Quoted from http://johnny.ihackstuff.com/ghdb.php?function=summary&cat=19:
GHDB Home -- Select Category -- Sensitive DirectoriesWeb Server DetectionVulnerable FilesVulnerable ServersError MessagesFiles containing juicy infoFiles containing usernamesFiles containing passwordsFootholdsSensitive Online Shopping InfoPages containing network or vulnerability dataPages containing login portalsVarious Online DevicesAdvisories and Vulnerabilities
2006-09-13 "Powered by Vsns Lemon" intitle:"Vs... hxxp://evuln.com/vulns/106/summary.html ... 2006-08-13 inurl:eStore/index.cgi? this is for eStore directory traversal, example exploit: http://[target]/[path]/eStore/index.cgi?page=../../../../../../../../etc/passwd ... 2006-08-13 "powered by xmb" this is for XMB <=1.9.6 Final remote commands execution and sql injection, adivories/poc exploits: http://retrogod.altervista.org/xmb_196_cnd_xp... 2006-08-13 "Powered by sendcard - an advanced PHP e-card... this is for Sendcard remote commands execution, advisory/ poc exploit: http://retrogod.altervista.org/sendcard_340_xpl.html... 2006-08-13 "powered by minibb forum software" This dork is for minibb forum software arbitrary remote inclusion. this is about the unset() issue found by S. Esser: http://www.hardened-php.net/... 2006-06-02 "powered by ubbthreads" forums powered by ubbthreads are vulnerable to file inclusion. You can get more results with yahoo search. http://site.com/ubbthredspath//ubbt.inc... 2006-05-30 inurl:wp-login.php +Register Username Password &qu... this is a bit different from the previous one in GHDB, it searches for Wordpress 2.x sites where user registration is enabled, a user can inject a car... 2006-05-30 intitle:"XOOPS Site" intitle:"Just ... this is the dork for the XOOPS 2.x 'xoopsOption[nocommon]' overwrite vulnerability, advisory & poc exploit: http://retrogod.altervist... 2006-05-30 Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 St... this is for Nucleus 3.22 CMS arbitrary remote inclusion advisory/poc exploit: http://retrogod.altervista.org/nucleus_322_incl_xpl.html ... 2006-05-30 "powered by pppblog v 0.3.(.)" this is for the pppblog 0.3.x system disclosure vulnerability, advisory/poc exploit: http://retrogod.altervista.org/pppblog_038_xpl.html... 2006-05-30 "Powered by PHP-Fusion v6.00.110" | &quo... this the dork for theese PHP-Fusion exploits: http://retrogod.altervista.org/phpfusion_600306_xpl.html http://retrogod.altervista.org/phpfusion_60... 2006-05-22 allinurl:tseekdir.cgi tseekdir.cgi?location=FILENAME%00 eg: tseekdir.cgi?location=/etc/passwd%00 basically any file on the server can be viewed by inserting a null (... 2006-05-04 intitle:"X7 Chat Help Center" | "Po... this is for X7 Chat <=2.0 remote commands execution you can see version in description, you can also check for install.php references: http:... 2006-05-04 intext:"This site is using phpGraphy" | ... found this: a remote user can have access to some edit functionalities to "modify" html. Impact: cross site scripting, denial of service ... 2006-05-04 intext:"Powered by PCPIN.com" -site:pcpi... this is for PCPIN Chat SQL injection/login bypass and arbitrary local inclusion references: http://retrogod.altervista.org/pcpin_504_xpl.html ht... 2006-04-28 inurl:database.php | inurl:info_db.php ext:php &qu... this is for Woltlab Burning Board 2.x (Datenbank MOD fileid) exploit: http://seclists.org/lists/bugtraq/2006/Mar/0058.html... 2006-04-25 inurl:resetcore.php ext:php e107 is a content management system written in php and using the popular open source mySQL database system for content storage. It's completely f... 2006-04-25 intitle:"HelpDesk" "If you need add... it's another helpdesk application. my exploit: http://fr0zen.no-ip.org/phphelpdesk-0.6.16_rcxcn_xpl.phps... 2006-04-25 "You have not provided a survey identificatio... sql injection: http://www.securityfocus.com/bid/16077/discuss remote command execution: http://retrogod.altervista.org/phpsurveyor_0995_xpl.html ... 2006-04-25 "This script was created by Php-ZeroNet"... Php-ZeroNet is a script comprised of php allowing webmasters to start a online community. Php-ZeroNet features Content Management, News posting, User ... 2006-04-25 "powered by active php bookmarks" | inur... Active PHP Bookmarks, a web based bookmark manager, was originally developed by Brandon Stone. Due to lack of time he has withdrawn himself from the p... 2006-04-15 inurl:tmssql.php ext:php mssql pear adodb -cvs -a... dork: inurl:tmssql.php ext:php mssql pear adodb -cvs -akbk a remote user can execute an arbitrary function (without arguments) example: htt... 2006-04-15 inurl:sysinfo.cgi ext:cgi dork: inurl:sysinfo.cgi ext:cgi exploit: http://www.milw0rm.com/exploits/1677 I found this command execution vulnerability in 1.2.1 but o... 2006-04-15 inurl:perldiver.cgi ext:cgi dork: inurl:perldiver.cgi ext:cgi some interesting info about server and a cross site scripting vulnerability, poc: http://[target]/[pat... 2006-04-15 inurl:"extras/update.php" intext:mysql.p... this is an osCommerce dork: inurl:"extras/update.php" intext:mysql.php -display or more simply: inurl:"extras/update.php&quo... 2006-04-15 "powered by sphider" -exploit -ihackstuf... dork: "powered by sphider" a vulnerable search engine script arbitrary remote inclusion, poc: http://[target]/[path]/admin/con... 2006-04-15 "powered by php photo album" | inurl:&qu... dork: "powered by php photo album" | inurl:"main.php?cmd=album" -demo2 -pitanje poc: if register_globals = On & m... 2006-04-10 inurl:server.php ext:php intext:"No SQL"... vulnerability discovered by Secunia, quick reference: http://www.securityfocus.com/bid/16187 an example of exploit for PHPOpenChat: http://r... 2006-04-10 intitle:PHPOpenChat inurl:"index.php?language... exploit: http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html also, information disclosure: http://[target]/[path]/include/adodb/tests... 2006-04-10 intext:"2000-2001 The phpHeaven Team" -s... intext:"2000-2001 The phpHeaven Team" -sourceforge this is for PHPMyChat remote commands execution, advisory/poc exploits: http://re... 2006-04-10 "powered by phplist" | inurl:"lists... this is for PHPList 2.10.2 arbitrary local inclusion, discovered by me: advisory/poc exploit: http://retrogod.altervista.org/phplist_2102_incl_xp... 2006-04-05 intext:"2000-2001 The phpHeaven Team" -s... this is the dork for PHPMyChat <= 0.14.5 chritical sql injection/eval() vulnerability: poc exploit: http://retrogod.altervista.org/phpmychat_... 2006-04-05 "2004-2005 ReloadCMS Team." this is for ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution vulnerability, poc exploit: http://retrogod.altervista.org/... 2006-03-30 "powered by claroline" -demo this is for Claroline e-learning platform <= 1.7.4 multiple vulnerabilities advisory & poc exploit: http://retrogod.altervista.org/clarolin... 2006-03-30 "PhpCollab . Log In" | "NetOffice .... this is for PhpCollab 2.x / NetOffice 2.x sql injection http://retrogod.altervista.org/phpcollab_2x-netoffice_2x_sql_xpl.html... 2006-03-28 WEBalbum 2004-2006 duda -ihackstuff -exploit dork: WEBalbum 2004-2006 duda -ihackstuff -exploit software site: http://www.web-album.org/ advisory/ poc exploit: http://retrogod.altervis... 2006-03-28 inurl:*.exe ext:exe inurl:/*cgi*/ a cgi-bin executables xss/html injection miscellanea: some examples: inurl:keycgi.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-... 2006-03-28 intext:"Powered by Plogger!" -plogger.or... explaination & exploit: http://retrogod.altervista.org/plogger_b21_sql_xpl.html... 2006-03-28 intext:"powered by gcards" -ihackstuff -... this is for gcards <=1.45 multiple vulnerabilities, advisory & poc exploit: http://retrogod.altervista.org/gcards_145_xpl.html... 2006-03-28 "Powered by XHP CMS" -ihackstuff -exploi... tested version: 0.5 without to have admin rights, you can go to: http://[target]/path_to_xhp_cms]/inc/htmlarea/plugins/FileManager/manager.php o... 2006-03-28 "powered by php icalendar" -ihackstuff -... this is for php iCalendar <= 2.21 "cookie_language"/"cookie_style" remote cmmdns xctn & php iCalendar <= 2.21 publ... 2006-03-28 "powered by guestbook script" -ihackstuf... poc exploit & explaination: http://retrogod.altervista.org/gbs_17_xpl_pl.html... 2006-03-18 "Thank You for using WPCeasy" There is a SQL injection vulnerability in WPC.easy, resulting in full admin access to any remote attacker. Vendor was notified. http://www.securit... 2006-03-13 "powered by sblog" +"version 0.7&qu... please go here for a writeup on the vulnerability. HTML injection. http://www.securityfocus.com/bid/17044... 2006-03-06 "Powered by Simplog" Searches for simplog which has directory traversal and XSS velnerabilites in version <= 1.0.2 http://notlegal.ws/simplogsploit.txt http://retr... 2006-02-28 intitle:admbook intitle:version filetype:php intitle:admbook intitle:version filetype:php tested version: 1.2.2, you can inject php code in config-data.php and execute commands on target thro... 2006-02-28 intitle:"igenus webmail login" intitle:"igenus webmail login" example exploit: http://[target]/[path]/?Lang=../../../../../../../../../../etc/passwd%00 http://[ta... 2006-02-28 intext:"Powered By Geeklog" -geeklog.net dork: intext:"Powered By Geeklog" -geeklog.net this is for the vulnerability discovered by GulfTech research, related stuff: (*) htt... 2006-02-28 ("powered by nocc" intitle:"NOCC We... dork: ("powered by nocc" intitle:"NOCC Webmail") -site:sourceforge.net -Zoekinalles.nl -analysis software: http://nocc.sourcef... 2006-02-28 "powered by 4images" this is for 4images <= 1.7.1 remote code execution (you can see version in google description) poc exploit: http://retrogod.altervista.org/... 2006-02-26 intitle:"4images - Image Gallery Management S... Find web app: 4Images = 1.7.1 This web app is vulenrable to remote code execution exploit. The url of exploit is this: http://milw0rm.com/id.php?id=... 2006-02-13 inurl:docmgr | intitle:"DocMGR" "en... exploit and short explaination: http://retrogod.altervista.org/docmgr_0542_incl_xpl.html... 2006-02-13 intext:"LinPHA Version" intext:"Hav... this is for Linpha <=1.0 arbitrary local inclusion: http://retrogod.altervista.org/linpha_10_local.html intext:"LinPHA Version" in... 2006-02-13 (intitle:"Flyspray setup"|"powered ... exploiting a bug in EGS Enterprise Groupware System 1.0 rc4, I found this dork: (intitle:"Flyspray setup"|"powered by flyspray 0.9.... 2006-02-13 ("This Dragonflyâ„Â... exploit and short explaination: http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html... 2006-02-12 (intitle:"metaframe XP Login")|(intitle:... Once you input any username, you'll get an error message. Try putting a script with some other fun commands in it. Just send some info off to be ... 2006-02-09 "powered by runcms" -runcms.com -runcms.... "powered by runcms" -runcms.com -runcms.org all versions <=1.2 are vulnerable to an arbitrary remote inclusion, this is more specif... 2006-02-09 "index of" intext:fckeditor inurl:fckedi... "index of" intext:fckeditor inurl:fckeditor this dork is for FCKEditor script through editor/filemanager/browser/default/connectors... 2006-02-08 intitle:"b2evo installer" intext:"I... this page lets you to know some interesting info on target machine, database name, username... it lets you to see phpinfo() and, if you know databas... 2006-02-08 "This website engine code is copyright" ... Clever Copy <= 3.0 SQL injection dork: "This website engine code is copyright" "2005 by Clever Copy" advisory and poc e... 2006-02-08 "Powered by Loudblog" this dork is for the LoudBlog <= 0.4 arbitrary remote inclusion vulnerability advisory & poc exploit: http://retrogod.altervista.org/loud... 2006-01-16 inurl:install.pl intitle:GTchat Gtchat install file. You can disable the chat program or change the language without a admin username or password. You can also point the chatroom in... 2006-01-02 intitle:"phpDocumentor web interface" Php Documentor < = 1.3.0 rc4 remote code xctn dork: intitle:"phpDocumentor web interface" advisory & poc exploit: http://rg... 2006-01-02 intext:"Powered by DEV web management system&... DEV cms <=1.5 SQL injection advisory & poc exploit: http://rgod.altervista.org/dev_15_sql_xpl.html ... 2006-01-02 intext:"PhpGedView Version" intext:"... PHPGedView <=3.3.7 remote code execution advisory & poc exploit: http://rgod.altervista.org/phpgedview_337_xpl.html... 2005-12-31 intext:"Powered by CubeCart 3.0.6" intit... CubeCart is an eCommerce script written with PHP & MySQL. Search CubeCart 3.0.6 portal vulnerable. The vulnerability is Remote Command Execution. ... 2005-12-14 intext:"Powered by SimpleBBS v1.1"* Vulnerability Description SimpleBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search... 2005-12-14 "Site powered By Limbo CMS" this is the dork for Limbo Cms <= 1.0.4.2 _SERVER[] overwrite / remote code execution advisory & poc exploit: http://rgod.altervista.org/... 2005-12-12 "Powered By phpCOIN 1.2.2" PhpCOIN 1.2.2 arbitrary remote\local inclusion / blind sql injection / path disclosure advisory: http://rgod.altervista.org/phpcoin122.html mor... 2005-12-07 "2005 SugarCRM Inc. All Rights Reserved"... this is the dork for Sugar Suite 3.5.2a & 4.0beta remote code execution issue, advisory & poc exploit: http://rgod.altervista.org/sugar_sui... 2005-12-04 "Based on DoceboLMS 2.0" advisory & poc exploit: http://rgod.altervista.org/docebo204_xpl.html... 2005-11-30 "This website powered by PHPX" -demo this is the dork for PhpX <= 3.5.9 Sql injection /login bypass vulnerability advisory & poc exploit: http://rgod.altervista.org/phpx_359_x... 2005-11-29 "Powered by Xaraya" "Copyright 2005... Xaraya <=1.0.0 RC4 Denial of Service explaination: http://rgod.altervista.org/xarayaDOS.html exploit: http://rgod.altervista.org/xarayaDOS... 2005-11-28 "powered by GuppY v4"|"Site cr&Atil... Guppy <= 4.5.9 $REMOTE_ADDR overwrite -> remote code execution / various arbitrary inclusion issues advisory & poc exploit: http://rgo... 2005-11-25 ("Skin Design by Amie of Intense")|(&quo... eFiction <=2.0 multiple vulnerabilities advisory e poc exploit: http://rgod.altervista.org/efiction2_xpl.html... 2005-11-25 "Powered by UPB" (b 1.0)|(1.0 final)|(Pu... dork: "Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b) this is a very old vulnerability discovered by Xanthic, can't find ... 2005-11-23 "Copyright 2000 - 2005 Miro International Pty... this dork is for Mambo 4.5.2x Globals overwrite / remote command execution exploit: http://rgod.altervista.org/mambo452_xpl.html ... 2005-11-17 "This website was created with phpWebThings 1... http://www.google.com/search?hl=it&q=%22This+website+was+created+with+phpWebThings+1.4%22+&btnG=Cerca+con+Google&meta= "This website... 2005-11-12 inurl:course/category.php | inurl:course/info.php ... Moodle <=1.6 blind SQL injection advisory & poc exploit: http://rgod.altervista.org/moodle16dev.html... 2005-11-12 inurl:"wfdownloads/viewcat.php?list=" XOOPS WF_Downloads (2.05) module SQL injection This a specific dork, that searches XOOPS sites with WF_Downloads module installed, advisory & p... 2005-11-12 "Powered by XOOPS 2.2.3 Final" XOOPS 2.2.3 Arbitrary local file inclusion This a generic dork for the version I tested, advisory & poc exploit: http://rgod.altervista.org/... 2005-10-10 "Welcome to the versatileBulletinBoard" ... versatileBulletinBoard V1.0.0 RC2 (possibly prior versions) multiple SQL Injection vulnerabilities / login bypass / cross site scripting / informatio... 2005-10-08 "Cyphor (Release:" -www.cynox.ch Cyphor 0.19 (possibly prior versions) SQL Injection / Board takeover / cross site scripting my advisory & poc exploit: http://rgod.altervist... 2005-10-06 "News generated by Utopia News Pro" | &q... Utopia News Pro 1.1.3 (and prior versions) SQL Injection & XSS advisory & poc exploit: http://rgod.altervista.org/utopia113.html ... 2005-10-03 intitle:Mantis "Welcome to the bugtracker&quo... cross site scripting and sql injection vunerabilities were discovered in Mantis versions 0.19.2 or less. Mantis is a web-based bugtracking system writ... 2005-09-29 "Powered By: lucidCMS 1.0.11" Lucid CMS 1.0.11 SQL Injection /Login bypass this is the dork for ther version I tested: "Powered By: lucidCMS 1.0.11" advisory/poc e... 2005-09-28 Powered by PHP-Fusion v6.00.109 ÂÂ&c... this is the dork: Powered by PHP-Fusion v6.00.109 © 2003-2005. -php-fusion.co.uk as it is, without quotes, for the version... 2005-09-25 intitle:"PHP TopSites FREE Remote Admin" PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimite... 2005-09-25 "Powered by Woltlab Burning Board" -&quo... It's an exact replica of vbulletin but it is free. SQL-Injection Exploit: http://www.governmentsecurity.org/archive/t14850.html... 2005-09-25 "Powered by autolinks pro 2.1" inurl:reg... AutoLinksPro is a linking solution. AutoLinksPro link exchange software was built for the search engines to help improve your search engine rankings, ... 2005-09-25 "Maintained with Subscribe Me 2.044.09p"... Subscribe Me Pro 2.0.44.09p is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. ... 2005-09-25 "CosmoShop by Zaunz Publishing" inurl:&q... cosmoshop is a comercial shop system written as a CGI. vulnerabilities: sql injection, passwords saved in cleartext, view any file http://www.sec... 2005-09-23 http://www.google.com/search?q=intitle:%22WEB//NEW... WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppl... 2005-09-23 "Powered by GTChat 0.95"+"User Logi... There is a (adduser) remote denial of service vulnerabilty on version 0.95... 2005-09-23 "Mimicboard2 086"+"2000 Nobutaka Ma... Mimicboard2 is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppli... 2005-09-19 intitle:"Looking Glass v20040427" "... Looking Glass v20040427 arbitrary commands execution / cross site scripting. description: Looking Glass is a pretty extensive web based network qu... 2005-09-17 "Powered by PHP Advanced Transfer Manager&quo... PHP Advanced Transfer Manager v1.30 underlying system disclosure / remote command execution / cross site scripting rgod site: http://rgod.altervis... 2005-09-17 "Powered by CuteNews" CuteNews 1.4.0 (possibly prior versions) remote code execution software site: http://cutephp.com/ description: "Cute news is a powerful and... 2005-09-15 "Copyright 2004 © Digita... Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution software site: http://www.digital-scribe.org/ description: "Teache... 2005-09-13 intitle:guestbook inurl:guestbook "powered by... Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied i... 2005-09-13 "Powered by: Land Down Under 800" | &qu... Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied inpu... 2005-09-13 "powered by Gallery v" "[slideshow]... There is a script injection vuln for all versions. http://www.securityfocus.com/bid/14668... 2005-09-13 "Powered by AzDg" (2.1.3 | 2.1.2 | 2.1.1... AzDGDatingLite V 2.1.3 (possibly prior versions) remote code execution software: site: http://www.azdg.com/ download page: http://www.azdg.com... 2005-09-08 "Powered by and copyright class-1" 0.24... class-1 Forum Software v 0.24.4 Remote code execution software: site: http://www.class1web.co.uk/software description: class-1 Forum Softw... 2005-09-07 "Software PBLang" 4.65 filetype:php my advisory: [quote] PBLang 4.65 (possibly prior versions) remote code execution / administrative credentials disclosure / system information dis... 2005-09-05 "Powered by MD-Pro" | "made with MD... MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure . This search does not find vulnerable... 2005-09-05 "Calendar programming by AppIdeas.com" f... phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting This search does not narrow to vulnerable ver... 2005-09-04 inurl:chitchat.php "choose graphic" rgod advises: Cyber-Cats ChitCHat 2.0 permit cross site scripting attacks, let users launch exploits from, let remote users obtain informations on ... 2005-08-30 intitle:guestbook inurl:guestbook "powered by... Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied i... 2005-08-30 "Powered by FUDForum 2.7" -site:fudforum... FUDforum is prone to a remote arbitrary PHP file upload vulnerability. An attacker can merge an image file with a script file and upload it to an a... 2005-08-30 "Powered by FUDForum 2.6" -site:fudforum... FUDforum is prone to a remote arbitrary PHP file upload vulnerability. An attacker can merge an image file with a script file and upload it to an a... 2005-08-29 phpLDAPadmin intitle:phpLDAPadmin filetype:php inu... phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,remote code execution, cross site scripting software: author site: h... 2005-08-21 "powered by ITWorking" SaveWebPortal 3.4 remote code execution / admin check bypass / remote file inclusion / cross site scripting author site: http://www.circeos.it d... 2005-08-18 "Powered by Zorum 3.5" Zorum 3.5 remote code execution poc exploit software: description: Zorum is a freely available, open source Web-based forum application implement... 2005-08-10 inurl:index.php fees shop link.codes merchantAccou... Vulnerability in EPay systems PHP code including http://targeturl/index.php?read=../../../../../../../../../../../../../../etc/passwd advisory: ht... 2005-08-10 intitle:"blog torrent upload" Blog Torrent is free, open-source software that provides a way to share large files on your website. vulnerability: free access to the password fil... 2005-07-08 "powered by PhpBB 2.0.15" -site:phpbb.co... Another php vulnerabilty, as seen here http://www.frsirt.com/exploits/20050704.phpbbSecureD.pl.php phpBB 2.0.15 Viewtopic.PHP Remote Code Execution... 2005-06-24 inurl:"/login.asp?folder=" "Powered... i-Gallery 3.3 (and possibly older) is vulnerable to many things, including /../ traversals. http://www.packetstormsecurity.org/0506-exploits/igallery... 2005-06-24 intext:"Calendar Program ÂÂ&cop... This search finds all pages that allow you to add events in Mark Kruse's CalendarScript. This script seems to be VERY vulnerable to HTML injectio... 2005-06-21 intext:"Powered By: Snitz Forums 2000 Version... Snitz Forum 2000 v 3.4.03 and older is vulnerable to many things including XSS. See http://www.gulftech.org/?node=research&article_id=00012-061620... 2005-06-10 intext:"Powered by flatnuke-2.5.3" +&quo... Description of Vulnerabilities Multiple vulnerabilities in FlatNuke have been reported, which can be exploited by remote users to trigger denial of... 2005-06-03 intitle:"PowerDownload" ("PowerDown... The PowerDownload program (version 3.0.2 and 3.0.3) contains a serious vulnerability. Vulnerability discovery: SoulBlack - Security Research (http://s... 2005-06-03 +intext:"powered by MyBulletinBoard" MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. There is an SQL Injection Exploit available for MyBulletinBoard (MyBB... 2005-06-03 "portailphp v1.3" inurl:"index.php?... Vulnerability has been found in parameter "id". If this variable Any value it is possible to replace it with a sign ' is transferred ... 2005-05-30 inurl:sphpblog intext:"Powered by Simple PHP ... Simple PHP Blog is vulnerable to mutiple attacks: Vulnerabilities: ~~~~~~~~~~~~~~~~ A. Full Path disclosures B. XSS in search.php C. Critical I... 2005-05-14 intitle:"osTicket :: Support Ticket System&qu... osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. Ther... 2005-05-07 intitle:"myBloggie 2.1.1..2 - by myWebland&qu... myBloggie is affected by multiple vulnerabilities. http://www.securityfocus.com/bid/13507... 2005-04-12 powered.by.instaBoard.version.1.3 InstaBoard is a coldfusion forum solution. In its version 1.3 it is vulnerable to SQL Injection. Bugtraq ID 7338... 2005-04-04 intext:"Powered by phpBB 2.0.13" inurl:&... phpBB 2.0.13 with installed Calendar Pro MOD are vulnerable to SQL injection attacks. An attacker can download the MD5 hashes from the account databse... 2005-03-29 "Powered by Coppermine Photo Gallery" ( ... Reportedly Coppermine Photo Gallery is prone to multiple input validation vulnerabilities, some of which may lead to arbitrary command execution. Thes... 2005-03-20 Powered.by:.vBulletin.Version ...3.0.6 vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. The issue is reported to exist due to a lack of sufficient input ... 2005-03-20 filetype:php intitle:"paNews v2.0b4" PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews soft... 2005-02-18 allintitle:aspjar.com guestbook "An input validation vulnerability was reported in the ASPJar guestbook. A remote user can gain administrative access and can delete guestbook me... 2005-02-17 "delete entries" inurl:admin/delete.asp As described in OSVDB article #13715: "AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is trigg... 2005-02-16 "powered by CubeCart 2.0" This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to... 2005-02-09 "Powered by MercuryBoard [v1" Exploit for MercuryBoard: http://www.securityfocus.com/archive/1/389881/2005-02-06/2005-02-12/0 Enter the following search: "Powered by Me... 2005-02-07 "IceWarp Web Mail 5.3.0" "Powered b... IceWarp Web Mail 5.3.0 Multiple cross-site scripting and HTML injection vulnerabilities. http://www.securityfocus.com/bid/12396/... 2005-01-30 "SquirrelMail version 1.4.4" inurl:src e... date :Jan 30 2005 this search reveal the src/webmail.php which would allow a crafted URL to include a remote web page. This was assigned CAN-2005-0... 2005-01-21 uploadpics.php?did= -forumintext:Generated.by.phpi... Product: PHPix Version: 1.0 Vuln: Directory traversal PHPix is a Web-based photo album viewer written in PHP. It features automatic generation ... 2005-01-20 inurl:citrix/metaframexp/default/login.asp? Client... Citrix (http://citrix.com) is a web application that allows remote access via a client for companies, institutions, and government agencies to "p... 2005-01-02 "Powered by WordPress" -html filetype:ph... Query: "Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraq Background: WordPress is a blogging software which is vuln... 2004-12-19 ext:php intext:"Powered by phpNewMan Version&... PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery managem... 2004-12-01 +"Powered by phpBB 2.0.6..10" -phpbb.com... phpbb is vulnerable to SQL Injection, allowing people to minipulate the query into pulling data (such as passwords). Arbituary EXEC allows an attacker... 2004-12-01 +"Powered by Invision Power Board v2.0.0..2&q... A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-suppli... 2004-11-30 intitle:"View Img" inurl:viewimg.php It is reported that the 'viewing.php' script does not properly validate user-supplied input in the 'path' variable. A remote user ... 2004-11-29 inurl:"/cgi-bin/loadpage.cgi?user_id=" Description: EZshopper is a full-featured shopping cart program. loadpage.cgi of EZshopper allows Directory Traversal http://www.securityfocu... 2004-11-19 "powered by minibb" -site:www.minibb.net... miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prio... 2004-11-18 inurl:directorypro.cgi A security vulnerability in the product allows attackers to perform a directory traversal attack and access files that reside outside the normal HTTP ... 2004-11-18 inurl:cal_make.pl A security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory. http://... 2004-11-18 inurl:/SiteChassisManager/ Unknown SQL injection and XSS vulnerabilities in DMXReady Site Chassis Manager. http://www.securityfocus.com/bid/11434/discussion/... 2004-11-18 intext:("UBB.threadsâ„&A... UBB.Threads 6.2.*-6.3.* one char bruteforce vulnerability: http://www.k-otik.com/exploits/20041116.r57ubb.pl.php ... 2004-11-18 "Powered by PowerPortal v1.3" PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input... 2004-11-18 "Obtenez votre forum Aztek" -site:forum-... Atztek Forum is a french forum system. Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker ... 2004-11-13 inurl:technote inurl:main.cgi*filename=* http://www.securityfocus.com/bid/2156/discussion/ Remote command execution vulnerability in the filename parameter.... 2004-11-12 "running: Nucleus v3.1" -.nucleuscms.org... Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. A remote attacker may leverage these issues to steal cookie-based authentication c... 2004-11-12 "driven by: ASP Message Board" Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. A remote attacker may leverage these issues to steal cookie-bas... 2004-11-05 inurl:"forumdisplay.php" +"Powered ... vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-... 2004-10-27 intitle:welcome.to.horde Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus.... 2004-10-27 "BlackBoard 1.5.1-f | © ... bugtraq id 11336 object class Input Validation Error cve CVE-MAP-NOMATCH remote Yes local No published Oct 06, 2004 updated Oct 06, 2004 vul... 2004-10-26 inurl:wiki/MediaWiki MediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remot... 2004-10-26 inurl:"slxweb.dll" SalesLogix is the Customer Relationship Management solution that drives sales performance in small to medium-sized businesses through Sales, Marketi... 2004-10-26 filetype:cgi inurl:nbmember.cgi vulnerable Netbilling nbmember.cgi Netbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This is... 2004-10-26 "Powered by WowBB" -site:wowbb.com WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize u... 2004-10-26 "Powered by ocPortal" -demo -ocportal.co... Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied UR... 2004-10-26 "Powered by My Blog" intext:"FuzzyM... FuzzyMonkey My Blog is vulnerable to multiple input validation vulnerabilities. These issues are caused by a failure to validate and filter user-suppl... 2004-10-26 "Powered by DMXReady Site Chassis Manager&quo... It is reported that DMXReady Site Chassis Manager is susceptible to two remotely exploitable input validation vulnerabilities. These vulnerabilities a... 2004-10-26 "Powered by Coppermine Photo Gallery" published Oct 20, 2004, updated Oct 20, 2004 vulnerable: Coppermine Photo Gallery Coppermine Photo Gallery 1.0 Coppermine Photo Gallery Copperm... 2004-10-26 "inurl:/site/articles.asp?idcategory=" Dwc_Articles, is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Desi... 2004-10-26 "Enter ip" inurl:"php-ping.php"... It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vul... 2004-10-25 inurl:"/site/articles.asp?idcategory=" Dwc_Articles is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features:... 2004-10-22 "Powered by YaPig V0.92b" YaPiG is reported to contain an HTML injection vulnerability. The problem is reported to present itself due to a lack of sanitization performed on c... 2004-10-21 "Ideal BB Version: 0.1" -idealbb.com Ideal BB has been a popular choice for powering web based bulletin boards and we are now proud to introduce our next generation bulletin board Ideal B... 2004-10-19 inurl:ttt-webmaster.php Turbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found. Vulnerability report: http:... 2004-10-19 "Powered by CubeCart" -------------------------------------------------------- Full path disclosure and sql injection on CubeCart 2.0.1 ----------------------------------... 2004-10-19 "Copyright © 2002 Agusti... CoolPHP has multiple vulnerabilities: * Cross-Site Scripting vulnerability (index.php) * A Path Disclosure Vulnerability (index.php) * Local file... 2004-10-16 "This page has been automatically generated b... Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems th... 2004-10-16 "2003 DUware All Rights Reserved" Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks.... 2004-10-15 "1999-2004 FuseTalk Inc" -site:fusetalk.... Fusetalk forums (v4) are susceptible to cross site scripting attacks that can be exploited by passing a img src with malicious javascript. ... 2004-10-13 inurl:"messageboard/Forum.asp?" Multiple vulnerabilities have been found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack. ... 2004-10-12 intitle:"WebJeff - FileManager" intext:&... WebJeff-Filemanager 1.x DESCRIPTION: A directory traversal vulnerability has been identified in WebJeff-Filemanager allowing malicious people t... 2004-10-12 intitle:"EMUMAIL - Login" "Powered ... The failure to strip script tags in emumail.cgi allows for XSS type of attack. Vulnerable systems: * EMU Webmail version 5.0 * EMU Webmail v... 2004-10-11 "Powered by FUDforum" FUDforum is a forums package. It uses a combination of PHP & MySQL to create a portable solution that can run on virtually any operating system. ... 2004-10-11 "BosDates Calendar System " "powere... "BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which ar... 2004-10-10 "Powered by A-CART" A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database. A security vu... 2004-10-10 "Online Store - Powered by ProductCart" ProductCart is "an ASP shopping cart that combines sophisticated ecommerce features with time-saving store management tools and remarkable ease o... 2004-10-09 "Powered by yappa-ng" yappa-ng is a very powerful but easy to install and easy to use online PHP photo gallery for all Operating Systems (Linux/UNIX, Windows, MAC, ...), an... 2004-10-09 "Active Webcam Page" inurl:8080 Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and ... 2004-10-05 inurl:"comment.php?serendipity" Serendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source. For an attacker it is possible to... 2004-10-05 intitle:"WordPress > * > Login form&quo... WordPress is a semantic personal publishing platform.. it suffers from a possible XSS attacks. http://www.securityfocus.com/bid/11268/info/... 2004-10-05 "Powered by Megabook *" inurl:guestbook.... MegaBook is a web-based guestbook that is intended to run on Unix and Linux variants. MegaBook is prone to multiple HTML injection vulnerabilities. ... 2004-10-05 "Powered by AJ-Fork v.167" AJ-Fork is, as the name implies - a fork. Based on the CuteNews 1.3.1 core, the aim of the project is to improve what can be improved, and extend what... 2004-09-29 ReMOSitory module for Mambo It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to proper... 2004-09-24 intitle:"MRTG/RRD" 1.1* (inurl:mrtg.cgi ... The remote user can reportedly view the first string of any file on the system where script installed. This is a very old bug, but some sites never up... 2004-09-23 filetype:php inurl:index.php inurl:"module=su... Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. http://securityfocus.com/bid/11148/di... 2004-09-23 filetype:cgi inurl:pdesk.cgi PerlDesk is a web based help desk and email management application designed to streamline support requests, with built in tracking and response loggin... 2004-09-23 "Powered by IceWarp Software" inurl:mail IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. Few details regarding the specific vulnerabilities are known. These v... 2004-09-21 Quicksite demopages for Typo3 TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, f... 2004-09-21 filetype:cgi inurl:tseekdir.cgi The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with... 2004-09-21 "Powered by DCP-Portal v5.5" DCP-Portal is more a community system than a CMS - it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql i... 2004-09-18 "Powered *: newtelligence" ("dasBlo... DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to ... 2004-09-10 E-market remote code execution E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The expl... 2004-09-07 WebAPP directory traversal WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. The WebAPP system has a serious reverse directory... 2004-09-07 "Powered by Ikonboard 3.1.1" IkonBoard (http://www.ikonboard.com/) is a comprehensive web bulletin board system, implemented as a Perl/CGI script. There is a flaw in the Perl c... 2004-08-25 "Powered by Gallery v1.4.4" http://www.securityfocus.com/bid/10968/discussion/ "A vulnerability is reported to exist in Gallery that may allow a remote attacker to execut... 2004-08-16 Achievo webbased project management Achievo is a free web-based project management tool for business-environments. Achievo's is mainly used for its project management capabilities. ... 2004-08-09 inurl:comersus_message.asp About Comercus: "Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web si... 2004-08-09 ext:pl inurl:cgi intitle:"FormMail *" -... FormMail is a Perl script written by Matt Wright to send mail with sendmail from the cgi-gateway. Early version didn' have a referer check. New v... 2004-08-05 "powered by antiboard" "AntiBoard is a small and compact multi-threaded bulletin board/message board system written in PHP. It uses either MySQL or PostgreSQL as the da... 2004-08-03 inurl:gotoURL.asp?url= ASP Nuke is an open-source software application for running a community-based web site on a web server. By open-source, we mean the code is freely ava... 2004-07-12 Invision Power Board SSI.PHP SQL Injection Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. Due to improper filtering of user supplied... 2004-07-02 vBulletin version 3.0.1 newreply.php XSS vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the po... 2004-06-25 VP-ASP Shopping Cart XSS VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any ty... 2004-05-12 intitle:guestbook "advanced guestbook 2.2 pow... Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. Attacker From there, hit "Admin" then do the followi... 2004-03-04 mnGoSearch vulnerability According to http://www.securityfocus.com/bid/9667, certain versions of mnGoSearch contain a buffer overflow vulnerability which allow an attacker to ... 2004-03-04 EarlyImpact Productcart The EarlyImpact Productcart contains multiple vulnerabilites, which could exploited to allow an attacker to steal user credentials or mount other atta...
댓글 2개:
Convo speak fluent english with audio free site is the best guide to you for speaking English fluently in easy steps, as it offers Dialogues, English Speaking Phrases, English Idioms and Expressions that will help every learner who wants to learn English as quickly as possible,
انواع الانترلوك وسعر متر الانترلوك في مصر 2022
بلاط الانترلوك اسعاره وأنواعه وأشكاله 2022
بلاط الانترلوك |شاهد بنفسك أحدث اشكال ارضيات انترلوك في مصر 2022
댓글 쓰기