortify 360 Web Interface Detection
Linksys WVC54GCA Wireless-G '/img/main.cgi' Information Disclosure
Novell Teaming Login User Account Enumeration Weakness
phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)
phpMyAdmin setup.php save Action Arbitrary PHP Code Injection (PMASA-2009-3)
Geeklog SEC_authenticate Function SQL Injection
HP LaserJet Web Server Unspecified Admin Component Traversal Arbitrary File Access
Jinzora name Parameter Local File Inclusion
phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)
MapServer < 5.2.2 / 4.10.4 Multiple Flaws
Moodle LaTeX Information Disclosure
Tenable Security Center Default Credentials
Sitecore CMS < 5.3.2 rev. 090212 Web Service Security Database Information Disclosure
NextApp Echo XML Parsing Information Disclosure Vulnerability
AWStats 'awstats.pl' Path Disclosure
OneOrZero Helpdesk default_language Local File Inclusion
zFeeder admin.php Direct Request Admin Authentication Bypass
ZABBIX Web Interface extlang[] Parameter Remote Code Execution
ZABBIX Web Interface Detection
Coppermine Photo Gallery keysToSkip Parameter Overwrite
Drupal Theme System Template Local File Inclusion
PHP < 5.2.9 Multiple Vulnerabilities
Moodle Forum post.php Unauthorized Post Deletion CSRF
SquirrelMail HTTPS Session Cookie Secure Flag Weakness
HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)
HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610)
TYPO3 jumpUrl Mechanism Information Disclosure
Trend Micro InterScan Web Security Suite Default Credentials
Openfire < 3.6.3 Multiple Vulnerabilities
Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness
Jaws language Parameter Multiple Local File Includes
SocialEngine Blog Plugin category_id Parameter SQL Injection
Meeting Room Booking System (MRBS) month.php area Parameter SQL Injection
phpSlash fields Parameter PHP Code Injection
Profense Web Application Firewall Default Credentials
OpenX fc.php MAX_type Parameter Traversal Local File Inclusion
Horde Horde_Image::factory driver Argument Local File Inclusion
gigCalendar Component for Joomla! gigcal_gigs_id Parameter SQL Injection
Eventing Component for Joomla! index.php catid Parameter SQL Injection
phpList <= 2.10.8 Variable Overwriting
WordPress WP-Forum forum_feed.php thread Parameter SQL Injection
Oracle Secure Backup Administration Server login.php Arbitrary Command Injection
XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection
XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal
XOOPS xoopsConfig[language] Parameter Local File Inclusion (DSECRG-08-040)
RoundCube Webmail bin/html2text.php Post Request Remote PHP Code Execution
Pligg evb/check_url.php url Parameter SQL Injection
OneOrZero Helpdesk tinfo.php Arbitrary File Upload
phpList cline Parameter Array Remote File Inclusion
Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS)
Live Chat Component for Joomla! last Parameter SQL Injection
Sun Java System Identity Manager Default Credentials
Sun Java System Identity Manager Detection
Moodle filter/tex/texed.php pathname Parameter Remote Command Execution
PHP < 5.2.8 Multiple Vulnerabilities
phpPgAdmin index.php _language Parameter Local File Inclusion
PHP 5 < 5.2.7 Multiple Vulnerabilities
Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass
OraMon config/oramon.ini Information Disclosure
CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion
Apache Struts devMode Information Disclosure
Apache Struts < 2.0.12 / 2.1.3 Dispatcher Directory Traversal
PHPWebAdmin for hMailServer Multiple File Inclusions
Openfire AuthCheck Authentication Bypass
Eaton Network Shutdown Module < 3.20 Authentication Bypass / Command Execution
yappa-ng index.php album Parameter Local File Inclusion
Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access
Ignite Gallery Component for Joomla! index.php gallery Parameter SQL Injection
PhpWebGallery comments.php sort_by Parameter SQL Injection
GForge top/topusers.php offset Parameter SQL Injection
ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite
ASG-Sentry CGI Default Credentials
OpenX ac.php bannerid Parameter SQL Injection
OpenNMS Web Console Default Credentials
phpScheduleIt reserve.php start_date Parameter Arbitrary Command Injection
Pluck update.php Remote Privilege Escalation
MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion
Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities
Simple Machines Forum Validation Code Prediction Arbitrary Password Reset
Calendarix Basic cal_cat.php catview Parameter SQL Injection
pluck < 4.5.3 Multiple Local File Include Vulnerabilities
Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure
Zen Cart products_id[] Array SQL Injection
Moodle lib/kses.php kses_bad_protocol_once Function Arbitrary PHP Code Execution
AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution
TWiki bin/configure image Parameter Traversal Arbitrary File Access/Execution
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities
Web Server Generic 3xx Redirect
Adobe Dreamweaver dwsync.xml Remote Information Disclosure
dotCMS Multiple Script id Parameter Traversal Local File Inclusion
MailScan WebAdministrator Cookie Authentication Bypass
Joomla! components/com_user/models/reset.php Reset Token Validation Forgery
JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure
Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion
Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access
RTH login.php uname Parameter SQL Injection
e107 download.php extract() Function Variable Overwrite
PHP < 4.4.9 Multiple Vulnerabilities
Pligg settemplate.php template Parameter Local File Inclusion
Plogger plog-download.php checked[] Parameter SQL Injection
.svn/entries Disclosed via Web Server
CGI Generic Tests Load Estimation (all tests)
Symphony sym_auth Cookie SQL Injection
Gregarius ajax.php rsargs[] Parameter Array SQL Injection
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
CGI::Session File Driver CGISESSID Cookie Traversal Authentication Bypass
Maian Scripts Cookie Manipulation Authentication Bypass
Mambo < 4.6.5 mos_user_template Local File Inclusion
XEROX CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008)
Dolphin Multiple Scripts Remote File Inclusion
Trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion
Sun Java System ASP < 4.0.3 Multiple Vulnerabilities
Sun Java ASP Server Default Admin Password
Wordtrans-web exec_wordtrans Function Arbitrary Command Execution
TrailScout Module For Drupal Session Cookie SQL Injection
nBill component for Joomla! index.php cid Parameter SQL Injection
Trac quickjump Search Script q Parameter Arbitrary Site Redirect
Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Parameter SQL Injection
LifeType for Drupal (pLog) index.php albumId Parameter SQL Injection
AEC Subscription Manager Component usage Parameter SQL Injection
Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access
ViewVC Direct Request CVSROOT Information Disclosure
Mantis manage_user_create.php CSRF New User Creation
Web Site Cross-Domain Policy File Detection
DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQL Injection
Webhosting Component for Joomla catid Parameter SQL Injection
PHP < 5.2.6 Multiple Vulnerabilities
ActualAnalyzer Lite style Parameter Traversal Local File Inclusion
WordPress index.php cat Parameter Local File Inclusion
Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities
XOOPS Article Module article.php id Parameter SQL Injection
WEBrick Encoded Traversal Arbitrary CGI Source Disclosure
HP OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access
Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cookie SQL Injection
Site Sift Listings detail.php id Parameter SQL Injection
OTRS SOAP Interface Unauthenticated Object Manipulation
Sympa Malformed Content-Type Header Remote DoS
eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection
my_gallery Plugin for e107 dload.php file Parameter Arbitrary File PHP Source Disclosure
PHP 5.x < 5.2 Multiple Vulnerabilities
Custom Pages for Joomla! index.php cpage Parameter Remote File Inclusion
DotNetNuke Upgrade Process validationkey Generation Weakness Privilege Escalation
Acajoom Component mailingid Parameter SQL Injection
PHPAuction Multiple Script include_path Parameter File Inclusion
XOOPS Dictionary Module print.php id Parameter SQL Injection
MediaWiki JSON Callback Crafted API Request Information Disclosure
netOffice Dwins demoSession Parameter Authentication Bypass
Centreon include/doc/get_image.php img Parameter Traversal Arbitrary File Access
Nukedit utilities/login.asp email Parameter SQL Injection
Hosting Controller hosting/addreseller.asp reseller Parameter Authentication Bypass
Sniplets Plugin for WordPress execute.php text Parameter Arbitrary Command Execution
Coppermine Photo Gallery album Password Cookie SQL Injection
ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities
Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection
Default Password (changeme) for SHOUTcast Server Service Port
Joomla! index.php mosConfig_absolute_path Parameter Remote File Inclusion
osCommerce Customer Testimonials customer_testimonials.php testimonial_id Parameter SQL Injection
Cacti index.php/sql.php Login Action login_username Parameter SQL Injection
ExtremeZ-IP File and Print Server Zidget/HTTP Server Traversal Arbitrary File Access
F5 BIG-IP Web Management Interface Version
Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload
Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
AkoGallery Component for Mambo / Joomla! index.php id Parameter SQL Injection
Coppermine imageObjectIM.class.php Command Execution Vulnerabilities
SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion
WordPress AdServe adclick.php id Parameter SQL Injection
Smart Publisher index.php filedata Parameter Arbitrary Command Execution
Mambo MOStlyCE Mambot Arbitrary File Rename
WordPress fGallery fim_rss.php album Parameter SQL Injection
vTiger CRM Directory File Disclosure
CandyPress Store admin/utilities_ConfigHelp.asp helpfield Parameter SQL Injection
ManageEngine Applications Manager Invalid URI Remote Information Disclosure
MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite
YaBB SE Cookie Authentication Bypass
Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure
boastMachine mail.php id Parameter SQL Injection
BitDefender Update Server HTTP Request Traversal Arbitrary File Access
MyBB forumdisplay.php sortby Parameter Arbitrary PHP Code Execution
Pixelpost index.php parent_id Parameter SQL Injection
X7 Chat index.php day Parameter SQL Injection
eggBlog index.php eggblogpassword Parameter Cookie SQL Injection
PortalApp forums.asp sortby Parameter SQL Injection
Web Server Malicious Javascript Link Detection
XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion
Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution
Newbb_plus Module for RunCMS Client-Ip Header SQL Injection
Bitweaver wiki/edit.php suck_url Parameter Traversal Source Code Disclosure
RunCMS Multiple Script lid Parameter SQL Injection
Mort Bay Jetty URL Multiple Slash Character Information Disclosure
Site@School slideshow_full.php album_name Parameter SQL Injection
Atlassian JIRA < 3.12.1 Multiple Vulnerabilities
PHP < 4.4.8 Multiple Vulnerabilities
Zenphoto rss.php albumnr Parameter SQL Injection
CMS Made Simple modules/TinyMCE/content_css.php templateid Parameter SQL Injection
CuteNews search.php files_arch Array Arbitrary File Access
PMOS Help Desk form.php Arbitrary Code Execution
Tikiwiki tiki-listmovies.php movie Parameter Traversal Arbitrary File Access
Plogger plog-rss.php id Parameter SQL Injection
WordPress query.php is_admin() Function Information Disclosure
RaidenHTTPD workspace.php ulang Parameter Local File Inclusion
Centreon fileOreonConf Parameter File Include Vulnerabilities
Firefly Media Server Limited Directory Traversal Admin Credential Disclosure
HP OpenView Network Node Manager Multiple CGI Remote Overflows
Plumtree Portal User Object User Enumeration
Seditio plug.php pag_sub Parameter SQL Injection
Plumtree Portal Default Credentials
GWExtranet gwextranet/scp.dll Multiple Parameter Traversal Local File Inclusion
RunCMS xoopsOption Parameter Local File Inclusion
PHP < 5.2.5 Multiple Vulnerabilities
IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities
HP OpenView Client Configuration Manager Default Credentials
GuppY inc/includes.inc selskin Parameter Traversal Local File Inclusion
Module Builder DownloadModule Traversal Arbitrary File Disclosure
Simple Machines Forum Search.php SQL Injection
TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion
CA Host-Based Intrusion Prevention System Server Default Credentials
LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution
SWAT Unauthenticated Access (Demo Mode)
Cart32 c32web.exe ImageName Traversal Arbitrary File Access
Original inc/exif.inc.php exif_prog Parameter Arbitrary Command Execution
ADOdb Lite adodb-perf-module.inc.php last_module Parameter Arbitrary Code Execution
Shop-Script admin.php Admin Panel Security Bypass
Mambo / Joomla! Multiple Components mosConfig_live_site Parameter Remote File Inclusion
Adobe Connect Enterprise Server Information Disclosure
Claroline inc/lib/language.lib.php language Parameter Traversal Local File Inclusion
MapServer Multiple Remote Vulnerabilities
QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities
MDPro index.php topicid Parameter SQL Injection
Joomla! CMS com_search Component default_results.php searchword Parameter Remote Command Execution
VHCS PHPSESSID Cookie Session Fixation
PHP < 5.2.4 Multiple Vulnerabilities
SimpleFAQ Component for Joomla! aid Parameter SQL Injection
EZPhotoSales Multiple Configuration Files Remote Information Disclosure
Help Center Live class/auth.php check_logout Function Admin Authentication Bypass
GMaps Component for Joomla! index.php viewmap Action mapId Parameter SQL Injection
PHP-Blogger pref.db Database Information Disclosure
LinPHA include/img_view.class.php order parameter SQL Injection
CVS (Web Based) Directory Spider
Expose for Joomla! (com_expose) uploadimg.php Arbitrary File Upload Code Execution
MailMarshal Spam Quarantine Interface Arbitrary Account Password Retrieval
paFileDB includes/search.php categories Parameter SQL Injection
McAfee Common Management Agent 3.6.0.546 Multiple Vulnerabilities
SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow
AsteriDex callboth.php Multiple Parameter CRLF Injection Arbitrary Command Execution
Maia Mailguard login.php lang Parameter Local File Inclusion
ServerView Servername Parameter Arbitrary Command Execution
Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities
Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS
Packeteer Web Management Interface Authentication
Packeteer Web Management Interface Version Detection
Packeteer Web Management Interface Detection
Calendarix calendar.php Multiple Parameter SQL Injection
FuseTalk index.cfm txForumID Parameter SQL Injection
XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion
JFFNMS auth.php Multiple Parameter SQL Injection
Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities
Symantec Web Security (SWS) Multiple Vulnerabilities
Symantec Web Security Detection
PBLang login.php lang Parameter Local File Inclusion
BASE Authentication Redirect Authentication Bypass
PNphpBB2 index.php c Parameter SQL Injection
XOOPS Multiple Modules spaw_control.class.php spaw_root Parameter Remote File Inclusion
PHP < 5.2.3 Multiple Vulnerabilities
UebiMiau Multiple Input Validation Vulnerabilities
Openfire Admin Console Remote Privilege Escalation
GForge CVSWeb CGI cvsweb.php PATH_INFO Parameter Arbitrary Command Execution
WordPress check_ajax_referer() Function SQL Injection
YaNC yanc.html.php listid Parameter SQL Injection
Thyme event_view.php eid Parameter SQL Injection
Advanced Guestbook index.php lang Cookie Parameter Path Disclosure
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities
PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities
XAMPP ADOdb mssql_connect Remote Buffer Overflow
myGallery mygallerybrowser.php myPath Parameter Remote File Inclusion
Plesk Multiple Script locale_id Parameter Traversal Arbitrary File Access
WebSpeed Workshop Arbitrary Command Execution
WebSpeed Development Mode Check
XOOPS Jobs Module index.php cid Parameter SQL Injection
XOOPS WF-Section Module print.php articleid Parameter SQL Injection
PHP < 5.2.1 Multiple Vulnerabilities
PHP < 4.4.5 Multiple Vulnerabilities
XOOPS Articles Module print.php id Parameter SQL Injection
TYPOlight < 2.2.5 Unspecified Vulnerability
RWCards Component for Joomla! index.php category_id Parameter SQL Injection
Moodle moodledata/sessions/ Session Files Remote Information Disclosure
Webapp.org WebAPP < 0.9.9.6 Multiple Vulnerabilities
Apache mod_jk Long URL Worker Map Stack Remote Overflow
LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass
LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities
WebCalendar includes/functions.php noSet Variable Overwrite
WordPress 2.1.1 Multiple Script Backdoor
Symantec Mail Security for SMTP Admin Center Default Credentials
getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities
OrangeHRM login.php txtUserName Parameter SQL Injection
SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion
Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access
ZPanel 2.0 Multiple Script Remote File Inclusion
Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass
phpMyFAQ < 1.6.10 Multiple Script Arbitrary File Upload
Plain Old Webserver URI Traversal Arbitrary File Access
LifeType rss.php profile Parameter Traversal Arbitrary File Access
MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF)
DevTrack Web Service UserName Field SQL Injection
Advanced Poll admin/index.php Session Identifier Replay Authentication Bypass
ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure
ExoPHPDesk faq.php id Parameter SQL Injection
Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution
Drupal Comment Function Arbitrary Code Execution
Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass
CVSTrac Text Output Formatter SQL Injection DoS
LedgerSMB / SQL-Ledger login.pl script Parameter Arbitrary Perl Code Execution
WordPress Pingback File Information Disclosure
Website Baker REMEMBER_KEY Cookie SQL Injection
Oreon lang/index.php file Parameter Remote File Inclusion
WoltLab Burning Board search.php Multiple Parameter SQL Injection
WordPress Trackback wp-trackback.php tb_id Parameter SQL Injection
WordPress Trackback Charset Decoding SQL Injection
Cuyahoga FCKEditor Misconfiguration Unrestricted File Upload
phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities
phpBB < 2.0.22 Multiple Vulnerabilities
Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution
Jinzora Multiple Script include_path Parameter Remote File Inclusion
Cacti copy_cacti_user.php template_user Variable SQL Injection
Cacti cmd.php Multiple Parameter SQL Injection Arbitrary Command Execution
Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure
TYPO3 spell-check-logic.php userUid Parameter Arbitrary Command Execution
PHP-Update blog.php Variable Overwriting Arbitrary Code Execution
JBoss JMX Console Unrestricted Access
PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection
phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion
Land Down Under / Seditio polls.php id Parameter SQL Injection
JCE Admin Component for Joomla! jce.php Multiple Vulnerabilities (LFI, XSS)
ThinClientServer Admin Account Creation Privilege Escalation
PHP Easy Download admin/save.php moreinfo Parameter Code Injection
MailEnable NetWebAdmin Unauthorized Access (ME-10019)
Serendipity serendipity_event_bbcode.php Script serendipity[charset] Parameter Local File Inclusion
WoltLab Burning Board Lite wbb_userid Parameter PHP Unset SQL Injection
Etomite CMS index.php id Parameter SQL Injection
ELOG Web LogBook global Denial of Service
Verity Ultraseek < 5.7 Multiple Vulnerabilities
MODx CMS base_path Parameter Remote File Inclusion
Exhibit Engine styles.php toroot Parameter Remote File Inclusion
IBM WebSphere snoopservlet Path Disclosure
IBM WebSphere Application Server '%20' Request Source Disclosure
e107 class2.php e107language_e107cookie Cookie Traversal Local File Inclusion
PunBB include/common.php language Parameter Local File Inclusion
miniBB bb_func_txt.php pathToFiles Parameter Remote File Inclusion
Segue CMS themesettings.inc.php themesdir Parameter Remote File Inclusion
Novell eDirectory iMonitor HTTP Protocol Stack (httpstk) Host HTTP Header Remote Overflow
Hosting Controller Multiple Script ForumID Parameter SQL Injection
IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access
Ingo Foldername Arbitrary Command Execution
Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure
Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion
phpMyConferences menus.inc.php lvc_include_dir Parameter Remote File Inclusion
Adobe Breeze Directory Traversal Arbitrary File Access
Web Site sitemap.xml File and Directory Disclosure
BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Parameter Remote File Inclusion
Moodle index.php tag Parameter SQL Injection
phpMyAdmin < 2.9.1 Multiple Vulnerabilities
Mambo Open Source usercookie Parameter SQL Injection
XEROX WorkCentre WebUI Arbitrary Command Execution (XRX06-005)
HAMweather Template.php do_parse_code Function Arbitrary Code Execution
OpenBiblio < 0.5.2 Multiple Scripts Local File Inclusion
UBB.threads doeditconfig Arbitrary Command Injection
DokuWiki fetch.php Multiple Parameter imconvert Function Arbitrary Command Execution
CakePHP vendors.php file Parameter Traversal Arbitrary File Access
MyReview Admin.php email Parameter SQL Injection
Exponent CMS index.php view Parameter Local File Inclusion
Limbo com_fm Component sql.php classes_dir Parameter Remote File Inclusion
Site@School Multiple Script cmsdir Parameter Remote File Inclusion
Limbo Contact Component (com_contact) contact.html.php contact_attach Unrestricted File Upload
Dokeos claro_init_local.inc.php extAuthSource Parameter Array Remote File Inclusion
Claroline claro_init_local.inc.php extAuthSource[newUser] Parameter Remote File Inclusion
Moodle < 1.6.2 Multiple Vulnerabilities
TWiki filename Parameter Traversal Arbitrary File Access
RaidenHTTPD check.php SoftParserFileXml Parameter Remote File Inclusion
PHP-Fusion extract() Global Variable Overwriting
DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection
PmWiki < 2.1.21 Global Variables Overwriting
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow
Mailman Utils.py Spoofed Log Entry Injection
WebAdmin < 3.2.6 MDaemon Account Hijacking
Easy Address Book Web Server Query Remote Format String
TikiWiki jhot.php Arbitrary File Upload
Webmin / Usermin Null Byte Filtering Vulnerabilities
e107 ibrowser.php zend_has_del() Function Remote Code Execution
Joomla! < 1.0.11 Unspecified Remote Code Execution
Joomla! < 1.0.11 Multiple Vulnerabilities
CubeCart < 3.0.13 Multiple Remote Vulnerabilities (LFI, SQLi, XSS)
Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc)
Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass
PHProjekt <= 5.1 Multiple Remote File Inclusions
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion
WebAdmin < 3.2.5 Multiple Vulnerabilities
osCommerce shopping_cart.php id Array Parameters SQL Injection
Docebo GLOBALS Variable Overwrite Remote File Inclusion
Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion
Zen Cart ipn_main_handler.php custom SQL Injection
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS)
SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting
WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion
IPCheck Server Monitor Traversal Arbitrary File Access
Ruby on Rails Routing Code URL Code Evaluation DoS
Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
Barracuda Spam Firewall Multiple Remote Vulnerabilities (Cmd Exec, Traversal, Default)
phpMyAdmin import_blacklist Variable Overwriting
TWiki configure Script Arbitrary Command Execution
PatchLink Update Server proxyreg.asp Arbitrary Proxy Manipulation
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write
PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection
OpenCms < 6.2.2 Multiple Vulnerabilities
Loudblog index.php id Parameter SQL Injection
X7 Chat upgradev1.php old_prefix Parameter SQL Injection
Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection
IceWarp Multiple Script Remote File Inclusion
VHCS login.php check_login() Function Authentication Bypass
VHCS include/sql.php include_path Parameter Remote File Inclusion
MyBB HTTP Header CLIENT-IP Field SQL Injection
Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion
Trend Micro OfficeScan 7.3 Multiple Vulnerabilities
McAfee Common Management Agent Traversal Arbitrary File Write
SimpleBoard / Joomlaboard Multiple Script sbp Parameter Remote File Inclusion
Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion
LifeType index.php Date Parameter SQL Injection
phpFormGenerator Arbitrary File Upload
SiteBuilder-FX top.php admindir Parameter Remote File Inclusion
Webmin / Usermin miniserv.pl Arbitrary File Disclosure
FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion
Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection
BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS)
BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation
w-Agora inc_dir Parameter Remote File Inclusion
Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation
Wikka wikka.php Local File Inclusion
Calendarix Multiple Script id Parameter SQL Injection
OpenEMR C_FormEvaluation.class.php fileroot Parameter Remote File Inclusion
DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution
Pixelpost index.php category Parameter SQL Injection
Claroline Multiple Script includePath Parameter Remote File Inclusion
LifeType index.php articleId Parameter SQL Injection
SquirrelMail plugin.php plugins Parameter Local File Inclusion
e107 email.php Arbitrary Mail Relay
Geeklog auth.inc.php loginname Parameter SQL Injection
BASE Multiple Script BASE_path Parameter Remote File Inclusion
Resin viewfile Servlet Arbitrary File Disclosure
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion
Sun Server Console Authentication Bypass
Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion
phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion
XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion
FCKeditor upload.php Type Parameter Arbitrary File Upload
Ipswitch WhatsUp Professional Crafted Header Authentication Bypass
Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion
SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion
WebCalendar Login Error Message User Account Enumeration
Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)
Limbo weblinks.html.php catid Parameter SQL Injection
ACal embed/day.php path Parameter Remote File Inclusion
e107 e107_cookie Parameter SQL Injection
Stadtaus Gaestebuch-Script index.php include_files Parameter Remote File Inclusion
IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal)
Claroline ldap.inc.php clarolineRepositorySys Parameter Remote File Inclusion
Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion
AWStats migrate Parameter Arbitrary Command Execution
phpBB Multiple Module phpbb_root_path Parameter Remote File Inclusion
sBLOG search.php keyword Parameter SQL Injection
X7 Chat help/index.php help_file Parameter Local File Inclusion
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
phpListPro Multiple Script returnpath Parameter Remote File Inclusions
Monster Top List sources/functions.php root_path Parameter Remote File Inclusion
Limbo CMS sql.php classes_dir Parameter Remote File Inclusion
Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities
Help Center Live osTicket Module Multiple Unspecified SQL Injections
phpMyAgenda rootagenda Parameter File Include Vulnerability
Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure
phpBB Advanced GuestBook addentry.php phpbb_root_path Parameter Remote File Inclusion
Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities
myEvent Multiple Remote Vulnerabilities
ActualAnalyzer direct.php rf Parameter Remote File Inclusion
Coppermine Photo Gallery index.php file Parameter Local File Inclusion
MyBB global.php Global Parameter Overwrite
phpWebFTP index.php language Parameter Local File Inclusion
Sysinfo name Parameter Arbitrary Code Execution
phpAlbum language.php data_dir Parameter Remote File Inclusion
MODx < 0.9.1a Multiple Vulnerabilities
SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access
Sphider configset.php settings_dir Parameter Remote File Inclusion
phpWebSite index.php hub_dir Parameter Local File Inclusion
PAJAX < 0.5.2 Multiple Vulnerabilities
Simplog <= 0.9.2 Multiple Vulnerabilities
Winmail Server Webmail Unspecified Vulnerability
phpList index.php database_module Parameter Local File Inclusion
Adobe Document Server for Reader Extensions < 6.1 Multiple Vulnerabilities
Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation
Clever Copy connect.inc Direct Request Information Disclosure
Dokeos < 1.6.4 / 2.0.3 Multiple Scripts Remote File Inclusion
Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion
CubeCart FCKeditor connector.php Arbitrary File Upload
AngelineCMS loadkernel.php installPath Parameter Remote File Inclusion
BASE base_maintenance.php Authentication Bypass
gCards < 1.46 Multiple Vulnerabilities
Claroline Multiple RemoteVulnerabilities (RFI, Traversal, XSS)
Horde Help Viewer Arbitrary Code Execution
PHP Live Helper Multiple Remote File Inclusions
NetworkActiv Web Server Crafted Filename Request Script Source Disclosure
phpBannerExchange Template Class Local File Inclusion
Orion Application Server Crafted Filename Extension JSP Script Source Disclosure
Free Articles Directory index.php page Parameter Remote File Inclusion
PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion
Mambo Open Source Multiple Vulnerabilities
Joomla! < 1.0.8 Multiple Vulnerabilities
CuteNews inc/function.php archive Parameter Arbitrary File Access
Adobe Document Server File URI Arbitrary Resource Manipulation
Adobe Document Server Default Credentials
Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc)
PHP iCalendar publish.ical.php Arbitrary File Upload
PHP iCalendar Cookie Data Traversal Local File Inclusion
Simple PHP Blog install05.php blog_language Parameter Local File Inclusion
Horde go.php url Parameter Arbitrary File Access
Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection
MyBB comma Cookie SQL Injection
MyBB search.php forums Parameter SQL Injection
Pixelpost < 1.5 RC1 showimage Parameter SQL Injection
Gallery stepOrder Parameter Local File Inclusion
SquirrelMail strings.php base_uri Parameter Information Disclosure
Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass
Woltlab Burning Board Multiple SQL Injections
Owl Intranet Engine lib/OWL_API.php xrms_file_root Parameter Remote File Inclusion
Loudblog < 0.42 template Parameter Traversal
4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion
Gallery Install Log Local Information Disclosure
Gallery Zipcart Module Arbitrary File Disclosure
Listserv < 14.5 Multiple Buffer Overflows
Limbo CMS index.php Itemid Parameter Arbitrary Command Execution
imageVue < 16.2 admin/upload.php Unrestricted File Upload
HP System Management Homepage (SMH) on Windows Namazu lang Parameter Traversal Arbitrary File Access
phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution
Coppermine Photo Gallery showdoc.php f Parameter Local File Inclusion
SPIP < 1.8.2-g Multiple Vulnerabilities
NOCC <= 1.0 Multiple Vulnerabilities
Plume CMS < 1.0.3 Remote File Inclusion
Noah's Classifieds <= 1.3 Multiple Vulnerabilities
SquirrelMail < 1.4.6 Multiple Vulnerabilities
PostNuke < 0.762 Multiple Vulnerabilities
ViRobot Linux Server filescan Authentication Bypass
CherryPy staticFilter Traversal Arbitrary File Access
Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Remote Vulnerabilities (LFI, SQLi)
Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure
NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation
MyBB < 1.04 Multiple Vulnerabilities
Flyspray install-0.9.7.php adodbpath Parameter Remote File Inclusion
dotProject docs/ Directory Multiple Script Information Disclosure
dotProject Multiple Scripts Remote File Inclusion
HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access
LinPHA <= 1.0 Multiple Vulnerabilities
PmWiki < 2.1 beta 21 Multiple Vulnerabilities
RunCMS Multiple Script bbPath Parameter Remote File Inclusion
Dragonfly CMS install.php newlang Parameter Local File Inclusion
PHP iCalendar Multiple Script Remote File Inclusion
Loudblog backend_settings.php Multiple Parameter Remote File Inclusion
Website Baker Admin Login SQL Injection
MyBB index.php referrer Parameter SQL Injection
Invision Power Board Dragoran Portal Module index.php site Parameter SQL Injection
RCBlog index.php post Parameter Traversal Arbitrary File Access
Limbo CMS Multiple Vulnerabilities
Lyris ListManager Subscription Form Administrative Command Injection
ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS)
Geronimo Console Default Credentials
PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access
Trend Micro ControlManager < 3.0 SP5 Multiple Vulnerabilities
ADOdb server.php sql Parameter SQL Injection
ADOdb tmssql.php do Parameter Arbitrary PHP Function Execution
AppServ appserv/main.php appserv_root Parameter Remote File Inclusion
PHP Support Tickets index.php Multiple Parameter SQL Injection
PHPSurveyor Multiple SQL Injections
Web Wiz check_user.asp txtUserName Parameter SQL Injection
phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion
Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation
eFiction < 2.0.2 Multiple Remote Vulnerabilities (SQLi, XSS, Disc)
Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS)
Cerberus Support Center Multiple Remote Vulnerabilities (SQLi, XSS)
VisNetic / Merak Mail Server Multiple Remote Vulnerabilities
Webmin miniserv.pl username Parameter Format String
MyBB < 1.0 Multiple SQL Injection Vulnerabilities
PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion
Plogger plog-admin-functions.php config Parameter Remote File Inclusion
FTGate <= 4.4.002 Multiple Remote Vulnerabilities (OF, FS, XSS)
ELOG Remote Buffer Overflow Vulnerabilities
vTiger < 4.5a2 Multiple Vulnerabilities
SimpleBBS topics.php name Parameter Arbitrary Command Execution
phpCOIN < 1.2.2 2005-12-13 Fix-File Multiple Vulnerabilities
The Includer includer.cgi Arbitrary Command Execution
ListManager Error Message Information Disclosure
ListManager < 8.9b Multiple Vulnerabilities
FlatNuke index.php id Parameter Traversal Arbitrary File Access
Contenido contenido/classes/class.inuse.php Multiple Parameter Remote File Inclusion
SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion
MediaWiki Language Option eval() Function Arbitrary PHP Code Execution
Zen Cart password_forgotten.php admin_email Parameter SQL Injection
DUware Multiple Products type.asp iType Parameter SQL Injection
Trac Ticket Query Module group Parameter SQL Injection
PHPX admin/index.php username Parameter SQL Injection
WebCalendar < 1.0.2 Multiple Vulnerabilities
GuppY <= 4.5.9 Multiple Remote Vulnerabilities (Traversal, Code Exec)
PHP Doc System index.php show Parameter Local File Inclusion
Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities
Help Center Live module.php file Parameter Local File Inclusion
Mambo Open Source / Joomla! GLOBALS Variable Remote File Inclusion
phpwcms 1.2.5 Multiple Vulnerabilities
phpSysInfo < 2.4.1 Multiple Vulnerabilities
CodeGrrl Applications Remote File Inclusion Vulnerabilities
XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)
Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)
Moodle < 1.5.3 Multiple SQL Injection Vulnerabilities
TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities
phpAdsNew XML-RPC Library Remote Code Injection
MailWatch authenticate() Function SQL Injection
Horde Admin Account Default Password
phpWebThings Multiple Scripts SQL Injection
toendaCMS < 0.6.2.1 Multiple Vulnerabilities
CuteNews Multiple Script Traversal Privilege Escalation
vCard define.inc.php match Parameter Remote File Inclusion
phpBB <= 2.0.17 Multiple Vulnerabilities
Comersus BackOffice comersus_backoffice_menu.asp Multiple Parameter SQL Injection
Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure
Invision Gallery index.php st Parameter SQL Injection
PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
GNUMP3d < 2.9.6 Multiple Remote Vulnerabilities (XSS, Traversal)
ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe)
Mantis < 0.19.3 Multiple Vulnerabilities
PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion
phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities
e107 resetcore.php user Field SQL Injection
TWiki %INCLUDE Parameter Arbitrary Command Injection
w-Agora <= 4.2.0 Multiple Vulnerabilities
Gallery main.php g2_itemId Parameter Traversal Arbitrary File Access
WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution
PunBB search.php old_searches Parameter SQL Injection
phpWebSite index.php Search Module SQL Injection
PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection
phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities
Mailgust Password Reminder email Field SQL Injection
GuppY < 4.5.6a Multiple Vulnerabilities
3Com Network Supervisor Traversal Arbitrary File Access
IceWarp Web Mail Multiple Flaws (4)
Alkalay.Net Multiple Scripts Arbitrary Command Execution
Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe)
phpMyFAQ < 1.5.2 Multiple Vulnerabilities
Movable Type < 3.2 Multiple Vulnerabilities
PunBB < 1.2.8 Multiple Vulnerabilities
Land Down Under HTTP Referer Header SQL Injection
Digital Scribe login.php SQL Injection
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
ATutor Password Reminder SQL Injection
vBulletin <= 3.0.9 Multiple Vulnerabilities
CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection
Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities
phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability
Discuz! <= 4.0.0 rc4 Arbitrary File Upload
DeluxeBB Multiple Scripts SQL Injection
Calendar Express Multiple Vulnerabilities (SQLi, XSS)
Sendcard sendcard.php id Parameter SQL Injection
MyBB ratethread.php rating Parameter SQL Injection
MyBB misc.php fid Parameter SQL Injection
PunBB < 1.2.7 Multiple Vulnerabilities
TWiki rev Parameter Arbitrary Command Execution
Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution
Ipswitch WhatsUp Gold <= 8.04 Multiple Vulnerabilities
Land Down Under <= 800 Multiple Vulnerabilities
SaveWebPortal <= 3.4 Multiple Vulnerabilities
Land Down Under <= 801 Multiple Vulnerabilities
LDU Software/Version Detection
AMember Multiple Script config[root_dir] Parameter Remote File Inclusion
Brightmail Control Center Default Password (symantec) for 'admin' Account
Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)
PBLang 4.65 Multiple Vulnerabilities
PBLang < 4.66z Multiple Vulnerabilities
man2web Multiple Scripts Arbitrary Command Execution
WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities
Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities (Cmd Exec, Traversal)
HP OpenView Network Node Manager Multiple Scripts Remote Command Execution
CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion
Simple Machines Forum Avatar Information Disclosure Vulnerability
XEROX MicroServer Web Server Multiple Vulnerabilities (XRX05-008)
phpLDAPadmin custom_welcome_page Parameter File Include Vulnerability
phpLDAPadmin Anonymous Bind Security Bypass Vulnerability
PostNuke <= 0.760 RC4b Multiple Vulnerabilities
MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection
Looking Glass Multiple Vulnerabilities
AutoLinks Pro 'al_initialize.php alpath Parameter Remote File Inclusion
phpWebNotes core/api.php t_path_core Parameter File Inclusion
FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities
YaPiG <= 0.9.5b Multiple Vulnerabilities
paFileDB auth.php pafiledbcookie Cookie SQL Injection
RunCMS <= 1.2 Multiple Vulnerabilities
Netquery <= 3.11 nquser.php host Parameter Arbitrary Command Execution
WebCalendar send_reminders.php includedir Parameter Remote File Inclusion
Ultimate PHP Board users.dat Multiple Vulnerabilities
PHP TopSites setup.php Administration Authentication Bypass
PHP Surveyor Multiple Vulnerabilities
w-Agora index.php site Parameter Traversal Arbitrary File Access
Mantis < 1.0.0rc2 Multiple Vulnerabilities
Xaraya Software/Version Detection
Gallery PostNuke Integration Access Validation Privilege Escalation
ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI)
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities
AWStats Referrer Header Arbitrary Command Execution
WordPress Cookie cache_lastpostdate Parameter PHP Code Injection
Gravity Board X <= 1.1 Multiple Vulnerabilities (SQLi, XSS, PD, Cmd Exe)
SilverNews < 2.0.4 Multiple Vulnerabilities
FlatNuke < 2.5.6 Multiple Remote Vulnerabilities
Jaws BlogModel.php path Parameter Remote File Inclusion
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)
Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc)
Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection
Kayako LiveResponse Multiple Vulnerabilities
Simplicity oF Upload download.php language Parameter Local File Inclusion
PHP-Fusion <= 6.00.106 Multiple Vulnerabilities
WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection
Community Link Pro login.cgi file Parameter Arbitrary Command Execution
Netquery <= 3.1 Multiple Vulnerabilities
FtpLocate flsearch.pl fsite Parameter Remote File Inclusion
Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion
SAP Internet Graphics Server (IGS) Traversal Arbitrary File Access
PHPNews auth.php Multiple Parameter SQL Injection
osCommerce update.php readme_file Parameter Arbitrary File Disclosure
Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities
Hosting Controller Software Detection
osCommerce Unprotected Admin Directory
PHPAuction Admin Authentication Bypass
IBM Lotus Domino Server time/date Fields Remote Overflow
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities
VP-ASP Multiple Script SQL Injection
Phpauction <= 2.5 Multiple Vulnerabilities
Sybase EAServer WebConsole jaqadmin Default Password
Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities
Moodle < 1.5.1 Multiple Vulnerabilities
PPA functions.inc.php config[ppa_root_path] Parameter Remote File Inclusion
SPiD lang.php lang_path Remote File Inclusion
phpSecurePages cfgProgDir Variable File Include Vulnerabilities
PunBB < 1.2.6 Multiple Vulnerabilities
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities (ID, more)
Jinzora Multiple Script include_path Parameter Remote File Inclusion (2)
Sambar Server search.pl results.stm Overflow DoS
Comersus Cart Multiple Vulnerabilities (SQLi, XSS)
Drupal Unspecified Privilege Escalation
Drupal XML-RPC for PHP Remote Code Injection
Drupal Public Comment/Posting Arbitrary PHP Code Execution
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
phpWebSite <= 0.10.1 Multiple Vulnerabilities
YaPiG Password Protected Directory Bypass
phpBB < 2.0.17 Nested BBCode URL Tags XSS
Geeklog User Comment Retrieval SQL Injection
PHPNews news.php prevnext Parameter SQL Injection
Cacti < 0.8.6f Multiple Vulnerabilities (Priv Esc, Cmd Exe)
Nabopoll survey.inc.php path Parameter Remote File Inclusion
EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion
XOOPS < 2.0.12 Multiple Vulnerabilities
osTicket <= 1.3.1 Multiple Vulnerabilities
WordPress < 1.5.1.3 Multiple Vulnerabilities
Serendipity XML-RPC for PHP Remote Code Injection
phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution
webadmin.php show Parameter Arbitrary File Access
WebCalendar assistant_edit.php Unauthorized Access
DUportal Pro Multiple Scripts SQL Injection (2)
DUpaypal Pro Multiple Scripts SQL Injection
DUforum Multiple Scripts SQL Injection
DUclassmate Multiple Scripts SQL Injection
DUamazon Pro Multiple Scripts SQL Injection
K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution
Simple Machines Forum msg Parameter SQL Injection Vulnerability
Ipswitch WhatsUp Professional Login.asp Multiple Field SQL Injection
Cacti < 0.8.6e Multiple Vulnerabilities (SQLi, RFI)
MercuryBoard User-Agent SQL Injection
i-Gallery <= 3.3 Multiple Vulnerabilities
paFAQ 1.0 Beta 4 Multiple Vulnerabilities
JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID)
YaPiG < 0.95b Multiple Vulnerabilities
Sawmill < 7.1.6 Multiple Vulnerabilities
SquirrelMail < 1.45 Multiple Vulnerabilities
Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities
ViRobot Linux Server addschup Multiple Overflows
e107 eTrace Plugin dotrace.php Arbitrary Code Execution
WebHints hints.pl Arbitrary Command Execution
JamMail jammail.pl mail Parameter Arbitrary Command Execution
e107 ePing Plugin doping.php Arbitrary Code Execution
Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion
Invision Gallery < 1.3.1 Multiple SQL Injections
Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)
ProductCart Multiple Scripts SQL Injection
FlexCast Server Terminal Authentication Unspecified Remote Issue
WordPress template-functions-category.php cat_ID Parameter SQL Injection
Qualiteam X-Cart Multiple Vulnerabilities
Exhibit Engine list.php Multiple Parameter SQL Injection
Calendarix Multiple Vulnerabilities (SQLi, XSS)
Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities
Athena Web Registration athenareg.php pass Parameter Command Execution
Listserv < 14.3-2005a Multiple Vulnerabilities
MaxWebPortal memKey Parameter SQL Injection
Hosting Controller addsubsite.asp Security Bypass
Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)
PostNuke <= 0.760 RC4a Multiple Vulnerabilities
Netref cat_for_gen.php Arbitrary PHP Command Injection
Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection
WordPress < 1.5.1 Multiple Vulnerabilities
PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities
Serendipity < 0.8.1 Multiple Vulnerabilities
Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF)
Woltlab Burning Board verify_email Function SQL Injection
WebAPP apage.cgi f Parameter Arbitrary Command Execution
MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities
JGS-Portal for WoltLab Burning Board Multiple Vulnerabilities (SQLi, XSS)
web-app.org WebAPP Encoded Request .dat File Disclosure
Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities
OpenBB < 1.0.9 Multiple Vulnerabilities
CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID)
Dream4 Koobi CMS index.php area Parameter SQL Injection
Woltlab Burning Board Detection
MaxWebPortal <= 1.35 Multiple Vulnerabilities
boastMachine users.inc.php File Extension Validation Arbitrary File Upload
Woppoware PostMaster <= 4.2.2 Multiple Vulnerabilities
Bugzilla < 2.18.1 Multiple Information Disclosures
NETFile FTP/Web Server Directory Traversal Arbitrary File Access
e107 search.php search_info Parameter Traversal Arbitrary File Inclusion
WowBB view_user.php Multiple Parameter SQL Injection
MyServer 0.8 Multiple Vulnerabilities
Advanced Guestbook index.php entry Parameter SQL Injection
4D WebSTAR Tomcat Plugin Remote Buffer Overflow
PHP Advanced Transfer Manager <= 1.21 Multiple Vulnerabilities
Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)
Interspire ArticleLive Multiple Remote Vulnerabilities (XSS, Auth Bypass)
osTicket <= 1.2.7 Multiple Vulnerabilities
Open WebMail Shell Escape Arbitrary Command Execution
bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)
Trend Micro TMCM Console Management Detection
Websense Reporting Console Detection
phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities
Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)
PHP-Calendar includes/search.php Multiple Parameter SQL Injection
yappa-ng < 2.3.2 Multiple Vulnerabilities
ArGoSoft Mail Server Pro <= 1.8.7.6 Multiple Vulnerabilities (XSS, Traversal, Priv Esc)
phpBB <= 2.0.14 Multiple Vulnerabilities
MailEnable HTTPMail Service Authorization Header Remote Overflow
DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)
Coppermine Photo Gallery < 1.3.2 Multiple SQL Injections
UBB.threads < 6.5.2 beta Multiple Vulnerabilities
phpBB Knowledge Base Module kb.php cat Parameter SQL Injection
Monkey HTTP Daemon (monkeyd) < 0.9.1 Multiple Vulnerabilities
Serendipity exit.php Multiple Parameter SQL Injection
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
XAMPP < 1.4.14 Multiple Vulnerabilities
MediaWiki Multiple Remote Vulnerabilities
Invision Power Board index.php Members Action st Parameter SQL Injection
ModernBill <= 4.3.0 Multiple Vulnerabilities
phpBB up.php Arbitrary File Upload
PunBB profile.php id Parameter SQL Injection
CubeCart <= 2.0.6 Multiple SQL Injections
Active Auction Multiple Vulnerabilities (SQLi, XSS)
RunCMS Remote Arbitrary File Upload
ProductCart Multiple Input Validation Vulnerabilities
SiteEnable Multiple Input Validation Vulnerabilities
PHP 5.x < 5.2.2 Information Disclosure
PHP 4.x < 4.3.0 ZendEngine Integer Overflow
PHP Symlink Function Race Condition open_basedir Bypass
PHP mb_send_mail() Function Parameter Security Bypass
PHP ip2long Function String Validation Weakness
PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass
PHP 5.1.x < 5.1.5 Multiple Vulnerabilities
PHP 5.1.x < 5.1.2 Multiple Vulnerabilities
PHP 5.x < 5.1.0 Multiple Vulnerabilities
PHP < 4.4.4 Multiple Vulnerabilities
Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
MaxWebPortal <= 1.33 Multiple Vulnerabilities
PHP Multiple Image Processing Functions File Handling DoS
ASP PortalApp Multiple SQL Injection
Squirrelcart index.php Multiple Parameter SQL Injection
PhotoPost < 5.1 Multiple Input Validation Vulnerabilities
Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration
XMB Forum < 1.9.10 Multiple Vulnerabilities
CoolForum Multiple Vulnerabilities (SQLi, XSS)
Phorum search.php location Parameter HTTP Response Splitting
osCommerce file_manager.php filename Parameter Traversal Arbitrary File Access
Icecast XSL Parser Multiple Vulnerabilities (OF, ID)
Aventail ASAP Platform Management Console Detection
paNews 2.0.4b Multiple Input Validation Vulnerabilities
Fortinet Fortigate Web Console Management Detection
IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure
paFileDB <= 3.1 Multiple Vulnerabilities (2)
SimpGB guestbook.php quote Parameter SQL Injection
Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)
UBB.threads editpost.php Number Parameter SQL Injection
PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities
Zorum <= 3.5 Multiple Remote Vulnerabilities
NewsScript newsscript.pl mode Parameter Privilege Escalation
Hosting Controller HCDiskQuoteService.csv Direct Request Information Disclosure
CopperExport XP_Publish.PHP SQL Injection Vulnerability
phpBB <= 2.0.13 Multiple Vulnerabilities
phpMyFAQ Forum Message username Field SQL Injection
Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion
CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities
TYPO3 cmw_linklist Extension category_uid Parameter SQL Injection
CubeCart < 2.0.6 settings.inc.php Multiple Script XSS
phpList <= 2.6.3 Multiple Vulnerabilities
SquirrelMail S/MIME Plug-in Remote Command Execution
PHPNews auth.php path Parameter Remote File Inclusion
phpCOIN <= 1.2.1b Multiple Vulnerabilities
Trend Micro IMSS Console Management Detection
PostNuke <= 0.760 RC2 Multiple Vulnerabilities
FCKeditor for PHP-Nuke Arbitrary File Upload
CubeCart < 2.0.5 Multiple Vulnerabilities
phpBB <= 2.0.12 Multiple Vulnerabilities
PunBB < 1.2.2 Multiple Input Validation Vulnerabilities
phpWebSite Image Announcement Upload Arbitrary Command Execution
phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions
OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities
vBulletin misc.php template Parameter PHP Code Injection
TWiki ImageGalleryPlugin Shell Command Injection
PBLang BBS <= 4.65 Multiple Vulnerabilities
phpBB <= 2.0.11 Multiple Vulnerabilities
Invision Power Board Software Detection
paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection
Trend Micro IWSS Console Management Detection
Mambo Open Source Tar.php Remote File Inclusion
BizMail bizmail.cgi Arbitrary Mail Relay
TrackerCam Multiple Remote Vulnerabilities
pMachine mail_autocheck.php Arbitrary Code Execution
Blazix Trailing Character JSP Source Disclosure
WebCalendar login.php webcalendar_session Cookie SQL Injection
DCP-Portal Multiple Scripts SQL Injection
CitrusDB Static id_hash Admin Authentication Bypass
ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal)
AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution
Sympa src/queue.c queue Utility Local Overflow
ArGoSoft Mail Server Multiple Traversals
Mailman private.py true_path Function Traversal Arbitrary File Access
PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access
PerlDesk kb.cgi view Parameter SQL Injection
Chipmunk CMScore Multiple Script SQL Injection
Chipmunk Forum Multiple SQL Injections
Mambo Site Server Multiple Vulnerabilities
Mambo Global Variables Unauthorized Access
Xoops Incontent Module Traversal Arbitrary PHP File Source Disclosure
Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD)
phpPgAds dest Parameter HTTP Response Splitting
CoolForum Multiple SQL Injections
IceWarp Web Mail Multiple Flaws (3)
Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access)
Exponent CMS Multiple Script pathos_core_version Parameter Path Disclosure
TikiWiki File Upload temp Directory Arbitrary Script Execution
SquirrelMail < 1.4.4 Multiple Vulnerabilities
GForge Multiple Script Traversal Arbitrary Directory Listing
Siteman < 1.1.11 Multiple Vulnerabilities
PHPLinks Multiple Input Validation Vulnerabilities
phpMyWebHosting Authentication SQL Injection
vBulletin includes/init.php Unspecified Vulnerability
phpBB < 2.0.11 Multiple Vulnerabilities
JAWS index.php gadget Parameter Traversal Arbitrary File Access
ITA Forum Multiple Scripts SQL Injection
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
Novell GroupWise WebAccess Error Handler Authentication Bypass
SiteMinder smpwservicescgi.exe Arbitrary Site Redirect
Minis minis.php month Parameter Traversal Arbitrary File Access
ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion
Novell GroupWise WebAccess WebAccessUninstall.ini Information Disclosure
IBM Websphere Commerce Database Update Information Disclosure
MPM Guestbook Pro top.php Traversal Arbitrary File Access
Movable Type mt.cfg Information Disclosure
Movable Type mt-load.cgi Privilege Escalation
IlohaMail Configuration Scripts Remote Disclosure
Invision Community Blog Module eid Parameter SQL Injection
Macallan Mail Solution Web Interface Authentication Bypass
MyBB member.php uid Parameter SQL Injection
IlohaMail Multiple Configuration Files Remote Information Disclosure
VideoDB < 2.0.2 Multiple Vulnerabilities
Simple PHP Blog comments.php Traversal Arbitrary File Access
GNU Mailman Multiple Unspecified Remote Vulnerabilities
PHPWind Board faq.php skin Parameter Remote File Inclusion
Greymatter 1.3 Multiple Vulnerabilities
FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion
WHM AutoPilot < 2.5.20 Multiple Remote Vulnerabilities
SHOUTcast Server Filename Handling Format String
Owl < 0.74.0 Multiple Vulnerabilities
ViewCVS < 1.0.0 Multiple Vulnerabilities
e107 Image Manager Unauthorized File Upload
Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)
ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities
2BGal disp_album.php id_album Parameter SQL Injection
Namazu < 2.0.14 Multiple Vulnerabilities
e_Board index2.cgi message Parameter Traversal Arbitrary File Access
WordPress < 1.5.1 Multiple Vulnerabilities
WordPress < 1.2.2 Multiple Vulnerabilities
Singapore Gallery < 0.9.11 Multiple Vulnerabilities
Ikonboard ikonboard.cgi Multiple Parameter SQL Injection
phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities
SIR GNUBoard Remote File Inclusion
Ocean12 ASP Calendar Administrative Access
iWebNegar Multiple Scripts SQL Injection
ASP-Rider verify.asp username Parameter SQL Injection
SugarSales Multiple Module Traversal Arbitrary File Access
PhpDig < 1.8.5 Unspecified Vulnerability
phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities
PunBB Search Dropdown Private Forum Disclosure
IlohaMail < 0.8.14RC1 Unspecified Vulnerability
F-Secure Policy Manager Path Disclosure
PHP Live! directory/conf File Include Unspecified Issue
Blog Torrent < 0.81 btdownload.php Multiple Vulnerabilities
paFileDB sessions Directory Admin Hashed Password Disclosure
Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities
PAFileDB Multiple Script Error Message Path Disclosure
PHProjekt setup.php Authentication Bypass Arbitrary Code Execution
Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval
PHPNews sendtofriend.php SQL Injection
PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access
Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access
KorWeblog < 1.6.2 Multiple Vulnerabilities
Nucleus CMS < 3.15 Multiple Vulnerabilities
WebGUI user profile Unspecified Vulnerability
PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
phpBB viewtopic.php highlight Parameter SQL Injection
Invision Power Board sources/post.php qpid Parameter SQL Injection
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection
phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification
miniBB index.php user Parameter SQL Injection
phpBB Cash_Mod admin_cash.php Arbitrary Command Execution
PowerPortal index.php index_page Parameter SQL Injection
Webman I-Mall i-mall.cgi Arbitrary Command Execution
EGroupWare Multiple Vulnerabilities (SQLi, ID)
SquirrelMail decodeHeader Arbitrary HTML Injection
Goollery < 0.04b Multiple Vulnerabilities
phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion
Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS
PHP < 3.0 mylog.html/mlog.html Arbitrary File Access
Mantis < 0.19.1 Multiple Vulnerabilities
IceWarp Web Mail Multiple Flaws (2)
Moodle < 1.4.3 Multiple Vulnerabilities
Gallery Unspecified HTML Injection
Bugzilla Multiple Remote Command Execution
Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow
Bugzilla < 2.16.7 / 2.18.0rc3 Multiple Information Disclosures
UBB.threads dosearch.php SQL injection
WowBB <= 1.61 Multiple Vulnerabilities
DevoyBB Multiple Remote Vulnerabilities (SQLi, XSS)
Serendipity Multiple Script HTTP Response Splitting
Netbilling nbmember.cgi cmd Parameter Information Disclosure
IdealBB Multiple Vulnerabilities (XSS, SQLi, more)
Coppermine Photo Gallery Voting Restriction Bypass
Coppermine Photo Gallery Detection
Open WebMail userstat.pl Arbitrary Command Execution
CoolPHP 1.0 Multiple Vulnerabilities
phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution
BugPort Attached File Handling Unspecified Issue
IceWarp Web Mail Multiple Flaws (1)
ocPortal index.php req_path Parameter Remote File Inclusion
bBlog rss.php p Parameter SQL Injection
CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi)
DUware Products Multiple Remote Vulnerabilities (SQLi, XSS)
Zanfi CMS Lite index.php inc Parameter Remote File Inclusion
GoSmart Message Board Multiple Vulnerabilities (SQLi, XSS)
BlackBoard Internet Newsboard System checkdb.inc.php libpath Parameter Remote File Inclusion
WordPress wp-login.php HTTP Response Splitting
CubeCart index.php cat_id Parameter SQL Injection
w-Agora Multiple Script Traversal Arbitrary File Access
PHP-Fusion 4.01 Multiple Vulnerabilities
Silent-Storm Portal Multiple Input Validation Vulnerabilities
w-Agora 4.1.6a Multiple Input Validation Vulnerabilities
Icecast MP3 Client HTTP GET Request Remote Overflow
Icecast Encoded Traversal Arbitrary File Access
Vignette Application Portal Diagnostic Utility Information Disclosure
Serendipity < 0.7.0beta3 Multiple Vulnerabilities
PD9 MegaBBS Multiple Vulnerabilities
@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion
BroadBoard Multiple Script SQL Injection
aspWebAlbum album.asp SQL Injection
aspWebCalendar calendar.asp SQL Injection
YaBB 1 Gold < 1.3.2 Multiple Input Validation Vulnerabilities
Emulive Server4 Authentication Bypass
TUTOS < 1.1.20040412 Multiple Input Validation Issues
phpMyBackupPro < 1.0.0 Unspecified Input Validation Issues
BBS E-Market Professional index.php filename Parameter Traversal Arbitrary File Access
vBulletin authorize.php x_invoice_num Parameter SQL Injection
TUTOS < 1.2 Multiple Input Validation Vulnerabilities
YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities
PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access
WebLogic < 8.1 SP3 Multiple Vulnerabilities
Turbo Seek tseekdir.cgi location Parameter Arbitrary File Access
OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness
OpenCA Multiple Signature Validation Bypass
Simple Form Subject Tags Arbitrary Mail Relay
MailEnable Professional HTTPMail GET Request Remote Overflow
MailEnable HTTPMail Service Content-Length Header Overflow
MailEnable HTTPMail Service Authorization Header Handling Remote DoS
IlohaMail Unspecified Database Password Disclosure Weakness
IlohaMail Multiple External Programs Arbitrary Command Execution
IlohaMail Forged GET/POST Arbitrary Contacts Deletion
IlohaMail Attachment Arbitrary File Create/Overwrite
IlohaMail index.php session Parameter Arbitrary File Access
IlohaMail index.php init_lang Parameter Arbitrary File Access
TorrentTrader download.php id Parameter SQL Injection
WebMatic Unspecified Login Function Access Vulnerability
Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities
HastyMail HTML Attachment Script Execution
TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities
INL ulog-php port.php proto Parameter SQL Injection
TikiWiki Unauthorized Page Access
PHP-Fusion Database Backup Disclosure
AWStats rawlog.pm logfile Parameter Arbitrary Command Execution
Gallery save_photos.php Arbitrary Command Execution
MyDMS < 1.4.3 Multiple Vulnerabilities
ZixForum ZixForum.mdb DIrect Request Database Disclosure
Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
Trend Micro Scanmail for Domino nsf File Information Disclosure
Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure
Basilix Webmail Attachment Crafted POST Arbitrary File Access
BasiliX login.php3 username Variable Arbitrary Command Execution
Sympa wwsympa.fcgi Unauthorised List Creation
Sympa wwsympa Invalid LDAP Password Remote DoS
Sympa wwsympa do_search_list Overflow DoS
phpGroupWare Multiple Module SQL Injection
phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution
phpGroupWare Unspecified Remote File Inclusion
phpGroupWare Admin/Setup Password Cleartext Cookie Storage
phpGroupWare index.php Addressbook XSS
CVSTrac timeline.c timeline_page Function Overflow
CVSTrac Ticket Title Arbitrary Command Execution
CVSTrac Malformed URI Infinite Loop DoS
CVSTrac chdir() chroot Jail Escape
CVSTrac history.c history_update Function Overflow
CVSTrac Database Plaintext Password Storage
CVSTrac cgi.c Multiple Overflows
CVSTrac CVSROOT/passwd Arbitrary Account Deletion
YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution
phpMyFAQ index.php action Parameter Local File Inclusion
Microsoft Outlook Web Access (OWA) Version Detection
Goscript go.cgi Arbitrary Command Execution
ASPrunner 2.4 Multiple Vulnerabilities
PSCS VPOP3 messagelist.html msglistlen Parameter DoS
SquirrelMail < 1.4.3 Multiple Vulnerabilities
Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection
phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection
Simple Form Multiple Parameter Arbitrary Mail Relaying
RiSearch show.pl Arbitrary File Access
CVSTrac filediff Arbitrary Remote Code Execution
Basilix Webmail id Variable SQL Injection
Nucleus CMS action.php itemid Parameter SQL Injection
Polar HelpDesk Authentication Bypass
Tivoli Directory Server ldacgi.exe Template Parameter Traversal Arbitrary File Access
PostNuke Install Script Admin Password Disclosure
phpMyFAQ Image Upload Authentication Bypass
AntiBoard antiboard.php Multiple Parameter SQL Injection
Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)
MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities
RiSearch show.pl Open Proxy Relay
osTicket open.php Support Address Crafted Mail Loop Remote DoS
Horde Chora Software Detection
OpenDocMan Access Control Bypass
EasyWeb FileManager pathtext Traversal Arbitrary File/Directory Access
Moodle < 1.3.3 help.php file Parameter XSS
Mensajeitor Tag Board Admin Bypass
phpBB < 2.0.9 Multiple Vulnerabilities
PHP < 4.3.8 Multiple Vulnerabilities
osTicket Arbitrary Attachment Disclosure
osTicket setup.php Accessibility
osTicket Form Field Modification File Upload Size Restriction Bypass
osTicket Attachment Handling File Upload Arbitrary Code Execution
Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more)
Open WebMail vacation.pl Arbitrary Command Execution
Inktomi Search MS-DOS Device Name Request Path Disclosure
Dell OpenManage Server Administrator Detection
Horde Chora CVS Viewer diff Utility Arbitrary Command Execution
Gallery init.php Authentication Bypass
US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure
EDIMAX EW-7205APL Wireless AP Default Password Check
Invision Power Board ssi.php f Parameter SQL Injection
NETGEAR Wireless Access Point Hardcoded Default Password
jPortal print.inc.php id Parameter SQL Injection
RealServer /admin/Docs/default.cfg Information Disclosure
Java (.java / .class) Source Code Disclosure
Terminal Services Web Detection
HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more)
Nuked-Klan index.php user_langue Parameter Traversal Arbitrary File Access
Ultimate PHP Board add.php Direct Request Information Disclosure
Aborior Encore WebForum display.cgi file Parameter Command Execution
Apache Tomcat source.jsp Arbitrary Directory Listing
HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access
cPanel <= 9.1.0 Multiple Vulnerabilities
cfWebStore Multiple Vulnerabilities (SQLi, XSS)
Emumail WebMail Multiple Remote Vulnerabilities (XSS, Disc)
HotOpentickets Privilege Escalation
SpiderSales Shopping Cart SQL injection
Netscape Enterprise Server Default Files Present
TalentSoft Web+ webplus.exe Path Disclosure
X-News Password MD5 Hash Authentication Bypass
ShopCartCGI Multiple Script Traversal Arbitrary File Access
Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities
SandSurfer < 1.7.0 User Authentication Bypass
BEA WebLogic config.xml Operator/Admin Password Disclosure
ReviewPost PHP Pro Multiple Script SQL Injections
phpMyAdmin export.php what Parameter Traversal Arbitrary File Access
Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution
Photopost PHP Pro photo Parameter SQL Injection
PJ CGI Neo PJreview_Neo.cgi p Parameter Traversal Arbitrary File Access
phpGedView Arbitrary File Access / Remote File Inclusion
Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution
JBrowser _admin/ Direct Request Admin Authentication Bypass
Aprox PHP Portal index.php Arbitrary File View
Gallery HTTP Global Variables File Inclusion
PHPix index.phtml Multiple Parameter Arbitrary Command Execution
Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion
XTreme ASP Photo Gallery adminlogin.asp Multiple Parameter SQL Injection
PhpDig config.php relative_script_path Parameter Remote File Inclusion
vBulletin calendar.php eventid Parameter SQL Injection
HotNews Multiple Script Remote File Inclusion
EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access
BulletScript MailList bsml.pl Information Disclosure
PHPCatalog id Parameter SQL Injection
PHP-Ping php-ping.php count Parameter Arbitrary Command Execution
SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure
VP-ASP shopsearch SQL Injection
CuteNews Debug Info Disclosure
Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow
phpBB < 2.0.7 Multiple Script SQL Injection
My_eGallery < 3.1.1g Remote File Inclusion
Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID)
TheServer server.ini Direct Request Cleartext Credentials Disclosure
Les Visiteurs Multiple Remote File Inclusion
myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion
Gallery index.php GALLERY_BASEDIR Parameter Remote File Inclusion
PayPal Store Front index.php page Parameter Remote File Inclusion
Microsoft IIS ODBC Tool getdrvrs.exe DSN Creation
WordPress blog.header.php Multiple Parameter SQL Injection
myPHPNuke My_eGallery gallery/displayCategory.php basepath Parameter Remote File Inclusion
EZsite Forum Discloses Passwords to Remote Users
myPHPNuke phptonuke.php filnavn Parameter Traversal Arbitrary File Access
Stellar Docs Malformed Query Path Disclosure
phpWebSite < 0.9.x Multiple Vulnerabilities
paFileDB <= 3.1 Multiple Vulnerabilities (1)
e107 db.php User Database Disclosure
ashNews 0.83 Multiple Vulnerabilities
Forum51/Board51/News51 Users Disclosure
AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc)
WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access
VP-ASP shopexd.asp catalogid Parameter SQL Injection
ProductCart Multiple Vulnerabilities
iXmail index.php password Parameter SQL Injection
iXmail Multiple Script Arbitrary File Manipulation
Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities
Carello E-Commerce Carello.dll Command Execution
Sambar Server Multiple CGI Environment Variable Disclosure
Alt-N WebAdmin Multiple Vulnerabilities
phpBB viewtopic.php topic_id Parameter SQL Injection
pMachine <= 2.2.1 Multiple Vulnerabilities
Kerio WebMail < 5.7.7 Multiple Vulnerabilities
phpMyAdmin < 2.5.2 Multiple Vulnerabilities
eLDAPo index.php Cleartext Password Disclosure
SquirrelMail Multiple Remote Vulnerabilities
Dune Web Server GET Request Remote Overflow
Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution
Multiple Dangerous CGI Script Detection
Trend Micro Emanager Detection
AspUpload Test11.asp Arbitrary File Upload
Hosting Controller Multiple Script Arbitrary Directory Browsing
PostNuke Glossary Module page Parameter SQL Injection
Infinity CGI Exploit Scanner Multiple Vulnerabilities
pMachine lib.inc.php pm_path Parameter Remote File Inclusion
NETGEAR Router Default Password (password) for 'admin' Account
mnoGoSearch search.cgi Multiple Parameter Remote Overflows
Netwin WebNews Webnews.exe Remote Overflow
Lucent VitalNet VsSetCookie.exe Unauthorized Access
Netdynamics ndcgi.exe Previous User Session Replay
ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval
Mobius DocumentDirect ddicgi.exe Long GET Request Overflow
NetWin CWmail.exe Item Parameter Remote Overflow
CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval
Behold! Software counter.exe Malformed HTTP Request Counter Log DoS
BEA WebLogic FileServlet Source Code Disclosure
PDGSoft Shopping Cart Multiple Vulnerabilities
Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval
Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval
SHOUTcast Server admin.cgi Long Argument Overflow
zenTrack index.php configFile Parameter Traversal Arbitrary Files Access
Spyke Multiple Remote Vulnerabilities
WordPress < 0.72 RC1 Multiple Vulnerabilities
zenTrack index.php Multiple Parameter Remote File Inclusion
Xpressions Interactive Multiple Products login.asp SQL Injection
IRCXPro Default Admin Password
P-Synch Password Management Multiple Vulnerabilities
WebStores 2000 browse_item_details.asp SQL Injection
JBoss %00 Request JSP Source Disclosure
WF-Chat User Account Disclosure
rot13sj.cgi Arbitrary File Access
Philboard /database/philboard.mdb Direct Request Database Disclosure
Super-M Son hServer URI Traversal Arbitrary File Access
Philboard philboard_admin.ASP Authentication Bypass
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution
Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc)
P-News p-news.php Name Field Privilege Escalation
Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion
CafeLog B2 Multiple Script Remote File Inclusion
PostNuke Sections Module Information Disclosure
iisPROTECT Encoded URL Authentication Bypass
iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection
iisPROTECT Unpassworded Administrative Interface
ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal)
Sun ONE Application Server Upper Case Request JSP Source Disclosure
Synchrologic Email Accelerator aggregate.asp User Account Disclosure
D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS
Mantis < 0.17.5 Multiple Vulnerabilities
BLNews objects.inc.php4 Server[path] Parameter Remote File Inclusion
Horde Turba status.php Path Disclosure
OneOrZero Helpdesk tupdate.php sg Parameter SQL Injection
webERP Configuration File Remote Access
Microsoft BizTalk Server Multiple Remote Vulnerabilities
ttCMS 2.2 Multiple Vulnerabilities
php-proxima autohtml.php Arbitrary File Retrieval
Poster version.two index.php Account Manipulation Privilege Escalation
WebLogic Multiple Method Cleartext Password Disclosure
Owl browse.php Authentication Bypass
miniPortail admin.php Cookie Manipulation Security Bypass
Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection
Horde test.php Direct Reqest Information Disclosure
ttforum Multiple Vulnerabilities
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution
BEA WebLogic SSIServlet Invocation Source Code Disclosure
HappyMall Multiple Script Arbitrary Command Execution
MailMaxWeb Cookie Application Path Disclosure
NetCharts Server Default Password
Ocean12 ASP Guestbook Manager Database Download
Snitz Forums 2000 3.4.03 Multiple Vulnerabilities
SLMail WebMail Multiple Remote Overflows
MPC SoftWeb Guestbook Multiple Vulnerabilities
PT News Unauthorized Administrative Access
YaBB SE < 1.5.2 Multiple Vulnerabilities
XMB member.php Multiple Parameter SQL Injection
Truegalerie admin.php loggedin Parameter Admin Authentication Bypass
Mike Bobbitt's album.pl Alternative Configuration File Remote Command Execution
StockMan Shopping Cart shop.plx page Parameter Arbitrary Command Execution
StockMan Shopping Cart shop.plx Path Disclosure
CommuniGate Pro Referer Field Session Token Disclosure
Coppermine Photo Gallery displayimage.php SQL Injection
Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure
IdeaBox include.php ideaDir Parameter Remote File Inclusion
AN HTTPd count.pl Traversal Arbitrary File Overwrite
Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)
OpenBB index.php CID Parameter SQL Injection
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access
bttlxeForum login.asp Multiple Field SQL Injection
Web Wiz Forums wwforum.mdb Direct Request Database Disclosure
eZ Publish settings/site.ini Configuration Disclosure
Super Guestbook superguestconfig Admin Password Disclosure
Web Wiz Site News / Compulsive Media CNU5 news.mdb Direct Request Database Disclosure
Instaboard index.cfm Multiple Parameter SQL Injection
phPay admin/phpinfo.php Information Disclosure
Vignette StoryServer TCL Server Crash Information Disclosure
Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution
HP Instant TopTools hpnst.exe CGI DoS
AutomatedShops WebC.cgi Multiple Overflows
AutomatedShops webc.cgi Installation Detection
GTcatalog password.inc Direct Request Password Disclosure
Ecartis HTML Field Manipulation Arbitrary User Password Reset
ScozBook scozbook/add.php Multiple Parameter XSS
Justice Guestbook 1.3 Multiple Vulnerabilities
Beanwebb's Guestbook 1.0 Multiple Vulnerabilities
Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access
E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion
My Guest Book (myGuestBk) Multiple Vulnerabilities
Horde IMP mailbox.php3 Multiple Parameter SQL Injection
Advanced Poll info.php Remote Information Disclosure
WebLogic Servlets Multiple Vulnerabilities
PostNuke Members_List Module Information Disclosure
paFileDB pafiledb.php Multiple Parameter SQL Injection
DCP-Portal Multiple Script Path Disclosure
DCP-Portal lib.php root Parameter Remote File Inclusion
Nukestyles.com viewpage.php Addon for PHP-Nuke File Parameter Traversal Arbitrary File Access
VChat Multiple Remote Vulnerabilities
SimpleChat Information Disclosure
J Walk Application Server Encoded Directory Traversal Arbitrary File Access
O'Reilly WebSite Pro args.bat Arbitrary Command Execution
Leif Wright ad.cgi file Parameter Arbitrary Command Execution
Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe)
Adcycle build.cgi Remote Password Disclosure
Kebi Academy Home Page Administration file Parameter Traversal Arbitrary File Access
Matt Wright textcounter.pl Arbitrary Command Execution
Nuked-Klan index.php Multiple Module Vulnerabilities
PHP Mail Function Header Spoofing
Mozilla Bonsai Mutiple Flaws (Auth Bypass, XSS, Cmd Exec, PD)
XOOPS 1.0 RC1 Multiple Vulnerabilities
Apache Tomcat Directory Listing and File Disclosure
Guestbook tr3.a Password Disclosure
Web Server Office File Inventory
OpenWebMail < 1.90 Multiple Vulnerabilities
Sun ONE (iPlanet) Application Server Detection
Thunderstone Software Texis Nonexistent File Request Path Disclosure
Thunderstone Software Texis Crafted Request Information Disclosure
VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution
ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure
smb2www Unspecified Arbitrary Remote Command Execution
Microsoft IIS fpcount.exe CGI Remote Overflow
Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access
Mambo Site Server MD5 Hash Session ID Privilege Escalation
Wordit Logbook logbook.pl file Parameter Arbitrary File Access
Upload Lite upload.cgi Arbitrary File Upload
popper_mod PHP Administration Script Authentication Bypass
WebWho+ whois.pl time Parameter Arbitrary Command Execution
Kietu index.php Remote File Inclusion
PHP-Ping index.php pingto Parameter Arbitrary Code Execution
GTcatalog index.php custom Parameter Remote File Inclusion
WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion
myphpPageTool /doc/admin/index.php ptinclude Parameter Remote File Inclusion
Axis 2400 Network Camera Multiple Vulnerabilities
TYPO3 < 3.5.0 Multiple Vulnerabilities
Nuked-Klan 1.2b Multiple Vulnerabilities
cPanel guestbook.cgi template Parameter Arbitrary Command Execution
Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
Webmin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution
GOsa Multiple Script plugin Parameter Remote File Inclusion
WihPhoto sendphoto.php Traversal Arbitrary File Access
Invision Power Board ipchat.php root_path Parameter Remote File Inclusion
Ipswitch IMail Web Interface URI Referer Session Token Disclosure
N/X Web Content Management Multiple Script Remote File Inclusion
Stronghold swish Search Script Information Disclosure
Web Server info.php / phpinfo.php Detection
Pages Pro filenote Parameter Traversal Arbitrary File Modification
Netscape Enterprise Default Administrative Password
Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution
DB4Web Server db4web_c Filename Request Traversal Arbitrary File Access
DB4Web Server Debug Mode TCP Port Scanning Proxy
Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
Savant Web Server cgitest.exe Overflow
vpopmail-CGIApps vpasswd.cgi Remote Command Execution
MondoSearch MsmMask.exe Arbitrary Script Source Disclosure
Webserver 4D Cleartext Password Storage
Sambar Server Multiple CGI Remote Overflow
phpPgAdmin sql.php goto Parameter Traversal Arbitrary File Access
phpMyAdmin sql.php Traversal Arbitrary File Access
Gallery includedir Parameter Remote File Inclusion
Achievo class.atkdateattribute.js.php config_atkroot Parameter Remote File Inclusion
Viralator CGI Script Arbitrary Command Execution
PHP-Nuke Network Tools Add-On Arbitrary Command Execution
Directory Manager edit_image.php Arbitrary Command Execution
AWOL helperfunction.php includedir Parameter Remote File Inclusion
phpAdsNew helperfunction.php Remote File Inclusion
Mountain Network Systems webcart.cgi Arbitrary Command Execution
iBill ibillpm.pl Password Generation Weakness
Boozt index.cgi Banner Creation Name Field Overflow
Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure
Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access
Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access
Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
PHP < 4.2.x mail Function CRLF Injection
Apache Tomcat TroubleShooter Servlet Information Disclosure
Icecast list_directory Function Traversal File/Directory Enumeration
Multiple Server Crafted Request WEB-INF Directory Information Disclosure
AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation
IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection
Microsoft Site Server Multiple Script Information Disclosure
Marcus Xenakis directory.php Execute Arbitrary Commands
ActivePerl findtar Sample Script Remote Command Execution
Ipswitch WhatsUp Gold Default Admin Account
MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access
JRun Web Server (JWS) GET Request Traversal Arbitrary File Access
JRun Multiple Sample Files Remote Information Disclosure
Sun JavaServer Default Admin Password
Microsoft ASP.NET Application Tracing trace.axd Information Disclosure
Microsoft IIS global.asa Remote Information Disclosure
ping.asp CGI Arbitrary Command Execution
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access
ServletExec 4.1 / JRun ISAPI Multiple DoS
BEA WebLogic Null Byte Request JSP Source Disclosure
Microsoft IIS Multiple Vulnerabilities (MS02-018)
csSearch csSearch.cgi setup Parameter Arbitrary Command Execution
CVS (Web Based) Entries File Information Disclosure
PHP-Nuke sql_debug Information Disclosure
SilverStream Database Structure Disclosure
Microsoft ASP.NET Malformed File Request Path Disclosure
Apache Win32 ScriptAlias php.exe Arbitrary File Access
FAQManager faqmanager.cgi toc Parameter Arbitrary File Access
PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access
Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access
Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
Allaire JRun Encoded JSP Request Arbitrary Directory Listing
ActivePerl perlIS.dll Remote Buffer Overflow
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access
Apache Tomcat Nonexistent File Error Message Path Disclosure
Informix SQL Web DataBlade Module Traversal Arbitrary File Access
Redhat Stronghold status / info Request Information Disclosure
Horde Imp Webmail status.php3 message Parameter XSS
IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure
ColdFusion Debug Mode Information Disclosure
ht://Dig htsearch Multiple Vulnerabilities
PCCS-Mysql User/Password Exposure
Microsoft Outlook Web Access (OWA) Anonymous Access
SiteScope Web Service Unpassworded Access
Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution
Nimda Worm Infected HTML File Detection
PhpMyExplorer index.php chemin Parameter Encoded Traversal Arbitrary File Access
Tripwire for Webpages Installation Disclosure
SIX-webboard generate.cgi content Parameter Traveral Arbitrary File Access
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution
SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution
SHOUTcast Server User-Agent / Host Header DoS
OmniHTTPd Encoded Space Request Script Source Disclosure
BEA WebLogic Hex Encoded Request JSP Source Disclosure
Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities
Sambar Server pagecount CGI Traversal Arbitrary File Overwrite
Tarantella Enterprise ttawebtop.cgi pg Parameter Traversal Arbitrary File Access
BroadVision One-To-One Enterprise Nonexistent JSP Request Path Disclosure
Directory Pro Traversal Arbitrary File Access
PHP3 Error Message Physical Path Disclosure
A1Stats Multiple Script Traversal Arbitrary File Access
Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation
PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read
PHP-Nuke opendir.php Traversal Arbitrary File Read
Trend Micro InterScan VirusWall catinfo CGI Overflow
processit CGI Environment Variable Remote Information Disclosure
uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access
Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access
MAILNEWS mailnews.cgi Arbitrary Command Execution
Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
ROADS search.pl form Parameter Traversal Arbitrary File Access
WebSPIRS webspirs.cgi Traversal Arbitrary File Access
W3.org Anaya Web sendtemp.pl templ Parameter Traveral Arbitrary File Access
Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access
PALS Library System WebPALS pals-cgi Multiple Vulnerabilities
Way-board way-board.cgi db Parameter Arbitrary File Access
Muscat Empower CGI Malformed DB Parameter Path Disclosure
HSWeb HTTP Server /cgi Directory Request Path Disclosure
Allaire JRun Crafted Request WEB-INF Forced Directory Listing
iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read
Basilix Webmail .class / .inc Direct Request Remote Information Disclosure
wwwwais QUERY_STRING Parameter Remote Overflow
Phorum common.php ForumLang Parameter Traversal Arbitrary File Access
Informix webdriver CGI Unauthenticated Database Access
Metertek pagelog.cgi Traversal Arbitrary File Access
Samba Web Administration Tool (SWAT) Error Message Username Enumeration
News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access
Technote main.cgi filename Parameter Traversal Arbitrary File Access
DCForum dcboard.cgi Multiple Vulnerabilities
Cold Fusion Administration Page Overflow DoS
PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access
Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload
MailMan Webmail mmstdod.cgi Arbitrary Command Execution
Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
Master Index search.cgi Traversal Arbitrary File/Directory Access
CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access
Verity UltraSeek 3.1.x Malformed URL Remote DoS
KW Whois CGI whois Parameter Arbitrary Command Execution
Anaconda Foundation Directory apexec.pl template Parameter Traversal Arbitrary File Retrieval
PHP Error Log Format String Command Injection
Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access
eXtropia Web Store web_store.cgi Traversal Arbitrary File Access
thttpd ssi Servlet Encoded Traversal Arbitrary File Access
Extent RBS Web Server Image Parameter Traversal Arbitrary File Access
/doc/packages Directory Browsable
MultiHTML multihtml.pl Traversal Arbitrary File Access
Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing
YaBB YaBB.pl num Parameter Traversal Arbitrary File Access
Sun Java Web Server bboard Servlet Command Execution
Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution
htgrep hdr Parameter Arbitrary File access
Netwin Netauth netauth.cgi Traversal Arbitrary File Access
Simple Web Counter swc ctr Parameter Remote Overflow
Microsoft IIS Translate f: ASP/ASA Source Disclosure
Apache Tomcat Snoop Servlet Remote Information Disclosure
WebsitePro Remote Request Overflow
WebSite Pro webfind.exe keywords Parameter Remote Overflow
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution
WebActive HTTP Server active.log Remote Information Disclosure
Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access
CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution
Big Brother bb-hostsvc.sh HOSTSVC Parameter Traversal Arbitrary File Access
Poll It CGI data_dir Parameter Arbitrary File Access
Sawmill Weak Password Encryption Scheme Information Disclosure
sawmill allows the reading of the first line of any file
JRun viewsource.jsp Directory Traversal Arbitrary File Access
Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay
Sambar Server /sysadmin Default Accounts
Sambar Server /session/sendmail Arbitrary Mail Relay
spin_client.cgi Remote Overflow
BizDB bizdb-search.cgi Arbitrary Command Execution
Piranha's RH6.2 default password
Microsoft FrontPage htimage.exe CGI Remote Overflow
Microsoft IIS Dangerous Sample Files Detection
TalentSoft Web+ webplus CGI Traversal Arbitrary File Access
Windmail.exe Shell Metacharacter Arbitrary Command Execution
Netscape PSCOErrPage.htm errPagePath Parameter Traversal Arbitrary File Access
SalesLogix eViewer slxweb.dll Request Remote DoS
Microsoft IIS newdsn.exe Arbitrary File Creation
Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access
ICQ Web Front Service guestbook.cgi DoS
MERCUR WebView WebMail Server mail_user Parameter DoS
rpm_query CGI System Information Disclosure
WWWBoard passwd.txt Authentication Credential Disclosure
IRIX wrap CGI Traversal Arbitrary Directory Listing
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution
WebSpeed Messenger Administration Utility Unauthenticated Access
WebSite Pro Malformed URL Path Disclosure
WebGais websendmail CGI Arbitrary Command Execution
WebGais webgais CGI Arbitrary Command Execution
IRIX webdist.cgi Arbitrary Command Execution
Webcart Default Install Configuration Disclosure
Mini SQL CGI content-length Field Remote Overflow
OmniHTTPd visadmin.exe Malformed URL DoS
Multiple Vendor view_source CGI Traversal Arbitrary File Access
O'Reilly WebSite uploader.exe Arbitrary File Upload
Multiple Vendor test-cgi Arbitrary File Access
AnyForm CGI Arbitrary Command Execution
Samba Web Administration Tool (SWAT) Detection
Cobalt siteUserMod.cgi Arbitrary Password Modification
Web Server /cgi-bin Shell Access
Sambar Server Multiple Script Arbitrary Code Execution
Roxen Web Server Counter Module Crafted Request Saturation DoS
Multiple Web Server printenv CGI Information Disclosure
Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities
PlusMail plusmail CGI Arbitrary Command Execution
PHP/FI php.cgi Traversal Arbitrary File Access
Multiple Vendor phf CGI Arbitrary Command Execution
IRIX pfdispaly Arbitrary File Access
Web Server /cgi-bin Perl Interpreter Access
NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
Tektronix PhaserLink Printer Web Server Direct Request Administrator Access
Mini SQL w3-msql Arbitrary Directory Access
Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access
Multiple Vendor jj CGI Arbitrary Command Execution
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution
Multiple Vendor info2www CGI Arbitrary Command Execution
OmniHTTPd imagemap.exe CGI Remote Overflow
Microsoft IIS idq.dll Traversal Arbitrary File Access
icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access
Miva htmlscript Traversal Arbitrary File Access
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities
Home Free search.cgi Traversal Arbitrary File Access
IRIX handler CGI Arbitrary Command Execution
Matt Wright guestbook.pl Arbitrary Command Execution
Glimpse HTTP aglimpse Arbitrary Command Execution
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
Matt Wright FormHandler.cgi Arbitrary File Access
Multiple Web Server finger CGI Information Disclosure
HylaFAX faxsurvey Arbitrary Command Execution
EZShopper Multiple Directory Traversal Vulnerabilities
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
Sambar Server dumpenv.pl Information Disclosure
wwwcount Count.cgi Remote Overflow
Cobalt RaQ2 cgiwrap Multiple Vulnerabilities
Sambar Server cgitest.exe Remote Overflow
NCSA Campas cgi-bin Arbitrary Command Execution
Squid cachemgr.cgi Proxied Port Scanning
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
Big Brother bb-hist.sh History Module Directory Traversal
Axis Storpoint CD Admin Authentication Bypass
Xylogics Annex Terminal Service ping CGI Program DoS
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
Alibaba tst.bat Arbitrary Command Execution
Alibaba get32.exe Arbitrary Command Execution
O'Reilly WebSite win-c-sample Remote Overflow
Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
Microsoft IIS search.asp Direct Request DoS
Microsoft IIS query.asp Direct Request Remote DoS
Microsoft IIS advsearch.asp Direct Request Remote DoS
ColdFusion Multiple Vulnerabilities (File Upload/Manipulation)