GHDB :: Advisories and Vulnerabilities
| Date | Title | Summary | |
| 2004-03-04 | EarlyImpact Productcart |
The EarlyImpact Productcart contains multiple vulnerabilites, which could exploited to allow an attacker to steal user credentials or mount other atta … |
 |
| 2004-03-04 | mnGoSearch vulnerability |
According to http://www.securityfocus.com/bid/9667, certain versions of mnGoSearch contain a buffer overflow vulnerability which allow an attacker to … |
|
| 2004-05-12 | intitle:guestbook "advanced guestbook 2.2 pow… |
Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit "Admin" then do the following … |
|
| 2004-06-25 | VP-ASP Shopping Cart XSS |
VP-ASP (Virtual Programming – ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any ty … |
|
| 2004-07-02 | vBulletin version 3.0.1 newreply.php XSS |
vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the po … |
|
| 2004-07-12 | Invision Power Board SSI.PHP SQL Injection |
Invision Power Board is reported prone to an SQL injection vulnerability in its ssi.php script. Due to improper filtering of user supplied data, ssi.p … |
|
| 2004-08-03 | inurl:gotoURL.asp?ur l= |
ASP Nuke is an open-source software application for running a community-based web site on a web server. By open-source, we mean the code is freely ava … |
|
| 2004-08-05 | "powered by antiboard" |
"AntiBoard is a small and compact multi-threaded bulletin board/message board system written in PHP. It uses either MySQL or PostgreSQL as the da … |
|
| 2004-08-09 | inurl:comersus_messa ge.asp |
About Comercus: "Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web si … |
|
| 2004-08-09 | ext:pl inurl:cgi intitle:"FormMa il *" -… |
FormMail is a Perl script written by Matt Wright to send mail with sendmail from the cgi-gateway. Early version didn' have a referer check. New v … |
|
| 2004-08-16 | Achievo webbased project management |
Achievo is a free web-based project management tool for business-environments. Achievo's is mainly used for its project management capabilities. … |
|
| 2004-08-25 | "Powered by Gallery v1.4.4" |
http://www.securityfocus.com/bid/10968/discuss ion/"A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute ma … |
|
| 2004-09-07 | "Powered by Ikonboard 3.1.1" |
IkonBoard (http://www.ikonboard.com/) is a comprehensive web bulletin board system, implemented as a Perl/CGI script.There is a flaw in the Perl code … |
|
| 2004-09-07 | WebAPP directory traversal |
WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. The WebAPP system has a serious reverse directory … |
|
| 2004-09-10 | E-market remote code execution |
E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The expl … |
|
| 2004-09-18 | "Powered *: newtelligence" ("dasBlo… |
DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to … |
|
| 2004-09-21 | "Powered by DCP-Portal v5.5" |
DCP-Portal is more a community system than a CMS – it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql i … |
|
| 2004-09-21 | Quicksite demopages for Typo3 |
TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, f … |
|
| 2004-09-21 | filetype:cgi inurl:tseekdir.cgi |
The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with … |
|
| 2004-09-23 | filetype:php inurl:index.php inurl:"module=s u… |
Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. http://securityfocus.com/bid/11148/discus … |
|
| 2004-09-23 | filetype:cgi inurl:pdesk.cgi |
PerlDesk is a web based help desk and email management application designed to streamline support requests, with built in tracking and response loggin … |
|
| 2004-09-23 | "Powered by IceWarp Software" inurl:mail |
IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. Few details regarding the specific vulnerabilities are known. These v … |
|
| 2004-09-24 | intitle:"MRTG/R RD" 1.1* (inurl:mrtg.cgi … |
The remote user can reportedly view the first string of any file on the system where script installed. This is a very old bug, but some sites never up … |
|
| 2004-09-29 | ReMOSitory module for Mambo |
It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to proper … |
|
| 2004-10-05 | intitle:"WordPr ess > * > Login form&quo… |
WordPress is a semantic personal publishing platform.. it suffers from a possible XSS attacks.http://www.securityfocus.com/bid/11268 /info/ … |
|
| 2004-10-05 | inurl:"comment. php?serendipity" ; |
serendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source.For an attacker it is possible to i … |
|
| 2004-10-05 | "Powered by AJ-Fork v.167" |
AJ-Fork is, as the name implies – a fork. Based on the CuteNews 1.3.1 core, the aim of the project is to improve what can be improved, and extend what … |
|
| 2004-10-05 | "Powered by Megabook *" inurl:guestbook…. |
MegaBook is a web-based guestbook that is intended to run on Unix and Linux variants. MegaBook is prone to multiple HTML injection vulnerabilities. h … |
|
| 2004-10-09 | "Powered by yappa-ng" |
yappa-ng is a very powerful but easy to install and easy to use online PHP photo gallery for all Operating Systems (Linux/UNIX, Windows, MAC, …), an … |
|
| 2004-10-09 | "Active Webcam Page" inurl:8080 |
Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cros … |
|
| 2004-10-10 | "Powered by A-CART" |
A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database. A security vulner … |
|
| 2004-10-10 | "Online Store - Powered by ProductCart" |
ProductCart is "an ASP shopping cart that combines sophisticated ecommerce features with time-saving store management tools and remarkable ease o … |
|
| 2004-10-11 | "Powered by FUDforum" |
FUDforum is a forums package. It uses a combination of PHP & MySQL to create a portable solution that can run on virtually any operating system. F … |
|
| 2004-10-11 | "BosDates Calendar System " "powere… |
"BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which ar … |
|
| 2004-10-12 | intitle:"EMUMAI L – Login" "Powered … |
The failure to strip script tags in emumail.cgi allows for XSS type of attack. Vulnerable systems: * EMU Webmail version 5.0 * EMU Webmail version 5 … |
|
| 2004-10-12 | intitle:"WebJef f - FileManager" intext:&… |
WebJeff-Filemanager 1.x DESCRIPTION: A directory traversal vulnerability has been identified in WebJeff-Filemanager allowing malicious people to view … |
|
| 2004-10-13 | inurl:"messageb oard/Forum.asp?" ; |
Multiple vulnerabilities have been found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack. htt … |
|
| 2004-10-15 | "1999-2004 FuseTalk Inc" -site:fusetalk…. |
Fusetalk forums (v4) are susceptible to cross site scripting attacks that can be exploited by passing a img src with malicious javascript. … |
|
| 2004-10-16 | "2003 DUware All Rights Reserved" |
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. … |
|
| 2004-10-16 | "This page has been automatically generated b… |
Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems th … |
|
| 2004-10-19 | inurl:ttt-webmaster. php |
Turbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found.Vulnerability report: http://ww … |
|
| 2004-10-19 | "Copyright Â&A tilde;‚Â… |
CoolPHP has multiple vulnerabilities:* Cross-Site Scripting vulnerability (index.php)* A Path Disclosure Vulnerability (index.php)* Local file include … |
|
| 2004-10-19 | "Powered by CubeCart" |
———————————————- ———-Full path disclosure and sql injection on CubeCart 2.0.1————————————– … |
|
| 2004-10-21 | "Ideal BB Version: 0.1" -idealbb.com |
Ideal BB has been a popular choice for powering web based bulletin boards and we are now proud to introduce our next generation bulletin board Ideal B … |
|
| 2004-10-22 | "Powered by YaPig V0.92b" |
YaPiG is reported to contain an HTML injection vulnerability. The problem is reported to present itself due to a lack of sanitization performed on cer … |
|
| 2004-10-25 | inurl:"/site/ar ticles.asp?idcategor y=" |
Dwc_Articles is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Des … |
|
| 2004-10-26 | filetype:cgi inurl:nbmember.cgi |
vulnerable Netbilling nbmember.cgiNetbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue … |
|
| 2004-10-26 | "Powered by Coppermine Photo Gallery" |
published Oct 20, 2004, updated Oct 20, 2004vulnerable:Coppermine Photo Gallery Coppermine Photo Gallery 1.0Coppermine Photo Gallery Coppermine Photo … |
|
| 2004-10-26 | "Powered by WowBB" -site:wowbb.com |
WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize u … |
|
| 2004-10-26 | "Powered by ocPortal" -demo -ocportal.co… |
Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied UR … |
|
| 2004-10-26 | inurl:"slxweb.d ll" |
salesLogix is the Customer Relationship Management solution thatdrives sales performance in small to medium-sized businesses through Sales, Marketing … |
|
| 2004-10-26 | "Powered by DMXReady Site Chassis Manager&quo… |
It is reported that DMXReady Site Chassis Manager is susceptible to two remotely exploitable input validation vulnerabilities. These vulnerabilities a … |
|
| 2004-10-26 | "Powered by My Blog" intext:"FuzzyM. .. |
FuzzyMonkey My Blog is vulnerable to multiple input validation vulnerabilities. These issues are caused by a failure to validate and filter user-suppl … |
|
| 2004-10-26 | inurl:wiki/MediaWiki | MediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remot … |
|
| 2004-10-26 | "inurl:/site/ar ticles.asp?idcategor y=" |
Dwc_Articles, is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Desi … |
|
| 2004-10-26 | "Enter ip" inurl:"php-ping .php"… |
It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vul … |
|
| 2004-10-27 | intitle:welcome.to.h orde |
Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus. … |
|
| 2004-10-27 | "BlackBoard 1.5.1-f | Â&A til… |
bugtraq id 11336objectclass Input Validation Errorcve CVE-MAP-NOMATCHremote Yeslocal Nopublished Oct 06, 2004updated Oct 06, 2004vulnerable BlackBoard … |
|
| 2004-11-05 | inurl:"forumdis play.php" +"Powered … |
vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user- … |
|
| 2004-11-13 | inurl:technote inurl:main.cgi*filen ame=* |
http://www.securityfocus.com/bid/2156/discussi on/ Remote command execution vulnerability in the filename parameter. … |
|
| 2004-11-12 | "running: Nucleus v3.1" -.nucleuscms.org… |
Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. A remote attacker may leverage these issues to steal cookie-based authentication c … |
|
| 2004-11-12 | "driven by: ASP Message Board" |
Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. A remote attacker may leverage these issues to steal cookie-bas … |
|
| 2004-11-18 | "Obtenez votre forum Aztek" -site:forum-… |
Atztek Forum is a french forum system. Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker … |
|
| 2004-11-18 | intext:("UBB.th readsà;¢&At… |
UBB.Threads 6.2.*-6.3.* one char bruteforce vulnerability:http://www.k-otik.com/exploits/2 0041116.r57ubb.pl.php … |
|
| 2004-11-18 | inurl:/SiteChassisMa nager/ |
Unknown SQL injection and XSS vulnerabilities in DMXReady Site Chassis Manager.http://www.securityfocus.com/bid/11434 /discussion/ … |
|
| 2004-11-18 | inurl:directorypro.c gi |
A security vulnerability in the product allows attackers to perform a directory traversal attack and access files that reside outside the normal HTTP … |
|
| 2004-11-18 | inurl:cal_make.pl | A security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory. http://www. … |
|
| 2004-11-18 | "Powered by PowerPortal v1.3" |
PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input … |
|
| 2004-11-19 | "powered by minibb" -site:www.minibb.net … |
miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prio … |
|
| 2004-11-29 | inurl:"/cgi-bin /loadpage.cgi?user_i d=" |
Description:EZshopper is a full-featured shopping cart program. loadpage.cgi of EZshopper allows Directory Traversal http://www.securityfocus.com/bid/ … |
|
| 2004-11-30 | intitle:"View Img" inurl:viewimg.php |
It is reported that the 'viewing.php' script does not properly validate user-supplied input in the 'path' variable. A remote user … |
|
| 2004-12-01 | +"Powered by Invision Power Board v2.0.0..2&q… |
A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-suppli … |
|
| 2004-12-01 | +"Powered by phpBB 2.0.6..10" -phpbb.com… |
phpbb is vulnerable to SQL Injection, allowing people to minipulate the query into pulling data (such as passwords). Arbituary EXEC allows an attacker … |
|
| 2004-12-19 | ext:php intext:"Powered by phpNewMan Version&… |
PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery managem … |
|
| 2005-01-02 | "Powered by WordPress" -html filetype:ph… |
Query: "Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraqBackground: WordPress is a blogging software which is vulnerab … |
|
| 2005-01-21 | uploadpics.php?did= -forumintext:Generat ed.by.phpi… |
Product: PHPix Version: 1.0Vuln: Directory traversalPHPix is a Web-based photo album viewer written in PHP. It features automatic generation of thumb … |
|
| 2005-01-20 | inurl:citrix/metafra mexp/default/login.a sp? Client… |
Citrix (http://citrix.com) is a web application that allows remote access via a client for companies, institutions, and government agencies to "p … |
|
| 2005-01-30 | "SquirrelMail version 1.4.4" inurl:src e… |
date :Jan 30 2005 this search reveal the src/webmail.php which would allow acrafted URL to include a remote web page. This was assigned CAN-2005-0103b … |
|
| 2005-02-07 | "IceWarp Web Mail 5.3.0" "Powered b… |
IceWarp Web Mail 5.3.0Multiple cross-site scripting and HTML injection vulnerabilities.http://www.securityfocus.com/b id/12396/ … |
|
| 2005-02-09 | "Powered by MercuryBoard [v1" |
Exploit for MercuryBoard:http://www.securityfocus.com/arch ive/1/389881/2005-02-06/2005-02-12/0Enter the following search:"Powered by MercuryBoard ... |
|
| 2005-02-17 | "delete entries" inurl:admin/delete.a sp |
As described in OSVDB article #13715:"AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered ... |
|
| 2005-02-18 | allintitle:aspjar.co m guestbook |
"An input validation vulnerability was reported in the ASPJar guestbook. A remote user can gain administrative access and can delete guestbook me ... |
|
| 2005-02-16 | "powered by CubeCart 2.0" |
This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to ... |
|
| 2005-03-20 | Powered.by:.vBulleti n.Version ...3.0.6 |
vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. The issue is reported to exist due to a lack of sufficient input ... |
|
| 2005-03-20 | filetype:php intitle:"paNews v2.0b4" |
PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews soft ... |
|
| 2005-03-29 | "Powered by Coppermine Photo Gallery" ( ... |
Reportedly Coppermine Photo Gallery is prone to multiple input validation vulnerabilities, some of which may lead to arbitrary command execution. Thes ... |
|
| 2005-04-12 | powered.by.instaBoar d.version.1.3 |
InstaBoard is a coldfusion forum solution. In its version 1.3 it is vulnerable to SQL Injection.Bugtraq ID 7338 ... |
|
| 2005-04-04 | intext:"Powered by phpBB 2.0.13" inurl:&... |
phpBB 2.0.13 with installed Calendar Pro MOD are vulnerable to SQL injection attacks. An attacker can download the MD5 hashes from the account databse ... |
|
| 2005-05-07 | intitle:"myBlog gie 2.1.1..2 - by myWebland&qu... |
myBloggie is affected by multiple vulnerabilities. http://www.securityfocus.com/bid/13507 ... |
|
| 2005-05-14 | intitle:"osTick et :: Support Ticket System&qu... |
osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. Ther ... |
|
| 2005-05-30 | inurl:sphpblog intext:"Powered by Simple PHP ... |
simple PHP Blog is vulnerable to mutiple attacks:Vulnerabilities:~~~~~~~~~~~~~~~~A. Full Path disclosuresB. XSS in search.phpC. Critical Information d ... |
|
| 2005-06-03 | intitle:"PowerD ownload" ("PowerDown... |
The PowerDownload program (version 3.0.2 and 3.0.3) contains a serious vulnerability. Vulnerability discovery: SoulBlack - Security Research (http://s ... |
|
| 2005-06-03 | "portailphp v1.3" inurl:"index.ph p?... |
Vulnerability has been found in parameter "id". If this variableAny value it is possible to replace it with a sign ' is transferredSinc ... |
|
| 2005-06-03 | +intext:"powere d by MyBulletinBoard" ; |
MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. There is an SQL Injection Exploit available for MyBulletinBoard (MyBB ... |
|
| 2005-06-10 | intext:"Powered by flatnuke-2.5.3" +&quo... |
Description of VulnerabilitiesMultiple vulnerabilities in FlatNuke have been reported, which can be exploited by remote users to trigger denial of ser ... |
|
| 2005-06-21 | intext:"Powered By: Snitz Forums 2000 Version... |
snitz Forum 2000 v 3.4.03 and older is vulnerable to many things including XSS. See http://www.gulftech.org/?node=research&art icle_id=00012-061620 ... |
|
| 2005-06-24 | inurl:"/login.a sp?folder=" "Powered... |
i-Gallery 3.3 (and possibly older) is vulnerable to many things, including /../ traversals.http://www.packetstormsecurity.org/ 0506-exploits/igallery33 ... |
|
| 2005-06-24 | intext:"Calenda r Program Â&A ... |
This search finds all pages that allow you to add events in Mark Kruse's CalendarScript. This script seems to be VERY vulnerable to HTML injectio ... |
|
| 2005-07-08 | "powered by PhpBB 2.0.15" -site:phpbb.co... |
Another php vulnerabilty, as seen here
http://www.frsirt.com/exploits/20050704.phpbbS ecureD.pl.phpphpBB 2.0.15 Viewtopic.PHP Remote |
|
| 2005-08-10 | intitle:"blog torrent upload" |
Blog Torrent is free, open-source software that provides a way to share large files on your website.vulnerability: free access to the password filehtt ... |
|
| 2005-08-10 | inurl:index.php fees shop link.codes merchantAccou... |
Vulnerability in EPay systemsPHP code includinghttp://targeturl/index.php?read=../.. /../../../../../../../../../../../../etc/passw dadvisory:http://www ... |
|
| 2005-08-18 | "Powered by Zorum 3.5" |
Zorum 3.5 remote code execution poc exploitsoftware:description: Zorum is a freely available, open source Web-based forumapplication implemented in PH ... |
|
| 2005-08-21 | "powered by ITWorking" |
saveWebPortal 3.4 remote code execution / admin check bypass / remote fileinclusion / cross site scripting author site: http://www.circeos.itdownload ... |
|
| 2005-08-30 | "Powered by FUDForum 2.6" -site:fudforum... |
FUDforum is prone to a remote arbitrary PHP file upload vulnerability.An attacker can merge an image file with a script file and upload it to an affec ... |
|
| 2005-09-19 | intitle:"Lookin g Glass v20040427" "... |
Looking Glass v20040427 arbitrary commands execution / cross site scripting. description: Looking Glass is a pretty extensive web based network queryi ... |
|
| 2005-08-29 | phpLDAPadmin intitle:phpLDAPadmin filetype:php inu... |
phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,remote code execution, cross site scriptingsoftware:author site: http:// ... |
|
| 2005-08-30 | intitle:guestbook inurl:guestbook "powered by... |
Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied i ... |
|
| 2005-08-30 | "Powered by FUDForum 2.7" -site:fudforum... |
FUDforum is prone to a remote arbitrary PHP file upload vulnerability.An attacker can merge an image file with a script file and upload it to an affec ... |
|
| 2005-09-04 | inurl:chitchat.php "choose graphic" |
rgod advises:Cyber-Cats ChitCHat 2.0 permit cross site scripting attacks, let users launch exploits from, let remote users obtain informations on targ ... |
|
| 2005-09-05 | "Calendar programming by AppIdeas.com" f... |
phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting This search does not narrow to vulnerable ver ... |
|
| 2005-09-05 | "Powered by MD-Pro" | "made with MD... |
MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution/ cross site scripting / path disclosure. This search does not find vulnerable ver ... |
|
| 2005-09-07 | "Software PBLang" 4.65 filetype:php |
my advisory:[quote]PBLang 4.65 (possibly prior versions) remote code execution / administrativecredentials disclosure / system information disclosure … |
|
| 2005-09-08 | "Powered by and copyright class-1" 0.24… |
class-1 Forum Software v 0.24.4 Remote code executionsoftware: site: http://www.class1web.co.uk/softwaredescription : class-1 Forum Software is a PHP/M … |
|
| 2005-09-13 | "Powered by AzDg" (2.1.3 | 2.1.2 | 2.1.1… |
AzDGDatingLite V 2.1.3 (possibly prior versions) remote code execution software: site: http://www.azdg.com/ download page: http://www.azdg.com/scripts … |
|
| 2005-09-13 | "Powered by: Land Down Under 800" | &qu… |
Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied inpu … |
|
| 2005-09-13 | "powered by Gallery v" "[Gallery not found]… |
There is a script injection vuln for all versions.http://www.securityfocus.com/bid/1466 8 … |
|
| 2005-09-13 | intitle:guestbook inurl:guestbook "powered by… |
Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied i … |
|
| 2005-09-15 | "Copyright 2004 Â&A tilde;‚&A… |
Digital Scribe v1.4 Login Bypass / SQL injection / remote code executionsoftware site: http://www.digital-scribe.org/description: "Teachers have … |
|
| 2005-09-17 | "Powered by PHP Advanced Transfer Manager&quo… |
PHP Advanced Transfer Manager v1.30 underlying system disclosure / remote command execution / cross site scriptingrgodsite: http://rgod.altervista.org … |
|
| 2005-09-17 | "Powered by CuteNews" |
CuteNews 1.4.0 (possibly prior versions) remote code executionsoftware site: http://cutephp.com/description: "Cute news is a powerful and easy fo … |
|
| 2005-09-23 | "Powered by GTChat 0.95"+"Use r Logi… |
There is a (adduser) remote denial of service vulnerabilty on version 0.95 … |
|
| 2005-09-23 | http://www.google.co m/search?q=intitle:% 22WEB//NEW… |
WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppl … |
|
| 2005-09-23 | "Mimicboard2 086"+"2000 Nobutaka Ma… |
Mimicboard2 is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppli … |
|
| 2005-09-25 | "Maintained with Subscribe Me 2.044.09p"… |
subscribe Me Pro 2.0.44.09p is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. Expl … |
|
| 2005-09-25 | "Powered by autolinks pro 2.1" inurl:reg… |
AutoLinksPro is a linking solution. AutoLinksPro link exchange software was built for the search engines to help improve your search engine rankings, … |
|
| 2005-09-25 | "CosmoShop by Zaunz Publishing" inurl:&q… |
cosmoshop is a comercial shop system written as a CGI.vulnerabilities:sql injection, passwords saved in cleartext, view any filehttp://www.securityfoc … |
|
| 2005-09-25 | "Powered by Woltlab Burning Board" -&quo… |
It's an exact replica of vbulletin but it is free.SQL-Injection Exploit:http://www.governmentsecurity.org/arch ive/t14850.html … |
|
| 2005-09-25 | intitle:"PHP TopSites FREE Remote Admin" |
PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimite … |
|
| 2005-09-28 | Powered by PHP-Fusion v6.00.109 Â.. . |
this is the dork: Powered by PHP-Fusion v6.00.109 © 2003-2005. -php-fusion.co.ukas it is, without quotes, for t … |
|
| 2005-09-29 | "Powered By: lucidCMS 1.0.11" |
Lucid CMS 1.0.11 SQL Injection /Login bypassthis is the dork for ther version I tested:"Powered By: lucidCMS 1.0.11"advisory/poc exploit:htt … |
|
| 2005-10-03 | intitle:Mantis "Welcome to the bugtracker&quo… |
cross site scripting and sql injection vunerabilities were discovered in Mantis versions 0.19.2 or less. Mantis is a web-based bugtracking system writ … |
|
| 2005-10-06 | "News generated by Utopia News Pro" | &q… |
Utopia News Pro 1.1.3 (and prior versions) SQL Injection & XSSadvisory & poc exploit:http://rgod.altervista.org/utopia113.h tml … |
|
| 2005-10-08 | "Cyphor (Release:" -www.cynox.ch |
Cyphor 0.19 (possibly prior versions) SQL Injection / Board takeover / cross site scriptingmy advisory & poc exploit:http://rgod.altervista.org/cy … |
|
| 2005-10-10 | "Welcome to the versatileBulletinBoa rd" … |
versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)multiple SQL Injection vulnerabilities / login bypass / cross site scripting / information … |
|
| 2005-11-12 | inurl:course/categor y.php | inurl:course/info.ph p … |
Moodle <=1.6 blind SQL injectionadvisory & poc exploit:http://rgod.altervista.org/moodle16dev .html … |
|
| 2005-11-12 | "Powered by XOOPS 2.2.3 Final" |
XOOPS 2.2.3 Arbitrary local file inclusionThis a generic dork for the version I tested, advisory & poc exploit:http://rgod.altervista.org/xoops_xp … |
|
| 2005-11-12 | inurl:"wfdownlo ads/viewcat.php?list =" |
XOOPS WF_Downloads (2.05) module SQL injectionThis a specific dork, that searches XOOPS sites with WF_Downloads module installed, advisory & poc e … |
|
| 2005-11-17 | "This website was created with phpWebThings 1… |
This is Secunia advisory:http://secunia.com/advisories/17410/a nd my exploit that show a new vulnerability in "msg" parameter:http://rgod.alt … |
|
| 2005-11-23 | "Copyright 2000 - 2005 Miro International Pty… |
this dork is for Mambo 4.5.2x Globals overwrite / remote command execution exploit:http://rgod.altervista.org/mambo452_xp l.html … |
|
| 2005-11-25 | ("Skin Design by Amie of Intense")|(&quo … |
eFiction <=2.0 multiple vulnerabilitiesadvisory e poc exploit:http://rgod.altervista.org/efiction2_x pl.html … |
|
| 2005-11-25 | "Powered by UPB" (b 1.0)|(1.0 final)|(Pu… |
dork: "Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b) this is a very old vulnerability discovered by Xanthic, can't find it in … |
|
| 2005-11-28 | "powered by GuppY v4"|"Site cr&Atil… |
Guppy <= 4.5.9 $REMOTE_ADDR overwrite -> remote code execution / various arbitrary inclusion issuesadvisory & poc exploit:http://rgod.alterv … |
|
| 2005-11-29 | "Powered by Xaraya" "Copyright 2005… |
Xaraya <=1.0.0 RC4 Denial of Serviceexplaination: http://rgod.altervista.org/xarayaDOS.htmlexplo it:http://rgod.altervista.org/xarayaDOS_xpl.ht |
|
| 2005-11-30 | "This website powered by PHPX" -demo |
this is the dork for PhpX <= 3.5.9 Sql injection /login bypass vulnerabilityadvisory & poc exploit: http://rgod.altervista.org/phpx_359_xpl.htm … |
|
| 2005-12-04 | "Based on DoceboLMS 2.0" |
advisory & poc exploit:http://rgod.altervista.org/docebo204_x pl.html … |
|
| 2005-12-07 | "2005 SugarCRM Inc. All Rights Reserved"… |
this is the dork for Sugar Suite 3.5.2a & 4.0beta remote code execution issue, advisory & poc exploit:http://rgod.altervista.org/sugar_suite _4 … |
|
| 2005-12-12 | "Powered By phpCOIN 1.2.2" |
PhpCOIN 1.2.2 arbitrary remote\local inclusion / blind sql injection / path disclosureadvisory:http://rgod.altervista.org/ phpcoin122.htmlmore generic: … |
|
| 2005-12-14 | intext:"Powered by SimpleBBS v1.1"* |
Vulnerability DescriptionSimpleBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search mod … |
|
| 2005-12-14 | "Site powered By Limbo CMS" |
this is the dork for Limbo Cms <= 1.0.4.2 _SERVER[] overwrite / remote code executionadvisory & poc exploit:http://rgod.altervista.org/limbo104 … |
|
| 2005-12-31 | intext:"Powered by CubeCart 3.0.6" intit… |
CubeCart is an eCommerce script written with PHP & MySQL. Search CubeCart 3.0.6 portal vulnerable. The vulnerability is Remote Command Execution. … |
|
| 2006-01-02 | intext:"PhpGedV iew Version" intext:"… |
PHPGedView <=3.3.7 remote code executionadvisory & poc exploit: http://rgod.altervista.org/phpgedview_337_xpl. html … |
|
| 2006-01-02 | intext:"Powered by DEV web management system&… |
DEV cms <=1.5 SQL injection advisory & poc exploit: http://rgod.altervista.org/dev_15_sql_xpl.html … |
|
| 2006-01-02 | intitle:"phpDoc umentor web interface" |
Php Documentor < = 1.3.0 rc4 remote code xctn dork: intitle:"phpDocumentor web interface"advisory & poc exploit:http://rgod.altervist … |
|
| 2006-01-16 | inurl:install.pl intitle:GTchat |
Gtchat install file.You can disable the chat program or change the language without a admin username or password. You can also point the chatroom info … |
|
| 2006-02-26 | intitle:"4image s – Image Gallery Management S… |
Find web app: 4Images = 1.7.1This web app is vulenrable to remote code execution exploit.The url of exploit is this: http://milw0rm.com/id.php?id=1533 … |
|
| 2006-02-12 | (intitle:"metaf rame XP Login")|(intitl e:… |
Once you input any username, you'll get an error message. Try putting a script with some other fun commands in it. Just send some info off to be … |
|
| 2006-03-06 | "Powered by Simplog" |
searches for simplog which has directory traversal and XSS velnerabilites in version <= 1.0.2 http://notlegal.ws/simplogsploit.txthttp://ret rogod.a … |
|
| 2006-03-13 | "powered by sblog" +"version 0.7&qu… |
please go here for a writeup on the vulnerability.HTML injection.http://www.securityfocus.com/bid/170 44 … |
|
| 2006-03-18 | "Thank You for using WPCeasy" |
There is a SQL injection vulnerability in WPC.easy, resulting in full admin access to any remote attacker. Vendor was notified. http://www.securityfoc … |
|
| 2006-02-08 | "Powered by Loudblog" |
this dork is for the LoudBlog <= 0.4 arbitrary remote inclusion vulnerabilityadvisory & poc exploit:http://retrogod.altervista.org/loudblo g_04_ … |
|
| 2006-02-08 | "This website engine code is copyright" … |
Clever Copy <= 3.0 SQL injection dork: "This website engine code is copyright" "2005 by Clever Copy" advisory and poc exploit: … |
|
| 2006-02-08 | intitle:"b2evo installer" intext:"I… |
this page lets you to know some interesting info on target machine, database name, username… it lets you to see phpinfo() and, if you know database … |
|
| 2006-02-09 | "index of" intext:fckeditor inurl:fckedi… |
"index of" intext:fckeditor inurl:fckeditor this dork is for FCKEditor scriptthrough editor/filemanager/browser/default/connectors/ connector … |
|
| 2006-02-09 | "powered by runcms" -runcms.com -runcms…. |
"powered by runcms" -runcms.com -runcms.org all versions <=1.2 are vulnerable to an arbitrary remote inclusion, this is more specific for … |
|
| 2006-02-13 | ("This DragonflyÃ&A circ;¢Ã.. . |
exploit and short explaination:
http://retrogod.altervista.org/dragonfly9.0.6. 1_incl_xpl.html … |
|
| 2006-02-13 | inurl:docmgr | intitle:"DocMGR " "en… |
exploit and short explaination:
http://retrogod.altervista.org/docmgr_0542_inc l_xpl.html … |
|
| 2006-02-13 | (intitle:"Flysp ray setup"|"po wered … |
exploiting a bug in EGS Enterprise Groupware System 1.0 rc4, I found this dork: (intitle:"Flyspray setup"|"powered by flyspray 0.9.7&qu … |
|
| 2006-02-13 | intext:"LinPHA Version" intext:"Hav… |
this is for Linpha <=1.0 arbitrary local inclusion:http://retrogod.altervista.org/linph a_10_local.html intext:"LinPHA Version" intext:&qu … |
|
| 2006-02-28 | ("powered by nocc" intitle:"NOCC We… |
dork: ("powered by nocc" intitle:"NOCC Webmail") -site:sourceforge.net -Zoekinalles.nl -analysis software: http://nocc.sourceforge … |
|
| 2006-02-28 | intitle:"igenus webmail login" |
intitle:"igenus webmail login"example exploit: http://[target]/[path]/?Lang=../../../../../.. /../../../../etc/passwd%00 |
|
| 2006-02-28 | "powered by 4images" |
this is for 4images <= 1.7.1 remote code execution(you can see version in google description)poc exploit: http://retrogod.altervista.org/4images_17 ... |
|
| 2006-02-28 | intext:"Powered By Geeklog" -geeklog.net |
dork: intext:"Powered By Geeklog" -geeklog.net this is for the vulnerability discovered by GulfTech research, related stuff: (*) http://www. ... |
|
| 2006-02-28 | intitle:admbook intitle:version filetype:php |
intitle:admbook intitle:version filetype:php tested version: 1.2.2, you can inject php code in config-data.php and execute commands on target through ... |
|
| 2006-03-28 | WEBalbum 2004-2006 duda -ihackstuff -exploit |
dork: WEBalbum 2004-2006 duda -ihackstuff -exploitsoftware site: http://www.web-album.org/ advisory/ poc exploit: http://retrogod.altervista.org/webal ... |
|
| 2006-03-28 | intext:"Powered by Plogger!" -plogger.or... |
explaination & exploit:
http://retrogod.altervista.org/plogger_b21_sql _xpl.html ... |
|
| 2006-03-28 | intext:"powered by gcards" -ihackstuff -... |
this is for gcards <=1.45 multiple vulnerabilities, advisory & poc exploit: http://retrogod.altervista.org/gcards_145_xpl. html ... |
|
| 2006-03-28 | "powered by php icalendar" -ihackstuff -... |
this is for php iCalendar <= 2.21 "cookie_language"/"cookie_style " remote cmmdns xctn & php iCalendar <= 2.21 publish.ic ... |
|
| 2006-03-28 | "powered by guestbook script" -ihackstuf... |
poc exploit & explaination:
http://retrogod.altervista.org/gbs_17_xpl_pl.h tml ... |
|
| 2006-03-28 | "Powered by XHP CMS" -ihackstuff -exploi... |
tested version: 0.5 without to have admin rights, you can go to: http://[target]/path_to_xhp_cms]/inc/htmlarea/ plugins/FileManager/manager.php or http … |
|
| 2006-03-28 | inurl:*.exe ext:exe inurl:/*cgi*/ |
a cgi-bin executables xss/html injection miscellanea:some examples:inurl:keycgi.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/keycgi.e … |
|
| 2006-03-30 | "powered by claroline" -demo |
this is for Claroline e-learning platform <= 1.7.4 multiple vulnerabilitiesadvisory & poc exploit:http://retrogod.altervista.org/claroli ne_174_ … |
|
| 2006-03-30 | "PhpCollab . Log In" | "NetOffice …. |
this is for PhpCollab 2.x / NetOffice 2.x sql injectionhttp://retrogod.altervista.org/phpcol lab_2x-netoffice_2x_sql_xpl.html … |
|
| 2006-04-05 | intext:"2000-20 01 The phpHeaven Team" -s… |
this is the dork for PHPMyChat <= 0.14.5 chritical sql injection/eval() vulnerability:poc exploit:http://retrogod.altervista.org/phpmych at_0145_xpl … |
|
| 2006-04-05 | "2004-2005 ReloadCMS Team." |
this is for ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution vulnerability, poc exploit:http://retrogod.altervista.org/relo … |
|
| 2006-04-10 | intext:"2000-20 01 The phpHeaven Team" -s… |
intext:"2000-2001 The phpHeaven Team" -sourceforge this is for PHPMyChat remote commands execution,advisory/poc exploits:http://retrogod.alt … |
|
| 2006-04-10 | inurl:server.php ext:php intext:"No SQL"… |
vulnerabilitydiscovered by Secunia, quick reference:http://www.securityfocus.com/bid/161 87an example of exploit for PHPOpenChat:http://retrogod.alterv … |
|
| 2006-04-10 | intitle:PHPOpenChat inurl:"index.ph p?language… |
exploit:http://retrogod.altervista.org/phpopen chat_30x_sql_xpl.htmlalso, information disclosure:http://[target]/[path]/include/adod b/tests/tmssql.php? … |
|
| 2006-04-10 | "powered by phplist" | inurl:"lists… |
this is for PHPList 2.10.2 arbitrary local inclusion, discovered by me:advisory/poc exploit: http://retrogod.altervista.org/phplist_2102_in cl_xpl.html … |
|
| 2006-04-15 | "powered by sphider" -exploit -ihackstuf… |
dork: "powered by sphider" a vulnerable search engine script arbitrary remote inclusion, poc: http://[target]/[path]/admin/configset.php?cmd … |
|
| 2006-04-15 | inurl:"extras/u pdate.php" intext:mysql.p… |
this is an osCommerce dork:inurl:"extras/update.php" intext:mysql.php -display or more simply: inurl:"extras/update.php" -display … |
|
| 2006-04-15 | inurl:sysinfo.cgi ext:cgi |
dork:inurl:sysinfo.cgi ext:cgi exploit: http://www.milw0rm.com/exploits/1677 I found this command execution vulnerability in 1.2.1 but other versions … |
|
| 2006-04-15 | inurl:perldiver.cgi ext:cgi |
dork: inurl:perldiver.cgi ext:cgi some interesting info about server and a cross site scripting vulnerability, poc: http://[target]/[path]/cgi-bin/per … |
|
| 2006-04-15 | inurl:tmssql.php ext:php mssql pear adodb -cvs -a… |
dork:inurl:tmssql.php ext:php mssql pear adodb -cvs -akbka remote user can execute an arbitrary function (without arguments) example: http://[target] … |
|
| 2006-04-15 | "powered by php photo album" | inurl:&qu… |
dork: "powered by php photo album" | inurl:"main.php?cmd=album" -demo2 -pitanje poc: if register_globals = On & magic_quotes_ … |
|
| 2006-04-25 | "powered by active php bookmarks" | inur… |
Active PHP Bookmarks, a web based bookmark manager, was originally developed by Brandon Stone. Due to lack of time he has withdrawn himself from the p … |
|
| 2006-04-25 | inurl:resetcore.php ext:php |
e107 is a content management system written in php and using the popular open source mySQL database system for content storage. It's completely f … |
|
| 2006-04-25 | "This script was created by Php-ZeroNet"… |
Php-ZeroNet is a script comprised of php allowing webmasters to start a online community. Php-ZeroNet features Content Management, News posting, User … |
|
| 2006-04-25 | "You have not provided a survey identificatio… |
sql injection:http://www.securityfocus.com/bid/160 77/discussremote command execution:http://retrogod.altervista.org/phpsu rveyor_0995_xpl.html … |
|
| 2006-04-25 | intitle:"HelpDe sk" "If you need add… |
it's another helpdesk application.my exploit:http://fr0zen.no-ip.org/phphelpdesk-0. 6.16_rcxcn_xpl.phps … |
|
| 2006-04-28 | inurl:database.php | inurl:info_db.php ext:php &qu… |
this is for Woltlab Burning Board 2.x (Datenbank MOD fileid)exploit:http://seclists.org/lists/bugtr aq/2006/Mar/0058.html … |
|
| 2006-05-04 | intext:"This site is using phpGraphy" | … |
found this: a remote user can have access to some edit functionalities to "modify" html. Impact: cross site scripting, denial of service ref … |
|
| 2006-05-04 | intext:"Powered by PCPIN.com" -site:pcpi… |
this is for PCPIN Chat SQL injection/login bypass and arbitrary local inclusion references:http://retrogod.altervista.org/pcpi n_504_xpl.htmlhttp://sec … |
|
| 2006-05-04 | intitle:"X7 Chat Help Center" | "Po… |
this is for X7 Chat <=2.0 remote commands executionyou can see version in description, you can also check for install.phpreferences:http://retrogod … |
|
| 2006-05-22 | allinurl:tseekdir.cg i |
tseekdir.cgi?location=FILENAME%00eg:tseekdir.c gi?location=/etc/passwd%00basically any file on the server can be viewed by inserting a null (%00) into … |
|
| 2006-05-30 | Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 St… |
this is for Nucleus 3.22 CMS arbitrary remote inclusion advisory/poc exploit: http://retrogod.altervista.org/nucleus_322_inc l_xpl.html … |
|
| 2006-05-30 | "powered by pppblog v 0.3.(.)" |
this is for the pppblog 0.3.x system disclosure vulnerability, advisory/poc exploit: http://retrogod.altervista.org/pppblog_038_xpl .html … |
|
| 2006-05-30 | "Powered by PHP-Fusion v6.00.110" | &quo… |
this the dork for theese PHP-Fusion exploits:http://retrogod.altervista.org/phpfus ion_600306_xpl.htmlhttp://retrogod.altervista. org/phpfusion_600306_s … |
|
| 2006-05-30 | intitle:"XOOPS Site" intitle:"Just … |
this is the dork for the XOOPS 2.x 'xoopsOption[nocommon]' overwrite vulnerability, advisory & poc exploit:http://retrogod.altervista.or … |
|
| 2006-05-30 | inurl:wp-login.php +Register Username Password &qu… |
this is a bit different from the previous one in GHDB, it searches for Wordpress 2.x sites where user registration is enabled, a user can inject a car … |
|
| 2006-06-02 | "powered by ubbthreads" |
forums powered by ubbthreads are vulnerable to file inclusion.You can get more results with yahoo search.http://site.com/ubbthredspath//ubbt.inc .php?t … |
|
| 2006-08-13 | "Powered by sendcard – an advanced PHP e-card… |
this is for Sendcard remote commands execution,advisory/ poc exploit: http://retrogod.altervista.org/sendcard_340_xp l.html … |
|
| 2006-08-13 | "powered by xmb" |
this is for XMB <=1.9.6 Final remote commands execution and sql injection, adivories/poc exploits:http://retrogod.altervista.org/xmb_19 6_cnd_xpl.ht … |
|
| 2006-08-13 | "powered by minibb forum software" |
This dork is for minibb forum software arbitrary remote inclusion. this is about the unset() issue found by S. Esser: http://www.hardened-php.net/hphp … |
|
| 2006-08-13 | inurl:eStore/index.c gi? |
this is for eStore directory traversal, example exploit:http://[target]/[path]/eStore/index.cg i?page=../../../../../../../../etc/passwd … |
|
| 2006-09-13 | "Powered by Vsns Lemon" intitle:"Vs… |
hxxp://evuln.com/vulns/106/summary.html … | |
