Plugins: CGI abuses

Drupal 6.x / 7.x < 6.34 / 7.34 Multiple Vulnerabilities

PHP 5.6.x < 5.6.3 'donote' DoS

PHP 5.5.x < 5.5.19 'donote' DoS

PHP 5.4.x < 5.4.35 'donote' DoS

IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities

SolarWinds Log and Event Manager Unsupported Version Detection

SolarWinds Log and Event Manager Default Credentials

SolarWinds Log and Event Manager < 6.0.1 HyperSQL Remote Code Execution

SolarWinds Log and Event Manager Detection

Joomla! Unsupported Version Detection

Citrix NetScaler Unspecified Remote Code Execution (CTX200206)

Jenkins < 1.583 / 1.565.3 and Jenkins Enterprise 1.532.x / 1.554.x / 1.565.x < 1.532.10.1 / 1.554.10.1 / 1.565.3.1 Multiple Vulnerabilities

Cisco Prime Security Manager Command Injection (Shellshock) (cisco-sa-20140926-bash)

Oracle Business Transaction Management 'FlashTunnelService' 'WriteToFile' Message RCE

Oracle Business Transaction Management Detection

Oracle OpenSSO Agent Multiple Vulnerabilities (October 2014 CPU)

Cisco UCS Director Default Credentials (Web UI)

Cisco UCS Director Web UI Detection

Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)

Oracle Enterprise Data Quality Director Detection

Oracle Enterprise Data Quality Dashboard Detection

IBM WebSphere Portal CKEditor XSS (PI24992, PI26456)

IBM WebSphere Portal Information Disclosure Vulnerability (PI27710)

IBM WebSphere Portal Entity Expansion DoS (PI24622)

IBM WebSphere Portal Unspecified Vulnerability (PI25993)

IBM WebSphere Portal 8.5.0 < 8.5.0 CF03 Multiple Vulnerabilities

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF14 Multiple Vulnerabilities

IBM WebSphere Portal 6.1.5.x < 6.1.5.3 CF27 Multiple Vulnerabilities

IBM WebSphere Portal 6.1.0.x < 6.1.0.6 CF27 Multiple Vulnerabilities

Oracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU)

Oracle Endeca Information Discovery Studio Detection

PHP 5.6.0 Development Releases CDF File NULL Pointer Dereference DoS

PHP 5.6.x < 5.6.2 Multiple Vulnerabilities

PHP 5.5.x < 5.5.18 Multiple Vulnerabilities

PHP 5.4.x < 5.4.34 Multiple Vulnerabilities

Drupal Database Abstraction API SQLi

Drupal 7.x < 7.32 SQLi

TIBCO Spotfire Server Unsupported Version Detection

TIBCO Spotfire Server Authentication Module Unspecified Privilege Escalation

TIBCO Spotfire Server Authentication Module Unspecified Remote Code Execution

TIBCO Spotfire Analytics Server Authentication Module Unspecified Information Disclosure

TIBCO Spotfire Analytics Server Web Application Multiple Vulnerabilities

TIBCO Spotfire Server Detection

Cisco Integrated Management Controller WebUI Detection

Joomla! 2.5.x < 2.5.26 / 3.x < 3.2.6 / 3.3.x < 3.3.5 Multiple Vulnerabilities

Oracle MapViewer Multiple Vulnerabilities (July 2012 CPU)

Oracle MapViewer Detection

PHP 5.6.x < 5.6.1 'add_post_var' Code Execution

Oracle Application Express (APEX) / REST Data Services Listener Detection

Barracuda Web Filter Detection

Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities

IBM Jazz Team Server Session Cookie Information Disclosure

IBM Jazz Team Server Detection

Joomla! 2.5.x < 2.5.25 / 3.x < 3.2.5 / 3.3.x < 3.3.4 Multiple Vulnerabilities

Silver Peak VX < 6.2.4 XSS

Silver Peak VX Default Credentials

Silver Peak VX Detection

Silver Peak NX Detection

GNU Bash Environment Variable Handling Code Injection (Shellshock)

Bugzilla < 4.0.14 / 4.2.10 / 4.4.5 / 4.5.5 CSRF Vulnerability

FreeNAS WebGUI Blank Password

IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.4 Multiple Vulnerabilities

IBM Rational License Key Server Administration and Reporting Tool Default Credentials

IBM Rational License Key Server Administration and Reporting Tool Detection

Usermin Null Byte Filtering Information Disclosure

Usermin 'miniserv.pl' Arbitrary File Disclosure

Usermin Detection

phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)

Riverbed SteelApp (Stingray) Traffic Manager Web UI Detection

Oracle Policy Automation (Oracle Web Determinations) Unspecified Remote Security Vulnerability (July 2013 CPU)

Oracle Web Determinations Detection

IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)

IBM WebSphere Portal Open Redirect Vulnerability (PI19877)

IBM WebSphere Portal Error Codes Information Disclosure (PI21858)

IBM WebSphere Portal Apache Struts ClassLoader Manipulation RCE

IBM WebSphere Portal 8.5.0 < 8.5.0 CF01 Open Redirect

IBM WebSphere Portal 8.x < 8.0.0.1 CF13 Multiple Vulnerabilities

ManageEngine DeviceExpert Unauthorized Information Disclosure

ManageEngine EventLog Analyzer Default Credentials

ManageEngine EventLog Analyzer

Novell GroupWise 'FileUploadServlet' Arbitrary File Access Vulnerability

Novell GroupWise Administration Console Detection

PHP 5.5.x < 5.5.16 Multiple Vulnerabilities

PHP 5.4.x < 5.4.32 Multiple Vulnerabilities

WP Source Control Plugin for WordPress Directory Traversal

Gurock TestRail Detection

PHP 5.3.x < 5.3.29 Multiple Vulnerabilities

Puppet Enterprise 3.3.0 Bundled Oracle Java Vulnerabilities

Puppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities

Barco ClickShare Device Default Credentials

Barco ClickShare Device Detect

Splunk Enterprise 6.1.x < 6.1.3 Multiple Vulnerabilities

Oracle Business Intelligence Publisher April 2012 Critical Patch Update

Drupal 6.x < 6.33 / 7.x < 7.31 XML-RPC DoS

MediaWiki < 1.19.18 / 1.22.9 / 1.23.2 Multiple Vulnerabilities

Atlassian FishEye 3.x < 3.0.4 / 3.1.7 / 3.2.5 / 3.3.4 / 3.4.4 Administrator Password Reset

Atlassian Crucible 3.x < 3.0.4 / 3.1.7 / 3.2.5 / 3.3.4 / 3.4.4 Administrator Password Reset

WordPress < 3.7.4 / 3.8.4 / 3.9.2 Multiple Vulnerabilities

Atlassian Bamboo < 5.4.3 / 5.5.1 / 5.6.0 XWork Library ClassLoader Manipulation Remote Code Execution

Atlassian Bamboo Detection

Halon Security Router < 3.2r2 Multiple Vulnerabilities

Halon Security Router User Interface Default Credentials

Atlassian Confluence < 5.5.2 XWork Library ClassLoader Manipulation Remote Code Execution

F5 Networks BIG-IP Web Interface Default Credential Check

RT 4.2.x < 4.2.5 DoS

Oracle Traffic Director Administration Console Detection

Citrix NetScaler Multiple Vulnerabilities (CTX140863)

phpMyAdmin 4.0.x < 4.0.10.1 / 4.1.x < 4.1.14.2 / 4.2.x < 4.2.6 Multiple Vulnerabilities (PMASA-2014-4 - PMASA-2014-7)

TimThumb 'timthumb.php' WebShot 'src' Parameter Remote Command Execution

TimThumb 'timthumb.php' < 2.8.14 WebShot 'src' Parameter Remote Command Execution

TimThumb Detection

Bitdefender GravityZone < 5.1.11.432 Information Disclosure

Bitdefender GravityZone User Interface Detection

PHP 5.4.x < 5.4.31 CLI Server 'header' DoS

WebTitan Web Interface Default Credentials

HP OneView < 1.10 OpenSSL Multiple Vulnerabilities (HPSBGN03068)

Autodesk VRED Python API Remote Code Execution

PHP 5.5.x < 5.5.15 Multiple Vulnerabilities

HP Smart Update Manager 6.x < 6.4.1 Multiple OpenSSL Vulnerabilities (HPSBMU03055)

HP Smart Update Manager Detection

Drupal 6.x < 6.32 / 7.x < 7.29 Multiple Vulnerabilities

WebTitan 'categories-x.php' 'sortkey' Parameter SQL Injection

WebTitan Detect

Foreman Smart-Proxy TFTP Remote Command Injection

Foreman Smart-Proxy TFTP Detection

ElasticSearch 'source' Parameter Remote Code Execution

MailPoet Newsletters for WordPress Arbitrary File Upload

Apache mod_wsgi < 3.4 Remote Information Disclosure

Openfire < 3.9.2 XMPP-Layer DoS

NETGEAR GS105PE Pro Safe Switch Hard-coded Credentials

HP SiteScope Unspecified Authentication Bypass

MediaWiki < 1.19.17 / 1.21.11 / 1.22.8 / 1.23.1 External SVG Resource

Symantec Data Insight < 4.5 Multiple Vulnerabilities (SYM14-012)

IBM Storwize Web Management Interface Detection

Puppet < 2.7.26 / 3.6.2 and Enterprise 2.8.x < 2.8.7 Multiple Vulnerabilities

F5 Networks ARX Data Manager Unsupported Version Detection

F5 Networks ARX Data Manager Web Interface Detection

OpenX Source Unsupported Software Detection

Ericom AccessNow Server < 3.3.1.4095 Stack-Based Buffer Overflow

Ericom AccessNow Server Detection

HP AutoPass License Server Remote Code Execution (HPSBMU03045)

HP AutoPass License Server Detection

PHP 5.5.x < 5.5.14 Multiple Vulnerabilities

PHP 5.4.x < 5.4.30 Multiple Vulnerabilities

OSSIM < 4.3.2 Multiple SQL Injection Vulnerabilities

Cloudera Manager < 4.8.3 / 5.0.1 Information Disclosure

Cloudera Manager Unsupported Version Detection

Cloudera Manager Default Credentials

Cloudera Manager Detection

Revive Adserver 'www/delivery/axmlrpc.php' 'what' Parameter SQL Injection

Revive Adserver < 3.0.5 Multiple CSRF Vulnerabilities

Revive Adserver Detection

OSSIM < 4.3.3.1 tele_stats.php SQL Injection

AlienVault OSSIM 'av-centerd' set_file() Remote Code Execution

AlienVault OSSIM 'av-centerd' get_file() Information Disclosure

AlienVault OSSIM 'av-centerd' Remote Code Execution

OSSIM SOAP Service Detection

Contact Form 7 Plugin for WordPress CAPTCHA Validation Bypass

Symantec Web Gateway < 5.2.1 Multiple Vulnerabilities (SYM14-010)

OSSIM tele_compress.php Directory Traversal

Participants Database Plugin for WordPress 'query' Parameter SQL Injection

Participants Database Plugin for WordPress < 1.5.4.9 'query' Parameter SQL Injection

HP OneView Unspecified Remote Privilege Escalation (HPSBGN03034)

HP OneView Detection

Blackboard Learn Detection

Caldera 'cdir' Parameter Absolute Path Directory Traversal

Caldera '/costview3/xmlrpc_server/xmlrpc.php' XMLRPC Request Remote Command Execution

Caldera Detection

IBM WebSphere Portal Apache Commons FileUpload DoS

PHP 5.5.x < 5.5.13 'src/cdf.c' Multiple Vulnerabilities

PHP 5.4.x < 5.4.29 'src/cdf.c' Multiple Vulnerabilities

Western Digital Arkeia 10.1.x < 10.1.19 / 10.2.x < 10.2.9 Multiple Vulnerabilities

Western Digital Arkeia lang Cookie Crafted Local File Inclusion

Western Digital Arkeia lang Cookie Local File Inclusion

Western Digital Arkeia Virtual Appliance Unsupported Version Detection

Western Digital Arkeia Virtual Appliance Blank Password

Western Digital Arkeia Virtual Appliance Detection

Open Web Analytics < 1.5.6 Multiple Vulnerabilities

Open Web Analytics owa_email_address SQL Injection

Open Web Analytics Detection

IBM WebSphere Portal Unspecified DoS (PI16462)

IBM WebSphere Portal Open Redirect Vulnerability (PI15689)

IBM WebSphere Portal Web Content Viewer Portlet Privilege Escalation (PI15723)

IBM WebSphere Portal Unspecified DoS (PI15692)

IBM WebSphere Portal 8.x < 8.0.0.1 CF12 Multiple Vulnerabilities

IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF28 Multiple Vulnerabilities

Oracle Containers for J2EE Multiple Unspecified HTTP Vulnerabilities (April 2014 CPU)

Oracle Containers for J2EE Detection

EZPZ One Click Backup Plugin for WordPress 'cmd' Parameter Remote Command Execution

Bugzilla 2.0 < 4.4.3 / 4.5.3 Login Form XSRF

Bugzilla 2.0 < 4.0.12 / 4.2.8 / 4.4.3 / 4.5.3 Character Spoofing

FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities

Oracle WebLogic Server Multiple Vulnerabilities (April 2013 CPU)

Blue Coat ProxyAV 3.5.1.1 - 3.5.1.6 Heartbeat Information Disclosure (Heartbleed)

SolarWinds Orion NPM < 10.7 Multiple Vulnerabilities

F5 Networks BIG-IQ Configuration Utility Privilege Escalation

F5 Networks BIG-IQ Configuration Utility Login Page Detection

HP iLO 2 <= 2.23 DoS

VMware Horizon Workspace Detection

PHP 5.5.x < 5.5.12 FPM Unix Socket Insecure Permission Escalation

PHP 5.4.x < 5.4.28 FPM Unix Socket Insecure Permission Escalation

McAfee VirusScan Enterprise for Linux User Interface Detection

Postfix Admin Detection

Apache Archiva 1.2.x <= 1.2.2 / 1.3.x <= 1.3.6 Multiple Vulnerabilities

CA ERwin Web Portal 9.5 Multiple Directory Traversals

Oracle OpenSSO Multiple Vulnerabilities (April 2014 CPU)

Oracle OpenSSO Detection

Oracle Identity Analytics / Sun Role Manager Unspecified Remote Vulnerability (April 2014 CPU)

Oracle Identity Analytics Detection

Jetpack Plugin for WordPress Security Bypass

NAS4Free Web UI Default Credentials

Drupal 7.x < 7.27 Forms API Information Disclosure

Drupal 6.x < 6.31 Forms API Information Disclosure

Atmail Webmail 6.x / 7.x < 7.2.0 Multiple Vulnerabilities

Atmail Webmail 6.x < 6.6.4 / 7.x < 7.1.2 Multiple Vulnerabilities

Atmail Webmail < 6.6.2 Exim Buffer Overflow

Atmail Webmail < 6.3.5 Multiple XSS Vulnerabilities

Atmail Webmail < 5.4.2 (5.42) Multiple Information Disclosure Vulnerabilities

Atmail Webmail 4.5.1 (4.51) / 5.x < 5.0.3 (5.03) util.pl Cross-Site Request Forgery

Atmail Webmail 3.x < 3.6.4 (3.64) Multiple Vulnerabilities

CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities

CommonSpot Detection

MediaWiki Unsupported Version Detection

FortiOS User Interface Default Credentials

FortiWeb 4.x / 5.x < 5.0.3 Multiple Vulnerabilities

FortiOS < 4.3.13 / 5.0.3 Multiple XSRF

FortiAnalyzer < 4.3.7 / 5.0.5 Multiple XSRF

trixbox Web Detection

IBM WebSphere Portal Outside In Technology Multiple Overflows (PI07290)

WordPress < 3.7.2 / 3.8.2 Multiple Vulnerabilities

Liferay Portal 6.1.x < 6.1 CE GA3 (6.1.2) Multiple Vulnerabilities

PHP 5.5.x < 5.5.11 awk Magic Parsing BEGIN DoS

IBM WebSphere Portal Unspecified HTTP Response Splitting (PM85071)

IBM WebSphere Portal Unauthorized User Directory Access

Ajax Pagination (twitter Style) Plugin for WordPress Local File Inclusion

Puppet Enterprise 2.x < 2.6.1 Session Handling Weakness

Canon PIXMA Printer WLAN Credential Disclosure

Canon PIXMA Printer Administration Authentication Bypass

Canon PIXMA Printer HTTP Detection

EMC Cloud Tiering Appliance XML External Entity (XXE) Arbitrary File Disclosure

EMC Cloud Tiering Appliance User Interface Default Credentials

TigerVNC < 1.3.1 ZRLE Heap-based Buffer Overflow

PHP 5.4.x < 5.4.27 awk Magic Parsing BEGIN DoS

ionCube loader-wizard.php Remote Information Disclosure

ionCube loader-wizard.php Accessible

ELMAH (Error Logging Modules and Handlers) Remotely Accessible

MediaWiki < 1.19.14 / 1.21.8 / 1.22.5 ChangePassword Cross-Site Request Forgery

Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness

Cisco Content Security Management Appliance Web UI Default Credentials

Cisco Email Security Appliance Web UI Default Credentials

PHP PHP_RSHUTDOWN_FUNCTION Security Bypass

Symantec LiveUpdate Administrator < 2.3.2.110 Multiple Vulnerabilities (SYM14-005)

Atlassian JIRA < 6.1.4 Privilege Escalation

Atlassian JIRA < 6.0.5 Multiple Vulnerabilities

Atlassian JIRA < 6.0.4 Arbitrary File Creation

MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities

McAfee Email Gateway Multiple Vulnerabilities

Dell KACE K1000 < 5.5.90547 / 5.4.76849 Arbitrary File Upload and Command Execution

IBM WebSphere Portal Improper Access Control Checks (PI07185)

IBM WebSphere Portal Unspecified URL Manipulation Arbitrary File Access (PM99205)

Apache Struts2 class Parameter ClassLoader Manipulation

3Com Web Management Interface Default Credentials

McAfee Cloud Single Sign On WebUI Default Credentials

McAfee Cloud Single Sign On User Interface Detection

Quantum vmPRO Default Credentials Check

Quantum vmPRO Web Administration Interface Detection

Huawei Multiple Device Authentication Bypass

Puppet Enterprise 3.x < 3.2.0 Multiple Vulnerabilities

Puppet Enterprise 3.x < 3.1.3 LibYAML Heap-Based Buffer Overflow

Puppet Enterprise 3.x < 3.1.2 DTLS Retransmission DoS

Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities

Oracle Business Intelligence Publisher (October 2012 CPU)

Oracle BI Publisher Default Credentials Check

Oracle Reports Servlet Parsequery Function Remote Database Credentials Exposure

Oracle Reports Servlet Remote File Access

Oracle Reports Servlet Detection

Joomla! 3.x < 3.2.3 Multiple Vulnerabilities

Joomla! 2.5.x < 2.5.19 Multiple Vulnerabilities

WordPress < 3.3.3 / 3.4.0 Multiple Vulnerabilities

Artifactory < 3.1.1.1 XStream Remote Code Execution

Artifactory Detect

WordPress 'press-this.php' Security Bypass

WordPress < 3.0.1 Security Bypass

MyBB < 1.6.12 Multiple Vulnerabilities

IBM WebSphere Portal Oracle Outside In Technology Component Remote DoS (PI10280)

Silex USB Device Server Web Configuration Page Empty Password

PHP 5.5.x < 5.5.10 Multiple Vulnerabilities

PHP 5.4.x < 5.4.26 Multiple Vulnerabilities

MediaWiki < 1.19.12 / 1.21.6 / 1.22.3 Multiple Vulnerabilities

HP Integrated Lights-Out (iLO) Default Credentials

IBM Rational Focal Point RequestAccessController Servlet File Disclosure

IBM Rational Focal Point Login Servlet File Disclosure

IBM Rational Focal Point Default Credentials

IBM Rational Focal Point Login Detection

Oracle WebCenter Sites Default Credentials Check

Oracle WebCenter Sites Detection

Zimbra Collaboration Server < 7.2.6 / 8.0.6 Unspecified Vulnerability

Web Accessible Backups

Zabbix < 1.8.20 / 2.0.11 / 2.2.2 Multiple Vulnerabilities

Grails resources plug-in WEB-INF / META-INF File Disclosure

Jenkins < 1.545 Subversion Plugin Information Disclosure

MyBB < 1.6.11 Multiple Vulnerabilities

Jenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple Vulnerabilities

Zimbra Collaboration Server Aspell Spell Check Service Detection

IBM WebSphere Portal Registration/Edit My Profile Portlet Unrestricted Remote File Upload (PI07013)

McAfee Web Gateway User Interface Default Credentials

McAfee Web Gateway User Interface Detection

MediaWiki thumb.php w Parameter Remote Shell Command Injection

Zimbra Collaboration Server skin Parameter Traversal Local File Inclusion

Zimbra Collaboration Server Web Detection

JForum Detection

PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities

Symantec Web Gateway <= 5.1.1 Multiple Vulnerabilities (SYM14-003)

Web Site Client Access Policy File Detection

Dell KACE K2000 < 3.3.52857 Multiple Vulnerabilities

Dell KACE K1000 < 5.5 Multiple SQL Injection Vulnerabilities

Dell KACE K1000 Web Detection

MediaWiki < 1.19.10 / 1.21.4 / 1.22.1 Multiple Vulnerabilities

Synology DiskStation Manager uistrings.cgi lang Parameter Directory Traversal

Synology DiskStation Manager < 4.3-3810 Update 3 Multiple FileBrowser Component Directory Traversal Vulnerabilities

Synology DiskStation Manager 4.3-x < 4.3-3810 Update 1 Multiple Vulnerabilities

Synology DiskStation Manager < 4.3-3776 Update 2 Multiple Vulnerabilities

Synology DiskStation Manager 4.0-x < 4.0-2259 / 4.1-x / 4.2-x < 4.2-3243 SLICEUPLOAD Function Remote Code Execution

Synology DiskStation Manager (DSM) Detection

SAP Host Agent SOAP Web Service Information Disclosure (SAP Note 1816536)

ManageEngine SupportCenter Plus < 7.9 Build 7917 attach Parameter Directory Traversal

MediaWiki < 1.19.11 / 1.21.5 / 1.22.2 Multiple Remote Code Execution Vulnerabilities

Landing Pages Plugin for WordPress 'wp-admin/edit.php' 'post' Parameter SQL Injection

Puppet Symlink File Overwrite

Drupal 7.x < 7.26 Multiple Vulnerabilities

Drupal 6.x < 6.30 OpenID Module Account Hijacking

MapServer < 5.6.9 / 6.0.4 / 6.2.2 / 6.4.1 SQL Injection

ColdFusion Unsupported Version Detection

ColdFusion Extended Support Version Detection

PHP 5.5.x < 5.5.8 Multiple Vulnerabilities

PHP 5.4.x < 5.4.24 Multiple Vulnerabilities

UltraVNC Java Viewer Detection

TightVNC Java Viewer Detection

TigerVNC Java Viewer Detection

RealVNC Java Viewer Detection

Apache Solr < 4.6.0 SolrResourceLoader Directory Traversal

Apache Solr < 4.3.1 XML External Entity Injection

Apache Solr < 4.1.0 Multiple XML External Entity Injections

Cisco WAAS Mobile Server Web Administration Default Credentials

Cisco WAAS Mobile Server Web Administration Interface Detection

Nagios XI < 2012R2.4 tfPassword Parameter SQL Injection

NagiosQL Detection

Zabbix 1.9.x < 1.9.4 zabbix_agentd DoS

OpenMediaVault Default Administrator Credentials

OpenMediaVault Web Detection

LiveZilla < 5.1.2.1 Multiple Vulnerabilities

MediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities

iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities

LiveZilla < 5.1.1.0 Multiple Vulnerabilities

LiveZilla 'mobile/php/translation/index.php' 'g_language' Parameter Local File Inclusion

LiveZilla Detection

PHP 5.5.x < 5.5.7 OpenSSL openssl_x509_parse() Memory Corruption

PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption

PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities

ManageEngine Desktop Central Default Administrator Credentials

ManageEngine Desktop Central AgentLogUploadServlet Arbitrary File Upload

ManageEngine Desktop Central AgentLogUploadServlet Arbitrary File Upload (intrusive check)

ManageEngine Desktop Central Detection

Jenkins Accessible without Credentials

Atlassian Confluence < 4.3.7 Multiple Vulnerabilities

Monitorix Built-in HTTP Server Remote Command Execution

IBM Domino Web Administrator Multiple Vulnerabilities

Nagios Looking Glass Addon for Nagios server/s3_download.php File Disclosure

Tenable SecurityCenter Detection

Drupal 7.x < 7.24 Multiple Vulnerabilities

Drupal 6.x < 6.29 Multiple Vulnerabilities

PineApp Mail-SeCure admin/confnetworking.html Multiple Parameter Remote Command Injection

Oracle Portal Demo Organization Chart SQL Injection

Oracle Portal Demo Organization Chart Detection

Oracle Portal Detection

Oracle WebCenter Content Server Subcomponent Remote Issue (October 2013 CPU)

Oracle JavaServer Faces Multiple Partial Directory Traversals

Zabbix Web Interface Default Administrator Credentials

McAfee Email Gateway Appliance 7.x Unspecified Command Injection

vBulletin upgrade.php Accessible

Citrix XenDesktop Director Detection

Oracle Secure Global Desktop Administration Console Detection

Apache PHP-CGI Remote Code Execution

Novell ZENworks Configuration Management < 11.2.4 Multiple Vulnerabilities

Bugzilla < 4.0.11 / 4.2.7 / 4.4.1 Multiple Vulnerabilities

Puppet Enterprise < 3.1.0 Multiple Vulnerabilities

Puppet Enterprise < 3.0.1 Multiple Vulnerabilities

Puppet Unauthenticated Remote Code Execution

Puppet 2.7.x / 3.2.x < 2.7.23 / 3.2.4 and Enterprise 2.8.x / 3.0.x < 2.8.3 / 3.0.1 Multiple Vulnerabilities

Netgear ReadyNAS Remote Unauthenticated Command Execution

Net Optics Director Default Credentials

Net Optics Director Web Detection

Zabbix < 1.8.18rc1 / 2.0.9rc1 / 2.1.7 Multiple SQL Injections

AjaXplorer < 5.0.3 Multiple Vulnerabilities

AjaXplorer < 5.0.1 Multiple Command Execution Vulnerabilities

alpha_auth_check() Function Remote Authentication Bypass

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Marshalled Object Remote Code Execution

McAfee Web Reporter Detection (remote check)

McAfee Managed Agent FrameworkService.exe Denial of Service

FireEye Web MPS GUI Detection

DotNetNuke < 6.2.9 / 7.1.1 Multiple Vulnerabilities

MediaWiki < 1.19.8 / 1.20.7 / 1.21.2 Multiple Vulnerabilities

Splunk < 5.0.5 Multiple Code Execution Vulnerabilities

Alcatel OmniSwitch Default Credentials (http)

Apache Struts2 action: Parameter Prefix Security Constraint Bypass

HP NNMi 8.x / 9.0x / 9.1x / 9.20 Unspecified XSS

HP Network Node Manager i (NNMi) Console Detection

Sophos Web Protection Appliance Multiple Vulnerabilities

HP Onboard Administrator Multiple Vulnerabilities

HP Onboard Administrator Detection

HP Network Automation Multiple Vulnerabilities (HPSBMU02693)

HP Network Automation Detection

Cisco Unified MeetingPlace Detection

IBM DB2 Content Manager eClient < 8.4.1.1 Unspecified Security Vulnerability

IBM DB2 Content Manager eClient Detection

WordPress < 3.6.1 Multiple Vulnerabilities

HP SiteScope SOAP Call runOMAgentCommand SOAP Request Arbitrary Remote Code Execution

McAfee Email Gateway Appliance 7.x Multiple Vulnerabilities

Blue Coat ProxyAV < 3.2.6.1 Multiple Admin Function CSRF

Blue Coat ProxyAV Detection

LeagueManager Plugin for WordPress 'wp-admin/admin.php' 'league_id' Parameter SQL Injection

HTTP Cookie 'secure' Property Transport Mismatch

Atlassian Confluence < 5.1.5 OGNL Expression Handling Double Evaluation Error Remote Code Execution

iLO 3 < 1.57 / iLO 4 < 1.22 Unspecified Arbitrary Code Execution

WP Online Store Plugin for WordPress Multiple Parameter File Disclosure

Oracle WebCenter Content (July 2013 CPU)

Oracle WebCenter Content (April 2013 CPU)

phpMyAdmin 3.5.x / 4.x < 4.0.5 'Header.class.php' Clickjacking Bypass (PMASA-2013-10)

HP ArcSight Logger HTTP Detection

Blue Coat ICAP Patience Page XSS

Sourcefire Defense Center Multiple Security Vulnerabilities

DotNetNuke DNNArticle Module categoryid Parameter SQL Injection

PHP 5.5.x < 5.5.2 Multiple Vulnerabilities

PHP 5.4.x < 5.4.18 Multiple Vulnerabilities

OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution

Western Digital My Net Router main_internet.php Admin Credential Disclosure

BigTree CMS index.php SQL Injection

BigTree CMS Detection

PHP 5.5.x < 5.5.1 xml.c Buffer Overflow

TrustPort WebFilter help.php hf Parameter Directory Traversal

Cacti < 0.8.8b Command and SQL Injections

Splunk < 5.0.4 X-FRAME-OPTIONS Clickjacking Weakness

HP LaserJet Pro /dev/save_restore.xml Administrative Password Disclosure

HP LaserJet Pro /IoMgmt/Adapters/wifi0/WPS/Pin WPS PIN Disclosure

Joomla! 2.5.x < 2.5.14 / 3.x < 3.1.5 File Upload Arbitrary Code Execution

Apache Struts2 ExceptionDelegator Arbitrary Remote Command Execution

HP SiteScope Multiple Unspecified Remote Code Execution Vulnerabilities

phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities (PMASA-2013-8 - PMASA-2013-15

Symantec Web Gateway < 5.1.1 Multiple Vulnerabilities (SYM13-008)

PineApp Mail-SeCure test_li_connection.php Remote Command Injection

PineApp Mail-SeCure Default Credentials

PineApp Mail-SeCure Detection

Sybase EAServer XML External Entity (XXE) Arbitrary File Disclosure

OpenNetAdmin dcm.php options[desc] Parameter Arbitrary Remote PHP Code Execution

Cisco Wireless Control System SQL Injection (cisco-sa-20100811-wcs) (credentialed check)

Apache OFBiz Nested Expression Arbitrary UEL Function Execution

Cisco Prime Network / Wireless Control System Health Monitor Detection

Movable Type 5.2.X < 5.2.6 Unspecified Vulnerability

Virtualizor < 2.3.2 PDNS Domain Deletion Security Bypass

Virtualizor < 2.3.1 Unspecified SQL Injection

Virtualizor Detection

VLC Web Interface XML Services Remote Command Execution

VLC Web Interface Detection

RT 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities

MyBB < 1.6.10 Multiple Vulnerabilities

IceWarp /rpc/gw.html XML External Entity Arbitrary File Disclosure

Apache Struts2 action: Parameter Arbitrary Remote Command Execution

Dell iDRAC6 Multiple Vulnerabilities

IBM Blade Center Advanced Management Console Detection

PHP 5.4.x < 5.4.17 Buffer Overflow

PHP 5.3.x < 5.3.27 Multiple Vulnerabilities

Cisco Prime Data Center Network Manager Web Detection

phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)

Atlassian Crowd XML External Entity Request Handling Arbitrary File Disclosure

Atlassian Crowd Detection

php-Charts wizard/index.php PHP Execution

php-Charts Detection

Sybase EAServer 6.x < 6.3.1 ESD#3 Multiple Code Execution Vulnerabilities

Gallery 3.0.x < 3.0.9 Multiple Vulnerabilities

WordPress < 3.5.2 Multiple Vulnerabilities

GroundWork Monitor Enterprise Foundation Webapp Admin Arbitrary File Access

GroundWork Monitor Enterprise Foundation Webapp Admin Interface Authentication Bypass

GroundWork Monitor Enterprise Default Credentials

GroundWork Monitor Enterprise Detection

op5 Monitor < 6.1.0 Information Disclosure and Security Bypass Vulnerabilities

Sybase EAServer 6.3.1 < 6.3.1.07 Build 63107 / 6.2 < 6.2.0.12 Build 62012 Multiple Vulnerabilities

Sybase EAServer Detect

FreePBX Backup Module page.backup.php dir Parameter Remote Command Execution

SolusVM Default Administrator Credentials

SolusVM Detection

Zabbix < 1.8.16 / 2.0.5 / 2.1.0 user.login cnf Parameter Authentication Bypass

Apache Struts2 Crafted Parameter Arbitrary OGNL Expression Remote Command Execution

Apache Struts2 OGNL Expression Handling Double Evaluation Error Remote Command Execution

Novell ZENworks Control Center File Upload Remote Code Execution (intrusive check)

Jenkins < 1.514 / 1.509.1 and Jenkins Enterprise 1.466.x / 1.480.x < 1.466.14.1 / 1.480.4.1 Multiple Vulnerabilities

Plone PloneFormGen Unspecified Arbitrary Code Execution

Plesk Panel Apache Arbitrary PHP Code Injection

PHP 5.4.x < 5.4.16 Multiple Vulnerabilities

PHP 5.3.x < 5.3.26 Multiple Vulnerabilities

MediaWiki 1.19.x < 1.19.7 / 1.20.x < 1.20.6 Arbitrary File Upload

Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities

SAP Control SOAP Web Service Remote Code Execution (SAP Note 1414444)

Junos Space WebUI Default Credentials

Junos Space WebUI Detection

Greenstone Password File Disclosure

Greenstone Detection

PHP 5.4.x < 5.4.13 Information Disclosure

PHP 5.3.x < 5.3.23 Information Disclosure

Mutiny < 5.0-1.11 Multiple Directory Traversals

Adobe ColdFusion Authentication Bypass (APSB13-13) (intrusive check)

Adobe ColdFusion Authentication Bypass (APSB13-13)

Adobe ColdFusion Multiple Vulnerabilities (APSA13-03)

MantisBT 1.2.12 - 1.2.14 Multiple Vulnerabilities

MediaWiki 1.19.x < 1.19.6 / 1.20.x < 1.20.5 Multiple Vulnerabilities

Joomla! 2.5.x < 2.5.10 / 3.0.x < 3.0.4 Multiple Vulnerabilities

Lexmark Markvision Enterprise Default Credentials

Lexmark Markvision Enterprise Detection

McAfee ePolicy Orchestrator 4.6.x Multiple Vulnerabilities (SB10042)

McAfee ePolicy Orchestrator Application Server Detection

WP Super Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution

W3 Total Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution

phpMyAdmin 3.5.x < 3.5.8.1 / 4.x < 4.0.0-rc3 Multiple Vulnerabilities (PMASA-2013-2 - PMASA-2013-5

Gallery 3.0.x < 3.0.7 Multiple Vulnerabilities

IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities

op5 Monitor < 5.7.3 Multiple Vulnerabilities

D-Link DIR-645 getcfg.php Admin Password Disclosure

Puppet Multiple Vulnerabilities (2013/03/12)

Puppet Unsafe YAML Unserialization

Puppet Enterprise Console Authentication Bypass (intrusive check)

Puppet Enterprise Console Detection

Puppet REST API Detection

MediaWiki 1.19 < 1.19.5 / 1.20 < 1.20.4 Multiple Vulnerabilities

JBossWS Endpoint Uses Unsafe Encryption

JBoss Web Services Endpoint Enumeration

Plesk Horde Detection

Splunk 4.3.x < 4.3.6 Unspecified XSS

Novell iManager < 2.7.6 Patch 1 Multiple Vulnerabilities

Novell iManager Unsupported Version

Novell iManager Detection

Cerb Detection

Citrix Access Gateway 5.x < 5.0.4.223524 Unspecified Security Bypass

Citrix Access Gateway User Web Interface Detection

Citrix Access Gateway Administrative Web Interface Default Credentials

Citrix Access Gateway Administrative Web Interface Detection

Novell Identity Manager Role Based Provisioning Module Unspecified Vulnerability

Novell Identity Manager Role Based Provisioning Module Detection

mnoGoSearch search.cgi QUERY_STRING Parameter Parsing Arbitrary File Access

mnoGoSearch Detection

MediaWiki mwdoc-filter.php Arbitrary File Access

MediaWiki 1.19 < 1.19.4 / 1.20 < 1.20.3 Multiple Vulnerabilities

IBM InfoSphere Data Replication Dashboard Unpassworded User Enumeration

IBM InfoSphere Data Replication Dashboard User Enumeration

IBM InfoSphere Data Replication Dashboard Default Credentials

IBM InfoSphere Data Replication Dashboard Detection

Sophos Web Protection Appliance patience.cgi id Parameter Directory Traversal

Sophos Web Protection Detection

Piwigo install.php dl Parameter Traversal Arbitrary File Access

Piwigo Detection

Gallery < 3.0.5 Multiple Vulnerabilities

Gallery Detection

Newsletter Plugin for WordPress 'preview.php' 'data' Parameter Directory Traversal

McAfee Vulnerability Manager Detect

NConf delete_attr.php id Parameter SQL Injection

GD Star Rating Plugin for WordPress 'export.php' Authentication Bypass Information Disclosure

Git Repository Served by Web Server

Foscam 11.37.2.x < 11.37.2.49 Directory Traversal

Foscam Detection

PHP-Fusion Authenticate.class.php Multiple Cookie SQL Injection

Nagios XI < 2012R1.6 Multiple Vulnerabilities

Novell ZENworks Mobile Management MDM.php Local File Inclusion

Novell ZENworks Mobile Management Detection

Adobe InDesign Server RunScript Arbitrary Command Execution

Web Service Description Language File Detected

Foswiki < 1.1.8 MAKETEXT Macro Arbitrary Code Injection

Foswiki Detection

Jenkins < 1.502 / 1.480.3 and Jenkins Enterprise 1.447.x / 1.466.x / 1.480.x < 1.447.7.1 / 1.466.13.1 / 1.480.3.1 Multiple Vulnerabilities

Jenkins < 1.498 / 1.480.2 and Jenkins Enterprise 1.447.x / 1.466.x < 1.447.6.1 / 1.466.12.1 Unspecified Master Cryptographic Key Information Disclosure

Jenkins Detection

Scrutinizer < 10.1.2 Multiple Vulnerabilities

airVision NVR path Parameter Traversal Arbitrary File Access

PHP 5.4.x < 5.4.12 Multiple Vulnerabilities

PHP 5.3.x < 5.3.22 Multiple Vulnerabilities

W3 Total Cache Plugin for WordPress Cache File Direct Request Information Disclosure

Drupal 7.x < 7.20 On-Demand Image Derivative Generation Handling Resource Exhaustion DoS

MyBB < 1.6.9 Multiple Vulnerabilities

MoinMoin < 1.9.6 Multiple Vulnerabilities

Buffalo LinkStation Direct Request Remote File Disclosure

Buffalo LinkStation Detection

WP Symposium Plugin for WordPress 'symposium_groups_functions.php' 'gid' Parameter SQL Injection

WordPress Poll Plugin 'poll_id' Parameter SQL Injection

Bugzilla < 3.6.13 / 4.0.10 / 4.2.5 / 4.4rc2 Multiple Vulnerabilities

TWiki < 5.1.4 MAKETEXT Variable Tilde Character Command Injection

Cisco Prime LAN Management Solution Web Detection

EMC Data Protection Advisor Web UI Directory Traversal

EMC Data Protection Advisor Web UI Detection

Nagios XI 2011R1.9 Multiple SQL Injection Vulnerabilities

Adobe ColdFusion Authentication Bypass (APSB13-03)

ImpressPages cm_group Parameter Remote PHP Code Execution

ImpressPages Detection

Prizm Content Connect default.aspx document Parameter Remote File Inclusion

Joomla! 2.5.x < 2.5.9 / 3.0.x < 3.0.3 Multiple Information Disclosure Vulnerabilities

MantisBT < 1.2.12 Multiple Vulnerabilities

MantisBT 1.2.x < 1.2.13 Multiple Vulnerabilities

php-Charts url.php Remote PHP Code Execution

Gallery Plugin for WordPress 'load' Parameter Remote File Inclusion

Hunt CCTV DVR.cfg Direct Request Information Disclosure

HP Diagnostics Server Default Credentials

HP Diagnostics Server Detection

Collector Component for Joomla! index.php File Upload Arbitrary Code Execution

WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery

WordPress < 3.5.1 Multiple Vulnerabilities

ViArt Shop sips_response.php DATA Parameter Request Parsing Remote Shell Command Execution

ViArt Shop Detection

Uploader Plugin for WordPress File Upload Arbitrary Code Execution

GRAND Flash Album Gallery Plugin for WordPress 'f' Parameter Traversal Arbitrary Directory Enumeration

Forums Plugin for WordPress 'url' Parameter Arbitrary File Disclosure

Browser Rejector Plugin for WordPress 'wppath' Parameter Remote File Inclusion

Portable phpMyAdmin Plugin for WordPress 'wp-pma-mod' Authentication Bypass

WebYaST Host Modification MiTM

Floating Social Media Links Plugin for WordPress 'wpp' Parameter Remote File Inclusion

Movable Type mt-upgrade.cgi Remote Command Execution

ManageEngine AssetExplorer Default Administrator Credentials

ManageEngine AssetExplorer Detection

Drupal 6.x < 6.28 / 7.x < 7.19 Multiple Vulnerabilities

NetIQ Privileged User Manager regclnt.dll Directory Traversal

Google Doc Embedder Plugin for WordPress 'File' Parameter Traversal Arbitrary File Disclosure

MoinMoin twikidraw.py Traversal File Upload Arbitrary File Overwrite

PHP 5.4.x < 5.4.11 cURL X.509 Certificate Domain Name Matching MiTM Weakness

PHP 5.3.x < 5.3.21 cURL X.509 Certificate Domain Name Matching MiTM Weakness

Nagios Core history.cgi Multiple Parameter Buffer Overflow

Nagios Core Detection

Prado Framework sr Parameter Directory Traversal

TWiki < 5.1.3 Multiple Vulnerabilities

Snare Agent for Linux < 1.7.0 / 2.0.0 Multiple Vulnerabilities

Snare Agent Detection

Advanced Custom Fields Plugin for WordPress 'acf_abspath' Parameter Remote File Inclusion

Drupal 6.x < 6.27 / 7.x < 7.18 Multiple Vulnerabilities

IceWarp Webmail raw.php Information Disclosure

MediaWiki < 1.18.6 / 1.19.3 / 1.20.1 Multiple Vulnerabilities

Ektron CMS XslCompiledTransform Class Request Parsing Remote Code Execution

ManageEngine Security Manager Plus 'f' Directory Traversal Arbitrary File Access

ManageEngine Security Manager Plus Default Administrator Credentials

ManageEngine Security Manager Plus Detection

RWCards Component for Joomla! mosConfig_absolute_path Parameter Remote File Inclusion

NetIQ Privileged User Manager Password Change Authentication Bypass (version check)

NetIQ Privileged User Manager ldapagnt_eval() Function Remote Code Execution (version check)

ManageEngine Applications Manager Default Administrator Credentials

ManageEngine Applications Manager Detection

Narcissus backend.php release Parameter Remote Command Execution

IBM WebSphere Portal Dojo Module Arbitrary File Download

Piwik core/Loader.php Trojaned Distribution

Piwik Detection

Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-018)

RT < 3.8.15 / 4.0.8 Multiple Vulnerabilities

NetIQ Privileged User Manager ldapagnt_eval() Function Remote Code Execution (intrusive check)

NetIQ Privileged User Manager Password Change Authentication Bypass (intrusive check)

NetIQ Privileged User Manager Default Admin Password

NetIQ Privileged User Manager Detection

Bugzilla < 3.6.12 / 4.0.9 / 4.2.4 / 4.4rc1 Multiple Vulnerabilities

Novell Sentinel Log Manager Authentication Bypass

Novell Sentinel Log Manager Web Detection

WebYaST Web Client Detection

CoSoSys Endpoint Protector Detection

Freestyle Testimonials Component for Joomla! Unspecified SQL Injection

Freestyle Support Portal Component for Joomla! prodid Parameter SQL Injection

Liferay Portal 6.1.0 / 6.1.10 Arbitrary File Deletion

SolarWinds Orion NPM < 9.5 Login.asp Blind SQL Injection

Traq admincp/common.php authenticate() Function Authentication Bypass Remote Code Execution

Traq Detection

MapServer for Windows (MS4W) Bundled Apache / PHP Configuration Local File Inclusion

MapServer for Windows (MS4W) Detection

ManageEngine OpStor Default Administrator Credentials

ManageEngine OpStor Detection

Temenos T24 Detection

Zabbix Web Interface popup_bitem.php itemid Parameter SQL Injection

IBM Rational ClearQuest Multiple Script Information Disclosure

WANem result.php pc Parameter Remote Command Execution

WANem Detection

Mutiny < 4.5-1.12 Unspecified Network Interface Menu Remote Command Injection

Mutiny Detection

Novell ZENworks Asset Management rtrlet Component GetFile_Password Method Hardcoded Credentials Information Disclosure

Novell ZENworks Asset Management Detection

Drupal 7.x < 7.16 Multiple Vulnerabilities

WordPress A Page Flip Book Plugin for WordPress 'pageflipbook_language' Parameter Local File Inclusion

ZEN Load Balancer global.conf Information Disclosure

MediaWiki < 1.18.5 / 1.19.2 Multiple Vulnerabilities

OpenStack Keystone Default Credentials

OpenStack Keystone Detection

OpenStack Glance Detection

Mac Photo Gallery Plugin for WordPress 'macphtajax.php' Access Restriction Bypass

phpMyAdmin server_sync.php Backdoor (PMASA-2012-5)

SAP Host Control SOAP Web Service 'Database/Name' Command Execution (SAP Note 1341333)

SAP Host Control SOAP Web Service Detection

SAP Control SOAP Web Service Detection

Mac Photo Gallery for WordPress 'albid' Parameter Traversal Arbitrary File Access

HP Database Archiving Software Detection

West Wind Web Connection Unprotected Configuration Editor Application

WebPagetest < 2.7.2 file Parameter Traversal Arbitrary File Access

WebPagetest Detection

Cisco Prime Security Manager Log Retention DoS (cisco-sa-20120912-asacx)

Cisco Prime Security Manager Web Detection

LogAnalyzer Detection

SolarWinds Orion NPM < 10.3.1 Multiple Vulnerabilities

SolarWinds Orion Network Performance Monitor Detection

HP SiteScope getFileInternal Arbitrary File Download

Bugzilla < 3.6.11 / 4.0.8 / 4.2.3 / 4.3.3 Multiple Vulnerabilities

WordPress < 3.4.2 Multiple Vulnerabilities

SquidClamav Specially Crafted Character Parsing Remote DoS

SquidClamav Detection

Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-013)

Symantec Messaging Gateway Detection

Cloudsafe365 Plugin for WordPress 'file' Parameter Traversal Arbitrary File Access

EMail Security Virtual Appliance learn-msg.cgi Remote Code Execution

EMail Security Virtual Appliance Detection

TikiWiki unserialize() Function Arbitrary Code Execution

Bugzilla < 3.6.10 / 4.0.7 / 4.2.2 / 4.3.2 Multiple Information Disclosures

Scrutinizer < 9.5.2 Multiple Vulnerabilities

Oracle Integrated Lights Out Manager Web Detection

Eucalyptus Walrus REST Interface Key Verification Authentication Bypass (ESA-03)

Eucalyptus Cloud Controller Console Detection

Eucalyptus Walrus Detection

Scrutinizer < 9.5.2 d4d/statusFilter.php q Parameter SQL Injection

Scrutinizer Default Credentials Check

Umbraco codeEditorSave.asmx SaveDLRScript Operation Traversal File Upload Arbitrary Command Execution

Umbraco Detection

IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access

RabidHamster R4 left_console.html cmd Parameter loadfile() Function Traversal Arbitrary File Access

RabidHamster R4 Detection

Horde Kronolith Detection

Cyberoam Admin Console Detection

Symantec Web Gateway search.php SQL Injection (SYM12-011)

Symantec Web Gateway Multiple Script Shell Command Execution (SYM12-011)

RT < 3.8.12 / 4.0.6 Multiple Vulnerabilities

Atmail Email Server WebAdmin Control Panel dbconfig.ini Information Disclosure

Nagios XI < 2011R1.9 Multiple Vulnerabilities

Cisco TelePresence Multipoint Switch XML-RPC DoS (cisco-sa-20110223-telepresence-ctms)

Cisco TelePresence Multipoint Switch < 1.7.0 Multiple Vulnerabilities (cisco-sa-20110223-telepresence-ctms)

Cisco TelePresence Multipoint Switch Web Detection

WordPress < 3.4.1 Multiple Vulnerabilities

Serendipity comment.php url Parameter SQL Injection

PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow

PHP 5.3.x < 5.3.15 Multiple Vulnerabilities

Eaton Network Shutdown Module view_list.php paneStatusListSortBy Parameter eval() Call Remote PHP Code Execution

Eaton Network Shutdown Module Default Administrator Credentials

Eaton Network Shutdown Module Detection

WaveMaker < 6.4.6 Security Bypass

WaveMaker Studio Requires No Authentication

WaveMaker Studio Detection

Western Digital ShareSpace WEB GUI Information Disclosure

Western Digital ShareSpace Detection

Novell GroupWise WebAccess User.interface Directory Traversal

Basilic diff.php Command Injection

Symantec Message Filter Multiple Vulnerabilities (SYM12-010)

Symantec Message Filter Management Interface Default Credentials

Symantec Message Filter Management Interface Detection

Microsoft IIS 6.0 PHP NTFS Stream Authentication Bypass

HAProxy Statistics Page Detection

Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)

ownCloud Web Interface Detection

Adobe ColdFusion HTTP Response Splitting (APSB12-15)

Elgg Detection

Kerio WinRoute Firewall Web Server Remote Source Code Disclosure

MailEnable WebMail Detection

PHP 5.4.x < 5.4.4 Multiple Vulnerabilities

PHP 5.3.x < 5.3.14 Multiple Vulnerabilities

Cobbler xmlrpc API power_system Method Remote Shell Command Execution

Cobbler Linux Installation Server Detection

Cobbler Admin Interface Detection

Liferay Portal 6.1.0 Forward Target Handling Security Bypass

Liferay Portal 6.1.0 User Enumeration

Atlassian JIRA 5.0.1 XML Parsing Vulnerability

Atlassian FishEye 2.5.8 / 2.6.8 / 2.7.12 XML Parsing Vulnerability

Atlassian Crucible 2.5.8 / 2.6.8 / 2.7.12 XML Parsing Vulnerability

Atlassian Crucible Detection

Apache OFBiz FlexibleStringExpander Remote Code Execution

Apache OFBiz Default Credentials

Apache OFBiz Detection

phpMyAdmin 2.11.x / 3.3.x < 2.11.11.3 / 3.3.9.2 SQL Query Bookmarks Arbitrary SQL Query Execution (PMASA-2011-02)

PacketVideo TwonkyServer Directory Traversal

PacketVideo TwonkyServer Detection

Liferay Portal 6.1.0 'addUser()' Security Bypass

Liferay Portal 6.0.5 / 6.0.6 Arbitrary File Download

Liferay Portal < 6.0.6 Multiple Vulnerabilities

Liferay Portal Default Credentials

Liferay Portal Detection

phpMyAdmin simplexml_load_string() Function Information Disclosure (PMASA-2011-17)

Symantec Web Gateway upload_file() Remote Code Execution (SYM12-006) (intrusive check)

Symantec Web Gateway < 5.0.3 Multiple Vulnerabilities (SYM12-006) (version check)

Symantec Web Gateway ipchange.php Shell Command Injection (SYM12-006) (intrusive check)

SolarWinds Storage Manager Server LoginServlet loginName Parameter SQL Injection

SolarWinds Storage Manager Detection

McAfee WebShield UI mui Directory Traversal

McAfee WebShield UI Authentication Bypass

PHP PHP-CGI Query String Parameter Injection Arbitrary Code Execution

PHP 5.4.x < 5.4.3 Multiple Vulnerabilities

PHP 5.3.x < 5.3.13 CGI Query String Code Execution

WordPress < 3.3.2 Multiple Vulnerabilities

Scrutinizer < 9.0.1 d4d/alarms.php Multiple Parameters SQLi

Scrutinizer NetFlow & sFlow Analyzer Detection

PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution

PHP Unsupported Version Detection

ManageEngine SupportCenter Plus < 7.9 Build 7905 Multiple Vulnerabilities

PHP 5.4.x < 5.4.1 Multiple Vulnerabilities

PHP < 5.3.11 Multiple Vulnerabilities

MediaWiki < 1.17.3 / 1.18.2 Multiple Vulnerabilities

CiscoWorks Common Services HTTP Response Splitting

CGIProxy < 2.1.2 Multiple Unspecified Vulnerabilities

CGIProxy Detection

IBM Tivoli Directory Server Web Administration Tool Detection

Citrix XenServer vSwitch Controller < 2.0.0+build11349 Multiple Vulnerabilities

Citrix XenServer vSwitch Controller Detection

Citrix XenServer Workload Balancer Detection

Dolibarr passwordforgotten.php theme Parameter Local File Inclusion

Dolibarr Detection

PHP 5.2.x filter_globals Subsequence Request Parsing Remote Code Execution

Lenovo ThinkManagement Console RunAMTCommand Operation -PutUpdateFileCore Command Parsing Arbitrary File Upload

Lenovo ThinkManagement Console Detection

McAfee WebShield Web UI Detection

Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections

Tivoli Provisioning Manager Express for Software Distribution Detection

HP Data Protector LogClientInstallation Method Userid Field SQL Execution

HP Data Protector DPNECentral Web Service Detection

HP Network Node Manager Detection

Zenphoto viewer_size_image_saved Cookie Value eval() Call Remote PHP Code Execution

Zenphoto < 1.4.2.1 Multiple Vulnerabilities

Novell ZENworks Control Center Detection

ManageEngine DeviceExpert ScheduleResultViewer Remote Directory Traversal

ManageEngine DeviceExpert Default Administrator Credentials

ManageEngine DeviceExpert Detection

WebGlimpse query Parameter Command Injection

WebGlimpse Detection

TheCartPress Plugin for WordPress 'tcp_class_path' Parameter Remote File Inclusion

WordPress ToolsPack Plugin Backdoor

Tenable Appliance Web Authentication Bypass

Tenable Appliance Web Detection

Citrix XenServer Web Self Service Detection

Astaro Security Gateway Detection

FreePBX gen_amp_conf.php Information Disclosure

PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)

Horde 3.3.12 open_calendar.js Backdoor

Oracle WebCenter Content 'GET_SEARCH_RESULTS' SQL Injection

Oracle WebCenter Content Default Administration Credentials

Oracle WebCenter Content Detection

Kayako SupportSuite 3.x <= 3.70.02 Multiple Vulnerabilities

Kayako SupportSuite Detection

EMC Celerra Control Station Default Credentials

Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution

PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)

CodeMeter TCP Packet Parsing Unspecified Remote DoS

CodeMeter Virtual Directory Traversal Arbitrary File Access (remote check)

CodeMeter Virtual Directory Traversal Arbitrary File Access (banner check)

CodeMeter WebAdmin Detection

Symantec Endpoint Protection Manager Detection

HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)

HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities

HP Managed Printing Administration Detection

Apache Struts2 Multiple Remote Code Execution and File Overwrite Vulnerabilities (safe check)

Web Application Information Disclosure

SimpleSAMLphp Detection

op5 Monitor Persistent Session Cookie

op5 Monitor Credential Leak

op5 Config Arbitrary Command Execution

op5 Monitor Detection

op5 Portal Arbitrary Command Execution

op5 Portal Detection

MS12-007: Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) (uncredentialed check)

MS11-100: ASP.NET Could Allow Denial of Service (2638420) (uncredentialed check)

PHP Version 5 Hash Collision Form Parameter Parsing Remote DoS

PHP < 5.3.9 Multiple Vulnerabilities

TYPO3 'AbstractController.php' 'BACK_PATH' Parameter Remote File Inclusion

Plone Request Parsing Remote Command Execution

phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 Multiple Vulnerabilities (PMASA-2011-5 - PMASA-2011-8)

JSPWiki Edit.jsp editor Parameter Traversal Local File Inclusion

VMware vCenter Update Manager Directory Traversal (VMSA-2011-0014)

VMware vCenter Update Manager Detection

Metasploit HTTP Server detection

CGI Generic Cross-Site Request Forgery Detection (potential)

Dell KACE K2000 Web Backdoor Account

TimThumb Cache Directory 'src' Parameter Arbitrary PHP File Upload

phpLDAPadmin orderby Parameter Arbitrary PHP Code Execution

SonicWALL ViewPoint Server Default Credentials

SonicWALL ViewPoint Server Detection

WordPress < 3.1.4 / 3.2-RC3 Multiple Blind SQL Injection Vulnerabilities

MODx < 2.0.3-pl class_key Parameter Local File Inclusion

MyBB 1.6.4 Backdoor PHP Code Execution

ManageEngine ADSelfService Plus resetUnLock Authentication Bypass

ManageEngine ADSelfService Plus Default Administrator Credentials

ManageEngine ADSelfService Plus Detection

Cisco Unified Operations Manager < 8.6 Multiple Vulnerabilities

Cisco Unified Operations Manager Detection

CGI Generic XPath Injection (2nd pass)

CGI Generic Tests Load Estimation (quick tests, HTML injection)

CGI Generic Tests Load Estimation (quick tests, text injection)

CGI Generic Tests Load Estimation (full tests)

OpenAdmin Tool Detection

HP Client Automation Satellite Web Console Detection

Zabbix < 1.8.6 Multiple Vulnerabilities

HP SiteScope Default Credentials

Sitecore CMS < 6.4.1 rev.110720 'url' Parameter URI Redirection

Sitecore CMS Detection

PHP 5.3.7 crypt() MD5 Incorrect Return Value

Oracle GlassFish Server Administration Console GET Request Authentication Bypass

PHP 5.3 < 5.3.7 Multiple Vulnerabilities

Microsoft Remote Desktop Web Access Detection

Computer Associates ARCserve D2D homepageServlet Servlet Information Disclosure

Computer Associates ARCserve D2D Detection

AlphaRegistration Component for Joomla! email Parameter SQL Injection

Oracle Secure Backup Administration Server login.php uname Parameter Arbitrary Command Injection

SQL Dump Files Disclosed via Web Server

Symantec Web Gateway forget.php Blind SQL Injection (SYM11-008)

Symantec Web Gateway login.php Blind SQL Injection (SYM11-001)

Symantec Web Gateway Detection

AllVideos Reloaded! Plugin for Joomla! divid Parameter SQL Injection

Adobe ColdFusion Remote Development Services Enabled Without Authentication

Adobe ColdFusion Remote Development Services

RSA Self-Service Console Detection

RSA Security Console Detection

RSA Operations Console Detection

Trend Micro Data Loss Prevention Virtual Appliance Encoded Traversal Arbitrary File Access

Trend Micro Data Loss Prevention Virtual Appliance Web Console Detection

ManageEngine SupportCenter Plus FileDownload.jsp path Parameter Traversal Arbitrary File Access

ManageEngine SupportCenter Plus Default Administrator Credentials

ManageEngine SupportCenter Plus Detection

ManageEngine ServiceDesk Plus FileDownload.jsp FILENAME Parameter Traversal Arbitrary File Access

ManageEngine ServiceDesk Plus Default Administrator Credentials

ManageEngine ServiceDesk Plus Detection

WPtouch Plugin for WordPress 'wptouch_redirect' Parameter URL Redirection

Movable Type User Registration Restriction Bypass

Polycom SoundPoint IP Phone Default Password

Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure

MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) (uncredentialed check)

Active Directory Certificate Services Web Enrollment Anonymous Access

phpMyAdmin < 3.3.10.1 / 3.4.1 Multiple Vulnerabilities (PMASA-2011-03 - PMASA-2011-04

Veri-NAC Appliance unauthenticated URL Directory Traversal

Apache Archiva < 1.3.5 Multiple Vulnerabilities

Apache Archiva Detection

phpMyAdmin url.php Redirect (PMASA-2011-4)

Vanilla Forum p Parameter Local File Inclusion

eFront js/scripts.php load Parameter Remote File Inclusion

is_human() Plugin for WordPress 'type' Parameter Command Injection

Spreecommerce api/orders.json Search Function Arbitrary Command Execution

HP SiteScope Detection

Symphony token Parameter SQL Injection

Atlassian Confluence Wiki Detection

Plone Security Bypass

Plone Detection

EyeOS file Parameter Directory Traversal

Dell KACE K2000 Web Detection

GIT gitweb git_search Shell Metacharacter Arbitrary Command Execution

Adobe ColdFusion Admin Requires No Authentication

Oracle BI Publisher Enterprise Detection

BackWPup for WordPress Plugin Remote File Inclusion

Symantec LiveUpdate Administrator < 2.3 CSRF (SYM11-005)

Symantec LiveUpdate Administrator Web Detection

HP Client Automation Default Credentials

HP Client Automation Web Console Detection

PHP 5.3 < 5.3.6 Multiple Vulnerabilities

Vtiger CRM graph.php Directory Traversal

WP Forum Server Plugin for WordPress 'topic' Parameter SQL Injection

Comment Rating Plugin for WordPress 'id' Parameter SQL Injection

Request Tracker 3.0.0-3.8.9rc1 Security Bypass and Information Disclosure

MySQL Eventum Detection

Mod_auth_mysql Multibyte Encoding SQL Injection

F-Secure Internet Gatekeeper for Linux Log Disclosure (FSC-2011-1)

F-Secure Internet Gatekeeper Default Administrator Credentials

F-Secure Internet Gatekeeper Web Console Detection

Check Point Endpoint Security Server Information Disclosure

HP Power Manager Unspecified Cross-Site Request Forgery

Web Common Credentials (HTML form)

Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access

Majordomo Detection

MODx 'ucfg' Parameter Arbitrary File Access

CGI Generic SQL Injection (Parameters Names)

WordPress < 3.0.5 Multiple Vulnerabilities

PRTG Network Monitor Default Credentials

PRTG Network Monitor Detection

WordPress < 3.0.2 Multiple Vulnerabilities

HP OpenView Performance Insight Server Backdoor Account

HP OpenView Performance Insight Server Detection

Micro Focus Enterprise Administration Server Authentication Check

Micro Focus Enterprise Administration Server Detection

ExtCalendar 'cat_id' parameter SQL Injection

ExtCalendar Detection

HP OpenView Network Node Manager Remote Execution of Arbitrary Code (HPSBMA02621 SSRT100352)

Mingle Forum Plugin for WordPress 'topic' parameter SQL Injection

BlogEngine.NET api/BlogImporter.asmx GetFile Function Unauthorized Access

CGI Generic Command Execution (time-based, intrusive)

Openfiler Management Interface Default Administrator Credentials

Openfiler Management Interface Detection

PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion

PhpGedView Detection

PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To Double Conversion DoS

DD-WRT Info.live.htm Information Disclosure

MantisBt 'db_type' Parameter Local File Inclusion

WordPress < 3.0.3 XML-RPC Interface Access Restriction Bypass

HP Power Manager < 4.3.2

Openfire Admin Console Detection

eclime index.php ref Parameter SQL Injection

PHP 5.3 < 5.3.4 Multiple Vulnerabilities

PHP 5.2 < 5.2.15 Multiple Vulnerabilities

Sitefinity CMS Arbitrary File Upload

Sitefinity CMS Detection

IceWarp webmail/basic/index.html _c Parameter Directory Traversal

Pandora FMS Console Default Credentials

Pandora FMS Console Authentication Bypass

Pandora FMS Console Detection

RSForm! Component for Joomla! lang Parameter Local File Inclusion

vtiger CRM phprint.php lang_crm Parameter Local File Inclusion

Novell GroupWise WebAccess Arbitrary File Download

Novell GroupWise Document Viewer Agent Arbitrary File Download

SEO Tools Plugin for WordPress 'file' Parameter Arbitrary File Access

Apache Shiro URI Path Security Traversal Information Disclosure

Bugzilla Response Splitting

jRSS Widget Plugin for WordPress proxy.php 'url' Parameter Arbitrary File Access

HP Systems Insight Manager Multiple Products Authentication Bypass

NetSupport Manager Gateway HTTP Protocol Information Disclosure

NetSupport Manager Gateway Detection

HP Systems Insight Manager Detection

HP Systems Insight Dynamics Detection

HP Systems Insight Control Detection

eLouai's Force Download Script file Parameter File Disclosure

FreeNAS 'exec_raw.php' Arbitrary Command Execution

FreeNAS Web Detection

Web Common Credentials

CGI Generic Path Traversal (quick test)

Atlassian FishEye Detection

Sawmill 8.x < 8.1.7.3

Sawmill Detection

CGI Generic Fragile Parameters Detection (potential)

CGI Generic Padding Oracle

HP Systems Insight Manager logfile Parameter Arbitrary File Download

HTTP X-Frame-Options Response Header Usage

HTTP X-Content-Security-Policy Response Header Usage

HTTP Origin Response Header Usage

Artica < 1.4.101900 mailattach Parameter Directory Traversal

Artica mailattach Parameter Directory Traversal

Artica Default Credentials

Artica Detection

Apache Hadoop HDFS DataNode Web Detection

Apache Hadoop HDFS NameNode Web Detection

Apache Hadoop MapReduce TaskTracker Web Interface

Apache Hadoop MapReduce JobTracker Web Detection

Ubuntu Drupal Theme - Brown images/layout/gradient.php File Disclosure

Super Simple Blog Script entry Parameter SQL Injection

Super Simple Blog Script Detection

Meeting Room Booking System typematch Parameter SQL Injection

Meeting Room Booking System Detection

FreePBX admin/cdr/call-comp.php dst Parameter SQL Injection

FreePBX Detection

mathTeX mathtex.cgi getdirective Function dpi Tag Arbitrary Code Execution

Nagios XI / Fusion Detection

Barracuda Spam & Virus Firewall Console Management Detection

Zen Cart index.php typefilter Parameter Traversal Local File Inclusion

Mura CMS FILEID Parameter Directory Traversal

Mura CMS Default Administrator Credentials

Mura CMS Detection

Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities

Syncrify Detection

Zenphoto Detection

OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

NextGEN Smooth Gallery Plugin for WordPress 'galleryID' Parameter SQL Injection

SnortReport nmap.php target Parameter Arbitrary Command Execution

Splunk Default Administrator Credentials (splunkd)

Splunk Default Administrator Credentials (Splunk Web)

Splunk Free Detection

CGI Generic SQL Injection Detection (potential, 2nd order, 2nd pass)

CGI Generic 2nd Order SQL Injection Detection (potential)

phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)

Open-Realty index.php select_users_lang Parameter Traversal Local File Inclusion

FuseTalk Detection

Adobe ColdFusion 'locale' Parameter Directory Traversal

Oracle Business Process Management Detection

Bugzilla 'reporter' field Information Disclosure

Atlassian JIRA ConfigureReport.jspa 'reportKey' Info Disclosure

Xerver Double Slash Authentication Bypass

PHP 5.3 < 5.3.3 Multiple Vulnerabilities

PHP 5.2 < 5.2.14 Multiple Vulnerabilities

TYPO3 Back-end 'index.php' 'redirect_url' Redirect

Huru Helpdesk Component for Joomla! cid[0] Parameter SQL Injection

phpwcms Detection

Apache Struts2 / XWork Remote Code Execution (safe check)

Web Tests Session Expiration Errors

vBulletin Database Credentials Information Disclosure

MapServer Insecure MapServ CGI Command-line Debug Args

MapServer Detection

CGI Generic Open Redirection

CGI Generic On Site Request Forgery (OSRF)

CGI Generic Injectable Parameter

Novell Teaming Default Credentials

Novell Teaming Detection

Pligg Detection

Bugzilla 3.7/3.7.1 Information Disclosure

Oracle Secure Backup Administration Server login.php Authentication Bypass

FireStats Detection

Bitweaver wiki/rankings.php style Parameter Traversal Local File Inclusion

ArtForms Component for Joomla! viewform Parameter SQL Injection

Simple:Press Plugin for WordPress 'value' parameter SQL Injection

Splunk 4.x < 4.0.11/4.1.2 Directory Traversal

IIS 5.x Alternate Data Stream Authentication Bypass

Novell 'modulemanager' Servlet Arbitrary File Upload (safe check)

Novell 'modulemanager' Servlet Arbitrary File Upload (intrusive check)

Microsoft SharePoint Service Help.aspx 'tid' Parameter DoS

Bugzilla 'time-tracking' fields Information Disclosure

Simple Machines Forum Detection

Moodle < 1.9.6 / 1.8.10 Multiple Vulnerabilities

Atlassian JIRA 4.1.x < 4.1.2 Multiple Vulnerabilities

Magnoware DataTrack System Information Disclosure

Magnoware DataTrack System Detection

PRTG Traffic Grapher Detection

Symphony 2.0.6 mode Parameter Local File Inclusion

Symphony Detection

MySQL Enterprise Monitor < 2.1.2 Multiple CSRF

MySQL Enterprise Monitor Web Detection

ManageEngine ADAudit Plus Default Credentials

ManageEngine ADAudit Plus Detection

ManageEngine ADManager Plus Default Credentials

ManageEngine ADManager Plus Detection

Apache Axis2 xsd Parameter Directory Traversal

Apache Axis2 Default Credentials

Apache Axis2 Detection

Dell OpenManage Server Administrator 'HelpViewer' Redirect

TikiWiki tiki-lastchanges.php Empty sort_mode Parameter Information Disclosure

TikiWiki Detection

NolaPro Default Credentials

NolaPro Detection

Open-AudIT include_lang.php language Parameter Traversal Local File Inclusion

e107 BBCode Arbitrary PHP Code Execution

r57shell Backdoor Detection

c99shell Backdoor Detection

RokModule Component for Joomla! moduleid Parameter SQL Injection

Visitor Data Module for Joomla! X-Forwarded-For Arbitrary Command Execution

Campsite TinyMCE plugin 'attachments.php' 'article_id' Parameter SQL Injection

Campsite Detection

TaskFreak! loadByKey() SQL Injection

TaskFreak! Default Credentials

TaskFreak! Detection

Cacti < 0.8.7f Multiple Input Validation Vulnerabilities

Cacti Detection

Ektron CMS400.net TransformXslt Web Service Directory Traversal

Ektron CMS400.NET Default Credentials

Ektron CMS400.NET Detection

CGI Generic XML Injection

CGI Generic Path Traversal (extended test)

CGI Generic Path Traversal (write test)

MODx CMS Detection

Atlassian JIRA Detection

Iomega smbwebclient.php Unauthenticated Filesystem Access

Apache ActiveMQ Web Console Test Pages Information Disclosure

Apache ActiveMQ Unprotected Web Console Detection

Computer Associates XOsoft SOAP Request Username Enumeration (CA20100406)

Properties Component for Joomla! aid Parameter SQL Injection

Joomla! / Mambo Component view Parameter Local File Inclusion

AjaXplorer checkInstall.php Arbitrary Command Injection

AjaXplorer Detection

Apple Mac OS X Wiki Server File Upload Security Bypass

Apple Mac OS X Wiki Server Weblog SACL Security Bypass

Mac OS X Server Web Services Version Detection

MediaWiki Login Cross-Site Request Forgery

SiteX photo.php albumid Parameter SQL Injection

Hyperic HQ Web GUI Default Credentials

Hyperic HQ Web GUI Detection

eScan MWAdmin forgotpassword.php uname Parameter Arbitrary Command Execution

eScan MWAdmin Interface Detection

Remote Help Default Credentials

eFront langname Parameter Traversal Local File Inclusion

Trouble Ticket Express fid Parameter Arbitrary Remote Code Execution

OSSIM download.php Directory Traversal

eclime login.php SQL Injection

eGroupWare spellchecker.php Arbitrary Shell Command Execution

McAfee LinuxShield Login Username Enumeration

CGI Generic Command Execution (time-based)

SilverStripe debug_profile Parameter Information Disclosure

SilverStripe CMS Running in Development Mode

Multiple Adobe Products XML External Entity (XXE) Injection (APSB10-05)

PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities

trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection

trixbox maint Web Interface Default Credentials

FreePBX / PBXconfig Default Credentials

Asterisk Recording Interface (ARI) Default Administrator Credentials

Joomla! JoomlaWorks AllVideos Plugin file Parameter Directory Traversal

GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution

Scriptegrator Plugin for Joomla! files[] Parameter Remote File Inclusion

Web Application SQL Backend Identification

VMware Host Agent Directory Traversal (VMSA-2009-0015)

VMware Host Agent Web Detection

Bugzilla Directory Access Information Disclosure

IBM Tivoli Monitoring Service Console Detection

OCS Inventory NG Server Administration Console header.php login Parameter SQL Injection

OCS Inventory NG Server Administration Console Detection

MoinMoin 'sys.argv' Information Disclosure

MoinMoin Detection

SAP BusinessObjects 'HappyAxis2.jsp' Information Disclosure

SAP BusinessObjects Detection

Joomla! tinybrowser_lang Cookie Local File Inclusion

SilverStripe CMS Detection

HP Web Jetadmin Detection

phpMyAdmin setup.php unserialize() Arbitrary PHP Code Execution (PMASA-2010-3)

CGI Generic Cookie Injection Scripting

Web Server Generic Cookie Injection

CGI Generic Unseen Parameters Discovery

TYPO3 Default Credentials

TYPO3 Detection

HP Power Manager < 4.2.10

DokuWiki ajax.php cmd[del] Parameter Security Bypass

OpenX install.php / install-plugin.php Admin Authentication Bypass

OpenX Source Detection

JS Jobs Component for Joomla! index.php md Parameter SQL Injection

Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection

Joomla! / Mambo Component controller Parameter Local File Inclusion

SQL-Ledger 'admin.pl' Empty Credentials

phpLDAPadmin cmd.php cmd Parameter Local File Inclusion

phpLDAPadmin Detection

Oracle WebLogic Default Credentials

PHP < 5.2.12 Multiple Vulnerabilities

Invision Power Board < 3.0.5 Multiple Vulnerabilities

CGI Generic SQL Injection (blind, time based)

phpShop shop/flypage SQL Injection

phpShop Default Credentials

phpShop Detection

HP OpenView Network Node Manager Multiple Scripts hostname Parameter Remote Command Execution

Kiwi Syslog Server Web Access Login Username Enumeration

Zen Cart extras/curltest.php Information Disclosure

GCalendar Component for Joomla! event.php gcid Parameter SQL Injection

LyftenBloggie Component for Joomla! index.php author Parameter SQL Injection

Pligg login.php return Parameter Arbitrary Site Redirect

RT Session Fixation

RT Default Credentials

RT Detection

AWStats < 6.95 awredir.pl Arbitrary Site Redirect

DotNetNuke Detection

GForge Detection

SugarCRM on Apache / Windows .htaccess Direct Request Arbitrary File Access

CubeCart includes/content/viewProd.inc.php productId Parameter SQL Injection

CGI Generic Local File Inclusion (2nd pass)

PHP 5.3 < 5.3.1 Multiple Vulnerabilities

Movable Type mt-check.cgi System Information Disclosure

HP Power Manager Default Credentials

Jumi Component for Joomla! <= 2.0.5 Backdoor

Jumi Component for Joomla! fileid Parameter SQL Injection

WordPress < 2.8.6 Multiple Vulnerabilities

HP Power Manager Detection

CGI Generic SQL Injection (2nd pass)

CGI Generic SQL Injection (HTTP Headers)

CGI Generic SQL Injection (HTTP Cookies)

CGI Generic SQL Injection (blind)

CGI Generic SSI Injection (HTTP headers)

CubeCart 'admin.php' Authentication Bypass Information Disclosure

CubeCart Admin Authentication Bypass

osCommerce file_manager.php Arbitrary PHP Code Injection (intrusive check)

osCommerce file_manager.php Arbitrary PHP Code Injection

osCommerce Detection

ViewVC Detection

BuildBot WebStatus Detection

Adobe ColdFusion Detection

OSSIM 'host/draw_tree.php' Access Restriction Weakness Information Disclosure

OSSIM Web Frontend Default Credentials

OSSIM Web Frontend Detection

MapServer < 5.4.2 / 5.2.3 / 4.10.5 Buffer Overflow

Drupal SA-CONTRIB-2009-080: Simplenews Statistics Open Redirect

Infoblox IPAM Appliance Default Credentials

Trapeze Service Shell - Admin Service Accessible

CGI Generic Local File Inclusion

CGI Generic Format String

CGI Generic SSI Injection

Adobe RoboHelp Server Security Bypass (APSA09-05 / intrusive check)

Adobe RoboHelp Server Security Bypass (APSA09-05)

IDoBlog Component for Joomla! userid Parameter SQL Injection

Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure

PHP < 5.2.11 Multiple Vulnerabilities

Oracle Secure Backup Administration Server Authentication Bypass

BF Survey Pro Component for Joomla! table Parameter SQL Injection

Browsable Web Directories

ChartDirector for .NET cacheId Parameter Arbitrary File Access

Zmanda Recovery Manager for MySQL socket-server.pl MYSQL_BINPATH Variable Command Execution

Kayako SupportSuite Ticket Subject XSS

FlexCMS Login Cookie SQL Injection

phpSANE file_save Parameter Remote File Include

Web Application Potentially Sensitive CGI Parameter Detection

Google Analytics on An Internal Web Server Detection

Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure

WP-Syntax Plugin for WordPress 'apply_filters' function Command Execution

WordPress < 2.8.4 'wp-login.php' 'key' Parameter Remote Administrator Password Reset (uncredentialed check)

WordPress < 2.8.4 Password Reset

Spiceworks HTTP Response Accept Header Handling Overflow DoS

CMS Made Simple url Parameter Arbitrary File Access

Snitz Forums 2000 <= 3.4.07 register.asp 'Email' Parameter SQL Injection

Snitz Forums 2000 Detection

MODx config.js.php Information Disclosure

CGI Generic Tests HTTP Errors

OpenWrt Router with a Blank Password (telnet check)

phpMyAdmin Installation Not Password Protected

eAccelerator encoder.php File Backup

Ruby on Rails HTTP Digest Authentication Bypass

Log Rover pword Parameter SQL Injection

FCKeditor.Java Connector Servlet 'CurrentFolder' Infinite Loop DoS

FCKeditor 'CurrentFolder' Arbitrary File Upload

Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload

FireStats < 1.6.2 Multiple Vulnerabilities

HP DDMI on Windows Unspecified Remote Agent Access

HP DDMI Web Interface Default Credentials

Movable Type Detection

BASE < 1.2.5 readRoleCookie() Auth Bypass

Basic Analysis and Security Engine Authentication Check

Zen Cart password_forgotten.php Admin Access Bypass

Zen Cart Detection

Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection

PHP < 5.2.10 Multiple Vulnerabilities

CGI Generic Tests Timeout

CGI Generic Remote File Inclusion

CGI Generic Header Injection

CGI Generic Path Traversal

CGI Generic Command Execution

Apache Tomcat RequestDispatcher Directory Traversal Arbitrary File Access

Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass

Sun Java System Directory Server Online Help Feature Information Disclosure

JVideo! Component for Joomla! user_id Parameter SQL Injection

CrashPlan Server Default Administrative Credentials

DokuWiki config_cascade Parameter Remote File Inclusion

WP-Lytebox 'pg' Parameter Local File Inclusion

VICIDIAL Call Center Suite Default Administrative Credentials

VICIDIAL Call Center Suite admin.php SQL Injection

TinyWebGallery lang Parameter Local File Inclusion

Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion

HP System Management Homepage < 3.0.1.73 Multiple Flaws

Flyspeck lang Parameter Local File Inclusion

SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution

Open Virtual Desktop Detection

IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities

Oracle GlassFish Server Administration Console Default Credentials

Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval

LimeSurvey sUser Parameter SQL Injection

Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation

OpenCart route Parameter Local File Inclusion

Symantec Reporting Server Improper URL Handling Exposure

Atmail Webmail / AtmailOpen Webmail Detection

Sun Java System Identity Manager Account Disclosure

ClearSpace Detection

FogBugz Interface Detection

Fortify 360 Web Interface Detection

Linksys WVC54GCA Wireless-G '/img/main.cgi' Information Disclosure

Novell Teaming Login User Account Enumeration Weakness

phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)

phpMyAdmin setup.php save Action Arbitrary PHP Code Injection (PMASA-2009-3)

Geeklog SEC_authenticate Function SQL Injection

Geeklog Detection

HP LaserJet Web Server Unspecified Admin Component Traversal Arbitrary File Access

Jinzora name Parameter Local File Inclusion

phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)

MapServer < 5.2.2 / 4.10.4 Multiple Flaws

Moodle LaTeX Information Disclosure

Tenable Security Center Default Credentials

Sitecore CMS < 5.3.2 rev. 090212 Web Service Security Database Information Disclosure

NextApp Echo XML Parsing Information Disclosure Vulnerability

AWStats 'awstats.pl' Path Disclosure

AWStats Detection

OneOrZero Helpdesk default_language Local File Inclusion

zFeeder admin.php Direct Request Admin Authentication Bypass

Zabbix Web Interface extlang[] Parameter Remote Code Execution

Zabbix Web Interface Detection

Coppermine Photo Gallery keysToSkip Parameter Overwrite

Drupal Theme System Template Local File Inclusion

PHP < 5.2.9 Multiple Vulnerabilities

Moodle Forum 'post.php' Unauthorized Post Deletion CSRF

SquirrelMail HTTPS Session Cookie Secure Flag Weakness

HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)

HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610)

TYPO3 'jumpUrl' Mechanism Information Disclosure

Trend Micro InterScan Web Security Suite Default Credentials

Openfire < 3.6.3 Multiple Vulnerabilities

Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness

Jaws language Parameter Multiple Local File Includes

SocialEngine Blog Plugin category_id Parameter SQL Injection

Meeting Room Booking System (MRBS) month.php area Parameter SQL Injection

phpSlash fields Parameter PHP Code Injection

Profense Web Application Firewall Default Credentials

OpenX fc.php MAX_type Parameter Traversal Local File Inclusion

Horde Horde_Image::factory driver Argument Local File Inclusion

gigCalendar Component for Joomla! gigcal_gigs_id Parameter SQL Injection

Eventing Component for Joomla! index.php catid Parameter SQL Injection

phpList <= 2.10.8 Variable Overwriting

WP-Forum Plugin for WordPress 'forum_feed.php' 'thread' Parameter SQL Injection

Oracle Secure Backup Administration Server login.php Arbitrary Command Injection

XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection

XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal

XOOPS xoopsConfig[language] Parameter Local File Inclusion (DSECRG-08-040)

RoundCube Webmail bin/html2text.php Post Request Remote PHP Code Execution

Pligg evb/check_url.php url Parameter SQL Injection

OneOrZero Helpdesk tinfo.php Arbitrary File Upload

phpList cline Parameter Array Remote File Inclusion

Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities

Live Chat Component for Joomla! last Parameter SQL Injection

Sun Java System Identity Manager Default Credentials

Sun Java System Identity Manager Detection

Moodle 'filter/tex/texed.php' 'pathname' Parameter Remote Command Execution

PHP < 5.2.8 Multiple Vulnerabilities

phpPgAdmin index.php _language Parameter Local File Inclusion

PHP 5 < 5.2.7 Multiple Vulnerabilities

Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass

OraMon config/oramon.ini Information Disclosure

CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion

Apache Struts devMode Information Disclosure

Apache Struts < 2.0.12 / 2.1.3 Dispatcher Directory Traversal

PHPWebAdmin for hMailServer Multiple File Inclusions

Openfire AuthCheck Authentication Bypass

Eaton Network Shutdown Module < 3.20 Authentication Bypass / Command Execution

yappa-ng index.php album Parameter Local File Inclusion

Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access

Ignite Gallery Component for Joomla! index.php gallery Parameter SQL Injection

PhpWebGallery comments.php sort_by Parameter SQL Injection

GForge top/topusers.php offset Parameter SQL Injection

ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite

ASG-Sentry CGI Default Credentials

ASG-Sentry CGI Detection

OpenX ac.php bannerid Parameter SQL Injection

Openads Delivery Engine OA_Delivery_Cache_store() Function name Argument Arbitrary PHP Code Execution

OpenNMS Web Console Default Credentials

OpenNMS Web Console Detection

phpScheduleIt reserve.php start_date Parameter Arbitrary Command Injection

phpScheduleIt Detection

Pluck update.php Remote Privilege Escalation

MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion

Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities

Simple Machines Forum Validation Code Prediction Arbitrary Password Reset

Calendarix Basic cal_cat.php catview Parameter SQL Injection

pluck < 4.5.3 Multiple Local File Include Vulnerabilities

Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure

Simple PHP Blog Detection

Zen Cart products_id[] Array SQL Injection

Moodle 'lib/kses.php' 'kses_bad_protocol_once' Function Arbitrary PHP Code Execution

AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution

TWiki bin/configure image Parameter Traversal Arbitrary File Access/Execution

Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities

Web Server Generic 3xx Redirect

Adobe Dreamweaver dwsync.xml Remote Information Disclosure

dotCMS Multiple Script id Parameter Traversal Local File Inclusion

MailScan WebAdministrator Cookie Authentication Bypass

Joomla! components/com_user/models/reset.php Reset Token Validation Forgery

JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure

Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion

Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access

RTH login.php uname Parameter SQL Injection

e107 download.php extract() Function Variable Overwrite

PHP < 4.4.9 Multiple Vulnerabilities

Pligg settemplate.php template Parameter Local File Inclusion

Plogger plog-download.php checked[] Parameter SQL Injection

XAMPP Example Pages Detection

.svn/entries Disclosed via Web Server

CGI Generic Tests Load Estimation (all tests)

Symphony sym_auth Cookie SQL Injection

Coppermine Photo Gallery include/functions.inc.php _data Cookie lang Parameter Traversal Local File Inclusion

Gregarius ajax.php rsargs[] Parameter Array SQL Injection

fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion

CGI::Session File Driver CGISESSID Cookie Traversal Authentication Bypass

Maian Scripts Cookie Manipulation Authentication Bypass

Mambo < 4.6.5 mos_user_template Local File Inclusion

Xerox CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008)

Dolphin Multiple Scripts Remote File Inclusion

trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion

Sun Java System ASP < 4.0.3 Multiple Vulnerabilities

Sun Java ASP Server Default Admin Password

Wordtrans-web exec_wordtrans Function Arbitrary Command Execution

TrailScout Module For Drupal Session Cookie SQL Injection

nBill component for Joomla! index.php cid Parameter SQL Injection

Trac quickjump Search Script q Parameter Arbitrary Site Redirect

ASP.NET DEBUG Method Enabled

Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Parameter SQL Injection

LifeType for Drupal (pLog) index.php albumId Parameter SQL Injection

AEC Subscription Manager Component usage Parameter SQL Injection

Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access

ViewVC Direct Request CVSROOT Information Disclosure

Site Documentation Module for Drupal Database Tables Access Content Permission Information Disclosure

Mantis manage_user_create.php CSRF New User Creation

Web Site Cross-Domain Policy File Detection

DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQL Injection

Webhosting Component for Joomla catid Parameter SQL Injection

PHP < 5.2.6 Multiple Vulnerabilities

ActualAnalyzer Lite style Parameter Traversal Local File Inclusion

WordPress index.php 'cat' Parameter Local File Inclusion

Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities

XOOPS Article Module article.php id Parameter SQL Injection

WEBrick Encoded Traversal Arbitrary CGI Source Disclosure

HP OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access

Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cookie SQL Injection

Site Sift Listings detail.php id Parameter SQL Injection

OTRS SOAP Interface Unauthenticated Object Manipulation

Sympa Malformed Content-Type Header Remote DoS

Sympa Detection

eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection

my_gallery Plugin for e107 dload.php file Parameter Arbitrary File PHP Source Disclosure

PHP 5.x < 5.2 Multiple Vulnerabilities

Custom Pages for Joomla! index.php cpage Parameter Remote File Inclusion

DotNetNuke Upgrade Process validationkey Generation Weakness Privilege Escalation

Acajoom Component mailingid Parameter SQL Injection

PHPAuction Multiple Script include_path Parameter File Inclusion

XOOPS Dictionary Module print.php id Parameter SQL Injection

MediaWiki JSON Callback Crafted API Request Information Disclosure

netOffice Dwins demoSession Parameter Authentication Bypass

Centreon include/doc/get_image.php img Parameter Traversal Arbitrary File Access

Nukedit utilities/login.asp email Parameter SQL Injection

Hosting Controller hosting/addreseller.asp reseller Parameter Authentication Bypass

Sniplets Plugin for WordPress execute.php 'text' Parameter Arbitrary Command Execution

Coppermine Photo Gallery album Password Cookie SQL Injection

ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities

Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection

Default Password (changeme) for SHOUTcast Server Service Port

Joomla! index.php mosConfig_absolute_path Parameter Remote File Inclusion

osCommerce Customer Testimonials customer_testimonials.php testimonial_id Parameter SQL Injection

Cacti index.php/sql.php Login Action login_username Parameter SQL Injection

ExtremeZ-IP File and Print Server Zidget/HTTP Server Traversal Arbitrary File Access

F5 BIG-IP Web Management Interface Version

Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload

Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass

AkoGallery Component for Mambo / Joomla! index.php id Parameter SQL Injection

Coppermine imageObjectIM.class.php Command Execution Vulnerabilities

SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion

WordPress AdServe 'adclick.php' 'id' Parameter SQL Injection

Smart Publisher index.php filedata Parameter Arbitrary Command Execution

Mambo MOStlyCE Mambot Arbitrary File Rename

WordPress fGallery 'fim_rss.php' 'album' Parameter SQL Injection

vTiger CRM Directory File Disclosure

CandyPress Store admin/utilities_ConfigHelp.asp helpfield Parameter SQL Injection

ManageEngine Applications Manager Invalid URI Remote Information Disclosure

MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite

YaBB SE Cookie Authentication Bypass

Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure

boastMachine mail.php id Parameter SQL Injection

BitDefender Update Server HTTP Request Traversal Arbitrary File Access

MyBB forumdisplay.php sortby Parameter Arbitrary PHP Code Execution

Pixelpost index.php parent_id Parameter SQL Injection

X7 Chat index.php day Parameter SQL Injection

eggBlog index.php eggblogpassword Parameter Cookie SQL Injection

PortalApp forums.asp sortby Parameter SQL Injection

Web Server Malicious JavaScript Link Detection

XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion

Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution

Newbb_plus Module for RunCMS Client-Ip Header SQL Injection

RunCMS Detection

Bitweaver wiki/edit.php suck_url Parameter Traversal Source Code Disclosure

RunCMS Multiple Script lid Parameter SQL Injection

Mort Bay Jetty URL Multiple Slash Character Information Disclosure

Site@School slideshow_full.php album_name Parameter SQL Injection

Atlassian JIRA < 3.12.1 Multiple Vulnerabilities

PHP < 4.4.8 Multiple Vulnerabilities

Zenphoto rss.php albumnr Parameter SQL Injection

CMS Made Simple modules/TinyMCE/content_css.php templateid Parameter SQL Injection

CuteNews search.php files_arch Array Arbitrary File Access

PMOS Help Desk form.php Arbitrary Code Execution

Tikiwiki tiki-listmovies.php movie Parameter Traversal Arbitrary File Access

Plogger plog-rss.php id Parameter SQL Injection

WordPress 'query.php' is_admin() Function Information Disclosure

RaidenHTTPD workspace.php ulang Parameter Local File Inclusion

Centreon fileOreonConf Parameter File Include Vulnerabilities

Firefly Media Server Limited Directory Traversal Admin Credential Disclosure

HP OpenView Network Node Manager Multiple CGI Remote Overflows

Plumtree Portal User Object User Enumeration

Seditio plug.php pag_sub Parameter SQL Injection

Plumtree Portal Default Credentials

GWExtranet gwextranet/scp.dll Multiple Parameter Traversal Local File Inclusion

RunCMS xoopsOption Parameter Local File Inclusion

PHP < 5.2.5 Multiple Vulnerabilities

IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities

HP OpenView Client Configuration Manager Default Credentials

GuppY inc/includes.inc selskin Parameter Traversal Local File Inclusion

Module Builder DownloadModule Traversal Arbitrary File Disclosure

Simple Machines Forum Search.php SQL Injection

TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion

CA Host-Based Intrusion Prevention System Server Default Credentials

LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure

TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution

SWAT Unauthenticated Access (Demo Mode)

Cart32 c32web.exe ImageName Traversal Arbitrary File Access

Original inc/exif.inc.php exif_prog Parameter Arbitrary Command Execution

ADOdb Lite adodb-perf-module.inc.php last_module Parameter Arbitrary Code Execution

Shop-Script admin.php Admin Panel Security Bypass

Mambo / Joomla! Multiple Components mosConfig_live_site Parameter Remote File Inclusion

AWStats is Openly Accessible

Adobe Connect Enterprise Server Information Disclosure

Claroline inc/lib/language.lib.php language Parameter Traversal Local File Inclusion

MapServer Multiple Remote Vulnerabilities

QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection

SecurityReporter < 4.6.3p1 Multiple Vulnerabilities

MDPro index.php topicid Parameter SQL Injection

Joomla! CMS com_search Component default_results.php searchword Parameter Remote Command Execution

VHCS PHPSESSID Cookie Session Fixation

PHP < 5.2.4 Multiple Vulnerabilities

SimpleFAQ Component for Joomla! aid Parameter SQL Injection

EZPhotoSales Multiple Configuration Files Remote Information Disclosure

Help Center Live class/auth.php check_logout Function Admin Authentication Bypass

GMaps Component for Joomla! index.php viewmap Action mapId Parameter SQL Injection

PHP-Blogger pref.db Database Information Disclosure

LinPHA include/img_view.class.php order parameter SQL Injection

CVS (Web-Based) Directory Spider

Expose for Joomla! (com_expose) uploadimg.php Arbitrary File Upload Code Execution

MailMarshal Spam Quarantine Interface Arbitrary Account Password Retrieval

paFileDB includes/search.php categories Parameter SQL Injection

McAfee Common Management Agent 3.6.0.546 Multiple Vulnerabilities

SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow

AsteriDex callboth.php Multiple Parameter CRLF Injection Arbitrary Command Execution

Maia Mailguard login.php lang Parameter Local File Inclusion

ServerView Servername Parameter Arbitrary Command Execution

Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing

Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities

Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS

Packeteer Web Management Interface Authentication

Packeteer Web Management Interface Version Detection

Packeteer Web Management Interface Detection

Calendarix calendar.php Multiple Parameter SQL Injection

FuseTalk index.cfm txForumID Parameter SQL Injection

XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion

JFFNMS auth.php Multiple Parameter SQL Injection

Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities

Symantec Web Security (SWS) Multiple Vulnerabilities

Symantec Web Security Detection

PBLang login.php lang Parameter Local File Inclusion

BASE Authentication Redirect Authentication Bypass

PNphpBB2 index.php c Parameter SQL Injection

XOOPS Multiple Modules spaw_control.class.php spaw_root Parameter Remote File Inclusion

PHP < 5.2.3 Multiple Vulnerabilities

UebiMiau Multiple Input Validation Vulnerabilities

Openfire Admin Console Remote Privilege Escalation

GForge CVSWeb CGI cvsweb.php PATH_INFO Parameter Arbitrary Command Execution

WordPress check_ajax_referer() Function SQL Injection

YaNC yanc.html.php listid Parameter SQL Injection

Thyme event_view.php eid Parameter SQL Injection

Advanced Guestbook index.php lang Cookie Parameter Path Disclosure

RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities

PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities

XAMPP ADOdb mssql_connect Remote Buffer Overflow

myGallery mygallerybrowser.php 'myPath' Parameter Remote File Inclusion

Plesk Multiple Script locale_id Parameter Traversal Arbitrary File Access

WebSpeed Workshop Arbitrary Command Execution

WebSpeed Development Mode Check

XOOPS Jobs Module index.php cid Parameter SQL Injection

TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow (2)

XOOPS WF-Section Module print.php articleid Parameter SQL Injection

PHP < 5.2.1 Multiple Vulnerabilities

PHP < 4.4.5 Multiple Vulnerabilities

XOOPS Articles Module print.php id Parameter SQL Injection

TYPOlight < 2.2.5 Unspecified Vulnerability

RWCards Component for Joomla! index.php category_id Parameter SQL Injection

Moodle 'moodledata/sessions' Session Files Remote Information Disclosure

Webapp.org WebAPP < 0.9.9.6 Multiple Vulnerabilities

Apache mod_jk Long URL Worker Map Stack Remote Overflow

LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass

LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities

WebCalendar includes/functions.php noSet Variable Overwrite

WordPress < 2.1.1 Multiple Script Backdoors

Symantec Mail Security for SMTP Admin Center Default Credentials

getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities

OrangeHRM login.php txtUserName Parameter SQL Injection

SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion

Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access

DokuWiki Detection

ZPanel 2.0 Multiple Script Remote File Inclusion

Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass

phpMyFAQ < 1.6.10 Multiple Script Arbitrary File Upload

Plain Old Webserver URI Traversal Arbitrary File Access

LifeType rss.php profile Parameter Traversal Arbitrary File Access

MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF)

DevTrack Web Service UserName Field SQL Injection

Advanced Poll admin/index.php Session Identifier Replay Authentication Bypass

ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure

ExoPHPDesk faq.php id Parameter SQL Injection

Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution

Drupal Comment Function Arbitrary Code Execution

Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass

CVSTrac Text Output Formatter SQL Injection DoS

LedgerSMB / SQL-Ledger login.pl script Parameter Arbitrary Perl Code Execution

PHProxy Detection

WordPress Pingback File Information Disclosure

Website Baker REMEMBER_KEY Cookie SQL Injection

Oreon lang/index.php file Parameter Remote File Inclusion

WoltLab Burning Board search.php Multiple Parameter SQL Injection

WordPress Trackback 'wp-trackback.php' 'tb_id' Parameter SQL Injection

WordPress Trackback Charset Decoding SQL Injection

Cuyahoga FCKEditor Misconfiguration Unrestricted File Upload

phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities

phpBB < 2.0.22 Multiple Vulnerabilities

Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution

Jinzora Multiple Script include_path Parameter Remote File Inclusion

Cacti copy_cacti_user.php template_user Variable SQL Injection

Cacti cmd.php Multiple Parameter SQL Injection Arbitrary Command Execution

Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure

TYPO3 'spell-check-logic.php' 'userUid' Parameter Arbitrary Command Execution

PHP-Update blog.php Variable Overwriting Arbitrary Code Execution

JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Traversal Arbitrary File Manipulation

JBoss JMX Console Unrestricted Access

PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection

Seditio Detection

phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion

Land Down Under / Seditio polls.php id Parameter SQL Injection

JCE Admin Component for Joomla! jce.php Multiple Vulnerabilities (LFI, XSS)

ThinClientServer Admin Account Creation Privilege Escalation

PHP Easy Download admin/save.php moreinfo Parameter Code Injection

MailEnable NetWebAdmin Unauthorized Access (ME-10019)

Serendipity serendipity_event_bbcode.php Script serendipity[charset] Parameter Local File Inclusion

WoltLab Burning Board Lite wbb_userid Parameter PHP Unset SQL Injection

WoltLab Burning Board Lite thread.php decode_cookie Function threadvisit Cookie Parameter SQL Injection

Etomite CMS index.php id Parameter SQL Injection

ELOG Web LogBook global Denial of Service

Verity Ultraseek < 5.7 Multiple Vulnerabilities

MODx CMS base_path Parameter Remote File Inclusion

Exhibit Engine styles.php toroot Parameter Remote File Inclusion

IBM WebSphere snoopservlet Path Disclosure

IBM WebSphere Application Server '%20' Request Source Disclosure

e107 class2.php e107language_e107cookie Cookie Traversal Local File Inclusion

PunBB include/common.php language Parameter Local File Inclusion

miniBB bb_func_txt.php pathToFiles Parameter Remote File Inclusion

Segue CMS themesettings.inc.php themesdir Parameter Remote File Inclusion

Novell eDirectory iMonitor HTTP Protocol Stack (httpstk) Host HTTP Header Remote Overflow

Hosting Controller Multiple Script ForumID Parameter SQL Injection

IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access

Ingo Foldername Arbitrary Command Execution

Horde Ingo Software Detection

Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure

Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion

phpMyConferences menus.inc.php lvc_include_dir Parameter Remote File Inclusion

Adobe Breeze Directory Traversal Arbitrary File Access

Web Site sitemap.xml File and Directory Disclosure

BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Parameter Remote File Inclusion

Moodle 'index.php' 'tag' Parameter SQL Injection

phpMyAdmin < 2.9.1 Multiple Vulnerabilities

Mambo Open Source usercookie Parameter SQL Injection

HAMweather Template.php do_parse_code Function Arbitrary Code Execution

OpenBiblio < 0.5.2 Multiple Scripts Local File Inclusion

UBB.threads doeditconfig Arbitrary Command Injection

DokuWiki fetch.php Multiple Parameter imconvert Function Arbitrary Command Execution

CakePHP vendors.php file Parameter Traversal Arbitrary File Access

MyReview Admin.php email Parameter SQL Injection

Exponent CMS index.php view Parameter Local File Inclusion

Claroline Software Detection

Limbo com_fm Component sql.php classes_dir Parameter Remote File Inclusion

Site@School Multiple Script cmsdir Parameter Remote File Inclusion

Limbo Contact Component (com_contact) contact.html.php contact_attach Unrestricted File Upload

Dokeos claro_init_local.inc.php extAuthSource Parameter Array Remote File Inclusion

Claroline claro_init_local.inc.php extAuthSource[newUser] Parameter Remote File Inclusion

Moodle < 1.6.2 Multiple Vulnerabilities

TWiki filename Parameter Traversal Arbitrary File Access

RaidenHTTPD check.php SoftParserFileXml Parameter Remote File Inclusion

PHP-Fusion extract() Global Variable Overwriting

DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection

PmWiki < 2.1.21 Global Variables Overwriting

SAP DB / MaxDB WebDBM Client Database Name Remote Overflow

Mailman Utils.py Spoofed Log Entry Injection

WebAdmin < 3.2.6 MDaemon Account Hijacking

Easy Address Book Web Server Query Remote Format String

TikiWiki jhot.php Arbitrary File Upload

Webmin Null Byte Filtering Information Disclosure

e107 ibrowser.php zend_has_del() Function Remote Code Execution

Joomla! < 1.0.11 Unspecified Remote Code Execution

Joomla! < 1.0.11 Multiple Vulnerabilities

CubeCart < 3.0.13 Multiple Remote Vulnerabilities (LFI, SQLi, XSS)

Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc)

Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass

PHProjekt <= 5.1 Multiple Remote File Inclusions

PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities

phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion

WebAdmin < 3.2.5 Multiple Vulnerabilities

osCommerce shopping_cart.php id Array Parameters SQL Injection

Docebo GLOBALS Variable Overwrite Remote File Inclusion

Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion

Zen Cart ipn_main_handler.php custom SQL Injection

Owl Intranet Engine <= 0.91 Multiple Vulnerabilities

CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS)

SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting

WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion

IPCheck Server Monitor Traversal Arbitrary File Access

Ruby on Rails Routing Code URL Code Evaluation DoS

Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure

Barracuda Spam Firewall Default Credentials

phpMyAdmin import_blacklist Variable Overwriting

TWiki configure Script Arbitrary Command Execution

PatchLink Update Server proxyreg.asp Arbitrary Proxy Manipulation

PatchLink Update Server nwupload.asp Traversal Arbitrary File Write

PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection

OpenCms < 6.2.2 Multiple Vulnerabilities

Loudblog index.php id Parameter SQL Injection

X7 Chat upgradev1.php old_prefix Parameter SQL Injection

Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection

IceWarp Multiple Script Remote File Inclusion

VHCS login.php check_login() Function Authentication Bypass

VHCS include/sql.php include_path Parameter Remote File Inclusion

MyBB HTTP Header CLIENT-IP Field SQL Injection

Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion

Trend Micro OfficeScan 7.3 Multiple Vulnerabilities

McAfee Common Management Agent Traversal Arbitrary File Write

SimpleBoard / Joomlaboard Multiple Script sbp Parameter Remote File Inclusion

Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion

LifeType index.php Date Parameter SQL Injection

phpFormGenerator Arbitrary File Upload

SiteBuilder-FX top.php admindir Parameter Remote File Inclusion

Webmin 'miniserv.pl' Arbitrary File Disclosure

FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload

Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion

Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection

BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS)

BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation

w-Agora inc_dir Parameter Remote File Inclusion

Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation

Wikka wikka.php Local File Inclusion

Calendarix Multiple Script id Parameter SQL Injection

OpenEMR C_FormEvaluation.class.php fileroot Parameter Remote File Inclusion

DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution

Pixelpost index.php category Parameter SQL Injection

Claroline Multiple Script includePath Parameter Remote File Inclusion

LifeType index.php articleId Parameter SQL Injection

SquirrelMail plugin.php plugins Parameter Local File Inclusion

e107 email.php Arbitrary Mail Relay

Geeklog auth.inc.php loginname Parameter SQL Injection

BASE Multiple Script BASE_path Parameter Remote File Inclusion

Resin viewfile Servlet Arbitrary File Disclosure

UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion

Sun Server Console Authentication Bypass

Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion

phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion

XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion

FCKeditor upload.php Type Parameter Arbitrary File Upload

Ipswitch WhatsUp Professional Crafted Header Authentication Bypass

Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion

SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion

WebCalendar Login Error Message User Account Enumeration

Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)

Limbo weblinks.html.php catid Parameter SQL Injection

ACal embed/day.php path Parameter Remote File Inclusion

e107 e107_cookie Parameter SQL Injection

Stadtaus Gaestebuch-Script index.php include_files Parameter Remote File Inclusion

IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal)

Claroline ldap.inc.php clarolineRepositorySys Parameter Remote File Inclusion

Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion

AWStats migrate Parameter Arbitrary Command Execution

phpBB Multiple Module phpbb_root_path Parameter Remote File Inclusion

sBLOG search.php keyword Parameter SQL Injection

X7 Chat help/index.php help_file Parameter Local File Inclusion

WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion

phpListPro Multiple Script returnpath Parameter Remote File Inclusions

Monster Top List sources/functions.php root_path Parameter Remote File Inclusion

Limbo CMS sql.php classes_dir Parameter Remote File Inclusion

Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities

Help Center Live osTicket Module Multiple Unspecified SQL Injections

phpMyAgenda rootagenda Parameter File Include Vulnerability

Asterisk Recording Interface (ARI) misc/audio.php recording Parameter Traversal Arbitrary File Access

Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure

phpBB Advanced GuestBook addentry.php phpbb_root_path Parameter Remote File Inclusion

Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities

myEvent Multiple Remote Vulnerabilities

ActualAnalyzer direct.php rf Parameter Remote File Inclusion

Coppermine Photo Gallery index.php file Parameter Local File Inclusion

MyBB global.php Global Parameter Overwrite

phpWebFTP index.php language Parameter Local File Inclusion

Sysinfo name Parameter Arbitrary Code Execution

phpAlbum language.php data_dir Parameter Remote File Inclusion

MODx < 0.9.1a Multiple Vulnerabilities

SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access

Sphider configset.php settings_dir Parameter Remote File Inclusion

phpWebSite index.php hub_dir Parameter Local File Inclusion

PAJAX < 0.5.2 Multiple Vulnerabilities

Simplog <= 0.9.2 Multiple Vulnerabilities

Winmail Server Webmail Unspecified Vulnerability

phpList index.php database_module Parameter Local File Inclusion

Adobe Document Server for Reader Extensions < 6.1 Multiple Vulnerabilities

Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation

Clever Copy connect.inc Direct Request Information Disclosure

Dokeos < 1.6.4 / 2.0.3 Multiple Scripts Remote File Inclusion

Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass

PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion

CubeCart FCKeditor connector.php Arbitrary File Upload

AngelineCMS loadkernel.php installPath Parameter Remote File Inclusion

BASE base_maintenance.php Authentication Bypass

gCards < 1.46 Multiple Vulnerabilities

Claroline Multiple RemoteVulnerabilities (RFI, Traversal, XSS)

Horde Help Viewer Arbitrary Code Execution

PHP Live Helper Multiple Remote File Inclusions

NetworkActiv Web Server Crafted Filename Request Script Source Disclosure

phpBannerExchange Template Class Local File Inclusion

Orion Application Server Crafted Filename Extension JSP Script Source Disclosure

Free Articles Directory index.php page Parameter Remote File Inclusion

PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion

Mambo Open Source Multiple Vulnerabilities

Joomla! < 1.0.8 Multiple Vulnerabilities

Joomla! Detection

CuteNews inc/function.php archive Parameter Arbitrary File Access

Adobe Document Server File URI Arbitrary Resource Manipulation

Adobe Document Server Default Credentials

Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc)

PHP iCalendar publish.ical.php Arbitrary File Upload

PHP iCalendar Cookie Data Traversal Local File Inclusion

Simple PHP Blog install05.php blog_language Parameter Local File Inclusion

Horde go.php url Parameter Arbitrary File Access

Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection

MyBB comma Cookie SQL Injection

MyBB search.php forums Parameter SQL Injection

Pixelpost < 1.5 RC1 showimage Parameter SQL Injection

Gallery stepOrder Parameter Local File Inclusion

SquirrelMail strings.php base_uri Parameter Information Disclosure

Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass

Woltlab Burning Board Multiple SQL Injections

Owl Intranet Engine lib/OWL_API.php xrms_file_root Parameter Remote File Inclusion

Loudblog < 0.42 template Parameter Traversal

4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion

Gallery Install Log Local Information Disclosure

Gallery Zipcart Module Arbitrary File Disclosure

Gallery < 2.0.3 IP Spoofing

Listserv < 14.5 Multiple Buffer Overflows

Limbo CMS index.php Itemid Parameter Arbitrary Command Execution

vBulletin Email Field XSS

imageVue < 16.2 admin/upload.php Unrestricted File Upload

HP System Management Homepage (SMH) on Windows Namazu lang Parameter Traversal Arbitrary File Access

phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution

Coppermine Photo Gallery showdoc.php f Parameter Local File Inclusion

SPIP < 1.8.2-g Multiple Vulnerabilities

NOCC <= 1.0 Multiple Vulnerabilities

Plume CMS < 1.0.3 Remote File Inclusion

Noah's Classifieds <= 1.3 Multiple Vulnerabilities

SquirrelMail < 1.4.6 Multiple Vulnerabilities

PostNuke < 0.762 Multiple Vulnerabilities

ViRobot Linux Server filescan Authentication Bypass

CherryPy staticFilter Traversal Arbitrary File Access

Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Remote Vulnerabilities (LFI, SQLi)

Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure

NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation

MyBB < 1.04 Multiple Vulnerabilities

Flyspray install-0.9.7.php adodbpath Parameter Remote File Inclusion

dotProject docs/ Directory Multiple Script Information Disclosure

dotProject Multiple Scripts Remote File Inclusion

HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access

LinPHA <= 1.0 Multiple Vulnerabilities

PmWiki < 2.1 beta 21 Multiple Vulnerabilities

RunCMS Multiple Script bbPath Parameter Remote File Inclusion

Dragonfly CMS install.php newlang Parameter Local File Inclusion

PHP iCalendar Multiple Script Remote File Inclusion

Loudblog backend_settings.php Multiple Parameter Remote File Inclusion

MyBB Detection

Website Baker Admin Login SQL Injection

MyBB index.php referrer Parameter SQL Injection

Invision Power Board Dragoran Portal Module index.php site Parameter SQL Injection

RCBlog index.php post Parameter Traversal Arbitrary File Access

Limbo CMS Multiple Vulnerabilities

Lyris ListManager Subscription Form Administrative Command Injection

ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS)

Geronimo Console Default Credentials

PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access

Trend Micro ControlManager < 3.0 SP5 Multiple Vulnerabilities

ADOdb server.php sql Parameter SQL Injection

ADOdb tmssql.php do Parameter Arbitrary PHP Function Execution

AppServ appserv/main.php appserv_root Parameter Remote File Inclusion

phpBB < 2.0.19 Multiple XSS

PHP Support Tickets index.php Multiple Parameter SQL Injection

PHPSurveyor Multiple SQL Injections

Web Wiz check_user.asp txtUserName Parameter SQL Injection

phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion

MyBB < 1.01 SQL Injection

Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation

eFiction < 2.0.2 Multiple Remote Vulnerabilities (SQLi, XSS, Disc)

Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS)

Cerberus Support Center Multiple Remote Vulnerabilities (SQLi, XSS)

VisNetic / Merak Mail Server Multiple Remote Vulnerabilities

Webmin 'miniserv.pl' 'username' Parameter Format String

MyBB < 1.0 Multiple SQL Injection Vulnerabilities

PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion

Plogger plog-admin-functions.php config Parameter Remote File Inclusion

FTGate <= 4.4.002 Multiple Remote Vulnerabilities (OF, FS, XSS)

ELOG Remote Buffer Overflow Vulnerabilities

vTiger < 4.5a2 Multiple Vulnerabilities

SimpleBBS topics.php name Parameter Arbitrary Command Execution

phpCOIN < 1.2.2 2005-12-13 Fix-File Multiple Vulnerabilities

The Includer includer.cgi Arbitrary Command Execution

ListManager Error Message Information Disclosure

ListManager < 8.9b Multiple Vulnerabilities

FlatNuke index.php id Parameter Traversal Arbitrary File Access

Contenido contenido/classes/class.inuse.php Multiple Parameter Remote File Inclusion

SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion

MediaWiki Language Option eval() Function Arbitrary PHP Code Execution

Zen Cart password_forgotten.php admin_email Parameter SQL Injection

DUware Multiple Products type.asp iType Parameter SQL Injection

Trac Ticket Query Module group Parameter SQL Injection

PHPX admin/index.php username Parameter SQL Injection

WebCalendar < 1.0.2 Multiple Vulnerabilities

GuppY <= 4.5.9 Multiple Remote Vulnerabilities (Traversal, Code Exec)

PHP Doc System index.php show Parameter Local File Inclusion

Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID)

Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities

Help Center Live module.php file Parameter Local File Inclusion

Mambo Open Source / Joomla! GLOBALS Variable Remote File Inclusion

phpwcms 1.2.5 Multiple Vulnerabilities

phpSysInfo < 2.4.1 Multiple Vulnerabilities

CodeGrrl Applications Remote File Inclusion Vulnerabilities

XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)

Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

Moodle < 1.5.3 Multiple SQL Injection Vulnerabilities

TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities

phpAdsNew XML-RPC Library Remote Code Injection

MailWatch authenticate() Function SQL Injection

Horde Admin Account Default Password

phpWebThings Multiple Scripts SQL Injection

PHPFM Arbitrary File Upload

toendaCMS < 0.6.2.1 Multiple Vulnerabilities

CuteNews Multiple Script Traversal Privilege Escalation

vCard define.inc.php match Parameter Remote File Inclusion

phpBB <= 2.0.17 Multiple Vulnerabilities

Comersus BackOffice comersus_backoffice_menu.asp Multiple Parameter SQL Injection

Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure

e107 Detection

Invision Gallery index.php st Parameter SQL Injection

PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities

GNUMP3d < 2.9.6 Multiple Remote Vulnerabilities (XSS, Traversal)

ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe)

Mantis < 0.19.3 Multiple Vulnerabilities

PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion

phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities

e107 resetcore.php user Field SQL Injection

TWiki %INCLUDE Parameter Arbitrary Command Injection

w-Agora <= 4.2.0 Multiple Vulnerabilities

Gallery main.php g2_itemId Parameter Traversal Arbitrary File Access

WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution

PunBB search.php old_searches Parameter SQL Injection

phpWebSite index.php Search Module SQL Injection

PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection

phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion

MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities

Mailgust Password Reminder email Field SQL Injection

GuppY < 4.5.6a Multiple Vulnerabilities

TWiki Detection

3Com Network Supervisor Traversal Arbitrary File Access

IceWarp Web Mail Multiple Flaws (4)

Alkalay.Net Multiple Scripts Arbitrary Command Execution

Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe)

phpMyFAQ < 1.5.2 Multiple Vulnerabilities

Movable Type < 3.2 Multiple Vulnerabilities

PunBB < 1.2.8 Multiple Vulnerabilities

Land Down Under HTTP Referer Header SQL Injection

Digital Scribe login.php SQL Injection

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

ATutor Password Reminder SQL Injection

vBulletin <= 3.0.9 Multiple Vulnerabilities

CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection

Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities

phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability

Discuz! <= 4.0.0 rc4 Arbitrary File Upload

DeluxeBB Multiple Scripts SQL Injection

Calendar Express Multiple Vulnerabilities (SQLi, XSS)

Sendcard sendcard.php id Parameter SQL Injection

MyBB ratethread.php rating Parameter SQL Injection

MyBB misc.php fid Parameter SQL Injection

PunBB < 1.2.7 Multiple Vulnerabilities

TWiki rev Parameter Arbitrary Command Execution

Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution

Ipswitch WhatsUp Gold <= 8.04 Multiple Vulnerabilities

Land Down Under <= 800 Multiple Vulnerabilities

SaveWebPortal <= 3.4 Multiple Vulnerabilities

Land Down Under <= 801 Multiple Vulnerabilities

LDU Software/Version Detection

AMember Multiple Script config[root_dir] Parameter Remote File Inclusion

Brightmail Control Center Default Password (symantec) for 'admin' Account

Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)

PBLang 4.65 Multiple Vulnerabilities

PBLang < 4.66z Multiple Vulnerabilities

man2web Multiple Scripts Arbitrary Command Execution

WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities

Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities

HP OpenView Network Node Manager Multiple Scripts Remote Command Execution

CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion

Simple Machines Forum Avatar Information Disclosure Vulnerability

phpLDAPadmin custom_welcome_page Parameter File Include Vulnerability

phpLDAPadmin Anonymous Bind Security Bypass Vulnerability

PostNuke <= 0.760 RC4b Multiple Vulnerabilities

MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities

Woltlab Burning Board modcp.php Multiple Parameter SQL Injection

Looking Glass Multiple Vulnerabilities

AutoLinks Pro 'al_initialize.php alpath Parameter Remote File Inclusion

phpWebNotes core/api.php t_path_core Parameter File Inclusion

FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution

phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities

Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities

YaPiG <= 0.9.5b Multiple Vulnerabilities

paFileDB auth.php pafiledbcookie Cookie SQL Injection

RunCMS <= 1.2 Multiple Vulnerabilities

Netquery <= 3.11 nquser.php host Parameter Arbitrary Command Execution

WebCalendar send_reminders.php includedir Parameter Remote File Inclusion

Ultimate PHP Board users.dat Multiple Vulnerabilities

SugarCRM Detection

PHP TopSites setup.php Administration Authentication Bypass

PHP Surveyor Multiple Vulnerabilities

w-Agora index.php site Parameter Traversal Arbitrary File Access

Mantis < 1.0.0rc2 Multiple Vulnerabilities

Xaraya Software/Version Detection

Gallery PostNuke Integration Access Validation Privilege Escalation

ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI)

SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities

AWStats Referrer Header Arbitrary Command Execution

WordPress Cookie 'cache_lastpostdate' Parameter PHP Code Injection

Gravity Board X <= 1.1 Multiple Vulnerabilities (SQLi, XSS, PD, Cmd Exe)

SilverNews < 2.0.4 Multiple Vulnerabilities

FlatNuke < 2.5.6 Multiple Remote Vulnerabilities

Jaws BlogModel.php path Parameter Remote File Inclusion

Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)

Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc)

Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection

Kayako LiveResponse Multiple Vulnerabilities

Simplicity oF Upload download.php language Parameter Local File Inclusion

phpList Detection

PHP-Fusion <= 6.00.106 Multiple Vulnerabilities

WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection

Community Link Pro login.cgi file Parameter Arbitrary Command Execution

Netquery <= 3.1 Multiple Vulnerabilities

FtpLocate flsearch.pl fsite Parameter Remote File Inclusion

Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion

SAP Internet Graphics Server (IGS) Traversal Arbitrary File Access

PHPNews auth.php Multiple Parameter SQL Injection

osCommerce update.php readme_file Parameter Arbitrary File Disclosure

Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities

Hosting Controller Software Detection

osCommerce Unprotected Admin Directory

PHPAuction Admin Authentication Bypass

IBM Lotus Domino Server time/date Fields Remote Overflow

MediaWiki Detection

PHP-Fusion <= 6.00.105 Multiple Vulnerabilities

VP-ASP Multiple Script SQL Injection

Phpauction <= 2.5 Multiple Vulnerabilities

Sybase EAServer WebConsole jaqadmin Default Password

Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities

Moodle < 1.5.1 Multiple Vulnerabilities

Moodle Detection

PPA functions.inc.php config[ppa_root_path] Parameter Remote File Inclusion

SPiD lang.php lang_path Remote File Inclusion

phpSecurePages cfgProgDir Variable File Include Vulnerabilities

PunBB < 1.2.6 Multiple Vulnerabilities

Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities (ID, more)

Jinzora Multiple Script include_path Parameter Remote File Inclusion (2)

Sambar Server search.pl results.stm Overflow DoS

Comersus Cart Multiple Vulnerabilities (SQLi, XSS)

Drupal Unspecified Privilege Escalation

Drupal XML-RPC for PHP Remote Code Injection

Drupal Public Comment/Posting Arbitrary PHP Code Execution

Drupal Software Detection

phpPgAdmin index.php formLanguage Parameter Local File Inclusion

phpWebSite <= 0.10.1 Multiple Vulnerabilities

YaPiG Password Protected Directory Bypass

phpBB < 2.0.17 Nested BBCode URL Tags XSS

Geeklog User Comment Retrieval SQL Injection

PHPNews news.php prevnext Parameter SQL Injection

Cacti < 0.8.6f Multiple Vulnerabilities (Priv Esc, Cmd Exe)

Nabopoll survey.inc.php path Parameter Remote File Inclusion

EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion

XOOPS < 2.0.12 Multiple Vulnerabilities

XOOPS Detection

osTicket <= 1.3.1 Multiple Vulnerabilities

WordPress < 1.5.1.3 XMLRPC SQL Injection

Serendipity XML-RPC for PHP Remote Code Injection

phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution

webadmin.php show Parameter Arbitrary File Access

WebCalendar Detection

WebCalendar assistant_edit.php Unauthorized Access

DUportal Pro Multiple Scripts SQL Injection (2)

DUpaypal Pro Multiple Scripts SQL Injection

DUforum Multiple Scripts SQL Injection

DUclassmate Multiple Scripts SQL Injection

DUamazon Pro Multiple Scripts SQL Injection

K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution

Simple Machines Forum msg Parameter SQL Injection Vulnerability

Ipswitch WhatsUp Professional Login.asp Multiple Field SQL Injection

Cacti < 0.8.6e Multiple Vulnerabilities (SQLi, RFI)

MercuryBoard User-Agent SQL Injection

i-Gallery <= 3.3 Multiple Vulnerabilities

paFAQ 1.0 Beta 4 Multiple Vulnerabilities

JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID)

YaPiG < 0.95b Multiple Vulnerabilities

Sawmill < 7.1.6 Multiple Vulnerabilities

SquirrelMail < 1.45 Multiple Vulnerabilities

Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities

ViRobot Linux Server addschup Multiple Overflows

e107 eTrace Plugin dotrace.php Arbitrary Code Execution

WebHints hints.pl Arbitrary Command Execution

JamMail jammail.pl mail Parameter Arbitrary Command Execution

e107 ePing Plugin doping.php Arbitrary Code Execution

Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion

Invision Gallery < 1.3.1 Multiple SQL Injections

Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)

ProductCart Multiple Scripts SQL Injection

FlexCast Server Terminal Authentication Unspecified Remote Issue

WordPress 'template-functions-category.php' 'cat_ID' Parameter SQL Injection

Qualiteam X-Cart Multiple Vulnerabilities

Exhibit Engine list.php Multiple Parameter SQL Injection

Calendarix Multiple Vulnerabilities (SQLi, XSS)

Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi

Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities

Athena Web Registration athenareg.php pass Parameter Command Execution

Listserv < 14.3-2005a Multiple Vulnerabilities

MaxWebPortal memKey Parameter SQL Injection

Hosting Controller addsubsite.asp Security Bypass

Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)

PostNuke <= 0.760 RC4a Multiple Vulnerabilities

Netref cat_for_gen.php Arbitrary PHP Command Injection

Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection

WordPress < 1.5.1 Multiple Vulnerabilities

PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities

Serendipity < 0.8.1 Multiple Vulnerabilities

WordPress Detection

Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF)

NETFile Default Credentials

Woltlab Burning Board verify_email Function SQL Injection

WebAPP apage.cgi f Parameter Arbitrary Command Execution

MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities

JGS-Portal for WoltLab Burning Board Multiple Vulnerabilities (SQLi, XSS)

web-app.org WebAPP Encoded Request .dat File Disclosure

WebAPP Detection

Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities

OpenBB < 1.0.9 Multiple Vulnerabilities

CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID)

Dream4 Koobi CMS index.php area Parameter SQL Injection

Woltlab Burning Board Detection

MaxWebPortal <= 1.35 Multiple Vulnerabilities

boastMachine users.inc.php File Extension Validation Arbitrary File Upload

Woppoware PostMaster <= 4.2.2 Multiple Vulnerabilities

Bugzilla < 2.18.1 Multiple Information Disclosures

NETFile FTP/Web Server Directory Traversal Arbitrary File Access

e107 search.php search_info Parameter Traversal Arbitrary File Inclusion

WowBB view_user.php Multiple Parameter SQL Injection

MyServer 0.8 Multiple Vulnerabilities

Advanced Guestbook index.php entry Parameter SQL Injection

4D WebSTAR Tomcat Plugin Remote Buffer Overflow

PHP Advanced Transfer Manager <= 1.21 Multiple Vulnerabilities

Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)

Interspire ArticleLive Multiple Remote Vulnerabilities (XSS, Auth Bypass)

osTicket <= 1.2.7 Multiple Vulnerabilities

Open WebMail Shell Escape Arbitrary Command Execution

bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)

Trend Micro TMCM Console Management Detection

Websense Reporting Console Detection

phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities

Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)

PHP-Calendar includes/search.php Multiple Parameter SQL Injection

yappa-ng < 2.3.2 Multiple Vulnerabilities

ArGoSoft Mail Server Pro <= 1.8.7.6 Multiple Vulnerabilities (XSS, Traversal, Priv Esc)

Horde Turba Detection

Horde Nag Detection

Horde Mnemo Detection

phpBB <= 2.0.14 Multiple Vulnerabilities

MailEnable HTTPMail Service Authorization Header Remote Overflow

DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)

Coppermine Photo Gallery < 1.3.2 Multiple SQL Injections

UBB.threads < 6.5.2 beta Multiple Vulnerabilities

phpBB Knowledge Base Module kb.php cat Parameter SQL Injection

Monkey HTTP Daemon (monkeyd) < 0.9.1 Multiple Vulnerabilities

Serendipity exit.php Multiple Parameter SQL Injection

Serendipity Detection

phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities

IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure

XAMPP < 1.4.14 Multiple Vulnerabilities

MediaWiki Multiple Remote Vulnerabilities

PHP < 4.3.11 / 5.0.3 Multiple Unspecified Vulnerabilities

Invision Power Board index.php Members Action st Parameter SQL Injection

ModernBill <= 4.3.0 Multiple Vulnerabilities

phpBB up.php Arbitrary File Upload

PunBB profile.php id Parameter SQL Injection

CubeCart <= 2.0.6 Multiple SQL Injections

CubeCart Detection

Active Auction Multiple Vulnerabilities (SQLi, XSS)

RunCMS Remote Arbitrary File Upload

ProductCart Multiple Input Validation Vulnerabilities

SiteEnable Multiple Input Validation Vulnerabilities

PHP 5.x < 5.2.2 Information Disclosure

PHP 4.x < 4.3.0 ZendEngine Integer Overflow

PHP Symlink Function Race Condition open_basedir Bypass

PHP mb_send_mail() Function Parameter Security Bypass

PHP ip2long Function String Validation Weakness

PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass

PHP 5.1.x < 5.1.5 Multiple Vulnerabilities

PHP 5.1.x < 5.1.2 Multiple Vulnerabilities

PHP 5.x < 5.1.0 Multiple Vulnerabilities

PHP < 4.4.4 Multiple Vulnerabilities

Apache on Windows mod_alias URL Validation Canonicalization CGI Source Information Disclosure

MaxWebPortal <= 1.33 Multiple Vulnerabilities

PHP Multiple Image Processing Functions File Handling DoS

Mambo Detection

ASP PortalApp Multiple SQL Injection

Squirrelcart index.php Multiple Parameter SQL Injection

PhotoPost < 5.1 Multiple Input Validation Vulnerabilities

PhotoPost PHP Detection

Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration

XMB Forum < 1.9.10 Multiple Vulnerabilities

CoolForum Multiple Vulnerabilities (SQLi, XSS)

Phorum search.php location Parameter HTTP Response Splitting

osCommerce file_manager.php filename Parameter Traversal Arbitrary File Access

Icecast XSL Parser Multiple Vulnerabilities (OF, ID)

Aventail ASAP Platform Management Console Detection

paNews 2.0.4b Multiple Input Validation Vulnerabilities

WebShield Appliance Detection

Fortinet FortiGate Web Console Management Detection

Phorum Detection

IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure

paFileDB <= 3.1 Multiple Vulnerabilities (2)

SimpGB guestbook.php quote Parameter SQL Injection

paFileDB Detection

Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)

UBB.threads editpost.php Number Parameter SQL Injection

UBB.threads Detection

PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities

Zorum <= 3.5 Multiple Remote Vulnerabilities

NewsScript newsscript.pl mode Parameter Privilege Escalation

Hosting Controller HCDiskQuoteService.csv Direct Request Information Disclosure

CopperExport XP_Publish.PHP SQL Injection Vulnerability

phpBB <= 2.0.13 Multiple Vulnerabilities

phpMyFAQ Forum Message username Field SQL Injection

phpMyFAQ Detection

Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion

vBulletin Detection

CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities

TYPO3 'cmw_linklist Extension' 'category_uid' Parameter SQL Injection

CubeCart < 2.0.6 settings.inc.php Multiple Script XSS

phpList <= 2.6.3 Multiple Vulnerabilities

SquirrelMail S/MIME Plug-in Remote Command Execution

CuteNews Detection

paNews Detection

PHPNews auth.php path Parameter Remote File Inclusion

phpCOIN <= 1.2.1b Multiple Vulnerabilities

Trend Micro IMSS Console Management Detection

PostNuke <= 0.760 RC2 Multiple Vulnerabilities

FCKeditor for PHP-Nuke Arbitrary File Upload

CubeCart < 2.0.5 Multiple Vulnerabilities

phpBB <= 2.0.12 Multiple Vulnerabilities

PunBB < 1.2.2 Multiple Input Validation Vulnerabilities

phpWebSite Image Announcement Upload Arbitrary Command Execution

phpWebSite Detection

phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions

phpMyAdmin Detection

OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities

vBulletin misc.php template Parameter PHP Code Injection

TWiki ImageGalleryPlugin Shell Command Injection

PBLang BBS <= 4.65 Multiple Vulnerabilities

phpBB <= 2.0.11 Multiple Vulnerabilities

Invision Power Board Software Detection

paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection

Trend Micro IWSS Console Management Detection

Mambo Open Source Tar.php Remote File Inclusion

BizMail bizmail.cgi Arbitrary Mail Relay

TrackerCam Multiple Remote Vulnerabilities

pMachine mail_autocheck.php Arbitrary Code Execution

Blazix Trailing Character JSP Source Disclosure

WebCalendar login.php webcalendar_session Cookie SQL Injection

DCP-Portal Multiple Scripts SQL Injection

CitrusDB Static id_hash Admin Authentication Bypass

ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal)

AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)

vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution

Sympa src/queue.c queue Utility Local Overflow

ArGoSoft Mail Server Multiple Traversals

Mailman private.py true_path Function Traversal Arbitrary File Access

Mailman Detection

PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access

PHP-Fusion Detection

PerlDesk kb.cgi view Parameter SQL Injection

Chipmunk CMScore Multiple Script SQL Injection

Chipmunk Forum Multiple SQL Injections

Mambo Site Server Multiple Vulnerabilities

Mambo Global Variables Unauthorized Access

Xoops Incontent Module Traversal Arbitrary PHP File Source Disclosure

Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD)

phpPgAds dest Parameter HTTP Response Splitting

CoolForum Multiple SQL Injections

IceWarp Web Mail Multiple Flaws (3)

Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access)

Exponent CMS Multiple Script pathos_core_version Parameter Path Disclosure

TikiWiki File Upload temp Directory Arbitrary Script Execution

SquirrelMail < 1.4.4 Multiple Vulnerabilities

GForge Multiple Script Traversal Arbitrary Directory Listing

Siteman < 1.1.11 Multiple Vulnerabilities

PHPLinks Multiple Input Validation Vulnerabilities

phpMyWebHosting Authentication SQL Injection

vBulletin includes/init.php Unspecified Vulnerability

phpBB < 2.0.11 Multiple Vulnerabilities

JAWS index.php gadget Parameter Traversal Arbitrary File Access

ITA Forum Multiple Scripts SQL Injection

AWStats awstats.pl configdir Parameter Arbitrary Command Execution

Novell GroupWise WebAccess Error Handler Authentication Bypass

SiteMinder smpwservicescgi.exe Arbitrary Site Redirect

Minis minis.php month Parameter Traversal Arbitrary File Access

ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion

Novell GroupWise WebAccess WebAccessUninstall.ini Information Disclosure

IBM Websphere Commerce Database Update Information Disclosure

MPM Guestbook Pro top.php Traversal Arbitrary File Access

Movable Type mt.cfg Information Disclosure

Movable Type mt-load.cgi Privilege Escalation

IlohaMail Configuration Scripts Remote Disclosure

Invision Community Blog Module eid Parameter SQL Injection

Macallan Mail Solution Web Interface Authentication Bypass

MyBB member.php uid Parameter SQL Injection

IlohaMail Multiple Configuration Files Remote Information Disclosure

VideoDB < 2.0.2 Multiple Vulnerabilities

Simple PHP Blog comments.php Traversal Arbitrary File Access

GNU Mailman Multiple Unspecified Remote Vulnerabilities

PHPWind Board faq.php skin Parameter Remote File Inclusion

Greymatter 1.3 Multiple Vulnerabilities

FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution

IBProArcade index.php Arcade Module gameid Parameter SQL Injection

PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion

WHM AutoPilot < 2.5.20 Multiple Remote Vulnerabilities

SHOUTcast Server Filename Handling Format String

Owl < 0.74.0 Multiple Vulnerabilities

ViewCVS < 1.0.0 Multiple Vulnerabilities

e107 Image Manager Unauthorized File Upload

Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)

ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities

2BGal disp_album.php id_album Parameter SQL Injection

Namazu < 2.0.14 Multiple Vulnerabilities

e_Board index2.cgi message Parameter Traversal Arbitrary File Access

WordPress < 1.5.1 Multiple XSS and SQL Injection Vulnerabilities

WordPress < 1.2.2 Multiple Vulnerabilities

Singapore Gallery < 0.9.11 Multiple Vulnerabilities

Ikonboard ikonboard.cgi Multiple Parameter SQL Injection

phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities

phpGroupWare Detection

SIR GNUBoard Remote File Inclusion

Ocean12 ASP Calendar Administrative Access

PHP < 4.3.10 / 5.0.3 Multiple Vulnerabilities

iWebNegar Multiple Scripts SQL Injection

ASP-Rider verify.asp username Parameter SQL Injection

SugarSales Multiple Module Traversal Arbitrary File Access

PhpDig < 1.8.5 Unspecified Vulnerability

phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities

PunBB Search Dropdown Private Forum Disclosure

PunBB Detection

IlohaMail < 0.8.14RC1 Unspecified Vulnerability

F-Secure Policy Manager Path Disclosure

PHP Live! directory/conf File Include Unspecified Issue

Blog Torrent < 0.81 btdownload.php Multiple Vulnerabilities

paFileDB sessions Directory Admin Hashed Password Disclosure

Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities

PAFileDB Multiple Script Error Message Path Disclosure

PHProjekt setup.php Authentication Bypass Arbitrary Code Execution

Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval

PHPNews sendtofriend.php SQL Injection

PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access

Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access

KorWeblog < 1.6.2 Multiple Vulnerabilities

Nucleus CMS < 3.15 Multiple Vulnerabilities

WebGUI user profile Unspecified Vulnerability

PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities

phpBB viewtopic.php highlight Parameter SQL Injection

phpBB Detection

Invision Power Board sources/post.php qpid Parameter SQL Injection

Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection

phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification

miniBB index.php user Parameter SQL Injection

phpBB Cash_Mod admin_cash.php Arbitrary Command Execution

PowerPortal index.php index_page Parameter SQL Injection

Webman I-Mall i-mall.cgi Arbitrary Command Execution

CVSTrac Detection

PostNuke Detection

eGroupWare Detection

EGroupWare Multiple Vulnerabilities (SQLi, ID)

SquirrelMail decodeHeader Arbitrary HTML Injection

Goollery < 0.04b Multiple Vulnerabilities

phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion

Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS

PHP < 3.0 mylog.html/mlog.html Arbitrary File Access

Mantis < 0.19.1 Multiple Vulnerabilities

IceWarp Web Mail Multiple Flaws (2)

Moodle < 1.4.3 Multiple Vulnerabilities

Gallery Unspecified HTML Injection

Horde Software Detection

Bugzilla Multiple Remote Command Execution

Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow

Bugzilla < 2.16.7 / 2.18.0rc3 Multiple Information Disclosures

UBB.threads dosearch.php SQL injection

WowBB <= 1.61 Multiple Vulnerabilities

DevoyBB Multiple Remote Vulnerabilities (SQLi, XSS)

Serendipity Multiple Script HTTP Response Splitting

Netbilling nbmember.cgi cmd Parameter Information Disclosure

IdealBB Multiple Vulnerabilities (XSS, SQLi, more)

Coppermine Photo Gallery Voting Restriction Bypass

Coppermine Photo Gallery Detection

Open WebMail userstat.pl Arbitrary Command Execution

CoolPHP 1.0 Multiple Vulnerabilities

phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution

BugPort Attached File Handling Unspecified Issue

IceWarp Web Mail Multiple Flaws (1)

ocPortal index.php req_path Parameter Remote File Inclusion

bBlog rss.php p Parameter SQL Injection

CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi)

DUware Products Multiple Remote Vulnerabilities (SQLi, XSS)

Zanfi CMS Lite index.php inc Parameter Remote File Inclusion

GoSmart Message Board Multiple Vulnerabilities (SQLi, XSS)

BlackBoard Internet Newsboard System checkdb.inc.php libpath Parameter Remote File Inclusion

WordPress 'wp-login.php' HTTP Response Splitting

CubeCart index.php cat_id Parameter SQL Injection

w-Agora Multiple Script Traversal Arbitrary File Access

PHP php_variables.c Multiple Variable Open Bracket Memory Disclosure

PHP-Fusion 4.01 Multiple Vulnerabilities

Silent-Storm Portal Multiple Input Validation Vulnerabilities

w-Agora 4.1.6a Multiple Input Validation Vulnerabilities

Icecast MP3 Client HTTP GET Request Remote Overflow

Icecast Encoded Traversal Arbitrary File Access

Vignette Application Portal Diagnostic Utility Information Disclosure

Serendipity < 0.7.0beta3 Multiple Vulnerabilities

PD9 MegaBBS Multiple Vulnerabilities

@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion

BroadBoard Multiple Script SQL Injection

Pinnacle ShowCenter Skin DoS

aspWebAlbum album.asp SQL Injection

aspWebCalendar calendar.asp SQL Injection

YaBB 1 Gold < 1.3.2 Multiple Input Validation Vulnerabilities

Emulive Server4 Authentication Bypass

TUTOS < 1.1.20040412 Multiple Input Validation Issues

phpMyBackupPro < 1.0.0 Unspecified Input Validation Issues

BBS E-Market Professional index.php filename Parameter Traversal Arbitrary File Access

vBulletin authorize.php x_invoice_num Parameter SQL Injection

TUTOS < 1.2 Multiple Input Validation Vulnerabilities

YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities

PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload

PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access

WebLogic < 8.1 SP3 Multiple Vulnerabilities

Turbo Seek tseekdir.cgi location Parameter Arbitrary File Access

OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness

OpenCA Multiple Signature Validation Bypass

Simple Form Subject Tags Arbitrary Mail Relay

MailEnable Professional HTTPMail GET Request Remote Overflow

MailEnable HTTPMail Service Content-Length Header Overflow

MailEnable HTTPMail Service Authorization Header Handling Remote DoS

IlohaMail Unspecified Database Password Disclosure Weakness

IlohaMail Multiple External Programs Arbitrary Command Execution

IlohaMail Forged GET/POST Arbitrary Contacts Deletion

IlohaMail Attachment Arbitrary File Create/Overwrite

IlohaMail index.php session Parameter Arbitrary File Access

IlohaMail index.php init_lang Parameter Arbitrary File Access

IlohaMail Software Detection

TorrentTrader download.php id Parameter SQL Injection

WebMatic Unspecified Login Function Access Vulnerability

Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities

HastyMail HTML Attachment Script Execution

WebAPP Directory Traversal

TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities

INL ulog-php port.php proto Parameter SQL Injection

TikiWiki Unauthorized Page Access

PHP-Fusion Database Backup Disclosure

AWStats rawlog.pm logfile Parameter Arbitrary Command Execution

Gallery save_photos.php Arbitrary Command Execution

MyDMS < 1.4.3 Multiple Vulnerabilities

ZixForum ZixForum.mdb DIrect Request Database Disclosure

Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities

Trend Micro Scanmail for Domino nsf File Information Disclosure

BasiliX Application Detection

Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure

Basilix Webmail Attachment Crafted POST Arbitrary File Access

BasiliX login.php3 username Variable Arbitrary Command Execution

Sympa wwsympa.fcgi Unauthorised List Creation

Sympa wwsympa Invalid LDAP Password Remote DoS

Sympa wwsympa do_search_list Overflow DoS

phpGroupWare Multiple Module SQL Injection

phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution

phpGroupWare Unspecified Remote File Inclusion

phpGroupWare Admin/Setup Password Cleartext Cookie Storage

phpGroupWare index.php Addressbook XSS

CVSTrac timeline.c timeline_page Function Overflow

CVSTrac Ticket Title Arbitrary Command Execution

CVSTrac Malformed URI Infinite Loop DoS

CVSTrac chdir() chroot Jail Escape

CVSTrac Invalid Ticket DoS

CVSTrac history.c history_update Function Overflow

CVSTrac Database Plaintext Password Storage

CVSTrac cgi.c Multiple Overflows

CVSTrac CVSROOT/passwd Arbitrary Account Deletion

YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution

phpMyFAQ index.php action Parameter Local File Inclusion

Microsoft Outlook Web Access (OWA) Version Detection

GoScript go.cgi Arbitrary Command Execution

ASPrunner 2.4 Multiple Vulnerabilities

PSCS VPOP3 messagelist.html msglistlen Parameter DoS

SquirrelMail < 1.4.3 Multiple Vulnerabilities

Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection

phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection

Simple Form Multiple Parameter Arbitrary Mail Relaying

RiSearch show.pl Arbitrary File Access

Open WebMail Detection

CVSTrac filediff Arbitrary Remote Code Execution

Basilix Webmail id Variable SQL Injection

Nucleus CMS action.php itemid Parameter SQL Injection

Polar HelpDesk Authentication Bypass

Tivoli Directory Server ldacgi.exe Template Parameter Traversal Arbitrary File Access

PostNuke Install Script Admin Password Disclosure

phpMyFAQ Image Upload Authentication Bypass

AntiBoard antiboard.php Multiple Parameter SQL Injection

Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)

MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities

RiSearch show.pl Open Proxy Relay

osTicket open.php Support Address Crafted Mail Loop Remote DoS

osTicket Detection

Horde Chora Software Detection

OpenDocMan Access Control Bypass

EasyWeb FileManager pathtext Traversal Arbitrary File/Directory Access

Mensajeitor Tag Board Admin Bypass

phpBB < 2.0.9 Multiple Vulnerabilities

PHP < 4.3.8 Multiple Vulnerabilities

osTicket Arbitrary Attachment Disclosure

osTicket setup.php Accessibility

osTicket Form Field Modification File Upload Size Restriction Bypass

osTicket Attachment Handling File Upload Arbitrary Code Execution

Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more)

SquirrelMail Detection

IMP Software Detection

Open WebMail vacation.pl Arbitrary Command Execution

Inktomi Search MS-DOS Device Name Request Path Disclosure

Dell OpenManage Server Administrator Detection

Horde Chora CVS Viewer diff Utility Arbitrary Command Execution

Gallery init.php Authentication Bypass

US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure

MS04-017: Crystal Reports Web Viewer Could Allow Information Disclosure and DoS (842689) (uncredentialed check)

EDIMAX EW-7205APL Wireless AP Default Password Check

Invision Power Board ssi.php f Parameter SQL Injection

NETGEAR Wireless Access Point Hardcoded Default Password

jPortal print.inc.php id Parameter SQL Injection

RealServer /admin/Docs/default.cfg Information Disclosure

Java (.java / .class) Source Code Disclosure

Terminal Services Web Detection

HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more)

Nuked-Klan index.php user_langue Parameter Traversal Arbitrary File Access

Ultimate PHP Board add.php Direct Request Information Disclosure

Aborior Encore WebForum display.cgi file Parameter Command Execution

Apache Tomcat source.jsp Arbitrary Directory Listing

HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access

cPanel <= 9.1.0 Multiple Vulnerabilities

cfWebStore Multiple Vulnerabilities (SQLi, XSS)

Emumail WebMail Multiple Remote Vulnerabilities (XSS, Disc)

HotOpentickets Privilege Escalation

SpiderSales Shopping Cart SQL injection

Netscape Enterprise Server Default Files Present

TalentSoft Web+ webplus.exe Path Disclosure

X-News Password MD5 Hash Authentication Bypass

ShopCartCGI Multiple Script Traversal Arbitrary File Access

Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities

SandSurfer < 1.7.0 User Authentication Bypass

BEA WebLogic config.xml Operator/Admin Password Disclosure

ReviewPost PHP Pro Multiple Script SQL Injections

phpMyAdmin export.php what Parameter Traversal Arbitrary File Access

Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution

Photopost PHP Pro photo Parameter SQL Injection

PJ CGI Neo PJreview_Neo.cgi p Parameter Traversal Arbitrary File Access

phpGedView Arbitrary File Access / Remote File Inclusion

Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution

JBrowser _admin/ Direct Request Admin Authentication Bypass

Aprox PHP Portal index.php Arbitrary File View

Gallery HTTP Global Variables File Inclusion

PHPix index.phtml Multiple Parameter Arbitrary Command Execution

Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion

XTreme ASP Photo Gallery adminlogin.asp Multiple Parameter SQL Injection

PhpDig config.php relative_script_path Parameter Remote File Inclusion

vBulletin calendar.php eventid Parameter SQL Injection

HotNews Multiple Script Remote File Inclusion

EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion

QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access

BulletScript MailList bsml.pl Information Disclosure

PHPCatalog id Parameter SQL Injection

PHP-Ping php-ping.php count Parameter Arbitrary Command Execution

SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure

VP-ASP shopsearch SQL Injection

CuteNews Debug Info Disclosure

Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow

phpBB < 2.0.7 Multiple Script SQL Injection

My_eGallery < 3.1.1g Remote File Inclusion

Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID)

TheServer server.ini Direct Request Cleartext Credentials Disclosure

Les Visiteurs Multiple Remote File Inclusion

myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion

Gallery index.php GALLERY_BASEDIR Parameter Remote File Inclusion

PayPal Store Front index.php page Parameter Remote File Inclusion

Microsoft IIS ODBC Tool getdrvrs.exe DSN Creation

WordPress 'blog.header.php' Multiple Parameter SQL Injection

PHP < 4.3.3 Multiple Vulnerabilities

myPHPNuke My_eGallery gallery/displayCategory.php basepath Parameter Remote File Inclusion

EZsite Forum Discloses Passwords to Remote Users

myPHPNuke phptonuke.php filnavn Parameter Traversal Arbitrary File Access

Stellar Docs Malformed Query Path Disclosure

phpWebSite < 0.9.x Multiple Vulnerabilities

PHP < 4.3.3 php_check_safe_mode_include_dir Function Safemode Bypass

paFileDB <= 3.1 Multiple Vulnerabilities (1)

e107 db.php User Database Disclosure

ashNews 0.83 Multiple Vulnerabilities

Forum51/Board51/News51 Users Disclosure

AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc)

WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access

VP-ASP shopexd.asp catalogid Parameter SQL Injection

ProductCart Multiple Vulnerabilities

iXmail index.php password Parameter SQL Injection

iXmail Multiple Script Arbitrary File Manipulation

Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities

Carello E-Commerce Carello.dll Command Execution

Sambar Server Multiple CGI Environment Variable Disclosure

Alt-N WebAdmin Multiple Vulnerabilities

phpBB viewtopic.php topic_id Parameter SQL Injection

pMachine <= 2.2.1 Multiple Vulnerabilities

Kerio WebMail < 5.7.7 Multiple Vulnerabilities

phpMyAdmin < 2.5.2 Multiple Vulnerabilities

eLDAPo index.php Cleartext Password Disclosure

SquirrelMail Multiple Remote Vulnerabilities

Dune Web Server GET Request Remote Overflow

Psunami.CGI Command Execution

Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution

Multiple Dangerous CGI Script Detection

Trend Micro Emanager Detection

AspUpload Test11.asp Arbitrary File Upload

Hosting Controller Multiple Script Arbitrary Directory Browsing

PostNuke Glossary Module page Parameter SQL Injection

Infinity CGI Exploit Scanner Multiple Vulnerabilities

pMachine lib.inc.php pm_path Parameter Remote File Inclusion

NETGEAR Router Default Password (password) for 'admin' Account

mnoGoSearch search.cgi Multiple Parameter Remote Overflows

Netwin WebNews Webnews.exe Remote Overflow

Lucent VitalNet VsSetCookie.exe Unauthorized Access

Netdynamics ndcgi.exe Previous User Session Replay

ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval

Mobius DocumentDirect ddicgi.exe Long GET Request Overflow

NetWin CWmail.exe Item Parameter Remote Overflow

CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval

Behold! Software counter.exe Malformed HTTP Request Counter Log DoS

BEA WebLogic FileServlet Source Code Disclosure

PDGSoft Shopping Cart Multiple Vulnerabilities

Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval

Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval

SHOUTcast Server admin.cgi Long Argument Overflow

zenTrack index.php configFile Parameter Traversal Arbitrary Files Access

Spyke Multiple Remote Vulnerabilities

WordPress < 0.72 RC1 Multiple Vulnerabilities

zenTrack index.php Multiple Parameter Remote File Inclusion

ImageFolio Default Password

Xpressions Interactive Multiple Products login.asp SQL Injection

IRCXPro Default Admin Password

P-Synch Password Management Multiple Vulnerabilities

WebStores 2000 browse_item_details.asp SQL Injection

JBoss %00 Request JSP Source Disclosure

WF-Chat User Account Disclosure

rot13sj.cgi Arbitrary File Access

Philboard /database/philboard.mdb Direct Request Database Disclosure

Super-M Son hServer URI Traversal Arbitrary File Access

PostNuke Rating System DoS

Philboard philboard_admin.ASP Authentication Bypass

Ultimate PHP Board admin_iplog.php Arbitrary Code Execution

Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc)

P-News p-news.php Name Field Privilege Escalation

Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion

CafeLog B2 Multiple Script Remote File Inclusion

PostNuke Sections Module Information Disclosure

iisPROTECT Encoded URL Authentication Bypass

iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection

iisPROTECT Unpassworded Administrative Interface

TextPortal Default Passwords

ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal)

Sun ONE Application Server Upper Case Request JSP Source Disclosure

Synchrologic Email Accelerator aggregate.asp User Account Disclosure

D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS

Mantis < 0.17.5 Multiple Vulnerabilities

MantisBT Detection

BLNews objects.inc.php4 Server[path] Parameter Remote File Inclusion

Horde Turba status.php Path Disclosure

OneOrZero Helpdesk tupdate.php sg Parameter SQL Injection

webERP Configuration File Remote Access

Microsoft BizTalk Server Multiple Remote Vulnerabilities

ttCMS 2.2 Multiple Vulnerabilities

php-proxima autohtml.php Arbitrary File Retrieval

Poster version.two index.php Account Manipulation Privilege Escalation

WebLogic Multiple Method Cleartext Password Disclosure

Owl browse.php Authentication Bypass

miniPortail admin.php Cookie Manipulation Security Bypass

Snitz Forums 2000 register.asp Email Parameter SQL Injection

Horde test.php Direct Reqest Information Disclosure

ttforum Multiple Vulnerabilities

PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite

Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution

BEA WebLogic SSIServlet Invocation Source Code Disclosure

HappyMall Multiple Script Arbitrary Command Execution

MailMaxWeb Cookie Application Path Disclosure

NetCharts Server Default Password

Ocean12 ASP Guestbook Manager Database Download

Snitz Forums 2000 3.4.03 Multiple Vulnerabilities

SLMail WebMail Multiple Remote Overflows

MPC SoftWeb Guestbook Multiple Vulnerabilities

PT News Unauthorized Administrative Access

YaBB SE < 1.5.2 Multiple Vulnerabilities

XMB member.php Multiple Parameter SQL Injection

Truegalerie admin.php loggedin Parameter Admin Authentication Bypass

Mike Bobbitt's album.pl Alternative Configuration File Remote Command Execution

StockMan Shopping Cart shop.plx page Parameter Arbitrary Command Execution

StockMan Shopping Cart shop.plx Path Disclosure

CommuniGate Pro Referer Field Session Token Disclosure

Coppermine Photo Gallery displayimage.php SQL Injection

Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure

IdeaBox include.php ideaDir Parameter Remote File Inclusion

AN HTTPd count.pl Traversal Arbitrary File Overwrite

Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)

OpenBB index.php CID Parameter SQL Injection

Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access

bttlxeForum login.asp Multiple Field SQL Injection

Web Wiz Forums wwforum.mdb Direct Request Database Disclosure

eZ Publish settings/site.ini Configuration Disclosure

Super Guestbook superguestconfig Admin Password Disclosure

Web Wiz Site News / Compulsive Media CNU5 news.mdb Direct Request Database Disclosure

Instaboard index.cfm Multiple Parameter SQL Injection

phPay admin/phpinfo.php Information Disclosure

Vignette StoryServer TCL Server Crash Information Disclosure

Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution

HP Instant TopTools hpnst.exe CGI DoS

AutomatedShops WebC.cgi Multiple Overflows

AutomatedShops webc.cgi Installation Detection

GTcatalog password.inc Direct Request Password Disclosure

Ecartis HTML Field Manipulation Arbitrary User Password Reset

ScozBook scozbook/add.php Multiple Parameter XSS

Justice Guestbook 1.3 Multiple Vulnerabilities

Beanwebb's Guestbook 1.0 Multiple Vulnerabilities

Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access

E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion

My Guest Book (myGuestBk) Multiple Vulnerabilities

Horde IMP mailbox.php3 Multiple Parameter SQL Injection

Advanced Poll info.php Remote Information Disclosure

WebLogic Servlets Multiple Vulnerabilities

PostNuke Members_List Module Information Disclosure

paFileDB pafiledb.php Multiple Parameter SQL Injection

DCP-Portal Multiple Script Path Disclosure

DCP-Portal lib.php root Parameter Remote File Inclusion

Nukestyles.com viewpage.php Addon for PHP-Nuke File Parameter Traversal Arbitrary File Access

VChat Multiple Remote Vulnerabilities

SimpleChat Information Disclosure

PHP socket_iovec_alloc() Function Overflow

J Walk Application Server Encoded Directory Traversal Arbitrary File Access

O'Reilly WebSite Pro args.bat Arbitrary Command Execution

Leif Wright ad.cgi file Parameter Arbitrary Command Execution

Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe)

Bugzilla Software Detection

Adcycle build.cgi Remote Password Disclosure

Kebi Academy Home Page Administration file Parameter Traversal Arbitrary File Access

Matt Wright textcounter.pl Arbitrary Command Execution

Nuked-Klan index.php Multiple Module Vulnerabilities

PHP Mail Function Header Spoofing

Mozilla Bonsai Mutiple Flaws (Auth Bypass, XSS, Cmd Exec, PD)

XOOPS 1.0 RC1 Multiple Vulnerabilities

Apache Tomcat Directory Listing and File Disclosure

Guestbook tr3.a Password Disclosure

Web Server Office File Inventory

OpenWebMail < 1.90 Multiple Vulnerabilities

Backup Files Disclosure

Sun ONE (iPlanet) Application Server Detection

Thunderstone Software Texis Nonexistent File Request Path Disclosure

Thunderstone Software Texis Crafted Request Information Disclosure

VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution

ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure

smb2www Proxy Bypass

smb2www Unspecified Arbitrary Remote Command Execution

Microsoft IIS fpcount.exe CGI Remote Overflow

Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access

Mambo Site Server MD5 Hash Session ID Privilege Escalation

Wordit Logbook logbook.pl file Parameter Arbitrary File Access

Upload Lite upload.cgi Arbitrary File Upload

SimpleBBS users disclosure

popper_mod PHP Administration Script Authentication Bypass

WebWho+ whois.pl time Parameter Arbitrary Command Execution

Kietu index.php Remote File Inclusion

PHP-Ping index.php pingto Parameter Arbitrary Code Execution

GTcatalog index.php custom Parameter Remote File Inclusion

WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion

myphpPageTool /doc/admin/index.php ptinclude Parameter Remote File Inclusion

Axis 2400 Network Camera Multiple Vulnerabilities

TYPO3 < 3.5.0 Multiple Vulnerabilities

Nuked-Klan 1.2b Multiple Vulnerabilities

cPanel guestbook.cgi template Parameter Arbitrary Command Execution

Usermin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing

Webmin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing

Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities

CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution

GOsa Multiple Script plugin Parameter Remote File Inclusion

WihPhoto sendphoto.php Traversal Arbitrary File Access

Invision Power Board ipchat.php root_path Parameter Remote File Inclusion

Ipswitch IMail Web Interface URI Referer Session Token Disclosure

PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access

PHP-Nuke Detection

N/X Web Content Management Multiple Script Remote File Inclusion

Stronghold swish Search Script Information Disclosure

Web Server info.php / phpinfo.php Detection

Pages Pro filenote Parameter Traversal Arbitrary File Modification

Netscape Enterprise Default Administrative Password

Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution

DB4Web Server db4web_c Filename Request Traversal Arbitrary File Access

DB4Web Server Debug Mode TCP Port Scanning Proxy

Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure

Savant Web Server cgitest.exe Overflow

vpopmail-CGIApps vpasswd.cgi Remote Command Execution

MondoSearch MsmMask.exe Arbitrary Script Source Disclosure

Webserver 4D Cleartext Password Storage

CGI Generic SQL Injection

Sambar Server Multiple CGI Remote Overflow

phpPgAdmin sql.php goto Parameter Traversal Arbitrary File Access

phpMyAdmin sql.php Traversal Arbitrary File Access

Gallery includedir Parameter Remote File Inclusion

Achievo class.atkdateattribute.js.php config_atkroot Parameter Remote File Inclusion

Viralator CGI Script Arbitrary Command Execution

PHP-Nuke Network Tools Add-On Arbitrary Command Execution

Directory Manager edit_image.php Arbitrary Command Execution

AWOL helperfunction.php includedir Parameter Remote File Inclusion

phpAdsNew helperfunction.php Remote File Inclusion

Mountain Network Systems webcart.cgi Arbitrary Command Execution

iBill ibillpm.pl Password Generation Weakness

Boozt index.cgi Banner Creation Name Field Overflow

Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure

Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access

Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access

PGPMail.pl detection

Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution

PHP < 4.2.x mail Function CRLF Injection

Apache Tomcat TroubleShooter Servlet Information Disclosure

Icecast list_directory Function Traversal File/Directory Enumeration

Multiple Server Crafted Request WEB-INF Directory Information Disclosure

AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation

IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection

Microsoft Site Server Multiple Script Information Disclosure

Marcus Xenakis directory.php Execute Arbitrary Commands

ActivePerl findtar Sample Script Remote Command Execution

Ipswitch WhatsUp Gold Default Admin Account

MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access

JRun Web Server (JWS) GET Request Traversal Arbitrary File Access

JRun Multiple Sample Files Remote Information Disclosure

Sun JavaServer Default Admin Password

Microsoft ASP.NET Application Tracing trace.axd Information Disclosure

Microsoft IIS global.asa Remote Information Disclosure

ping.asp CGI Arbitrary Command Execution

ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure

ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access

ServletExec 4.1 / JRun ISAPI Multiple DoS

BEA WebLogic Null Byte Request JSP Source Disclosure

Microsoft IIS Multiple Vulnerabilities (MS02-018)

csSearch csSearch.cgi setup Parameter Arbitrary Command Execution

CVS (Web-Based) Entries File Information Disclosure

PHP-Nuke sql_debug Information Disclosure

SilverStream Database Structure Disclosure

Microsoft ASP.NET Malformed File Request Path Disclosure

Apache Win32 ScriptAlias php.exe Arbitrary File Access

FAQManager 'faqmanager.cgi' 'toc' Parameter Arbitrary File Access

PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access

zml.cgi Directory Traversal

Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access

Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution

Interactive Story story.pl next Parameter Traversal Arbitrary File Access

Allaire JRun Encoded JSP Request Arbitrary Directory Listing

ActivePerl perlIS.dll Remote Buffer Overflow

PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access

Apache Tomcat Nonexistent File Error Message Path Disclosure

Informix SQL Web DataBlade Module Traversal Arbitrary File Access

Redhat Stronghold status / info Request Information Disclosure

Horde Imp Webmail status.php3 message Parameter XSS

IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure

ColdFusion Debug Mode Information Disclosure

ht://Dig htsearch Multiple Vulnerabilities

PCCS-Mysql User/Password Exposure

Microsoft Outlook Web Access (OWA) Anonymous Access

SiteScope Web Service Unpassworded Access

Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution

Nimda Worm Infected HTML File Detection

Webmin Detection

PhpMyExplorer index.php chemin Parameter Encoded Traversal Arbitrary File Access

Tripwire for Webpages Installation Disclosure

Trend Micro InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation

SIX-webboard generate.cgi content Parameter Traveral Arbitrary File Access

NetCode NC Book book.cgi current Parameter Arbitrary Command Execution

SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution

SHOUTcast Server User-Agent / Host Header DoS

OmniHTTPd Encoded Space Request Script Source Disclosure

BEA WebLogic Hex Encoded Request JSP Source Disclosure

Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities

Sambar Server pagecount CGI Traversal Arbitrary File Overwrite

PHP Safe Mode mail Function 5th Parameter Arbitrary Command Execution

Tarantella Enterprise ttawebtop.cgi pg Parameter Traversal Arbitrary File Access

BroadVision One-To-One Enterprise Nonexistent JSP Request Path Disclosure

Directory Pro Traversal Arbitrary File Access

PHP3 Error Message Physical Path Disclosure

A1Stats Multiple Script Traversal Arbitrary File Access

Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation

PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read

PHP-Nuke opendir.php Traversal Arbitrary File Read

Trend Micro InterScan VirusWall catinfo CGI Overflow

processit CGI Environment Variable Remote Information Disclosure

uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access

Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access

MAILNEWS mailnews.cgi Arbitrary Command Execution

Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access

HIS AUktion auktion.cgi Traversal Arbitrary Command Execution

PHP < 4.0.4 IMAP Module imap_open() Function Overflow

ROADS search.pl form Parameter Traversal Arbitrary File Access

WebSPIRS webspirs.cgi Traversal Arbitrary File Access

W3.org Anaya Web sendtemp.pl templ Parameter Traveral Arbitrary File Access

Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access

PALS Library System WebPALS pals-cgi Multiple Vulnerabilities

Way-board way-board.cgi db Parameter Arbitrary File Access

Muscat Empower CGI Malformed DB Parameter Path Disclosure

HSWeb HTTP Server /cgi Directory Request Path Disclosure

Allaire JRun Crafted Request WEB-INF Forced Directory Listing

iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read

Basilix Webmail .class / .inc Direct Request Remote Information Disclosure

wwwwais QUERY_STRING Parameter Remote Overflow

Phorum common.php ForumLang Parameter Traversal Arbitrary File Access

Informix webdriver CGI Unauthenticated Database Access

Metertek pagelog.cgi Traversal Arbitrary File Access

Samba Web Administration Tool (SWAT) Error Message Username Enumeration

News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access

Technote main.cgi filename Parameter Traversal Arbitrary File Access

DCForum dcboard.cgi Multiple Vulnerabilities

Cold Fusion Administration Page Overflow DoS

PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access

Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload

MailMan Webmail mmstdod.cgi Arbitrary Command Execution

Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow

Master Index search.cgi Traversal Arbitrary File/Directory Access

CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access

Verity UltraSeek 3.1.x Malformed URL Remote DoS

KW Whois CGI whois Parameter Arbitrary Command Execution

Anaconda Foundation Directory apexec.pl template Parameter Traversal Arbitrary File Retrieval

PHP Error Log Format String Command Injection

Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access

eXtropia Web Store web_store.cgi Traversal Arbitrary File Access

thttpd ssi Servlet Encoded Traversal Arbitrary File Access

Extent RBS Web Server Image Parameter Traversal Arbitrary File Access

/doc/packages Directory Browsable

MultiHTML multihtml.pl Traversal Arbitrary File Access

Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing

YaBB YaBB.pl num Parameter Traversal Arbitrary File Access

Sun Java Web Server bboard Servlet Command Execution

Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution

htgrep hdr Parameter Arbitrary File access

Netwin Netauth netauth.cgi Traversal Arbitrary File Access

Simple Web Counter swc ctr Parameter Remote Overflow

Microsoft IIS Translate f: ASP/ASA Source Disclosure

Apache Tomcat Snoop Servlet Remote Information Disclosure

WebsitePro Remote Request Overflow

WebSite Pro webfind.exe keywords Parameter Remote Overflow

MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution

WebActive HTTP Server active.log Remote Information Disclosure

Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access

CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution

Big Brother bb-hostsvc.sh HOSTSVC Parameter Traversal Arbitrary File Access

Poll It CGI data_dir Parameter Arbitrary File Access

Sawmill Weak Password Encryption Scheme Information Disclosure

sawmill allows the reading of the first line of any file

JRun viewsource.jsp Directory Traversal Arbitrary File Access

Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay

Sambar Server /sysadmin Default Accounts

Sambar Server /session/sendmail Arbitrary Mail Relay

ISS ICEcap Default Password

CVSweb Detection

spin_client.cgi Remote Overflow

BizDB bizdb-search.cgi Arbitrary Command Execution

Piranha's RH6.2 default password

Microsoft FrontPage htimage.exe CGI Remote Overflow

Microsoft IIS Dangerous Sample Files Detection

TalentSoft Web+ webplus CGI Traversal Arbitrary File Access

Windmail.exe Shell Metacharacter Arbitrary Command Execution

Netscape PSCOErrPage.htm errPagePath Parameter Traversal Arbitrary File Access

SalesLogix eViewer slxweb.dll Request Remote DoS

Microsoft IIS newdsn.exe Arbitrary File Creation

Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution

Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access

ICQ Web Front Service guestbook.cgi DoS

MERCUR WebView WebMail Server mail_user Parameter DoS

rpm_query CGI System Information Disclosure

WWWBoard passwd.txt Authentication Credential Disclosure

IRIX wrap CGI Traversal Arbitrary Directory Listing

CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution

WebSpeed Messenger Administration Utility Unauthenticated Access

WebSite Pro Malformed URL Path Disclosure

WebGais websendmail CGI Arbitrary Command Execution

WebGais webgais CGI Arbitrary Command Execution

IRIX webdist.cgi Arbitrary Command Execution

Webcart Default Install Configuration Disclosure

Mini SQL CGI content-length Field Remote Overflow

OmniHTTPd visadmin.exe Malformed URL DoS

Multiple Vendor view_source CGI Traversal Arbitrary File Access

O'Reilly WebSite uploader.exe Arbitrary File Upload

Multiple Vendor test-cgi Arbitrary File Access

AnyForm CGI Arbitrary Command Execution

Samba Web Administration Tool (SWAT) Detection

Cobalt siteUserMod.cgi Arbitrary Password Modification

Web Server /cgi-bin Shell Access

Sambar Server Multiple Script Arbitrary Code Execution

Roxen Web Server Counter Module Crafted Request Saturation DoS

Multiple Web Server printenv CGI Information Disclosure

Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities

PlusMail plusmail CGI Arbitrary Command Execution

PHP/FI php.cgi Traversal Arbitrary File Access

Multiple Vendor phf CGI Arbitrary Command Execution

IRIX pfdispaly Arbitrary File Access

Web Server /cgi-bin Perl Interpreter Access

NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing

Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write

Tektronix PhaserLink Printer Web Server Direct Request Administrator Access

Mini SQL w3-msql Arbitrary Directory Access

Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access

Multiple Vendor jj CGI Arbitrary Command Execution

SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution

Multiple Vendor info2www CGI Arbitrary Command Execution

OmniHTTPd imagemap.exe CGI Remote Overflow

Microsoft IIS idq.dll Traversal Arbitrary File Access

icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access

Miva htmlscript Traversal Arbitrary File Access

ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities

Home Free search.cgi Traversal Arbitrary File Access

IRIX handler CGI Arbitrary Command Execution

Matt Wright guestbook.pl Arbitrary Command Execution

Glimpse HTTP aglimpse Arbitrary Command Execution

Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay

Matt Wright FormHandler.cgi Arbitrary File Access

Multiple Web Server finger CGI Information Disclosure

HylaFAX faxsurvey Arbitrary Command Execution

EZShopper Multiple Directory Traversal Vulnerabilities

Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution

Sambar Server dumpenv.pl Information Disclosure

/doc Directory Browsable

wwwcount Count.cgi Remote Overflow

Cobalt RaQ2 cgiwrap Multiple Vulnerabilities

Sambar Server cgitest.exe Remote Overflow

Directory Browsing Enabled?

NCSA Campas cgi-bin Arbitrary Command Execution

Squid cachemgr.cgi Proxied Port Scanning

F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access

Big Brother bb-hist.sh History Module Directory Traversal

Axis Storpoint CD Admin Authentication Bypass

Xylogics Annex Terminal Service ping CGI Program DoS

AN-HTTPd Multiple Test CGIs Arbitrary Command Execution

AltaVista Intranet Search CGI query Traversal Arbitrary File Access

Alibaba tst.bat Arbitrary Command Execution

Alibaba get32.exe Arbitrary Command Execution

O'Reilly WebSite win-c-sample Remote Overflow

Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access

Microsoft IIS search.asp Direct Request DoS

Microsoft IIS query.asp Direct Request Remote DoS

Microsoft IIS advsearch.asp Direct Request Remote DoS

ColdFusion Multiple Vulnerabilities (File Upload/Manipulation)