Karma(In)Security

	Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability
	Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability
	CubeCart <= 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability
	DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability

+ 2012

	Invision Power Board <= 3.3.4 (core.php) PHP Object Injection Vulnerability
	Tiki Wiki CMS Groupware <= 9.2 Multiple PHP Object Injection Vulnerabilities
	Tiki Wiki CMS Groupware <= 8.3 Multiple Path Disclosure Weaknesses
	SugarCRM <= 6.3.1 Multiple PHP Object Injection Vulnerabilities
	OpenConf <= 4.11 (author/edit.php) SQL Injection Vulnerability
	WebCalendar <= 1.2.4 (install/index.php) PHP Code Injection Vulnerability
	WebCalendar <= 1.2.4 (pref.php) Local File Inclusion Vulnerability
	phpFox <= 3.0.1 (module.class.php) OS Command Injection Vulnerability
	WordPress Kish Guest Posting <= 1.2 (uploadify.php) Unrestricted File Upload Vulnerability
	appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability

+ 2011

	Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) PHP Code Injection Vulnerability
	Traq <= 2.3 (admincp/common.php) Authentication Bypass / PHP Code Injection Vulnerability
	WikkaWiki <= 1.3.2 (actions/usersettings/usersettings.php) SQL Injection Vulnerability
	WikkaWiki <= 1.3.2 (actions/files/files.php) Unrestricted File Upload Vulnerability
	WikkaWiki <= 1.3.2 (handlers/files.xml/files.xml.php) Path Traversal Vulnerability
	WikkaWiki <= 1.3.2 (libs/Wakka.class.php) PHP Code Injection Vulnerability
	WikkaWiki <= 1.3.2 Cross-Site Request Forgery Vulnerability
	PmWiki <= 2.2.34 (pagelist.php) PHP Code Injection Vulnerability
	Support Incident Tracker <= 3.65 (translate.php) PHP Code Injection Vulnerability
	Support Incident Tracker <= 3.65 (translate.php) Path Disclosure Weakness
	FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) PHP Code Injection Vulnerability
	WordPress Zingiri Web Shop <= 2.2.3 (ajax_save_name.php) PHP Code Injection Vulnerability
	Zenphoto <= 1.4.1.4 (ajax_create_folder.php) PHP Code Injection Vulnerability
	phpMyFAQ <= 2.7.0 (ajax_create_folder.php) PHP Code Injection Vulnerability
	aidiCMS v3.55 (ajax_create_folder.php) PHP Code Injection Vulnerability
	Ajax File and Image Manager v1.0 (ajax_create_folder.php) PHP Code Injection Vulnerability
	eFront <= 3.6.10 (save_template.php) PHP Code Injection Vulnerability
	eFront <= 3.6.10 (filesystem.class.php) Unrestricted File Upload Vulnerability
	eFront <= 3.6.10 (periodic_updater.php) SQL Injection Vulnerability
	eFront <= 3.6.10 (LMSFunctions.php) SQL Injection Vulnerability
	eFront <= 3.6.10 (send_notifications.php) SQL Injection Vulnerability
	eFront <= 3.6.10 (index.php) Authentication Bypass / Privilege Escalation Vulnerability
	eFront <= 3.6.10 (student.php) PHP Code Injection Vulnerability
	phpLDAPadmin <= 1.2.1.1 (lib/functions.php) PHP Code Injection Vulnerability
	Dolphin <= 7.0.7 (member_menu_queries.php) PHP Code Injection Vulnerability
	Feed on Feeds <= 0.5 (fof-main.php) PHP Code Injection Vulnerability
	JAKCMS PRO <= 2.2.5 (session.php) Session Variable Overloading Vulnerability
	JAKCMS PRO <= 2.2.5 (action.php) Unrestricted File Upload Vulnerability
	WeBid <= 1.0.2 (feedback.php) SQL Injection Vulnerability
	WeBid <= 1.0.2 (logout.php) SQL Injection Vulnerability
	WeBid <= 1.0.2 (user_login.php) SQL Injection Vulnerability
	WeBid <= 1.0.2 (includes/converter.inc.php) PHP Code Injection Vulnerability
	WeBid <= 1.0.2 (includes/messages.inc.php) Local File Inclusion Vulnerability

+ 2010

RoSPORA <= 1.5.0 (index.php) PHP Code Injection Vulnerability

+ 2009

	QuiXplorer <= 2.3.2 (init.php) Local File Inclusion Vulnerability
	TinyWebGallery <= 1.7.6 (init.php) Local File Inclusion Vulnerability
	LightBlog <= 9.9.2 (register.php) PHP Code Injection Vulnerability
	LightBlog <= 9.9.2 (check_user.php) Authentication Bypass / Local File Inclusion Vulnerability
	Dokeos LMS <= 1.8.5 (tablesort.lib.php) PHP Code Injection Vulnerability
	Lanius CMS <= 0.5.2 (upload.php) Unrestricted File Upload Vulnerability
	PHPizabi v0.848b (modules/interact/file.php) Unrestricted File Upload Vulnerability

+ 2008

	Nuke ET <= 3.4 (FCKEditor) Unrestricted File Upload Vulnerability
	Mantis Bug Tracker <= 1.1.3 (utility_api.php) PHP Code Injection Vulnerability
	PhpWebGallery <= 1.7.2 (comments.php) SQL Injection Vulnerability
	PhpWebGallery <= 1.7.2 (event_list.php) PHP Code Injection Vulnerability
	phpScheduleIt <= 1.2.11 (check.php) Multiple PHP Code Injection Vulnerabilities
	phpScheduleIt <= 1.2.10 (reserve.php) Multiple PHP Code Injection Vulnerabilities
	GdPicture Pro Imaging SDK <= 5.7.1 (gdpicturepro5s.ocx) Arbitrary File Overwrite Vulnerability
	GdPicture Light Imaging Toolkit <= 4.7.1 (gdpicture4s.ocx) Arbitrary File Overwrite Vulnerability
	PHP iCalendar <= 2.24 (admin/index.php) Unrestricted File Upload Vulnerability
	Coppermine Photo Gallery <= 1.4.18 (include/functions.inc.php) Local File Inclusion Vulnerability
	Coppermine Photo Gallery <= 1.4.18 (themes/sample/theme.php) Path Disclosure Weakness
	Seagull PHP Framework <= 0.6.4 (FCKEditor) Unrestricted File Upload Vulnerability
	PHPmotion <= 2.0 (update_profile.php) Unrestricted File Upload Vulnerability
	PHPmotion <= 2.0 (play.php) SQL Injection Vulnerability
	Flux CMS <= 1.5.0 (loadsave.php) Arbitrary File Overwrite Vulnerability
	Achievo <= 1.3.2 (FCKEditor) Unrestricted File Upload Vulnerability
	CMS from Scratch <= 1.1.3 (FCKEditor) Unrestricted File Upload Vulnerability
	MercuryBoard <= 1.1.5 (func/login.php) SQL Injection Vulnerability
	La-Nai CMS <= 1.2.16 (FCKEditor) Unrestricted File Upload Vulnerability
	CMS Made Simple <= 1.2.4 (javaUpload.php) Unrestricted File Upload Vulnerability
	DeluxeBB <= 1.2 (forums.php) SQL Injection Vulnerability
	DeluxeBB <= 1.2 (admincp.php) PHP Code Injection Vulnerability
	FLABER <= 1.1 (function/update_xml.php) Arbitrary File Overwrite Vulnerability
	Drake CMS <= 0.4.11 (components/guestbook/guestbook.php) SQL Injection Vulnerability
	Docebo <= 3.5.0.3 (doceboCore/lib/lib.regset.php) SQL Injection Vulnerability
	Docebo <= 3.5.0.3 Multiple Path Disclosure Weaknesses
	Site@School <= 2.3.10 (slideshow_full.php) SQL Injection Vulnerability

+ 2007

	CMS Made Simple <= 1.2.2 (content_css.php) SQL Injection Vulnerability
	ZeusCMS <= 0.3 (security.php) SQL Injection Vulnerability
	ZeusCMS <= 0.3 (image_viewer.php) Information Disclosure Weakness
	PMOS Help Desk <= 2.4 (form.php) PHP Code Injection Vulnerability
	eSyndiCat Link Exchange Script (suggest-link.php) SQL Injection Vulnerability
	Php-Stats 0.1.9.2 (php-stats.recjs.php) Multiple SQL Injection Vulnerabilities
	Php-Stats 0.1.9.2 Multiple PHP Code Injection Vulnerabilities
	LinPHA <= 1.3.1 (new_images.php) SQL Injection Vulnerability