Whitepaper discussing a large amount of PHP filesystem attack vectors.
cf9fb603acb1135b3f8a595653d1d18a8937d01270074b11448182d48a251260
ZeroBoardXE version 1.1.5 (09.01.22) suffers from a cross site scripting vulnerability.
969888bbcc7fec1a18745dd932a913efe31555f44475d508e6864329608ede99
ZeroShell versions 1.0beta11 and below suffer from a remote code execution vulnerability.
15b6637e4b0289913a8d4d63a52e96e1a32f244030761fbf336ec8cf371497fd
The 3Com OfficeConnect wireless cable/dsl router suffers from an authentication bypass vulnerability.
aa080901b45cce39e49530c28026faaa434bace8effcbd668c55029fb4655d06
The Bitdefender Thailand site suffers from a remote SQL injection vulnerability.
83c33753cbc93ed2eaa08935499e69354952aca1922919af5f6ed4749eae6abd
FlexCMS suffers from a remote SQL injection vulnerability.
4562e9007eff4b117857f53879a2c24f0ed5f1f70ab42f349684268e1262d39f
Novell-QuickFinder Server suffers from cross site scripting vulnerabilities.
35bb500e9e3fbd634f1928875171b9954e6d652c7bbffd5eb2c7f2b1eb7b5978
Yet another NOCC versions 0.1.0 and below suffer from a local file inclusion vulnerability.
94f5ab5c472150629cfc81e14c1115514ad3d4a36f21e341a84c3c976de161c8
WB News version 2.1.1 suffers from a remote file inclusion vulnerability.
ddf79fc21749526f6d23f824d1340321ebb3827b2982765fe6debbf95f721a80
Webframe version 0.76 suffers from multiple remote and local file inclusion vulnerabilities.
b9e3e25a4615102866298234412159430fac17669b015320c91dfee98c9ca47e
SQL Fuzzer version 1.0 that is written in Python. Yes, another one.
a256fb6b24c4beebaa2c4be61642c4ed8d7c9cd5a7ca09a09243505f152f00e3
TightVNC authentication failure integer overflow proof of concept exploit.
fb3617c0ee5bb4ab0800a6dc9463dca271c9d0bf61093a6168e02ceb442140f6
Squid versions 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 remote HTTP version parsing denial of service exploit.
c572f7e6a9191df0a632e8307cd6f92f5b07e7870cda79fd59237c2ba2255b67
A Better Member-Based ASP Photo Gallery suffers from a remote SQL injection vulnerability in view.asp.
809322a4c1419ab014e40fb832988bfb2a2cea59a916ace35619160d16f7417d
Trend Micro IWSVA / IWSS suffers from an authorization module password leak vulnerability.
20af7f21fbe2aa34980e1ed5e9f4f181d9b7fea9d006951eef0db319dcff0126
BusinessSpace versions 1.2 and below suffer from a remote SQL injection vulnerability.
2252cb76796666e42389cd0188571a17a89f1480bc2733977822429dbcc9b2e9
The Hybrid Botnet Remote Administration System version 0.2 contains a perl bot, console application and HTTP administration panel using PHP and MySQL. Written for Linux.
18f765f9260fc55485b0a0757d882722a0b32685ebb6b1a47220fa5b29176f57
w3bcms versions 3.5.0 and below insecure cookie handling and multiple SQL injection vulnerabilities exploit.
5ff4e8443c54d5d4e776fae05038f31abfba75485a952126365c43c9136ced2b
IF-CMS versions 2.0 and below remote blind SQL injection exploit that leverages frame.php.
495902f6a4d4fa1816cfba9536809df78c18965cb272a62be4c63568e1a3fe2e
PyBlosxom version 1.4.3 suffers from an XML injection issue.
850fde8e257e3ae86d20194d89af20fdf32a82d2be7326005471f309eb090207
GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
bc3df0500edf404e0eef1abf53c092c65941d5ab04e754d1276c73e4810b9c71
AdaptCMS Lite version 1.4 suffers from remote file inclusion and cross site scripting vulnerabilities.
839b8a1f835dc6056c15cbe26bdd8ec377af62da9718fef1308d34b67306dee4
SnippetMaster Webpage Editor suffers from remote file inclusion and cross site scripting vulnerabilities.
b2803dde8a7c41d9002c423fb761fc14b90c1a459e151d2769f9fb8d27aeb8e1
Hedgedog CMS versions 1.21 and below remote command execution exploit.
cc9dc3a4a2d0042f3e75351229949c3ac0a00e1eeba4ea6c396353f7fd044d01
PHP Director versions 0.21 and below remote command execution exploit.
23d4f567cf83105e7ff2d1ab02a91175e3510327990dd7c20304f72f653cd721