+ 2013

+ 2012

+ 2011

 
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) PHP Code Injection Vulnerability
 
Traq <= 2.3 (admincp/common.php) Authentication Bypass / PHP Code Injection Vulnerability
 
WikkaWiki <= 1.3.2 (actions/usersettings/usersettings.php) SQL Injection Vulnerability
 
WikkaWiki <= 1.3.2 (actions/files/files.php) Unrestricted File Upload Vulnerability
 
WikkaWiki <= 1.3.2 (handlers/files.xml/files.xml.php) Path Traversal Vulnerability
 
WikkaWiki <= 1.3.2 (libs/Wakka.class.php) PHP Code Injection Vulnerability
 
WikkaWiki <= 1.3.2 Cross-Site Request Forgery Vulnerability
 
PmWiki <= 2.2.34 (pagelist.php) PHP Code Injection Vulnerability
 
Support Incident Tracker <= 3.65 (translate.php) PHP Code Injection Vulnerability
 
Support Incident Tracker <= 3.65 (translate.php) Path Disclosure Weakness
 
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) PHP Code Injection Vulnerability
 
WordPress Zingiri Web Shop <= 2.2.3 (ajax_save_name.php) PHP Code Injection Vulnerability
 
Zenphoto <= 1.4.1.4 (ajax_create_folder.php) PHP Code Injection Vulnerability
 
phpMyFAQ <= 2.7.0 (ajax_create_folder.php) PHP Code Injection Vulnerability
 
aidiCMS v3.55 (ajax_create_folder.php) PHP Code Injection Vulnerability
 
Ajax File and Image Manager v1.0 (ajax_create_folder.php) PHP Code Injection Vulnerability
 
eFront <= 3.6.10 (save_template.php) PHP Code Injection Vulnerability
 
eFront <= 3.6.10 (filesystem.class.php) Unrestricted File Upload Vulnerability
 
eFront <= 3.6.10 (periodic_updater.php) SQL Injection Vulnerability
 
eFront <= 3.6.10 (LMSFunctions.php) SQL Injection Vulnerability
 
eFront <= 3.6.10 (send_notifications.php) SQL Injection Vulnerability
 
eFront <= 3.6.10 (index.php) Authentication Bypass / Privilege Escalation Vulnerability
 
eFront <= 3.6.10 (student.php) PHP Code Injection Vulnerability
 
phpLDAPadmin <= 1.2.1.1 (lib/functions.php) PHP Code Injection Vulnerability
 
Dolphin <= 7.0.7 (member_menu_queries.php) PHP Code Injection Vulnerability
 
Feed on Feeds <= 0.5 (fof-main.php) PHP Code Injection Vulnerability
 
JAKCMS PRO <= 2.2.5 (session.php) Session Variable Overloading Vulnerability
 
JAKCMS PRO <= 2.2.5 (action.php) Unrestricted File Upload Vulnerability
 
WeBid <= 1.0.2 (feedback.php) SQL Injection Vulnerability
 
WeBid <= 1.0.2 (logout.php) SQL Injection Vulnerability
 
WeBid <= 1.0.2 (user_login.php) SQL Injection Vulnerability
 
WeBid <= 1.0.2 (includes/converter.inc.php) PHP Code Injection Vulnerability
 
WeBid <= 1.0.2 (includes/messages.inc.php) Local File Inclusion Vulnerability

+ 2010

+ 2009

+ 2008

 
Nuke ET <= 3.4 (FCKEditor) Unrestricted File Upload Vulnerability
 
Mantis Bug Tracker <= 1.1.3 (utility_api.php) PHP Code Injection Vulnerability
 
PhpWebGallery <= 1.7.2 (comments.php) SQL Injection Vulnerability
 
PhpWebGallery <= 1.7.2 (event_list.php) PHP Code Injection Vulnerability
 
phpScheduleIt <= 1.2.11 (check.php) Multiple PHP Code Injection Vulnerabilities
 
phpScheduleIt <= 1.2.10 (reserve.php) Multiple PHP Code Injection Vulnerabilities
 
GdPicture Pro Imaging SDK <= 5.7.1 (gdpicturepro5s.ocx) Arbitrary File Overwrite Vulnerability
 
GdPicture Light Imaging Toolkit <= 4.7.1 (gdpicture4s.ocx) Arbitrary File Overwrite Vulnerability
 
PHP iCalendar <= 2.24 (admin/index.php) Unrestricted File Upload Vulnerability
 
Coppermine Photo Gallery <= 1.4.18 (include/functions.inc.php) Local File Inclusion Vulnerability
 
Coppermine Photo Gallery <= 1.4.18 (themes/sample/theme.php) Path Disclosure Weakness
 
Seagull PHP Framework <= 0.6.4 (FCKEditor) Unrestricted File Upload Vulnerability
 
PHPmotion <= 2.0 (update_profile.php) Unrestricted File Upload Vulnerability
 
PHPmotion <= 2.0 (play.php) SQL Injection Vulnerability
 
Flux CMS <= 1.5.0 (loadsave.php) Arbitrary File Overwrite Vulnerability
 
Achievo <= 1.3.2 (FCKEditor) Unrestricted File Upload Vulnerability
 
CMS from Scratch <= 1.1.3 (FCKEditor) Unrestricted File Upload Vulnerability
 
MercuryBoard <= 1.1.5 (func/login.php) SQL Injection Vulnerability
 
La-Nai CMS <= 1.2.16 (FCKEditor) Unrestricted File Upload Vulnerability
 
CMS Made Simple <= 1.2.4 (javaUpload.php) Unrestricted File Upload Vulnerability
 
DeluxeBB <= 1.2 (forums.php) SQL Injection Vulnerability
 
DeluxeBB <= 1.2 (admincp.php) PHP Code Injection Vulnerability
 
FLABER <= 1.1 (function/update_xml.php) Arbitrary File Overwrite Vulnerability
 
Drake CMS <= 0.4.11 (components/guestbook/guestbook.php) SQL Injection Vulnerability
 
Docebo <= 3.5.0.3 (doceboCore/lib/lib.regset.php) SQL Injection Vulnerability
 
Docebo <= 3.5.0.3 Multiple Path Disclosure Weaknesses
 
Site@School <= 2.3.10 (slideshow_full.php) SQL Injection Vulnerability

+ 2007