GHDB « Hackers For Charity

GHDB

GHDB :: Advisories and Vulnerabilities

Date Title Summary  
2004-03-04 EarlyImpact Productcart The EarlyImpact Productcart contains multiple vulnerabilites, which could exploited to allow an attacker to steal user credentials or mount other atta ...
2004-03-04 mnGoSearch vulnerability According to http://www.securityfocus.com/bid/9667, certain versions of mnGoSearch contain a buffer overflow vulnerability which allow an attacker to ...
2004-05-12 intitle:guestbook "advanced guestbook 2.2 pow... Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit "Admin" then do the following ...
2004-06-25 VP-ASP Shopping Cart XSS VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any ty ...
2004-07-02 vBulletin version 3.0.1 newreply.php XSS vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the po ...
2004-07-12 Invision Power Board SSI.PHP SQL Injection Invision Power Board is reported prone to an SQL injection vulnerability in its ssi.php script. Due to improper filtering of user supplied data, ssi.p ...
2004-08-03 inurl:gotoURL.asp?ur l= ASP Nuke is an open-source software application for running a community-based web site on a web server. By open-source, we mean the code is freely ava ...
2004-08-05 "powered by antiboard" "AntiBoard is a small and compact multi-threaded bulletin board/message board system written in PHP. It uses either MySQL or PostgreSQL as the da ...
2004-08-09 inurl:comersus_messa ge.asp About Comercus: "Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web si ...
2004-08-09 ext:pl inurl:cgi intitle:"FormMa il *" -... FormMail is a Perl script written by Matt Wright to send mail with sendmail from the cgi-gateway. Early version didn' have a referer check. New v ...
2004-08-16 Achievo webbased project management Achievo is a free web-based project management tool for business-environments. Achievo's is mainly used for its project management capabilities. ...
2004-08-25 "Powered by Gallery v1.4.4" http://www.securityfocus.com/bid/10968/discuss ion/"A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute ma ...
2004-09-07 "Powered by Ikonboard 3.1.1" IkonBoard (http://www.ikonboard.com/) is a comprehensive web bulletin board system, implemented as a Perl/CGI script.There is a flaw in the Perl code ...
2004-09-07 WebAPP directory traversal WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. The WebAPP system has a serious reverse directory ...
2004-09-10 E-market remote code execution E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The expl ...
2004-09-18 "Powered *: newtelligence" ("dasBlo... DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to ...
2004-09-21 "Powered by DCP-Portal v5.5" DCP-Portal is more a community system than a CMS - it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql i ...
2004-09-21 Quicksite demopages for Typo3 TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, f ...
2004-09-21 filetype:cgi inurl:tseekdir.cgi The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with ...
2004-09-23 filetype:php inurl:index.php inurl:"module=s u... Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. http://securityfocus.com/bid/11148/discus ...
2004-09-23 filetype:cgi inurl:pdesk.cgi PerlDesk is a web based help desk and email management application designed to streamline support requests, with built in tracking and response loggin ...
2004-09-23 "Powered by IceWarp Software" inurl:mail IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. Few details regarding the specific vulnerabilities are known. These v ...
2004-09-24 intitle:"MRTG/R RD" 1.1* (inurl:mrtg.cgi ... The remote user can reportedly view the first string of any file on the system where script installed. This is a very old bug, but some sites never up ...
2004-09-29 ReMOSitory module for Mambo It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to proper ...
2004-10-05 intitle:"WordPr ess > * > Login form&quo... WordPress is a semantic personal publishing platform.. it suffers from a possible XSS attacks.http://www.securityfocus.com/bid/11268 /info/ ...
2004-10-05 inurl:"comment. php?serendipity" ; serendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source.For an attacker it is possible to i ...
2004-10-05 "Powered by AJ-Fork v.167" AJ-Fork is, as the name implies - a fork. Based on the CuteNews 1.3.1 core, the aim of the project is to improve what can be improved, and extend what ...
2004-10-05 "Powered by Megabook *" inurl:guestbook.... MegaBook is a web-based guestbook that is intended to run on Unix and Linux variants. MegaBook is prone to multiple HTML injection vulnerabilities. h ...
2004-10-09 "Powered by yappa-ng" yappa-ng is a very powerful but easy to install and easy to use online PHP photo gallery for all Operating Systems (Linux/UNIX, Windows, MAC, ...), an ...
2004-10-09 "Active Webcam Page" inurl:8080 Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cros ...
2004-10-10 "Powered by A-CART" A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database. A security vulner ...
2004-10-10 "Online Store - Powered by ProductCart" ProductCart is "an ASP shopping cart that combines sophisticated ecommerce features with time-saving store management tools and remarkable ease o ...
2004-10-11 "Powered by FUDforum" FUDforum is a forums package. It uses a combination of PHP & MySQL to create a portable solution that can run on virtually any operating system. F ...
2004-10-11 "BosDates Calendar System " "powere... "BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which ar ...
2004-10-12 intitle:"EMUMAI L - Login" "Powered ... The failure to strip script tags in emumail.cgi allows for XSS type of attack. Vulnerable systems: * EMU Webmail version 5.0 * EMU Webmail version 5 ...
2004-10-12 intitle:"WebJef f - FileManager" intext:&... WebJeff-Filemanager 1.x DESCRIPTION: A directory traversal vulnerability has been identified in WebJeff-Filemanager allowing malicious people to view ...
2004-10-13 inurl:"messageb oard/Forum.asp?" ; Multiple vulnerabilities have been found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack. htt ...
2004-10-15 "1999-2004 FuseTalk Inc" -site:fusetalk.... Fusetalk forums (v4) are susceptible to cross site scripting attacks that can be exploited by passing a img src with malicious javascript. ...
2004-10-16 "2003 DUware All Rights Reserved" Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. ...
2004-10-16 "This page has been automatically generated b... Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems th ...
2004-10-19 inurl:ttt-webmaster. php Turbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found.Vulnerability report: http://ww ...
2004-10-19 "Copyright Â&Acir c;© 2002 ... CoolPHP has multiple vulnerabilities:* Cross-Site Scripting vulnerability (index.php)* A Path Disclosure Vulnerability (index.php)* Local file include ...
2004-10-19 "Powered by CubeCart" ---------------------------------------------- ----------Full path disclosure and sql injection on CubeCart 2.0.1-------------------------------------- ...
2004-10-21 "Ideal BB Version: 0.1" -idealbb.com Ideal BB has been a popular choice for powering web based bulletin boards and we are now proud to introduce our next generation bulletin board Ideal B ...
2004-10-22 "Powered by YaPig V0.92b" YaPiG is reported to contain an HTML injection vulnerability. The problem is reported to present itself due to a lack of sanitization performed on cer ...
2004-10-25 inurl:"/site/ar ticles.asp?idcategor y=" Dwc_Articles is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Des ...
2004-10-26 filetype:cgi inurl:nbmember.cgi vulnerable Netbilling nbmember.cgiNetbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue ...
2004-10-26 "Powered by Coppermine Photo Gallery" published Oct 20, 2004, updated Oct 20, 2004vulnerable:Coppermine Photo Gallery Coppermine Photo Gallery 1.0Coppermine Photo Gallery Coppermine Photo ...
2004-10-26 "Powered by WowBB" -site:wowbb.com WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize u ...
2004-10-26 "Powered by ocPortal" -demo -ocportal.co... Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied UR ...
2004-10-26 inurl:"slxweb.d ll" salesLogix is the Customer Relationship Management solution thatdrives sales performance in small to medium-sized businesses through Sales, Marketing ...
2004-10-26 "Powered by DMXReady Site Chassis Manager&quo... It is reported that DMXReady Site Chassis Manager is susceptible to two remotely exploitable input validation vulnerabilities. These vulnerabilities a ...
2004-10-26 "Powered by My Blog" intext:"FuzzyM. .. FuzzyMonkey My Blog is vulnerable to multiple input validation vulnerabilities. These issues are caused by a failure to validate and filter user-suppl ...
2004-10-26 inurl:wiki/MediaWiki MediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remot ...
2004-10-26 "inurl:/site/ar ticles.asp?idcategor y=" Dwc_Articles, is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Desi ...
2004-10-26 "Enter ip" inurl:"php-ping .php"... It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vul ...
2004-10-27 intitle:welcome.to.h orde Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus. ...
2004-10-27 "BlackBoard 1.5.1-f | Â&Acir c;&... bugtraq id 11336objectclass Input Validation Errorcve CVE-MAP-NOMATCHremote Yeslocal Nopublished Oct 06, 2004updated Oct 06, 2004vulnerable BlackBoard ...
2004-11-05 inurl:"forumdis play.php" +"Powered ... vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user- ...
2004-11-13 inurl:technote inurl:main.cgi*filen ame=* http://www.securityfocus.com/bid/2156/discussi on/ Remote command execution vulnerability in the filename parameter. ...
2004-11-12 "running: Nucleus v3.1" -.nucleuscms.org... Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. A remote attacker may leverage these issues to steal cookie-based authentication c ...
2004-11-12 "driven by: ASP Message Board" Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. A remote attacker may leverage these issues to steal cookie-bas ...
2004-11-18 "Obtenez votre forum Aztek" -site:forum-... Atztek Forum is a french forum system. Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker ...
2004-11-18 intext:("UBB.th readsâ& acirc;&eur... UBB.Threads 6.2.*-6.3.* one char bruteforce vulnerability:http://www.k-otik.com/exploits/2 0041116.r57ubb.pl.php ...
2004-11-18 inurl:/SiteChassisMa nager/ Unknown SQL injection and XSS vulnerabilities in DMXReady Site Chassis Manager.http://www.securityfocus.com/bid/11434 /discussion/ ...
2004-11-18 inurl:directorypro.c gi A security vulnerability in the product allows attackers to perform a directory traversal attack and access files that reside outside the normal HTTP ...
2004-11-18 inurl:cal_make.pl A security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory. http://www. ...
2004-11-18 "Powered by PowerPortal v1.3" PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input ...
2004-11-19 "powered by minibb" -site:www.minibb.net ... miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prio ...
2004-11-29 inurl:"/cgi-bin /loadpage.cgi?user_i d=" Description:EZshopper is a full-featured shopping cart program. loadpage.cgi of EZshopper allows Directory Traversal http://www.securityfocus.com/bid/ ...
2004-11-30 intitle:"View Img" inurl:viewimg.php It is reported that the 'viewing.php' script does not properly validate user-supplied input in the 'path' variable. A remote user ...
2004-12-01 +"Powered by Invision Power Board v2.0.0..2&q... A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-suppli ...
2004-12-01 +"Powered by phpBB 2.0.6..10" -phpbb.com... phpbb is vulnerable to SQL Injection, allowing people to minipulate the query into pulling data (such as passwords). Arbituary EXEC allows an attacker ...
2004-12-19 ext:php intext:"Powered by phpNewMan Version&... PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery managem ...
2005-01-02 "Powered by WordPress" -html filetype:ph... Query: "Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraqBackground: WordPress is a blogging software which is vulnerab ...
2005-01-21 uploadpics.php?did= -forumintext:Generat ed.by.phpi... Product: PHPix Version: 1.0Vuln: Directory traversalPHPix is a Web-based photo album viewer written in PHP. It features automatic generation of thumb ...
2005-01-20 inurl:citrix/metafra mexp/default/login.a sp? Client... Citrix (http://citrix.com) is a web application that allows remote access via a client for companies, institutions, and government agencies to "p ...
2005-01-30 "SquirrelMail version 1.4.4" inurl:src e... date :Jan 30 2005 this search reveal the src/webmail.php which would allow acrafted URL to include a remote web page. This was assigned CAN-2005-0103b ...
2005-02-07 "IceWarp Web Mail 5.3.0" "Powered b... IceWarp Web Mail 5.3.0Multiple cross-site scripting and HTML injection vulnerabilities.http://www.securityfocus.com/b id/12396/ ...
2005-02-09 "Powered by MercuryBoard [v1" Exploit for MercuryBoard:http://www.securityfocus.com/arch ive/1/389881/2005-02-06/2005-02-12/0Enter the following search:"Powered by MercuryBoard ...
2005-02-17 "delete entries" inurl:admin/delete.a sp As described in OSVDB article #13715:"AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered ...
2005-02-18 allintitle:aspjar.co m guestbook "An input validation vulnerability was reported in the ASPJar guestbook. A remote user can gain administrative access and can delete guestbook me ...
2005-02-16 "powered by CubeCart 2.0" This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to ...
2005-03-20 Powered.by:.vBulleti n.Version ...3.0.6 vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. The issue is reported to exist due to a lack of sufficient input ...
2005-03-20 filetype:php intitle:"paNews v2.0b4" PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews soft ...
2005-03-29 "Powered by Coppermine Photo Gallery" ( ... Reportedly Coppermine Photo Gallery is prone to multiple input validation vulnerabilities, some of which may lead to arbitrary command execution. Thes ...
2005-04-12 powered.by.instaBoar d.version.1.3 InstaBoard is a coldfusion forum solution. In its version 1.3 it is vulnerable to SQL Injection.Bugtraq ID 7338 ...
2005-04-04 intext:"Powered by phpBB 2.0.13" inurl:&... phpBB 2.0.13 with installed Calendar Pro MOD are vulnerable to SQL injection attacks. An attacker can download the MD5 hashes from the account databse ...
2005-05-07 intitle:"myBlog gie 2.1.1..2 - by myWebland&qu... myBloggie is affected by multiple vulnerabilities. http://www.securityfocus.com/bid/13507 ...
2005-05-14 intitle:"osTick et :: Support Ticket System&qu... osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. Ther ...
2005-05-30 inurl:sphpblog intext:"Powered by Simple PHP ... simple PHP Blog is vulnerable to mutiple attacks:Vulnerabilities:~~~~~~~~~~~~~~~~A. Full Path disclosuresB. XSS in search.phpC. Critical Information d ...
2005-06-03 intitle:"PowerD ownload" ("PowerDown... The PowerDownload program (version 3.0.2 and 3.0.3) contains a serious vulnerability. Vulnerability discovery: SoulBlack - Security Research (http://s ...
2005-06-03 "portailphp v1.3" inurl:"index.ph p?... Vulnerability has been found in parameter "id". If this variableAny value it is possible to replace it with a sign ' is transferredSinc ...
2005-06-03 +intext:"powere d by MyBulletinBoard" ; MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. There is an SQL Injection Exploit available for MyBulletinBoard (MyBB ...
2005-06-10 intext:"Powered by flatnuke-2.5.3" +&quo... Description of VulnerabilitiesMultiple vulnerabilities in FlatNuke have been reported, which can be exploited by remote users to trigger denial of ser ...
2005-06-21 intext:"Powered By: Snitz Forums 2000 Version... snitz Forum 2000 v 3.4.03 and older is vulnerable to many things including XSS. See http://www.gulftech.org/?node=research&art icle_id=00012-061620 ...
2005-06-24 inurl:"/login.a sp?folder=" "Powered... i-Gallery 3.3 (and possibly older) is vulnerable to many things, including /../ traversals.http://www.packetstormsecurity.org/ 0506-exploits/igallery33 ...
2005-06-24 intext:"Calenda r Program Â&Acir ... This search finds all pages that allow you to add events in Mark Kruse's CalendarScript. This script seems to be VERY vulnerable to HTML injectio ...
2005-07-08 "powered by PhpBB 2.0.15" -site:phpbb.co... Another php vulnerabilty, as seen here http://www.frsirt.com/exploits/20050704.phpbbS ecureD.pl.phpphpBB 2.0.15 Viewtopic.PHP Remote Code Execution Vul ...
2005-08-10 intitle:"blog torrent upload" Blog Torrent is free, open-source software that provides a way to share large files on your website.vulnerability: free access to the password filehtt ...
2005-08-10 inurl:index.php fees shop link.codes merchantAccou... Vulnerability in EPay systemsPHP code includinghttp://targeturl/index.php?read=../.. /../../../../../../../../../../../../etc/passw dadvisory:http://www ...
2005-08-18 "Powered by Zorum 3.5" Zorum 3.5 remote code execution poc exploitsoftware:description: Zorum is a freely available, open source Web-based forumapplication implemented in PH ...
2005-08-21 "powered by ITWorking" saveWebPortal 3.4 remote code execution / admin check bypass / remote fileinclusion / cross site scripting author site: http://www.circeos.itdownload ...
2005-08-30 "Powered by FUDForum 2.6" -site:fudforum... FUDforum is prone to a remote arbitrary PHP file upload vulnerability.An attacker can merge an image file with a script file and upload it to an affec ...
2005-09-19 intitle:"Lookin g Glass v20040427" "... Looking Glass v20040427 arbitrary commands execution / cross site scripting. description: Looking Glass is a pretty extensive web based network queryi ...
2005-08-29 phpLDAPadmin intitle:phpLDAPadmin filetype:php inu... phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,remote code execution, cross site scriptingsoftware:author site: http:// ...
2005-08-30 intitle:guestbook inurl:guestbook "powered by... Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied i ...
2005-08-30 "Powered by FUDForum 2.7" -site:fudforum... FUDforum is prone to a remote arbitrary PHP file upload vulnerability.An attacker can merge an image file with a script file and upload it to an affec ...
2005-09-04 inurl:chitchat.php "choose graphic" rgod advises:Cyber-Cats ChitCHat 2.0 permit cross site scripting attacks, let users launch exploits from, let remote users obtain informations on targ ...
2005-09-05 "Calendar programming by AppIdeas.com" f... phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting This search does not narrow to vulnerable ver ...
2005-09-05 "Powered by MD-Pro" | "made with MD... MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution/ cross site scripting / path disclosure. This search does not find vulnerable ver ...
2005-09-07 "Software PBLang" 4.65 filetype:php my advisory:[quote]PBLang 4.65 (possibly prior versions) remote code execution / administrativecredentials disclosure / system information disclosure ...
2005-09-08 "Powered by and copyright class-1" 0.24... class-1 Forum Software v 0.24.4 Remote code executionsoftware: site: http://www.class1web.co.uk/softwaredescription : class-1 Forum Software is a PHP/M ...
2005-09-13 "Powered by AzDg" (2.1.3 | 2.1.2 | 2.1.1... AzDGDatingLite V 2.1.3 (possibly prior versions) remote code execution software: site: http://www.azdg.com/ download page: http://www.azdg.com/scripts ...
2005-09-13 "Powered by: Land Down Under 800" | &qu... Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied inpu ...
2005-09-13 "powered by Gallery v" "[slideshow]... There is a script injection vuln for all versions.http://www.securityfocus.com/bid/1466 8 ...
2005-09-13 intitle:guestbook inurl:guestbook "powered by... Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied i ...
2005-09-15 "Copyright 2004 Â&Acir c;© ... Digital Scribe v1.4 Login Bypass / SQL injection / remote code executionsoftware site: http://www.digital-scribe.org/description: "Teachers have ...
2005-09-17 "Powered by PHP Advanced Transfer Manager&quo... PHP Advanced Transfer Manager v1.30 underlying system disclosure / remote command execution / cross site scriptingrgodsite: http://rgod.altervista.org ...
2005-09-17 "Powered by CuteNews" CuteNews 1.4.0 (possibly prior versions) remote code executionsoftware site: http://cutephp.com/description: "Cute news is a powerful and easy fo ...
2005-09-23 "Powered by GTChat 0.95"+"Use r Logi... There is a (adduser) remote denial of service vulnerabilty on version 0.95 ...
2005-09-23 http://www.google.co m/search?q=intitle:% 22WEB//NEW... WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppl ...
2005-09-23 "Mimicboard2 086"+"2000 Nobutaka Ma... Mimicboard2 is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppli ...
2005-09-25 "Maintained with Subscribe Me 2.044.09p"... subscribe Me Pro 2.0.44.09p is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. Expl ...
2005-09-25 "Powered by autolinks pro 2.1" inurl:reg... AutoLinksPro is a linking solution. AutoLinksPro link exchange software was built for the search engines to help improve your search engine rankings, ...
2005-09-25 "CosmoShop by Zaunz Publishing" inurl:&q... cosmoshop is a comercial shop system written as a CGI.vulnerabilities:sql injection, passwords saved in cleartext, view any filehttp://www.securityfoc ...
2005-09-25 "Powered by Woltlab Burning Board" -&quo... It's an exact replica of vbulletin but it is free.SQL-Injection Exploit:http://www.governmentsecurity.org/arch ive/t14850.html ...
2005-09-25 intitle:"PHP TopSites FREE Remote Admin" PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimite ...
2005-09-28 Powered by PHP-Fusion v6.00.109 Â&Ac.. . this is the dork: Powered by PHP-Fusion v6.00.109 © 2003-2005. -php-fusion.co.ukas it is, without quotes, for the version I ...
2005-09-29 "Powered By: lucidCMS 1.0.11" Lucid CMS 1.0.11 SQL Injection /Login bypassthis is the dork for ther version I tested:"Powered By: lucidCMS 1.0.11"advisory/poc exploit:htt ...
2005-10-03 intitle:Mantis "Welcome to the bugtracker&quo... cross site scripting and sql injection vunerabilities were discovered in Mantis versions 0.19.2 or less. Mantis is a web-based bugtracking system writ ...
2005-10-06 "News generated by Utopia News Pro" | &q... Utopia News Pro 1.1.3 (and prior versions) SQL Injection & XSSadvisory & poc exploit:http://rgod.altervista.org/utopia113.h tml ...
2005-10-08 "Cyphor (Release:" -www.cynox.ch Cyphor 0.19 (possibly prior versions) SQL Injection / Board takeover / cross site scriptingmy advisory & poc exploit:http://rgod.altervista.org/cy ...
2005-10-10 "Welcome to the versatileBulletinBoa rd" ... versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)multiple SQL Injection vulnerabilities / login bypass / cross site scripting / information ...
2005-11-12 inurl:course/categor y.php | inurl:course/info.ph p ... Moodle <=1.6 blind SQL injectionadvisory & poc exploit:http://rgod.altervista.org/moodle16dev .html ...
2005-11-12 "Powered by XOOPS 2.2.3 Final" XOOPS 2.2.3 Arbitrary local file inclusionThis a generic dork for the version I tested, advisory & poc exploit:http://rgod.altervista.org/xoops_xp ...
2005-11-12 inurl:"wfdownlo ads/viewcat.php?list =" XOOPS WF_Downloads (2.05) module SQL injectionThis a specific dork, that searches XOOPS sites with WF_Downloads module installed, advisory & poc e ...
2005-11-17 "This website was created with phpWebThings 1... This is Secunia advisory:http://secunia.com/advisories/17410/a nd my exploit that show a new vulnerability in "msg" parameter:http://rgod.alt ...
2005-11-23 "Copyright 2000 - 2005 Miro International Pty... this dork is for Mambo 4.5.2x Globals overwrite / remote command execution exploit:http://rgod.altervista.org/mambo452_xp l.html ...
2005-11-25 ("Skin Design by Amie of Intense")|(&quo ... eFiction <=2.0 multiple vulnerabilitiesadvisory e poc exploit:http://rgod.altervista.org/efiction2_x pl.html ...
2005-11-25 "Powered by UPB" (b 1.0)|(1.0 final)|(Pu... dork: "Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b) this is a very old vulnerability discovered by Xanthic, can't find it in ...
2005-11-28 "powered by GuppY v4"|"Site cr&Atil... Guppy <= 4.5.9 $REMOTE_ADDR overwrite -> remote code execution / various arbitrary inclusion issuesadvisory & poc exploit:http://rgod.alterv ...
2005-11-29 "Powered by Xaraya" "Copyright 2005... Xaraya <=1.0.0 RC4 Denial of Serviceexplaination: http://rgod.altervista.org/xarayaDOS.htmlexplo it:http://rgod.altervista.org/xarayaDOS_xpl.ht ml ...
2005-11-30 "This website powered by PHPX" -demo this is the dork for PhpX <= 3.5.9 Sql injection /login bypass vulnerabilityadvisory & poc exploit: http://rgod.altervista.org/phpx_359_xpl.htm ...
2005-12-04 "Based on DoceboLMS 2.0" advisory & poc exploit:http://rgod.altervista.org/docebo204_x pl.html ...
2005-12-07 "2005 SugarCRM Inc. All Rights Reserved"... this is the dork for Sugar Suite 3.5.2a & 4.0beta remote code execution issue, advisory & poc exploit:http://rgod.altervista.org/sugar_suite _4 ...
2005-12-12 "Powered By phpCOIN 1.2.2" PhpCOIN 1.2.2 arbitrary remote\local inclusion / blind sql injection / path disclosureadvisory:http://rgod.altervista.org/ phpcoin122.htmlmore generic: ...
2005-12-14 intext:"Powered by SimpleBBS v1.1"* Vulnerability DescriptionSimpleBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search mod ...
2005-12-14 "Site powered By Limbo CMS" this is the dork for Limbo Cms <= 1.0.4.2 _SERVER[] overwrite / remote code executionadvisory & poc exploit:http://rgod.altervista.org/limbo104 ...
2005-12-31 intext:"Powered by CubeCart 3.0.6" intit... CubeCart is an eCommerce script written with PHP & MySQL. Search CubeCart 3.0.6 portal vulnerable. The vulnerability is Remote Command Execution. ...
2006-01-02 intext:"PhpGedV iew Version" intext:"... PHPGedView <=3.3.7 remote code executionadvisory & poc exploit: http://rgod.altervista.org/phpgedview_337_xpl. html ...
2006-01-02 intext:"Powered by DEV web management system&... DEV cms <=1.5 SQL injection advisory & poc exploit: http://rgod.altervista.org/dev_15_sql_xpl.html ...
2006-01-02 intitle:"phpDoc umentor web interface" Php Documentor < = 1.3.0 rc4 remote code xctn dork: intitle:"phpDocumentor web interface"advisory & poc exploit:http://rgod.altervist ...
2006-01-16 inurl:install.pl intitle:GTchat Gtchat install file.You can disable the chat program or change the language without a admin username or password. You can also point the chatroom info ...
2006-02-26 intitle:"4image s - Image Gallery Management S... Find web app: 4Images = 1.7.1This web app is vulenrable to remote code execution exploit.The url of exploit is this: http://milw0rm.com/id.php?id=1533 ...
2006-02-12 (intitle:"metaf rame XP Login")|(intitl e:... Once you input any username, you'll get an error message. Try putting a script with some other fun commands in it. Just send some info off to be ...
2006-03-06 "Powered by Simplog" searches for simplog which has directory traversal and XSS velnerabilites in version <= 1.0.2 http://notlegal.ws/simplogsploit.txthttp://ret rogod.a ...
2006-03-13 "powered by sblog" +"version 0.7&qu... please go here for a writeup on the vulnerability.HTML injection.http://www.securityfocus.com/bid/170 44 ...
2006-03-18 "Thank You for using WPCeasy" There is a SQL injection vulnerability in WPC.easy, resulting in full admin access to any remote attacker. Vendor was notified. http://www.securityfoc ...
2006-02-08 "Powered by Loudblog" this dork is for the LoudBlog <= 0.4 arbitrary remote inclusion vulnerabilityadvisory & poc exploit:http://retrogod.altervista.org/loudblo g_04_ ...
2006-02-08 "This website engine code is copyright" ... Clever Copy <= 3.0 SQL injection dork: "This website engine code is copyright" "2005 by Clever Copy" advisory and poc exploit: ...
2006-02-08 intitle:"b2evo installer" intext:"I... this page lets you to know some interesting info on target machine, database name, username... it lets you to see phpinfo() and, if you know database ...
2006-02-09 "index of" intext:fckeditor inurl:fckedi... "index of" intext:fckeditor inurl:fckeditor this dork is for FCKEditor scriptthrough editor/filemanager/browser/default/connectors/ connector ...
2006-02-09 "powered by runcms" -runcms.com -runcms.... "powered by runcms" -runcms.com -runcms.org all versions <=1.2 are vulnerable to an arbitrary remote inclusion, this is more specific for ...
2006-02-13 ("This DragonflyÃ&ce nt;„.. . exploit and short explaination: http://retrogod.altervista.org/dragonfly9.0.6. 1_incl_xpl.html ...
2006-02-13 inurl:docmgr | intitle:"DocMGR " "en... exploit and short explaination: http://retrogod.altervista.org/docmgr_0542_inc l_xpl.html ...
2006-02-13 (intitle:"Flysp ray setup"|"po wered ... exploiting a bug in EGS Enterprise Groupware System 1.0 rc4, I found this dork: (intitle:"Flyspray setup"|"powered by flyspray 0.9.7&qu ...
2006-02-13 intext:"LinPHA Version" intext:"Hav... this is for Linpha <=1.0 arbitrary local inclusion:http://retrogod.altervista.org/linph a_10_local.html intext:"LinPHA Version" intext:&qu ...
2006-02-28 ("powered by nocc" intitle:"NOCC We... dork: ("powered by nocc" intitle:"NOCC Webmail") -site:sourceforge.net -Zoekinalles.nl -analysis software: http://nocc.sourceforge ...
2006-02-28 intitle:"igenus webmail login" intitle:"igenus webmail login"example exploit: http://[target]/[path]/?Lang=../../../../../.. /../../../../etc/passwd%00 http://[target]/[pat ...
2006-02-28 "powered by 4images" this is for 4images <= 1.7.1 remote code execution(you can see version in google description)poc exploit: http://retrogod.altervista.org/4images_17 ...
2006-02-28 intext:"Powered By Geeklog" -geeklog.net dork: intext:"Powered By Geeklog" -geeklog.net this is for the vulnerability discovered by GulfTech research, related stuff: (*) http://www. ...
2006-02-28 intitle:admbook intitle:version filetype:php intitle:admbook intitle:version filetype:php tested version: 1.2.2, you can inject php code in config-data.php and execute commands on target through ...
2006-03-28 WEBalbum 2004-2006 duda -ihackstuff -exploit dork: WEBalbum 2004-2006 duda -ihackstuff -exploitsoftware site: http://www.web-album.org/ advisory/ poc exploit: http://retrogod.altervista.org/webal ...
2006-03-28 intext:"Powered by Plogger!" -plogger.or... explaination & exploit: http://retrogod.altervista.org/plogger_b21_sql _xpl.html ...
2006-03-28 intext:"powered by gcards" -ihackstuff -... this is for gcards <=1.45 multiple vulnerabilities, advisory & poc exploit: http://retrogod.altervista.org/gcards_145_xpl. html ...
2006-03-28 "powered by php icalendar" -ihackstuff -... this is for php iCalendar <= 2.21 "cookie_language"/"cookie_style " remote cmmdns xctn & php iCalendar <= 2.21 publish.ic ...
2006-03-28 "powered by guestbook script" -ihackstuf... poc exploit & explaination: http://retrogod.altervista.org/gbs_17_xpl_pl.h tml ...
2006-03-28 "Powered by XHP CMS" -ihackstuff -exploi... tested version: 0.5 without to have admin rights, you can go to: http://[target]/path_to_xhp_cms]/inc/htmlarea/ plugins/FileManager/manager.php or http ...
2006-03-28 inurl:*.exe ext:exe inurl:/*cgi*/ a cgi-bin executables xss/html injection miscellanea:some examples:inurl:keycgi.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/keycgi.e ...
2006-03-30 "powered by claroline" -demo this is for Claroline e-learning platform <= 1.7.4 multiple vulnerabilitiesadvisory & poc exploit:http://retrogod.altervista.org/claroli ne_174_ ...
2006-03-30 "PhpCollab . Log In" | "NetOffice .... this is for PhpCollab 2.x / NetOffice 2.x sql injectionhttp://retrogod.altervista.org/phpcol lab_2x-netoffice_2x_sql_xpl.html ...
2006-04-05 intext:"2000-20 01 The phpHeaven Team" -s... this is the dork for PHPMyChat <= 0.14.5 chritical sql injection/eval() vulnerability:poc exploit:http://retrogod.altervista.org/phpmych at_0145_xpl ...
2006-04-05 "2004-2005 ReloadCMS Team." this is for ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution vulnerability, poc exploit:http://retrogod.altervista.org/relo ...
2006-04-10 intext:"2000-20 01 The phpHeaven Team" -s... intext:"2000-2001 The phpHeaven Team" -sourceforge this is for PHPMyChat remote commands execution,advisory/poc exploits:http://retrogod.alt ...
2006-04-10 inurl:server.php ext:php intext:"No SQL"... vulnerabilitydiscovered by Secunia, quick reference:http://www.securityfocus.com/bid/161 87an example of exploit for PHPOpenChat:http://retrogod.alterv ...
2006-04-10 intitle:PHPOpenChat inurl:"index.ph p?language... exploit:http://retrogod.altervista.org/phpopen chat_30x_sql_xpl.htmlalso, information disclosure:http://[target]/[path]/include/adod b/tests/tmssql.php? ...
2006-04-10 "powered by phplist" | inurl:"lists... this is for PHPList 2.10.2 arbitrary local inclusion, discovered by me:advisory/poc exploit: http://retrogod.altervista.org/phplist_2102_in cl_xpl.html ...
2006-04-15 "powered by sphider" -exploit -ihackstuf... dork: "powered by sphider" a vulnerable search engine script arbitrary remote inclusion, poc: http://[target]/[path]/admin/configset.php?cmd ...
2006-04-15 inurl:"extras/u pdate.php" intext:mysql.p... this is an osCommerce dork:inurl:"extras/update.php" intext:mysql.php -display or more simply: inurl:"extras/update.php" -display ...
2006-04-15 inurl:sysinfo.cgi ext:cgi dork:inurl:sysinfo.cgi ext:cgi exploit: http://www.milw0rm.com/exploits/1677 I found this command execution vulnerability in 1.2.1 but other versions ...
2006-04-15 inurl:perldiver.cgi ext:cgi dork: inurl:perldiver.cgi ext:cgi some interesting info about server and a cross site scripting vulnerability, poc: http://[target]/[path]/cgi-bin/per ...
2006-04-15 inurl:tmssql.php ext:php mssql pear adodb -cvs -a... dork:inurl:tmssql.php ext:php mssql pear adodb -cvs -akbka remote user can execute an arbitrary function (without arguments) example: http://[target] ...
2006-04-15 "powered by php photo album" | inurl:&qu... dork: "powered by php photo album" | inurl:"main.php?cmd=album" -demo2 -pitanje poc: if register_globals = On & magic_quotes_ ...
2006-04-25 "powered by active php bookmarks" | inur... Active PHP Bookmarks, a web based bookmark manager, was originally developed by Brandon Stone. Due to lack of time he has withdrawn himself from the p ...
2006-04-25 inurl:resetcore.php ext:php e107 is a content management system written in php and using the popular open source mySQL database system for content storage. It's completely f ...
2006-04-25 "This script was created by Php-ZeroNet"... Php-ZeroNet is a script comprised of php allowing webmasters to start a online community. Php-ZeroNet features Content Management, News posting, User ...
2006-04-25 "You have not provided a survey identificatio... sql injection:http://www.securityfocus.com/bid/160 77/discussremote command execution:http://retrogod.altervista.org/phpsu rveyor_0995_xpl.html ...
2006-04-25 intitle:"HelpDe sk" "If you need add... it's another helpdesk application.my exploit:http://fr0zen.no-ip.org/phphelpdesk-0. 6.16_rcxcn_xpl.phps ...
2006-04-28 inurl:database.php | inurl:info_db.php ext:php &qu... this is for Woltlab Burning Board 2.x (Datenbank MOD fileid)exploit:http://seclists.org/lists/bugtr aq/2006/Mar/0058.html ...
2006-05-04 intext:"This site is using phpGraphy" | ... found this: a remote user can have access to some edit functionalities to "modify" html. Impact: cross site scripting, denial of service ref ...
2006-05-04 intext:"Powered by PCPIN.com" -site:pcpi... this is for PCPIN Chat SQL injection/login bypass and arbitrary local inclusion references:http://retrogod.altervista.org/pcpi n_504_xpl.htmlhttp://sec ...
2006-05-04 intitle:"X7 Chat Help Center" | "Po... this is for X7 Chat <=2.0 remote commands executionyou can see version in description, you can also check for install.phpreferences:http://retrogod ...
2006-05-22 allinurl:tseekdir.cg i tseekdir.cgi?location=FILENAME%00eg:tseekdir.c gi?location=/etc/passwd%00basically any file on the server can be viewed by inserting a null (%00) into ...
2006-05-30 Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 St... this is for Nucleus 3.22 CMS arbitrary remote inclusion advisory/poc exploit: http://retrogod.altervista.org/nucleus_322_inc l_xpl.html ...
2006-05-30 "powered by pppblog v 0.3.(.)" this is for the pppblog 0.3.x system disclosure vulnerability, advisory/poc exploit: http://retrogod.altervista.org/pppblog_038_xpl .html ...
2006-05-30 "Powered by PHP-Fusion v6.00.110" | &quo... this the dork for theese PHP-Fusion exploits:http://retrogod.altervista.org/phpfus ion_600306_xpl.htmlhttp://retrogod.altervista. org/phpfusion_600306_s ...
2006-05-30 intitle:"XOOPS Site" intitle:"Just ... this is the dork for the XOOPS 2.x 'xoopsOption[nocommon]' overwrite vulnerability, advisory & poc exploit:http://retrogod.altervista.or ...
2006-05-30 inurl:wp-login.php +Register Username Password &qu... this is a bit different from the previous one in GHDB, it searches for Wordpress 2.x sites where user registration is enabled, a user can inject a car ...
2006-06-02 "powered by ubbthreads" forums powered by ubbthreads are vulnerable to file inclusion.You can get more results with yahoo search.http://site.com/ubbthredspath//ubbt.inc .php?t ...
2006-08-13 "Powered by sendcard - an advanced PHP e-card... this is for Sendcard remote commands execution,advisory/ poc exploit: http://retrogod.altervista.org/sendcard_340_xp l.html ...
2006-08-13 "powered by xmb" this is for XMB <=1.9.6 Final remote commands execution and sql injection, adivories/poc exploits:http://retrogod.altervista.org/xmb_19 6_cnd_xpl.ht ...
2006-08-13 "powered by minibb forum software" This dork is for minibb forum software arbitrary remote inclusion. this is about the unset() issue found by S. Esser: http://www.hardened-php.net/hphp ...
2006-08-13 inurl:eStore/index.c gi? this is for eStore directory traversal, example exploit:http://[target]/[path]/eStore/index.cg i?page=../../../../../../../../etc/passwd ...
2006-09-13 "Powered by Vsns Lemon" intitle:"Vs... hxxp://evuln.com/vulns/106/summary.html ...