| id |
Risiko |
Navn |
Sammenfatning |
| 43163 |
other |
Invision Power Board < 3.0.5 Multiple Vulnerabilities |
Checks version of Invision Power Board. |
| 43160 |
other |
CGI Generic SQL Injection (blind, time based) |
Blind SQL injection techniques (time based) |
| 43159 |
other |
phpShop shop/flypage SQL Injection |
Attempts a SQL injection attack |
| 43158 |
other |
phpShop Default Credentials |
Tries to login using default credentials |
| 43157 |
other |
phpShop Detection |
Looks for evidence of phpShop |
| 43155 |
other |
HP OpenView Network Node Manager Multiple Scripts hostname Parameter Remote Command Execution |
Checks for multiple remote command execution vulnerabilities in HP OpenView NNM |
| 43154 |
other |
Kiwi Syslog Server Web Access Login Username Enumeration |
Attempts to login with valid/invalid accounts |
| 43098 |
other |
Zen Cart extras/curltest.php Information Disclosure |
Tries to read a local file |
| 43088 |
other |
GCalendar Component for Joomla! event.php gcid Parameter SQL Injection |
Exploits a SQL Injection Vulnerability in GCalendar |
| 43028 |
other |
LyftenBloggie Component for Joomla! index.php author Parameter SQL Injection |
Tries to manipulate an author's list of entries |
| 43027 |
other |
Pligg login.php return Parameter Arbitrary Site Redirect |
Checks if a redirect works |
| 43006 |
other |
RT Session Fixation |
Checks if RT invalidates session IDs properly |
| 43005 |
other |
RT Default Credentials |
Tries to login as root / password |
| 43004 |
other |
RT Detection |
Looks for the RT login page |
| 42982 |
other |
AWStats < 6.95 awredir.pl Redirect |
Tries to exploit the redirect |
| 42978 |
other |
DotNetNuke Detection |
Checks for the presence of DotNetNuke |
| 42963 |
other |
GForge Detection |
Looks for traces of GForge |
| 42962 |
other |
SugarCRM on Apache / Windows .htaccess Direct Request Arbitrary File Access |
Tries to retrieve install.log |
| 42878 |
other |
CubeCart includes/content/viewProd.inc.php productId Parameter SQL Injection |
Attempts a SQL injection attack |
| 42872 |
other |
CGI Generic Local File Inclusion Vulnerability (2nd pass) |
Find file inclusions triggered by other attacks |
| 42862 |
other |
PHP 5.3 < 5.3.1 Multiple Vulnerabilities |
Checks version of PHP |
| 42842 |
other |
Movable Type mt-check.cgi System Information Disclosure |
Checks for the existence of mt-check.cgi |
| 42832 |
other |
HP Power Manager Default Credentials |
Attempts to log in with default credentials. |
| 42820 |
other |
Jumi Component for Joomla! <= 2.0.5 Backdoor |
Looks for script created by the backdoor |
| 42819 |
other |
Jumi Component for Joomla! fileid Parameter SQL Injection |
Tries to execute a custom script |
| 42801 |
other |
WordPress < 2.8.6 Multiple Vulnerabilities |
Checks the version number |
| 42800 |
other |
HP Power Manager Detection |
Looks for evidence of HP Power Manager |
| 42479 |
other |
CGI Generic SQL Injection Vulnerability (2nd pass) |
Find SQL injections triggered by other attacks |
| 42427 |
other |
CGI Generic SQL Injection Vulnerability (HTTP Headers) |
SQL injection techniques through HTTP headers |
| 42426 |
other |
CGI Generic SQL Injection Vulnerability (HTTP Cookies) |
SQL injection techniques through HTTP cookies |
| 42424 |
other |
CGI Generic SQL Injection (blind) |
Blind SQL injection techniques |
| 42423 |
other |
CGI Generic SSI Injection Vulnerability |
Tortures the arguments of the remote CGIs (SSI injection) |
| 42371 |
other |
CubeCart 'admin.php' Authentication Bypass Information Disclosure |
Tries to discover the CubeCart license key |
| 42353 |
other |
CubeCart Admin Authentication Bypass |
Attempts to bypass admin authentication |
| 42351 |
other |
osCommerce file_manager.php Arbitrary PHP Code Injection (intrusive check) |
Tries to inject PHP code |
| 42350 |
other |
osCommerce file_manager.php Arbitrary PHP Code Injection |
Tries to bypass authentication and access file_manager.php |
| 42349 |
other |
osCommerce Detection |
Looks for traces of osCommerce |
| 42347 |
other |
ViewVC Detection |
Looks for ViewVC |
| 42345 |
other |
BuildBot WebStatus Detection |
Checks for the BuildBot version page |
| 42339 |
other |
Adobe ColdFusion Detection |
Looks for the ColdFusion admin login page |
| 42338 |
other |
OSSIM 'host/draw_tree.php' Access Restriction Weakness Information Disclosure |
Tries to access a page that should require authentication |
| 42337 |
other |
OSSIM Web Frontend Default Credentials |
Tries to login as admin/admin |
| 42336 |
other |
OSSIM Web Frontend Detection |
Looks for OSSIM |
| 42262 |
other |
MapServer < 5.4.2 / 5.2.3 / 4.10.5 Buffer Overflow |
Performs a banner check |
| 42254 |
other |
Drupal SA-CONTRIB-2009-080: Simplenews Statistics Open Redirect |
Tries to exploit the redirect |
| 42212 |
other |
Infoblox IPAM Appliance Default Credentials |
Attempts to login with default credentials |
| 42210 |
other |
Trapeze Service Shell - Admin Service Accessible |
Tries to access Trapeze Service Shell's Admin Service |
| 42056 |
other |
CGI Generic Local File Inclusion Vulnerability |
Tortures the arguments of the remote CGIs (local file inclusion) |
| 42055 |
other |
CGI Generic Format String Vulnerability |
Tortures the arguments of the remote CGIs (format string) |
| 42054 |
other |
CGI Generic SSI Injection Vulnerability |
Tortures the arguments of the remote CGIs (SSI injection) |
| 41947 |
other |
Adobe RoboHelp Server Security Bypass (APSA09-05 / intrusive check) |
Uploads a file to run a command |
| 41946 |
other |
Adobe RoboHelp Server Security Bypass (APSA09-05) |
Looks at the HTTP status code of a bad request |
| 41645 |
other |
IDoBlog Component for Joomla! userid Parameter SQL Injection |
Tries to manipulate friend additions |
| 41056 |
other |
Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure |
Checks the version of Interchange |
| 41014 |
other |
PHP < 5.2.11 Multiple Vulnerabilities |
Checks version of PHP |
| 40989 |
other |
Oracle Secure Backup Administration Server Authentication Bypass |
Tries to generate a SQL error |
| 40988 |
other |
BF Survey Pro Component for Joomla! table Parameter SQL Injection |
Tries to generate a SQL error |
| 40984 |
other |
Browsable Web Directories |
Display all browsable web directories |
| 40983 |
other |
ChartDirector for .NET cacheId Parameter Arbitrary File Access |
Tries to retrieve a local file |
| 40886 |
other |
Zmanda Recovery Manager for MySQL socket-server.pl MYSQL_BINPATH Variable Command Execution |
Tries to execute a command |
| 40872 |
other |
Kayako SupportSuite Ticket Subject XSS |
Checks version in banner |
| 40824 |
other |
FlexCMS Login Cookie SQL Injection |
Tries to inject SQL statements into login Cookie |
| 40796 |
other |
phpSANE file_save Parameter Remote File Include |
Tries to read a local file |
| 40773 |
other |
Web Application Potentially Sensitive CGI Parameter Detection |
Common sensitive CGI paramaters names |
| 40668 |
other |
Google Analytics on An Internal Web Server Detection |
Report Google Analytics on an internal web server |
| 40667 |
other |
Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure |
Tries to retrieve script code |
| 40592 |
other |
WP-Syntax apply_filters function Command Execution |
Tries to run a command |
| 40578 |
other |
WordPress < 2.8.4 wp-login.php key Parameter Remote Administrator Password Reset (uncredentialed check) |
Version check |
| 40577 |
other |
WordPress < 2.8.4 Password Reset |
Tries to do a password reset |
| 40552 |
other |
Spiceworks Accept Request Header Overflow |
Grabs version from login page |
| 40551 |
other |
CMS Made Simple url Parameter Arbitrary File Access |
Attempts to retrieve a local file |
| 40470 |
other |
Snitz Forums 2000 <= 3.4.07 register.asp 'Email' Parameter SQL Injection Vulnerability |
Attempts a SQL injection attack |
| 40469 |
other |
Snitz Forums 2000 Detection |
Looks for evidence of Snitz |
| 40419 |
other |
MODx config.js.php Information Disclosure |
Retrieves $modx->config as JSON |
| 40406 |
other |
CGI Generic Tests HTTP Errors |
Reports generic CGI test errors |
| 40354 |
other |
OpenWrt Router with a Blank Password (telnet check) |
Tries to access OpenWrt without a password |
| 40352 |
other |
phpMyAdmin Installation Not Password Protected |
Checks if PMA requires login |
| 40349 |
other |
eAccelerator encoder.php File Backup |
Tries to copy files to an invalid directory |
| 40334 |
other |
Ruby on Rails HTTP Digest Authentication Bypass |
Tries to bypass authentication |
| 40331 |
other |
Log Rover pword Parameter SQL Injection |
Tries to bypass authentication |
| 39875 |
other |
FCKeditor.Java Connector Servlet 'CurrentFolder' Infinite Loop DoS Vulnerability |
Tries to make a request with invalid chars |
| 39806 |
other |
FCKeditor 'CurrentFolder' Arbitrary File Upload |
Tries to upload a php file |
| 39790 |
other |
Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload |
Tries to use upload a file with ColdFusion code using FCKeditor |
| 39621 |
other |
FireStats < 1.6.2 Multiple Vulnerabilities |
Does a version check for FireStats |
| 39617 |
other |
HP DDMI on Windows Unspecified Remote Agent Access |
Tries to retrieve a file or execute a command |
| 39616 |
other |
HP DDMI Web Interface Default Credentials |
Tries to login with default credentials |
| 39537 |
other |
Movable Type Detection |
Looks for evidence of Movable Type |
| 39536 |
other |
BASE < 1.2.5 readRoleCookie() Auth Bypass |
Attempts to bypass authentication |
| 39535 |
other |
Basic Analysis and Security Engine Authentication Check |
Verifies if authentication is required |
| 39501 |
other |
Zen Cart password_forgotten.php Admin Access Bypass |
Tries to access the application's version info |
| 39500 |
other |
Zen Cart Detection |
Looks for traces of Zen Cart |
| 39482 |
other |
Acajoom Component for Joomla! <= 3.2.6 Backdoor |
Tries to execute a command |
| 39480 |
other |
PHP < 5.2.10 Multiple Vulnerabilities |
Checks version of PHP |
| 39470 |
other |
CGI Generic Tests Timeout |
Generic CGI tests timed out |
| 39469 |
other |
CGI Generic Remote File Inclusion Vulnerability |
Tortures the arguments of the remote CGIs (remote file inclusion) |
| 39468 |
other |
CGI Generic Header Injection Vulnerability |
Tortures the arguments of the remote CGIs (header injection) |
| 39467 |
other |
CGI Generic Path Traversal Vulnerability |
Tortures the arguments of the remote CGIs (traversal) |
| 39465 |
other |
CGI Generic Command Execution Vulnerability |
Tortures the arguments of the remote CGIs (command execution) |
| 39447 |
other |
Apache Tomcat RequestDispatcher Directory Traversal Vulnerability |
Checks the version retrieved from a Tomcat error page |
| 39365 |
other |
Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass |
Tries to access form to add a key |
| 39314 |
other |
Sun Java System Directory Server Online Help Feature Information Disclosure |
Tries to read a line from DSSetupResources.properties |
| 38974 |
other |
JVideo! Component for Joomla! user_id Parameter SQL Injection |
Tries to manipulate a SQL query |
| 38952 |
other |
CrashPlan Server Default Administrative Credentials |
Tries to login with default credentials |
| 38926 |
other |
DokuWiki config_cascade Parameter Remote File Inclusion |
Attempts to read a local file |
| 38925 |
other |
WP-Lytebox pg Parameter Local File Inclusion |
Tries to read a local file |
| 38890 |
other |
VICIDIAL Call Center Suite Default Administrative Credentials |
Tries to login with default credentials |
| 38889 |
other |
VICIDIAL Call Center Suite admin.php SQL Injection |
Tries to bypass authentication |
| 38888 |
other |
TinyWebGallery lang Parameter Local File Inclusion |
Tries to read a local file |
| 38879 |
other |
Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion |
Tries to read a local file |
| 38832 |
other |
HP System Management Homepage < 3.0.1.73 Multiple Flaws |
Checks version of HP SMH |
| 38828 |
other |
Flyspeck lang Parameter Local File Inclusion |
Tries to read a local file |
| 38794 |
other |
SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution |
Attempts to execute a command on the remote host |
| 38762 |
other |
Open Virtual Desktop Detection |
Checks for Open Virtual Desktop |
| 38717 |
other |
IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities |
Checks version of IceWarp |
| 38695 |
other |
Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval |
Attempts to retrieve a local file |
| 38694 |
other |
LimeSurvey sUser Variable SQL Injection |
Tries to generate a SQL syntax error |
| 38688 |
other |
Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation |
Checks version in admin login page |
| 38665 |
other |
OpenCart route Parameter Local File Inclusion |
Tries to read a local file |
| 38653 |
other |
Symantec Reporting Server Improper URL Handling Exposure |
Tries to exploit URL handling weakness |
| 38648 |
other |
Atmail WebMail Detection |
Looks for the Atmail WebMail login page |
| 38198 |
other |
Sun Java System Identity Manager Account Disclosure |
Checks if the application is leaking information |
| 38183 |
other |
ClearSpace Detection |
Detects Jive ClearSpace |
| 38156 |
other |
FogBugz Interface Detection |
Detects FogBugz Web Interface |
| 38155 |
other |
Fortify 360 Web Interface Detection |
Detects Fortify 360 Web Interface |
| 38152 |
other |
Linksys WVC54GCA Wireless-G '/img/main.cgi' Information Disclosure Vulnerability |
Determine if the remote network camera is vulnerable to a flaw |
| 36205 |
other |
Novell Teaming Login User Account Enumeration Weakness |
Queries several user accounts |
| 36171 |
other |
phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4) |
Tries to inject PHP code into config file |
| 36170 |
other |
phpMyAdmin setup.php save Action Arbitrary PHP Code Injection |
Tries to inject PHP code into temporary config file |
| 36144 |
other |
Geeklog SEC_authenticate Function SQL Injection |
Tries to bypass authentication |
| 36143 |
other |
Geeklog Detection |
Checks for Geeklog |
| 36129 |
other |
HP LaserJet Web Server Unspecified Admin Component Traversal Arbitrary File Access |
Checks the firmware datecode |
| 36102 |
other |
Jinzora name Parameter Local File Inclusion |
Tries to read a local file |
| 36083 |
other |
phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1) |
Calls bs_disp_as_mime_type.php with a bogus URL |
| 36074 |
other |
MapServer < 5.2.2 / 4.10.4 Multiple Flaws |
Performs a banner check |
| 36050 |
other |
Moodle LaTeX Information Disclosure |
Tries to use texdebug.php to generate a graphic image |
| 36019 |
other |
Tenable Security Center Default Credentials |
Attempts to login with default credentials |
| 36018 |
other |
Sitecore CMS < 5.3.2 rev. 090212 Web Service Security Database Information Disclosure |
Checks the version number of Sitecore |
| 36017 |
other |
NextApp Echo XML External Entity Handling Privilege Escalation |
Tries to access a nonexistent file |
| 35975 |
other |
AWStats 'awstats.pl' Path Disclosure |
Tries to read a nonexistent config file |
| 35974 |
other |
AWStats Detection |
Looks for AWStats awstats.pl |
| 35805 |
other |
OneOrZero Helpdesk default_language Local File Inclusion |
Tries to read a local file |
| 35803 |
other |
zFeeder admin.php Direct Request Admin Authentication Bypass |
Tries to access configruation settings |
| 35787 |
other |
ZABBIX Web Interface extlang[] Parameter Remote Code Execution |
Tries to execute an arbitrary command on the host |
| 35786 |
other |
ZABBIX Web Interface Detection |
Detects ZABBIX Web Interface |
| 35765 |
other |
Coppermine Photo Gallery keysToSkip Variable Overwrite |
Tries to overwrite img_dir variable |
| 35751 |
other |
Drupal Theme System Template Local File Inclusion |
Tries to read a local file |
| 35750 |
other |
PHP < 5.2.9 Multiple Vulnerabilities |
Checks version of PHP |
| 35749 |
other |
Moodle Forum post.php Unauthorized Post Deletion CSRF |
Looks for hidden sesskey variable in prune.html |
| 35661 |
other |
SquirrelMail HTTPS Session Cookie Secure Flag Weakness |
Looks for 'secure' flag in Squirrelmail cookie |
| 35657 |
other |
HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610) |
Tries to run a command via webappmon.exe |
| 35656 |
other |
HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610) |
Tries to read configuration information via ovlaunch.exeu |
| 35655 |
other |
TYPO3 jumpUrl Mechanism Information Disclosure |
Tries to read typo3conf/localconf.php |
| 35649 |
other |
Trend Micro InterScan Web Security Suite Default Credentials |
Attempts to login with default credentials |
| 35628 |
other |
Openfire < 3.6.3 Multiple Vulnerabilities |
Checks version in admin login page |
| 35618 |
other |
Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness |
Queries several user accounts |
| 35610 |
other |
Jaws language Parameter Multiple Local File Includes |
Attempts to retrieve a local file |
| 35609 |
other |
SocialEngine Blog Plugin category_id Parameter SQL Injection |
Tries to generate a SQL injection error |
| 35600 |
other |
Meeting Room Booking System (MRBS) month.php area Parameter SQL Injection |
Tries to manipulate room listing |
| 35587 |
other |
phpSlash fields Parameter PHP Code Injection |
Tries to inject PHP code |
| 35580 |
other |
Profense Web Application Firewall Default Credentials |
Attempts to login with default credentials |
| 35557 |
other |
OpenX fc.php MAX_type Parameter Traversal Local File Inclusion |
Tries to read a local file |
| 35554 |
other |
Horde Horde_Image::factory driver Argument Local File Inclusion |
Tries to read a local file |
| 35474 |
other |
gigCalendar Component for Joomla! gigcal_gigs_id Parameter SQL Injection |
Exploits a SQL Injection Vulnerability in gigCalendar |
| 35435 |
other |
Eventing Component for Joomla! index.php catid Parameter SQL Injection |
Tries to manipulate SQL queries |
| 35402 |
other |
phpList <= 2.10.8 Variable Overwriting |
Tries to read about.php |
| 35370 |
other |
WordPress WP-Forum forum_feed.php thread Parameter SQL Injection |
Tries to manipulate feed results |
| 35363 |
other |
Oracle Secure Backup Administration Server login.php Command Injection Vulnerability |
Checks for multiple remote command execution vulnerabilities in Oracle Secure Backup Administration Server |
| 35326 |
other |
XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection |
Tries to run a command |
| 35321 |
other |
XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal |
Tries to list contents of top-level Joomla! directory |
| 35278 |
other |
XOOPS xoopsConfig[language] Parameter Local File Inclusion (DSECRG-08-040) |
Tries to read a local file |
| 35273 |
other |
RoundCube Webmail bin/html2text.php Post Request Remote PHP Code Execution |
Tries to run an arbitrary command |
| 35262 |
other |
Pligg evb/check_url.php url Parameter SQL Injection |
Tries to manipulate link output from evb/check_url.php |
| 35261 |
other |
OneOrZero Helpdesk tinfo.php Arbitrary File Upload |
Uploads an incomplete file |
| 35259 |
other |
phpList cline Parameter Array Remote File Inclusion |
Tries to read a local file |
| 35224 |
other |
Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS) |
Grabs firmware version from cgi-bin/index.cgi |
| 35109 |
other |
Live Chat Component for Joomla! last Variable SQL Injection |
Tries to manipulate chat XML output |
| 35105 |
other |
Sun Java System Identity Manager Default Credentials |
Tries to login with default credentials |
| 35104 |
other |
Sun Java System Identity Manager Detection |
Looks for IDM's login page |
| 35090 |
other |
Moodle filter/tex/texed.php pathname Parameter Remote Command Execution |
Tries to run a command using Moodle |
| 35067 |
other |
PHP 5.2.7 magic_quotes_gpc Security Bypass |
Checks version of PHP |
| 35060 |
other |
phpPgAdmin index.php _language Parameter Local File Inclusion |
Tries to read a local file |
| 35043 |
other |
PHP 5 < 5.2.7 Multiple Vulnerabilities |
Checks version of PHP |
| 35041 |
other |
Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass |
Tries to bypass authentication |
| 35008 |
other |
OraMon config/oramon.ini Information Disclosure |
Tries to read oramon.ini |
| 34992 |
other |
CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion |
Tries to read a local file |
| 34947 |
other |
Apache Struts devMode Information Disclosure |
Checks for Struts debug xml output |
| 34946 |
other |
Apache Struts < 2.0.12 / 2.1.3 Dispatcher Directory Traversal |
Tries to read a web.xml |
| 34726 |
other |
PHPWebAdmin for hMailServer Multiple File Inclusions |
Tries to read a local file |
| 34725 |
other |
Openfire AuthCheck Authentication Bypass |
Grabs up to 10 log lines |
| 34507 |
other |
EATON MGE Network Shutdown Module < 3.20 Authentication Bypass / Command Execution |
Checks version or tests an action |
| 34448 |
other |
yappa-ng index.php album Parameter Local File Inclusion |
Tries to read a local file |
| 34443 |
other |
Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access |
Checks version of SC3 |
| 34420 |
other |
Ignite Gallery Component for Joomla! index.php gallery Parameter SQL Injection |
Exploits a SQL Injection Vulnerability in Ignite Gallery |
| 34419 |
other |
PhpWebGallery comments.php sort_by Parameter SQL Injection |
Tries to generate a SQL syntax error |
| 34399 |
other |
GForge top/topusers.php offset Parameter SQL Injection |
Tries to exploit SQL injection issue in GForge |
| 34397 |
other |
ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite |
Checks fcheck.exe's help message |
| 34395 |
other |
ASG-Sentry CGI Default Credentials |
Tries to login with default credentials |
| 34394 |
other |
ASG-Sentry CGI Detection |
Looks for ASG-Sentry login page |
| 34373 |
other |
OpenX ac.php bannerid Parameter SQL Injection |
Checks if bannerid parameter is sanitized |
| 34372 |
other |
Openads Delivery Engine OA_Delivery_Cache_store() Function name Argument Arbitrary PHP Code Execution |
Tries to run a command |
| 34351 |
other |
OpenNMS Web Console Default Credentials |
Tries to login to the web console with default credentials |
| 34350 |
other |
OpenNMS Web Console Detection |
Looks for OpenNMS login page |
| 34338 |
other |
phpScheduleIt reserve.php start_date Parameter Arbitrary Command Injection |
Tries to run a command using phpScheduleIt |
| 34337 |
other |
phpScheduleIt Detection |
Checks for presence of phpScheduleIt |
| 34304 |
other |
Pluck update.php Remote Privilege Escalation |
Tests if update.php is accessible |
| 34293 |
other |
MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion |
Tries to read JpGraph doc |
| 34292 |
other |
Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities |
Tries to run a command using observer |
| 34209 |
other |
Simple Machines Forum Validation Code Prediction Arbitrary Password Reset |
Tries to recover value of rand() |
| 34202 |
other |
Calendarix Basic cal_cat.php catview Variable SQL Injection |
Tries to manipulate a category listing |
| 34169 |
other |
pluck < 4.5.3 Multiple Local File Include Vulnerabilities |
Tries to read a local file |
| 34110 |
other |
Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure |
Retrieves user list |
| 34109 |
other |
Simple PHP Blog Detection |
Checks for presence of Simple PHP Blog |
| 34108 |
other |
Zen Cart products_id[] Array SQL Injection |
Tries to generate a SQL syntax error |
| 34095 |
other |
Moodle lib/kses.php kses_bad_protocol_once Function Arbitrary PHP Code Execution |
Tries to run a command |
| 34055 |
other |
AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution |
run a command through awstatstotals.php?sort |
| 34031 |
other |
TWiki bin/configure image Parameter Traversal Arbitrary File Access/Execution |
Tries to execute a command or read a local file |
| 34029 |
other |
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities |
Checks version in banner |
| 33927 |
other |
Web Server Generic 3xx Redirect |
Checks for a redirection flaw which allows redirection to arbitrary domains |
| 33926 |
other |
Adobe Dreamweaver dwsync.xml Remote Information Disclosure |
Checks for ./_notes/dwsync.xml files which can lead to enumeration of files and directories. |
| 33925 |
other |
dotCMS Multiple Script id Parameter Traversal Local File Inclusion |
Tries to read a local file |
| 33903 |
other |
MailScan WebAdministrator Cookie Authentication Bypass |
Tries to access User Management page |
| 33882 |
other |
Joomla! components/com_user/models/reset.php Reset Token Validation Forgery |
Tries to reset a password using an invalid token |
| 33869 |
other |
JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure |
Attempts to access status servlet without credentials |
| 33867 |
other |
Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion |
Checks list of available NPMs |
| 33866 |
other |
Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access |
Tries to read a local file |
| 33860 |
other |
RTH login.php uname Parameter SQL Injection |
Tries to bypass authentication |
| 33856 |
other |
e107 download.php extract() Function Variable Overwrite |
Tries to execute a command |
| 33849 |
other |
PHP < 4.4.9 Multiple Vulnerabilities |
Checks version of PHP |
| 33848 |
other |
Pligg settemplate.php template Parameter Local File Inclusion |
Tries to read a local file via settemplate.php in Pligg |
| 33823 |
other |
Plogger plog-download.php checked[] Parameter SQL Injection |
Tries to manipulate filename in a ZIP download |
| 33822 |
other |
XAMPP Example Pages Detection |
Tries to access XAMPP's examples |
| 33821 |
other |
.svn/entries Disclosed via Web Server |
requests .svn/entries |
| 33817 |
other |
Web Application Tests : load estimation |
Estimate the number of requests done by the web app tests |
| 33811 |
other |
Symphony sym_auth Cookie SQL Injection |
Tries to bypass admin login |
| 33789 |
other |
Coppermine Photo Gallery include/functions.inc.php _data Cookie lang Variable Traversal Local File Inclusion |
Tries to read a local file |
| 33761 |
other |
Gregarius ajax.php rsargs[] Parameter Array SQL Injection |
Tries to manipulate feed content |
| 33546 |
other |
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion |
Tries to read /etc/passwd |
| 33532 |
other |
CGI::Session File Driver CGISESSID Cookie Traversal Authentication Bypass |
Sends a session cookie with directory traversal sequences |
| 33483 |
other |
Maian Scripts Cookie Manipulation Authentication Bypass |
Tries to access admin control panel |
| 33479 |
other |
Mambo < 4.6.5 mos_user_template Local File Inclusion |
Tries to change mos_user_template cookie in Mambo |
| 33478 |
other |
XEROX CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008) |
Checks version in the footer |
| 33446 |
other |
Dolphin Multiple Scripts Remote File Inclusion |
Tries to read /etc/passwd |
| 33445 |
other |
Trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion |
Tries to read /etc/passwd |
| 33439 |
other |
Sun Java System ASP < 4.0.3 Multiple Vulnerabilities |
Tries several exploits and a banner check |
| 33437 |
other |
Sun Java ASP Server Default Admin Password |
Attempts to access remote ASP server with default admin credentials |
| 33391 |
other |
Wordtrans-web exec_wordtrans Function Arbitrary Command Execution |
Tries to run a command using wordtrans-web |
| 33274 |
other |
TrailScout Module For Drupal Session Cookie SQL Injection |
Tries to inject SQL statements into session cookie |
| 33272 |
other |
nBill component for Joomla! index.php cid Parameter SQL Injection |
Tries to manipulate the component heading for a new order |
| 33271 |
other |
Trac quickjump Search Script q Parameter Arbitrary Site Redirect |
Tries to redirect to a third-party site |
| 33270 |
other |
ASP.NET DEBUG Method Enabled |
Tests for ASP.NET Path Disclosure Vulnerability |
| 33269 |
other |
Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Variable SQL Injection |
Tries to generate an error |
| 33103 |
other |
LifeType for Drupal (pLog) index.php albumId Parameter SQL Injection |
Tries to exploit SQL injection issue in pLog |
| 32505 |
other |
AEC Subscription Manager Component usage Parameter SQL Injection |
Tries to generate a SQL error |
| 32475 |
other |
Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access |
Tries to read a local file with BESR |
| 32381 |
other |
ViewVC Direct Request CVSROOT Information Disclosure |
Lists contents of CVSROOT directory |
| 32325 |
other |
Site Documentation Module for Drupal Database Tables Access Content Permission Information Disclosure |
Retrieves info from the users table |
| 32324 |
other |
Mantis manage_user_create.php CSRF New User Creation |
Sends a GET request for manage_user_create.php |
| 32318 |
other |
Web Site Cross-Domain Policy File Detection |
Checks for the file crossdomain.xml |
| 32317 |
other |
DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQL Injection |
Tries to generate a SQL error |
| 32124 |
other |
Webhosting Component for Joomla catid Parameter SQL Injection |
Tries to manipulate category overview output |
| 32123 |
other |
PHP < 5.2.6 Multiple Vulnerabilities |
Checks version of PHP |
| 32122 |
other |
ActualAnalyzer Lite style Variable Traversal Local File Inclusion |
Tries to read /etc/passwd |
| 32080 |
other |
WordPress index.php cat Parameter Local File Inclusion |
Tries to read a local file with WordPress |
| 32032 |
other |
Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities |
Checks for RedHat/Fedora Directory Server repl-monitor-cgi.pl remote command execution flaw |
| 32030 |
other |
XOOPS Article Module article.php id Parameter SQL Injection |
Tries to manipulate a description with Articles module |
| 31865 |
other |
WEBrick Encoded Traversal Arbitrary CGI Source Disclosure |
Tries to retrieve source to a CGI |
| 31860 |
other |
HP OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access |
Tries to read a local file with NNM |
| 31859 |
other |
Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cookie SQL Injection |
Tries to bypass authentication |
| 31790 |
other |
Site Sift Listings detail.php id Parameter SQL Injection |
Tries to manipulate link information |
| 31789 |
other |
OTRS SOAP Interface Unauthenticated Object Manipulation |
Tries to generate a list of users |
| 31726 |
other |
Sympa Malformed Content-Type Header Remote DoS |
Checks version of Sympa |
| 31725 |
other |
Sympa Detection |
Checks for presence of Sympa |
| 31720 |
other |
eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection |
Tries to bypass the login check |
| 31650 |
other |
my_gallery Plugin for e107 dload.php file Parameter Arbitrary File PHP Source Disclosure |
Tries to read a local file |
| 31649 |
other |
PHP < 5.2 Multiple Vulnerabilities |
Checks version of PHP |
| 31646 |
other |
Custom Pages for Joomla! index.php cpage Variable Remote File Inclusion |
Tries to read a local file with Custom Pages |
| 31643 |
other |
DotNetNuke Upgrade Process validationkey Generation Weakness Privilege Escalation |
Tries to gain access as administrator on DotNetNuke |
| 31626 |
other |
Acajoom Component mailingid Parameter SQL Injection |
Tries to manipulate a mailing view |
| 31608 |
other |
PHPAuction Multiple Script include_path Parameter File Inclusion |
Tries to read a local file with PHPAuction |
| 31606 |
other |
XOOPS Dictionary Module print.php id Parameter SQL Injection |
Tries to manipulate a definition |
| 31346 |
other |
MediaWiki JSON Callback Crafted API Request Information Disclosure |
Requests an edittoken with a JSON callback |
| 31342 |
other |
netOffice Dwins demoSession Parameter Authentication Bypass |
Accesses the 'Upload a File' form |
| 31299 |
other |
Centreon include/doc/get_image.php img Variable Traversal Arbitrary File Access |
Tries to read a local file with Centreon |
| 31192 |
other |
Nukedit utilities/login.asp email Parameter SQL Injection |
Tries to bypass authentication using SQL injection |
| 31191 |
other |
Hosting Controller hosting/addreseller.asp reseller Variable Authentication Bypass |
Tries to access a user's control panel |
| 31167 |
other |
Sniplets Plugin for WordPress execute.php text Parameter Arbitrary Command Execution |
Tries to run a command using Sniplets plugin |
| 31137 |
other |
Coppermine Photo Gallery album Password Cookie SQL Injection |
Tries to generate a SQL error |
| 31134 |
other |
ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities |
Checks version in web interface banner |
| 31116 |
other |
Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection |
Tries to generate a SQL syntax error |
| 31098 |
other |
Default Password (changeme) for SHOUTcast Server Service Port |
Tries to log into SHOUTcast Server with default password |
| 31095 |
other |
Joomla! index.php mosConfig_absolute_path Parameter Remote File Inclusion |
Tries to read a local file with Joomla |
| 31051 |
other |
osCommerce Customer Testimonials customer_testimonials.php testimonial_id Parameter SQL Injection |
Tries to manipulate a testimonial |
| 31048 |
other |
Cacti index.php/sql.php Login Action login_username Variable SQL Injection |
Tries to manipulate a SQL query |
| 30253 |
other |
ExtremeZ-IP File and Print Server Zidget/HTTP Server Traversal Arbitrary File Access |
Tries to retrieve a local file |
| 30216 |
other |
F5 BIG-IP Web Management Interface Version |
Tests for F5 BIG-IP web interface version |
| 30211 |
other |
Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload |
Checks for reportsfile parameter directory traversal vulnerability in Symantec BESRM 7 |
| 30208 |
other |
Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass |
Tries to view logs |
| 30151 |
other |
AkoGallery Component for Mambo / Joomla! index.php id Variable SQL Injection |
Tries to manipulate gallery header |
| 30132 |
other |
Coppermine imageObjectIM.class.php Command Execution Vulnerabilities |
Tries to run a command using Coppermine |
| 30131 |
other |
SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion |
Tries to read a local file with SQLiteManager |
| 30129 |
other |
WordPress AdServe adclick.php id Parameter SQL Injection |
Tries to generate a SQL syntax error |
| 30124 |
other |
Smart Publisher index.php filedata Parameter Arbitrary Command Execution |
Tries to run a command using Smart Publisher |
| 30110 |
other |
Mambo MOStlyCE Mambot Arbitrary File Rename |
Tries to rename a nonexistent file |
| 30109 |
other |
WordPress fGallery fim_rss.php album Parameter SQL Injection |
Tries to generate a SQL syntax error |
| 30108 |
other |
vTiger CRM Directory File Disclosure |
Tries to retrieve a directory listing |
| 30107 |
other |
CandyPress Store admin/utilities_ConfigHelp.asp helpfield Variable SQL Injection |
Tries to extract configuration data from database |
| 30056 |
other |
ManageEngine Applications Manager Invalid URI Remote Information Disclosure |
Sends an invalid URL to AppManager |
| 30055 |
other |
MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite |
Tries to generate an error using an invalid cookie |
| 30054 |
other |
YaBB SE Cookie Authentication Bypass |
Tries to bypass authentication using a specially-crafted cookie |
| 30053 |
other |
Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure |
Requests Kayako's syncml/index.php script |
| 30052 |
other |
boastMachine mail.php id Variable SQL Injection |
Tries to manipulate a post title using mail.php |
| 30021 |
other |
BitDefender Update Server HTTP Request Traversal Arbitrary File Access |
Tries to retrieve a local file |
| 29996 |
other |
MyBB forumdisplay.php sortby Parameter Arbitrary PHP Code Execution |
Tries to run a command via MyBB |
| 29995 |
other |
Pixelpost index.php parent_id Parameter SQL Injection |
Tries to generate a SQL syntax error |
| 29981 |
other |
X7 Chat index.php day Parameter SQL Injection |
Tries to influence an event listing |
| 29927 |
other |
eggBlog index.php eggblogpassword Variable Cookie SQL Injection |
Tries to bypass authentication using SQL injection |
| 29897 |
other |
PortalApp forums.asp sortby Parameter SQL Injection |
Tries to influence the forum search results returned |
| 29871 |
other |
Web Site Malicious Javascript Link Detection |
This plugin uses the results of webmirror.nasl |
| 29870 |
other |
XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion |
Tries to read a local file with XoopsGallery |
| 29869 |
other |
Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution |
Tries to run a command using Loudblog |
| 29868 |
other |
Newbb_plus Module for RunCMS Client-Ip Header SQL Injection |
Tries to generate a SQL syntax error |
| 29867 |
other |
RunCMS Detection |
Checks for presence of RunCMS |
| 29854 |
other |
Bitweaver wiki/edit.php suck_url Variable Traversal Source Code Disclosure |
Tries to retrieve a local file using edit.php |
| 29853 |
other |
RunCMS Multiple Script lid Parameter SQL Injection |
Tries to bypass XoopsDownload::isAccessible() |
| 29852 |
other |
Mort Bay Jetty URL Multiple Slash Character Information Disclosure |
Tries to retrieve a webapp's web.xml |
| 29835 |
other |
Site@School slideshow_full.php album_name Parameter SQL Injection |
Tries to generate a SQL syntax error |
| 29834 |
other |
Atlassian JIRA < 3.12.1 Multiple Vulnerabilities |
Checks for an XSS issue involving 500page.jsp |
| 29833 |
other |
PHP < 4.4.8 Multiple Vulnerabilities |
Checks version of PHP |
| 29832 |
other |
Zenphoto rss.php albumnr Parameter SQL Injection |
Tries to influence the RSS results returned |
| 29829 |
other |
CMS Made Simple modules/TinyMCE/content_css.php templateid Variable SQL Injection |
Tries to influence CMSMS style sheet returned |
| 29802 |
other |
CuteNews search.php files_arch Array Arbitrary File Access |
Adds a nonexistent file to files_arch |
| 29800 |
other |
PMOS Help Desk form.php Arbitrary Code Execution |
Checks for auth bypass issue in PMOS Help Desk |
| 29799 |
other |
Tikiwiki tiki-listmovies.php movie Parameter Traversal Arbitrary File Access |
Tries to read a local file using tiki-listmovies.php |
| 29746 |
other |
Plogger plog-rss.php id Parameter SQL Injection |
Tries to generate a SQL error |
| 29745 |
other |
WordPress query.php is_admin() Function Information Disclosure |
Sends a request with 'wp-admin/' in the query string |
| 29728 |
other |
RaidenHTTPD workspace.php ulang Parameter Local File Inclusion |
Tries to read a local file with RaidenHTTPD |
| 29722 |
other |
Centreon fileOreonConf Parameter File Include Vulnerabilities |
Tries to read a local file with Centreon |
| 29252 |
other |
Firefly Media Server Limited Directory Traversal Admin Credential Disclosure |
Tries to read mt-daapd.conf |
| 29249 |
other |
HP OpenView Network Node Manager Multiple CGI Remote Overflows |
Checks for multiple remote command execution vulnerabilities in HP OpenView Network Node Manager |
| 29187 |
other |
Plumtree Portal User Object User Enumeration |
Searches for Plumtree portal user objects |
| 28375 |
other |
Seditio plug.php pag_sub Parameter SQL Injection |
Tries to generate a SQL error |
| 28373 |
other |
Plumtree Portal Default Credentials |
Tries to login to the portal with default credentials |
| 28293 |
other |
GWExtranet gwextranet/scp.dll Multiple Variable Traversal Local File Inclusion |
Tries to read boot.ini using GWextranet's scp.dll extension |
| 28291 |
other |
RunCMS xoopsOption Parameter Local File Inclusion |
Tries to read a local file with RunCMS |
| 28181 |
other |
PHP < 5.2.5 Multiple Vulnerabilities |
Checks version of PHP |
| 27803 |
other |
IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities |
Checks for an XSS flaw in WAS' navigateTree.do |
| 27802 |
other |
HP OpenView Client Configuration Manager Default Credentials |
Tries to login to OVCCM with default credentials |
| 27620 |
other |
GuppY inc/includes.inc selskin Parameter Traversal Local File Inclusion |
Tries to read a local file with GuppY |
| 27597 |
other |
Module Builder DownloadModule Traversal Arbitrary File Disclosure |
Tries to read a local file with Module Builder |
| 27585 |
other |
Simple Machines Forum Search.php SQL Injection |
Tries to generate a SQL error |
| 27575 |
other |
TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion |
Tries to read a local file with TikiWiki |
| 27526 |
other |
CA Host-Based Intrusion Prevention System Server Default Credentials |
Tries to login to CA HIPS with default credentials |
| 27523 |
other |
LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure |
Tries to retrieve script source code using LiteSpeed |
| 26968 |
other |
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution |
Tries to run a command via TikiWiki's tiki-graph_formula.php |
| 26926 |
other |
SWAT Unauthenticated Access (Demo Mode) |
Detects a SWAT Server in demo mode |
| 26924 |
other |
Cart32 c32web.exe ImageName Traversal Arbitrary File Access |
Tries to retrieve Cart32's config file |
| 26199 |
other |
Original inc/exif.inc.php exif_prog Parameter Arbitrary Command Execution |
Tries to run a command via Original's exif.inc.php |
| 26072 |
other |
ADOdb Lite adodb-perf-module.inc.php last_module Variable Arbitrary Code Execution |
Tries to run a command via ADOdb Lite's adodb-perf-module.inc.php |
| 26065 |
other |
Shop-Script admin.php Admin Panel Security Bypass |
Tries to retrieve configuration settings |
| 26059 |
other |
Mambo / Joomla! Multiple Components mosConfig_live_site Parameter Remote File Inclusion |
Tries to read a local file using Mambo / Joomla components |
| 26056 |
other |
AWStats is Openly Accessible |
AWStats seems to be openly accessible to any user |
| 26021 |
other |
Adobe Connect Enterprise Server Information Disclosure |
Checks version number of Adobe Connect Enterprise Server |
| 26011 |
other |
Claroline inc/lib/language.lib.php language Variable Traversal Local File Inclusion |
Tries to read a local file with Claroline |
| 26010 |
other |
MapServer Multiple Remote Vulnerabilities |
Checks for multiple vulnerabilities in MapServer < 4.10.3 |
| 26001 |
other |
QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection |
Tries to get QuickEStore store's name via SQL injection |
| 25994 |
other |
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities |
Tries to retrieve a local file using SecurityReporter |
| 25993 |
other |
MDPro index.php topicid Parameter SQL Injection |
Tries to manipulate a topic name |
| 25992 |
other |
Joomla! CMS com_search Component default_results.php searchword Variable Remote Command Execution |
Tries to run a command via Joomla |
| 25990 |
other |
VHCS PHPSESSID Cookie Session Fixation |
Tries to use a fixed arbitrary session identifier |
| 25971 |
other |
PHP < 5.2.4 Multiple Vulnerabilities |
Checks version of PHP |
| 25930 |
other |
SimpleFAQ Component for Joomla! aid Parameter SQL Injection |
Tries to manipulate answers with SQL injection |
| 25899 |
other |
EZPhotoSales Multiple Configuration Files Remote Information Disclosure |
Tries to retrieve config files |
| 25898 |
other |
Help Center Live class/auth.php check_logout Function Admin Authentication Bypass |
Tries to get a list of all operators |
| 25824 |
other |
GMaps Component for Joomla! index.php viewmap Action mapId Parameter SQL Injection |
Tries to manipulate a map description with SQL injection |
| 25822 |
other |
PHP-Blogger pref.db Database Information Disclosure |
Tries to retrieve data/pref.db |
| 25811 |
other |
LinPHA include/img_view.class.php order parameter SQL Injection |
Tries to generate a SQL error |
| 25758 |
other |
CVS (Web Based) Directory Spider |
Enumerates the document root using the CVS Entries file |
| 25736 |
other |
Expose for Joomla! (com_expose) uploadimg.php Arbitrary File Upload Code Execution |
Checks whether arbitrary file uploads are possible |
| 25711 |
other |
MailMarshal Spam Quarantine Interface Arbitrary Account Password Retrieval |
Checks version in SMTP banner |
| 25708 |
other |
paFileDB includes/search.php categories Parameter SQL Injection |
Tries to control search results |
| 25702 |
other |
McAfee Common Management Agent 3.6.0.546 Multiple Vulnerabilities |
Checks version of McAfee CMA |
| 25681 |
other |
SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow |
Checks version of Web DBM |
| 25674 |
other |
AsteriDex callboth.php Multiple Variable CRLF Injection Arbitrary Command Execution |
Checks if AsteriDex's callboth.php script filters newlines |
| 25673 |
other |
Maia Mailguard login.php lang Parameter Local File Inclusion |
Tries to read a local file with Maia Mailguard |
| 25672 |
other |
ServerView Servername Parameter Arbitrary Command Execution |
Tries to run a command via ServerView's SnmpListMibValues script |
| 25626 |
other |
Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing |
Tries to get a directory listing |
| 25625 |
other |
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities |
Checks version number |
| 25571 |
other |
Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS |
Tests for Packeteer PacketShaper web management interface DoS |
| 25570 |
other |
Packeteer Web Management Interface Authentication |
Logs into Packeteer web management interface |
| 25569 |
other |
Packeteer Web Management Interface Version Detection |
Tests for Packeteer web interface version |
| 25568 |
other |
Packeteer Web Management Interface Detection |
Detects Packeteer web management interface |
| 25567 |
other |
Calendarix calendar.php Multiple Parameter SQL Injection |
Tries to control output from calendar.php |
| 25548 |
other |
FuseTalk index.cfm txForumID Variable SQL Injection |
Tries to generate a SQL error |
| 25493 |
other |
XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion |
Tries to read a local file with XFSection's modify.php |
| 25461 |
other |
JFFNMS auth.php Multiple Parameter SQL Injection |
Tries to generate a SQL error |
| 25458 |
other |
Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities |
Tries to bypass authentication in Reporting Server |
| 25446 |
other |
Symantec Web Security (SWS) Multiple Vulnerabilities |
Checks for SWS flaws |
| 25445 |
other |
Symantec Web Security Detection |
Checks for SWS |
| 25444 |
other |
PBLang login.php lang Parameter Local File Inclusion |
Tries to read a local file with PBLang |
| 25443 |
other |
BASE Authentication Redirect Authentication Bypass |
Tries to bypass authentication in BASE |
| 25421 |
other |
PNphpBB2 index.php c Parameter SQL Injection |
Tries to generate a SQL error |
| 25372 |
other |
XOOPS Multiple Modules spaw_control.class.php spaw_root Parameter Remote File Inclusion |
Tries to read a local file with spaw_control.class.php |
| 25368 |
other |
PHP < 5.2.3 Multiple Vulnerabilities |
Checks version of PHP |
| 25345 |
other |
UebiMiau Multiple Input Validation Vulnerabilities |
Checks for an XSS flaw in UebiMiau |
| 25343 |
other |
Openfire Admin Console Remote Privilege Escalation |
Tries to access Openfire's admin console |
| 25338 |
other |
GForge CVSWeb CGI cvsweb.php PATH_INFO Variable Arbitrary Command Execution |
Tries to run a command via GForge's CVS Plugin |
| 25291 |
other |
WordPress check_ajax_referer() Function SQL Injection |
Tries to generate a SQL error |
| 25243 |
other |
YaNC yanc.html.php listid Parameter SQL Injection |
Tries to use a SQL injection to manipulate a newsletter overview |
| 25199 |
other |
Thyme event_view.php eid Parameter SQL Injection |
Tries to generate a SQL error |
| 25170 |
other |
Advanced Guestbook index.php lang Cookie Variable Path Disclosure |
Tries to execute a local file |
| 25169 |
other |
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities |
Tries to manipulate a SQL query in RunCMS |
| 25159 |
other |
PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities |
Checks version of PHP |
| 25117 |
other |
XAMPP ADOdb mssql_connect Remote Buffer Overflow |
Tries to generate an error with mssql_connect |
| 25116 |
other |
myGallery mygallerybrowser.php myPath Parameter Remote File Inclusion |
Tries to read a local file with myGallery |
| 25090 |
other |
Plesk Multiple Script locale_id Parameter Traversal Arbitrary File Access |
Tries to read boot.ini using Plesk's login script |
| 25088 |
other |
WebSpeed Workshop Arbitrary Command Execution |
Tries to execute a command using WebSpeed Workshop |
| 25087 |
other |
WebSpeed Development Mode Check |
Checks if WebSpeed is in Development mode |
| 24999 |
other |
XOOPS Jobs Module index.php cid Parameter SQL Injection |
Tries to manipulate subcategory text with Jobs module |
| 24910 |
other |
TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow (2) |
Checks if Quality Center serves up a vulnerable version of the ActiveX control |
| 24908 |
other |
XOOPS WF-Section Module print.php articleid Parameter SQL Injection |
Tries to manipulate main text with WF-Section module |
| 24907 |
other |
PHP < 5.2.1 Multiple Vulnerabilities |
Checks version of PHP |
| 24906 |
other |
PHP < 4.4.5 Multiple Vulnerabilities |
Checks version of PHP |
| 24902 |
other |
XOOPS Articles Module print.php id Parameter SQL Injection |
Tries to manipulate a description with Articles module |
| 24900 |
other |
TYPOlight < 2.2.5 Unspecified Vulnerability |
Tries to read a file using TYPOlight |
| 24899 |
other |
RWCards Component for Joomla! index.php category_id Parameter SQL Injection |
Tries to use a SQL injection to manipulate a card title with RWCards |
| 24874 |
other |
Moodle moodledata/sessions/ Session Files Remote Information Disclosure |
Checks whether moodledata is accessible |
| 24864 |
other |
Webapp.org WebAPP < 0.9.9.6 Multiple Vulnerabilities |
Checks for an XSS flaw in WebAPP |
| 24813 |
other |
Apache mod_jk Long URL Worker Map Stack Overflow |
Checks version of mod_jk |
| 24784 |
other |
LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass |
Tries to bypass authentication in LedgerSMB/SQL-Ledger |
| 24783 |
other |
LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities |
Tries to read a local file using LedgerSMB/SQL-Ledger's am.pl |
| 24780 |
other |
WebCalendar includes/functions.php noSet Variable Overwrite |
Tries to overwrite variable in noSet array |
| 24759 |
other |
WordPress 2.1.1 Multiple Script Backdoor |
Tries to execute a command via a backdoor in WordPress |
| 24756 |
other |
Symantec Mail Security for SMTP Admin Center Default Credentials |
Tries to authenticate to SMS for SMTP |
| 24746 |
other |
getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities |
Tries to read a file with getID3's demo.browse.php |
| 24743 |
other |
OrangeHRM login.php txtUserName Parameter SQL Injection |
Tries to bypass OrangeHRM's authentication |
| 24726 |
other |
SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion |
Tries to read a local file with SQLiteManager |
| 24713 |
other |
Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access |
Tries to read a local file with Pagesetter |
| 24711 |
other |
DokuWiki Detection |
Checks for presence of DokuWiki |
| 24698 |
other |
ZPanel 2.0 Multiple Script Remote File Inclusion |
Tries to read a local file with ZPanel |
| 24690 |
other |
Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass |
Tries to bypass authentication with SPLX |
| 24672 |
other |
phpMyFAQ < 1.6.10 Multiple Script Arbitrary File Upload |
Tries to bypass authentication with phpMyFAQ's ImageManager plugin |
| 24669 |
other |
Plain Old Webserver URI Traversal Arbitrary File Access |
Tries to read a file using POW |
| 24356 |
other |
LifeType rss.php profile Parameter Traversal Arbitrary File Access |
Tries to read the configuration file for LifeType |
| 24345 |
other |
MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF) |
Checks version of MailEnable |
| 24322 |
other |
DevTrack Web Service UserName Field SQL Injection |
Tries to generate a SQL error using DevTrack Web Service |
| 24284 |
other |
Advanced Poll admin/index.php Session Identifier Replay Authentication Bypass |
Checks if variables can be overwritten with Advanced Poll |
| 24283 |
other |
ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure |
Tries to retrieve script source code using ColdFusion |
| 24267 |
other |
ExoPHPDesk faq.php id Variable SQL Injection |
Tries to generate a SQL error with Exo PHPDesk |
| 24266 |
other |
Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution |
Tries to execute a command via Drupal |
| 24265 |
other |
Drupal Comment Function Arbitrary Code Execution |
Tries to execute a command via Drupal |
| 24264 |
other |
Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass |
Tries to bypass captcha when registering as a new user in Drupal |
| 24263 |
other |
CVSTrac Text Output Formatter SQL Injection DoS |
Checks CVSTrac version |
| 24262 |
other |
LedgerSMB / SQL-Ledger login.pl script Parameter Arbitrary Perl Code Execution |
Tries to run a command via LedgerSMB/SQL-Ledger login.pl |
| 24261 |
other |
PHProxy Detection |
Checks for the presence of PHProxy |
| 24237 |
other |
WordPress Pingback File Information Disclosure |
Tries to access a local file via WordPress' Pingback |
| 24235 |
other |
Website Baker REMEMBER_KEY Cookie SQL Injection |
Tries to bypass authentication with Website Baker |
| 24228 |
other |
Oreon lang/index.php file Parameter Remote File Inclusion |
Tries to read a local file with Oreon |
| 24223 |
other |
WoltLab Burning Board search.php Multiple Variable SQL Injection |
Tries to generate a SQL error |
| 24014 |
other |
WordPress Trackback wp-trackback.php tb_id Parameter SQL Injection |
Tries to generate a SQL error |
| 24011 |
other |
WordPress Trackback Charset Decoding SQL Injection |
Checks for SQL injection in WordPress |
| 24003 |
other |
Cuyahoga FCKEditor Misconfiguration Unrestricted File Upload |
Tries to call FCKEditor's upload.php script |
| 24001 |
other |
phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities |
Checks for SQL injection in phpMyFAQ |
| 23968 |
other |
phpBB < 2.0.22 Multiple Vulnerabilities |
Tries to pass a 'bad' redirect in via phpBB |
| 23966 |
other |
Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution |
Tries to run a command with Ultimate PHP Board |
| 23965 |
other |
Jinzora Multiple Script include_path Parameter Remote File Inclusion |
Tries to read a local file with Jinzora |
| 23964 |
other |
Cacti copy_cacti_user.php template_user Variable SQL Injection |
Checks if Cacti's copy_cacti_user.php is remotely accessible |
| 23963 |
other |
Cacti cmd.php Multiple Variable SQL Injection Arbitrary Command Execution |
Checks if Cacti's cmd.php is remotely accessible |
| 23934 |
other |
Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure |
Tries to retrieve ASPX source code using XSP |
| 23933 |
other |
TYPO3 spell-check-logic.php userUid Parameter Arbitrary Command Execution |
Tries to run a command via TYPO3 |
| 23927 |
other |
PHP-Update blog.php Variable Overwriting Arbitrary Code Execution |
Checks if variables can be overwritten with PHP-Update's blog.php |
| 23843 |
other |
JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Traversal Arbitrary File Manipulation |
Tries to change the JMX Console DeploymentFileRepository's BaseDir |
| 23842 |
other |
JBoss JMX Console Unrestricted Access |
Tries to access the JMX and Web Consoles |
| 23840 |
other |
PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection |
Tries to exploit SQL injection issue in PatchLink Update |
| 23785 |
other |
Seditio Detection |
Checks for presence of Seditio |
| 23784 |
other |
phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion |
Tries to read a local file with phpWebThings |
| 23782 |
other |
Land Down Under / Seditio polls.php id Parameter SQL Injection |
Checks for SQL injection vulnerability in Land Down Under / Seditio |
| 23781 |
other |
JCE Admin Component for Joomla! jce.php Multiple Vulnerabilities (LFI, XSS) |
Tries to read a local file with JCE Admin Component |
| 23780 |
other |
ThinClientServer Admin Account Creation Privilege Escalation |
Tries to create an account in ThinClientServer |
| 23774 |
other |
PHP Easy Download admin/save.php moreinfo Parameter Code Injection |
Tries to inject PHP code into remote web server |
| 23755 |
other |
MailEnable NetWebAdmin Unauthorized Access (ME-10019) |
Checks version of MailEnable's NETWebAdmin.dll |
| 23752 |
other |
Serendipity Multiple Scripts serendipity[charset] Parameter Local File Inclusion |
Tries to read a local file with Serendipity |
| 23734 |
other |
WoltLab Burning Board Lite wbb_userid Variable PHP Unset SQL Injection |
Checks for SQL injection vulnerability in Burning Board Lite |
| 23733 |
other |
WoltLab Burning Board Lite thread.php decode_cookie Function threadvisit Cookie Variable SQL Injection |
Checks for SQL injection vulnerability in Burning Board Lite |
| 23724 |
other |
Etomite CMS index.php id Paramater SQL Injection |
Tries to generate a SQL error with Etomite CMS |
| 23652 |
other |
ELOG Web LogBook global Denial of Service |
Tries to crash the remote service. |
| 23651 |
other |
Verity Ultraseek < 5.7 Multiple Vulnerabilities |
Checks for Ultraseek < 5.7 |
| 23641 |
other |
MODx CMS base_path Parameter Remote File Inclusion |
Tries to read a local file with MODx CMS |
| 23640 |
other |
Exhibit Engine styles.php toroot Parameter Remote File Inclusion |
Tries to read a local file with Exhibit Engine |
| 23639 |
other |
IBM WebSphere snoopservlet Path Disclosure |
Attempts to enumerate physical path |
| 23638 |
other |
IBM WebSphere Application Server '%20' Request Source Disclosure |
Attempts to read the source of a jsp page |
| 23624 |
other |
e107 class2.php e107language_e107cookie Cookie Traversal Local File Inclusion |
Tries to read a local file with e107 |
| 22932 |
other |
PunBB include/common.php language Paramater Local File Inclusion |
Tries to read a local file with PunBB |
| 22926 |
other |
miniBB bb_func_txt.php pathToFiles Variable Remote File Inclusion |
Tries to read a local file with MiniBB |
| 22922 |
other |
Segue CMS themesettings.inc.php themesdir Parameter Remote File Inclusion |
Tries to read a local file with Segue CMS |
| 22903 |
other |
Novell eDirectory iMonitor HTTP Protocol Stack (httpstk) Host HTTP Header Remote Overflow |
Send a special Host request header to eDirectory |
| 22902 |
other |
Hosting Controller Multiple Script ForumID Parameter SQL Injection |
Checks for a SQL injection flaw in Hosting Controller |
| 22901 |
other |
IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access |
Tries to read a local file via IronWebMail |
| 22900 |
other |
Ingo Foldername Arbitrary Command Execution |
Checks version number of Ingo |
| 22899 |
other |
Horde Ingo Software Detection |
Checks for presence of Ingo |
| 22876 |
other |
Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure |
Gets requestors for a Cerberus ticket |
| 22874 |
other |
Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion |
Tries to read a local file with OCS |
| 22873 |
other |
phpMyConferences menus.inc.php lvc_include_dir Parameter Remote File Inclusion |
Tries to read a local file with phpMyConferences |
| 22868 |
other |
Adobe Breeze Directory Traversal Arbitrary File Access |
Checks version of Adobe Breeze |
| 22867 |
other |
Web Site sitemap.xml File and Directory Disclosure |
Checks for a web server's sitemap.xml |
| 22541 |
other |
BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Variable Remote File Inclusion |
Tries to read a local file with BlueShoes' Google API |
| 22527 |
other |
Moodle index.php tag Parameter SQL Injection |
Checks for a SQL injection flaw in Moodle Blog feature |
| 22512 |
other |
phpMyAdmin < 2.9.1 Multiple Vulnerabilities |
Tries to pass in a numeric key in phpMyAdmin |
| 22509 |
other |
Mambo Open Source usercookie Parameter SQL Injection |
Tries to bypass authentication in Mambo Open Source |
| 22498 |
other |
XEROX WorkCentre WebUI Arbitrary Command Execution (XRX06-005) |
Checks Net Controller Software version of XEROX WorkCentre devices |
| 22497 |
other |
HAMweather Template.php do_parse_code Function Arbitrary Code Execution |
Executes arbitrary command via HAMweather |
| 22496 |
other |
OpenBiblio < 0.5.2 Multiple Scripts Local File Inclusion |
Tries to read a local file in OpenBiblio |
| 22480 |
other |
UBB.threads doeditconfig Arbitrary Command Injection |
Tries to exploit an command injection flaw in UBB.threads |
| 22475 |
other |
DokuWiki fetch.php Multiple Variable imconvert Function Arbitrary Command Execution |
Executes arbitrary command via DokuWiki im_convert Feature |
| 22448 |
other |
CakePHP vendors.php file Variable Traversal Arbitrary File Access |
Tries to read a local file with CakePHP |
| 22413 |
other |
MyReview Admin.php email Parameter SQL Injection |
Checks for SQL injection flaw in MyReview |
| 22412 |
other |
Exponent CMS index.php view Variable Local File Inclusion |
Tries to read a local file in Exponent CMS |
| 22409 |
other |
Claroline Software Detection |
Checks for presence of Claroline |
| 22408 |
other |
Limbo com_fm Component sql.php classes_dir Variable Remote File Inclusion |
Tries to call Limbo's com_fm installer |
| 22368 |
other |
Site@School Multiple Script cmsdir Parameter Remote File Inclusion |
Tries to read a local file with Site@School |
| 22367 |
other |
Limbo Contact Component (com_contact) contact.html.php contact_attach Unrestricted File Upload |
Tries to upload a file with PHP code in Limbo CMS |
| 22366 |
other |
Dokeos claro_init_local.inc.php extAuthSource Parameter Array Remote File Inclusion |
Tries to read a local file with Dokeos |
| 22365 |
other |
Claroline claro_init_local.inc.php extAuthSource[newUser] Variable Remote File Inclusion |
Tries to read a local file with Claroline |
| 22364 |
other |
Moodle < 1.6.2 Multiple Vulnerabilities |
Checks if Moodle's jumpto.php requires a sesskey |
| 22362 |
other |
TWiki filename Parameter Traversal Arbitrary File Access |
Tries to read a local file with TWiki |
| 22317 |
other |
RaidenHTTPD check.php SoftParserFileXml Parameter Remote File Inclusion |
Tries to run a command with RaidenHTTPD |
| 22316 |
other |
PHP-Fusion extract() Global Variable Overwriting |
Tries to overwrite $_SERVER[REMOTE_ADDR] with PHP-Fusion |
| 22315 |
other |
DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection |
Checks whether DocuWiki dwpage.php is accessible via http |
| 22310 |
other |
PmWiki < 2.1.21 Global Variables Overwriting |
Checks for a remote file include flaw in PmWiki |
| 22309 |
other |
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow |
Gets version of Web DBM |
| 22307 |
other |
Mailman Utils.py Spoofed Log Entry Injection |
Checks if Mailman filters invalid chars from PATH_INFO |
| 22306 |
other |
WebAdmin < 3.2.6 MDaemon Account Hijacking |
Checks version of WebAdmin |
| 22305 |
other |
Easy Address Book Web Server Query Remote Format String |
Tries to crash Easy Address Book Web Server |
| 22303 |
other |
TikiWiki jhot.php Arbitrary File Upload |
Tries to run a command through TikiWiki |
| 22300 |
other |
Webmin / Usermin Null Byte Filtering Vulnerabilities |
Checks if nulls in a URL are filtered by miniserv.pl |
| 22299 |
other |
e107 ibrowser.php zend_has_del() Function Remote Code Execution |
Tries to run a command in e107 |
| 22298 |
other |
Joomla! < 1.0.11 Unspecified Remote Code Execution |
Tries to run a command in Joomla |
| 22297 |
other |
Joomla! < 1.0.11 Multiple Vulnerabilities |
Checks if input to Joomla's administrator page is sanitized |
| 22296 |
other |
CubeCart < 3.0.13 Multiple Remote Vulnerabilities (LFI, SQLi, XSS) |
Tries to read a local file in CubeCart |
| 22295 |
other |
Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc) |
Tries to read an invalid XML file with Feedsplitter |
| 22272 |
other |
Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass |
Gets version of remote printer |
| 22271 |
other |
PHProjekt <= 5.1 Multiple Remote File Inclusions |
Tries to read a local file using PHProjekt |
| 22268 |
other |
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities |
Checks version of PHP |
| 22267 |
other |
phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion |
Tries to read a local file with phpCOIN |
| 22257 |
other |
WebAdmin < 3.2.5 Multiple Vulnerabilities |
Checks version of WebAdmin |
| 22255 |
other |
osCommerce shopping_cart.php id Array Parameters SQL Injection |
Checks for SQL injection flaw in osCommerce |
| 22235 |
other |
Docebo GLOBALS Variable Overwrite Remote File Inclusion |
Checks for file inclusions errors in multiple Docebo applications |
| 22234 |
other |
Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion |
Tries to read a local file with Zen Cart |
| 22233 |
other |
Zen Cart ipn_main_handler.php custom SQL Injection |
Checks for SQL injection flaw in Zen Cart |
| 22232 |
other |
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities |
Checks for SQL injection flaw in Owl Intranet Engine |
| 22231 |
other |
CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS) |
Checks for a XSS flaw in CubeCart |
| 22230 |
other |
SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting |
Tries to overwrite a variable SquirrelMail |
| 22206 |
other |
WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion |
Tries to read a local file using WEBInsta CMS |
| 22205 |
other |
IPCheck Server Monitor Traversal Arbitrary File Access |
Checks for directory traversal vulnerability in IPCheck Server Monitor |
| 22204 |
other |
Ruby on Rails Routing Code URL Code Evaluation DoS |
Tries to hang Ruby on Rails |
| 22203 |
other |
Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure |
Tries to read source of print-env.pl with Apache for Windows |
| 22130 |
other |
Barracuda Spam Firewall Multiple Remote Vulnerabilities (Cmd Exec, Traversal, Default) |
Tries to authenticate to Barracuda Networks Spam Firewall |
| 22124 |
other |
phpMyAdmin import_blacklist Variable Overwriting |
Tries to read a local file using phpMyAdmin |
| 22123 |
other |
TWiki configure Script Arbitrary Command Execution |
Tries to run a command using TWiki |
| 22117 |
other |
PatchLink Update Server proxyreg.asp Arbitrary Proxy Manipulation |
Tries to list registered proxy server in PatchLink Update Server |
| 22116 |
other |
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write |
Tries to write a file using PatchLink Update Server |
| 22115 |
other |
PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection |
Tries to exploit SQL injection issue in PatchLink Update |
| 22093 |
other |
OpenCms < 6.2.2 Multiple Vulnerabilities |
Checks the version of OpenCms |
| 22091 |
other |
Loudblog index.php id Parameter SQL Injection |
Checks for id Parameter SQL injection flaw in Loudblog |
| 22090 |
other |
X7 Chat upgradev1.php old_prefix Parameter SQL Injection |
Checks for SQL injection flaw in X7 Chat |
| 22089 |
other |
Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection |
Checks version of IPB |
| 22079 |
other |
IceWarp Multiple Script Remote File Inclusion |
Tries to read a local file using IceWarp |
| 22078 |
other |
VHCS login.php check_login() Function Authentication Bypass |
Tries to access a restricted script using VHCS |
| 22077 |
other |
VHCS include/sql.php include_path Parameter Remote File Inclusion |
Tries to read a local file using VHCS |
| 22055 |
other |
MyBB HTTP Header CLIENT-IP Field SQL Injection |
Checks for CLIENT-IP SQL injection vulnerability in MyBB |
| 22049 |
other |
Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion |
Tries to read a local file using Mambo / Joomla components and modules |
| 22048 |
other |
Trend Micro OfficeScan 7.3 Multiple Vulnerabilities |
Checks for OfficeScan stack overflows |
| 22046 |
other |
McAfee Common Management Agent Traversal Arbitrary File Write |
Checks version of Common Management Agent |
| 22023 |
other |
SimpleBoard / Joomlaboard Multiple Script sbp Parameter Remote File Inclusion |
Tries to read a local file using SimpleBoard / Joomlaboard |
| 22021 |
other |
Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion |
Tries to read a local file using the phpBB Component |
| 22005 |
other |
LifeType index.php Date Parameter SQL Injection |
Tries to exploit SQL injection issue in LifeType |
| 21918 |
other |
phpFormGenerator Arbitrary File Upload |
Tries to execute arbitrary code using phpFormGenator |
| 21787 |
other |
SiteBuilder-FX top.php admindir Parameter Remote File Inclusion |
Tries to read a local file using SiteBuilder-FX |
| 21785 |
other |
Webmin / Usermin miniserv.pl Arbitrary File Disclosure |
Tries to read a local file using miniserv.pl |
| 21780 |
other |
FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload |
Tries to upload a file with PHP code using Geeklog's FCKeditor |
| 21779 |
other |
Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion |
Tries to read a local file using Geeklog |
| 21764 |
other |
Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection |
Checks for forumid parameter SQL injection in Scount Portal Toolkit |
| 21748 |
other |
BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS) |
Checks for an XSS flaw in BlueDragon Server |
| 21747 |
other |
BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation |
Checks for BDPDT's uploadfilepopup.aspx |
| 21739 |
other |
w-Agora inc_dir Parameter Remote File Inclusion |
Tries to read a local file using w-Agora |
| 21736 |
other |
Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation |
Checks version of Hosting Controller |
| 21729 |
other |
Wikka wikka.php Local File Inclusion |
Tries to read a local file in Wikka |
| 21727 |
other |
Calendarix Multiple Script id Parameter SQL Injection |
Checks for id parameter SQL injection in Calendarix |
| 21675 |
other |
OpenEMR C_FormEvaluation.class.php fileroot Parameter Remote File Inclusion |
Tries to read a local file using OpenEMR |
| 21662 |
other |
DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution |
Executes arbitrary PHP code via DocuWiki spellcheck |
| 21645 |
other |
Pixelpost index.php category Parameter SQL Injection |
Tries to exploit SQL injection issue in Pixelpost |
| 21641 |
other |
Claroline Multiple Script includePath Parameter Remote File Inclusion |
Tries to read a local file using Claroline |
| 21631 |
other |
LifeType index.php articleId Parameter SQL Injection |
Tries to exploit SQL injection issue in LifeType |
| 21630 |
other |
SquirrelMail plugin.php plugins Parameter Local File Inclusion |
Tries to read file using SquirrelMail |
| 21621 |
other |
e107 email.php Arbitrary Mail Relay |
Tries to send arbitrary email with e107 |
| 21619 |
other |
Geeklog auth.inc.php loginname Parameter SQL Injection |
Tries to bypass administrative authentication in Geeklog |
| 21611 |
other |
BASE Multiple Script BASE_path Parameter Remote File Inclusion |
Tries to read a local file using BASE base_qry_common.php |
| 21607 |
other |
Resin viewfile Servlet Arbitrary File Disclosure |
Tries to get the absolute installation path of Resin |
| 21605 |
other |
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion |
Tries to read a local file using UBB.threads |
| 21597 |
other |
Sun Server Console Authentication Bypass |
Tries to authenticate to Server Console as admin/admin |
| 21596 |
other |
Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion |
Tries to read a local file using Nucleus CMS |
| 21582 |
other |
phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion |
Tries to read a local file using phpwcms |
| 21581 |
other |
XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion |
Tries to read a local file using XOOPS |
| 21573 |
other |
FCKeditor upload.php Type Variable Arbitrary File Upload |
Tries to use upload a file with PHP code using FCKeditor |
| 21572 |
other |
Ipswitch WhatsUp Professional Crafted Header Authentication Bypass |
Checks for Ipswitch WhatsUp Professional Authentication Bypass |
| 21571 |
other |
Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion |
Tries to read a local file using Squirrelcart |
| 21570 |
other |
SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion |
Tries to read a local file using SugarCRM |
| 21566 |
other |
WebCalendar Login Error Message User Account Enumeration |
Checks for WebCalendar User Account Enumeration Disclosure weakness |
| 21562 |
other |
Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID) |
Checks for Ipswitch WhatsUp Professional Information Disclosure |
| 21558 |
other |
Limbo weblinks.html.php catid Parameter SQL Injection |
Tries to affect DB queries in Limbo CMS |
| 21557 |
other |
ACal embed/day.php path Variable Remote File Inclusion |
Tries to read /etc/passwd using ACal |
| 21555 |
other |
e107 e107_cookie Parameter SQL Injection |
Tries to bypass authentication in e107 with a special cookie |
| 21339 |
other |
Stadtaus Gaestebuch-Script index.php include_files Variable Remote File Inclusion |
Tries to read /etc/passwd |
| 21337 |
other |
IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal) |
Checks version of Ideal BB |
| 21335 |
other |
Claroline ldap.inc.php clarolineRepositorySys Variable Remote File Inclusion |
Tries to read a local file using Claroline |
| 21329 |
other |
Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion |
Checks for a file include using CONFIG[path] in Aardvark Topsites |
| 21328 |
other |
AWStats migrate Parameter Arbitrary Command Execution |
Tries to run a command using AWStats |
| 21323 |
other |
phpBB Multiple Module phpbb_root_path Parameter Remote File Inclusion |
Tries to read a local file using phpBB modules |
| 21313 |
other |
sBLOG search.php keyword Parameter SQL Injection |
Checks for keyword parameter SQL injection in sBLOG |
| 21312 |
other |
X7 Chat help/index.php help_file Parameter Local File Inclusion |
Tries to read a local file using X7 Chat |
| 21311 |
other |
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion |
Checks for file includes in index.php |
| 21310 |
other |
phpListPro Multiple Script returnpath Parameter Remote File Inclusions |
Checks for file includes in phpListPro's config.php |
| 21309 |
other |
Monster Top List sources/functions.php root_path Variable Remote File Inclusion |
Checks for file includes in sources/functions.php |
| 21308 |
other |
Limbo CMS sql.php classes_dir Parameter Remote File Inclusion |
Tries to read /etc/passwd using Limbo CMS |
| 21307 |
other |
Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities |
Checks for ck parameter SQL injection vulnerability in IPB |
| 21306 |
other |
Help Center Live osTicket Module Multiple Unspecified SQL Injections |
Tries to bypass authentication with a SQL injection attack |
| 21305 |
other |
phpMyAgenda rootagenda Parameter File Include Vulnerability |
Checks for a possible file inclusion flaw in phpMyAgenda |
| 21304 |
other |
Asterisk Recording Interface (ARI) misc/audio.php recording Variable Traversal Arbitrary File Access |
Requests a file using ARI's misc/audio.php |
| 21303 |
other |
Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure |
Tries to read ARI's configuration file |
| 21302 |
other |
phpBB Advanced GuestBook addentry.php phpbb_root_path Variable Remote File Inclusion |
Tries to read /etc/passwd using Advanced Guestbook |
| 21271 |
other |
Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities |
Checks if Symantec Scan Engine is vulnerable |
| 21246 |
other |
myEvent Multiple Remote Vulnerabilities |
Checks for file includes in myevent.php |
| 21244 |
other |
ActualAnalyzer direct.php rf Variable Remote File Inclusion |
Tries to read /etc/passwd using ActualAnalyzer |
| 21240 |
other |
Coppermine Photo Gallery index.php file Parameter Local File Inclusion |
Tries to read a local file using Coppermine Photo Gallery |
| 21239 |
other |
MyBB global.php Global Variable Overwrite |
Checks for globals.php SQL injection vulnerability in MyBB |
| 21238 |
other |
phpWebFTP index.php language Parameter Local File Inclusion |
Tries to read /etc/passwd using phpWebFTP |
| 21237 |
other |
Sysinfo name Parameter Arbitrary Code Execution |
Tries to execute arbitrary code using Sysinfo |
| 21236 |
other |
phpAlbum language.php data_dir Parameter Remote File Inclusion |
Tries to read /etc/passwd using phpAlbum |
| 21235 |
other |
MODx < 0.9.1a Multiple Vulnerabilities |
Tries to exploit a XSS flaw in MODx |
| 21230 |
other |
SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access |
Tries to retrieve a file using SAXoPRESS |
| 21229 |
other |
Sphider configset.php settings_dir Parameter Remote File Inclusion |
Tries to read /etc/passwd using Sphider |
| 21228 |
other |
phpWebSite index.php hub_dir Parameter Local File Inclusion |
Tries to read /etc/passwd using phpWebSite |
| 21227 |
other |
PAJAX < 0.5.2 Multiple Vulnerabilities |
Tries to execute code using PAJAX |
| 21224 |
other |
Simplog <= 0.9.2 Multiple Vulnerabilities |
Tries to read /etc/passwd using Simplog |
| 21223 |
other |
Winmail Server Webmail Unspecified Vulnerability |
Checks version of Winmail Server |
| 21222 |
other |
phpList index.php database_module Parameter Local File Inclusion |
Tries to read /etc/passwd using phpList |
| 21220 |
other |
Adobe Document Server for Reader Extensions < 6.1 Multiple Vulnerabilities |
Tries to exploit an XSS flaw in Adobe Document Server for Reader Extensions |
| 21219 |
other |
Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation |
Tries to change profiles using Plone |
| 21215 |
other |
Clever Copy connect.inc Direct Request Information Disclosure |
Reads Clever Copy's admin/connect.inc file |
| 21214 |
other |
Dokeos < 1.6.4 / 2.0.3 Multiple Scripts Remote File Inclusion |
Tries to read /etc/passwd using Dokeos |
| 21205 |
other |
Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass |
Checks version of Microsoft Commerce Server 2002 |
| 21189 |
other |
PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion |
Tries to read /etc/passwd using PHProjekt |
| 21187 |
other |
CubeCart FCKeditor connector.php Arbitrary File Upload |
Tries to use CubeCart to upload a file with PHP code |
| 21185 |
other |
AngelineCMS loadkernel.php installPath Variable Remote File Inclusion |
Tries to read /etc/passwd using AngelineCMS |
| 21174 |
other |
BASE base_maintenance.php Authentication Bypass |
Tries to bypass authentication in BASE |
| 21168 |
other |
gCards < 1.46 Multiple Vulnerabilities |
Checks for directory transversal in gCards index.php script |
| 21167 |
other |
Claroline Multiple RemoteVulnerabilities (RFI, Traversal, XSS) |
Tries to read /etc/passwd using Claroline |
| 21164 |
other |
Horde Help Viewer Arbitrary Code Execution |
Tries to run a command using Horde's help viewer |
| 21159 |
other |
PHP Live Helper Multiple Remote File Inclusions |
Tries to read /etc/passwd using PHP Live Helper |
| 21154 |
other |
NetworkActiv Web Server Crafted Filename Request Script Source Disclosure |
Checks version of NetworkActiv Web Server |
| 21153 |
other |
phpBannerExchange Template Class Local File Inclusion |
Tries to read a file using phpBannerExchange's template class |
| 21152 |
other |
Orion Application Server Crafted Filename Extension JSP Script Source Disclosure |
Checks version of Orion |
| 21146 |
other |
Free Articles Directory index.php page Parameter Remote File Inclusion |
Checks for file includes in Free Articles Directory |
| 21145 |
other |
PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion |
Tries to read a file with PNphpBB2 Module |
| 21144 |
other |
Mambo Open Source Multiple Vulnerabilities |
Tries to change mos_user_template cookie in Mambo Open Source |
| 21143 |
other |
Joomla! < 1.0.8 Multiple Vulnerabilities |
Checks for path disclosure issue in Joomla! |
| 21142 |
other |
Joomla! Detection |
Checks for presence of Joomla! |
| 21119 |
other |
CuteNews inc/function.php archive Variable Arbitrary File Access |
Tries to read a file via archive parameter of CuteNews |
| 21100 |
other |
Adobe Document Server File URI Arbitrary Resource Manipulation |
Tries to write to a file using Adobe Document Server |
| 21099 |
other |
Adobe Document Server Default Credentials |
Checks for default credentials in Adobe Document Server |
| 21092 |
other |
Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc) |
Checks version of Dwarf HTTP Server |
| 21091 |
other |
PHP iCalendar publish.ical.php Arbitrary File Upload |
Tries to upload PHP code using PHP iCalendar |
| 21083 |
other |
PHP iCalendar Cookie Data Traversal Local File Inclusion |
Tries to read a file using PHP iCalendar |
| 21082 |
other |
Simple PHP Blog install05.php blog_language Parameter Local File Inclusion |
Tries to read a file using Simple PHP Blog |
| 21081 |
other |
Horde go.php url Parameter Arbitrary File Access |
Tries to read arbitrary files using Horde |
| 21080 |
other |
Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection |
Checks for remote PHP code injection in Admbook |
| 21053 |
other |
MyBB comma Cookie SQL Injection |
Tries to generate a SQL syntax error |
| 21052 |
other |
MyBB search.php forums Parameter SQL Injection |
Checks for forums parameter SQL injection vulnerability in MyBB |
| 21049 |
other |
Pixelpost < 1.5 RC1 showimage Parameter SQL Injection |
Tries to inject SQL code via Pixelpost's showimage parameter |
| 21040 |
other |
Gallery stepOrder Parameter Local File Inclusion |
Tries to read a file using Gallery stepOrder parameter |
| 21038 |
other |
SquirrelMail strings.php base_uri Parameter Information Disclosure |
Tries to change path parameter used by SquirrelMail cookies |
| 21036 |
other |
Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass |
Tries to bypass authentication in Geeklog |
| 21035 |
other |
Woltlab Burning Board Multiple SQL Injections |
Checks SQL injection flaw in Woltlab Burning Board Database module |
| 21025 |
other |
Owl Intranet Engine lib/OWL_API.php xrms_file_root Variable Remote File Inclusion |
Tries to read /etc/passwd via Owl |
| 21024 |
other |
Loudblog < 0.42 template Parameter Traversal |
Tries to read Loudblog's config file |
| 21020 |
other |
4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion |
Check if 4Images is vulnerable to directory traversal flaws |
| 21019 |
other |
Gallery Install Log Local Information Disclosure |
Checks for Gallery install log |
| 21018 |
other |
Gallery Zipcart Module Arbitrary File Disclosure |
Tries to retrieve a file using Gallery's ZipCart module |
| 21017 |
other |
Gallery < 2.0.3 Multiple Remote Vulnerabilities (XSS, Traversal) |
Checks for IP spoofing in Gallery |
| 21016 |
other |
Listserv < 14.5 Multiple Buffer Overflows |
Checks version number of Listserv |
| 20994 |
other |
Limbo CMS index.php Itemid Variable Arbitrary Command Execution |
Injects arbitrary PHP code via Itemid parameter in Limbo CMS |
| 20992 |
other |
vBulletin Email Field XSS |
Checks version number of vBulletin |
| 20991 |
other |
imageVue < 16.2 admin/upload.php Unrestricted File Upload |
Checks for unauthorized file upload vulnerability in imageVue |
| 20988 |
other |
HP System Management Homepage (SMH) on Windows Namazu lang Parameter Traversal Arbitrary File Access |
Checks for namazu lang parameter directory traversal vulnerability in HP System Management Homepage |
| 20986 |
other |
phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution |
Checks for remote code execution in phpRPC library |
| 20984 |
other |
Coppermine Photo Gallery showdoc.php f Variable Local File Inclusion |
Checks for f parameter remote file include vulnerability in Coppermine Photo Gallery |
| 20978 |
other |
SPIP < 1.8.2-g Multiple Vulnerabilities |
Checks for SPIP SQL injection flaw |
| 20974 |
other |
NOCC <= 1.0 Multiple Vulnerabilities |
Checks for a local file include flaw in NOCC |
| 20972 |
other |
Plume CMS < 1.0.3 Remote File Inclusion |
Check if Plume CMS is vulnerable to a file inclusion flaw |
| 20971 |
other |
Noah's Classifieds <= 1.3 Multiple Vulnerabilities |
Checks for search page SQL injection flaw in Noah's Classifieds |
| 20970 |
other |
SquirrelMail < 1.4.6 Multiple Vulnerabilities |
Checks for IMAP command injection in SquirrelMail |
| 20969 |
other |
PostNuke < 0.762 Multiple Vulnerabilities |
Checks for admin access bypass issue in PostNuke |
| 20968 |
other |
ViRobot Linux Server filescan Authentication Bypass |
Checks for authentication bypass vulnerability in ViRobot Linux Server's filescan component |
| 20961 |
other |
CherryPy staticFilter Traversal Arbitrary File Access |
Checks for staticFilter directory traversal vulnerability in CherryPy |
| 20959 |
other |
Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Remote Vulnerabilities (LFI, SQLi) |
Checks for multiple vulnerabilities in Geeklog < 1.3.11sr4 / 1.4.0sr1 |
| 20952 |
other |
Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure |
Checks for an information disclosure vulnerability in Fedora Directory Server Administration Server |
| 20932 |
other |
NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation |
Checks for session id validation vulnerability in NeoMail |
| 20930 |
other |
MyBB < 1.04 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in MyBB < 1.04 |
| 20929 |
other |
Flyspray install-0.9.7.php adodbpath Variable Remote File Inclusion |
Checks for adodbpath parameter remote file include vulnerability in Flyspray |
| 20926 |
other |
dotProject docs/ Directory Multiple Script Information Disclosure |
Checks for docs directory information disclosure vulnerabilities in dotProject |
| 20925 |
other |
dotProject Multiple Scripts Remote File Inclusion |
Checks for remote file include vulnerabilities in dotProject |
| 20893 |
other |
HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access |
Checks for Namazu lang parameter directory traversal vulnerability in HP Systems Insight Manager |
| 20892 |
other |
LinPHA <= 1.0 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in LinPHA <= 1.0 |
| 20891 |
other |
PmWiki < 2.1 beta 21 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PmWiki < 2.1 beta 21 |
| 20880 |
other |
RunCMS Multiple Script bbPath Parameter Remote File Inclusion |
Checks for bbPath parameter remote file include vulnerability in RunCMS |
| 20869 |
other |
Dragonfly CMS install.php newlang Variable Local File Inclusion |
Checks for currentlang parameter local file include vulnerability in Dragonfly CMS |
| 20867 |
other |
PHP iCalendar Multiple Script Remote File Inclusion |
Checks for search.php getdate parameter remote file include vulnerability in PHP iCalendar |
| 20861 |
other |
Loudblog backend_settings.php Multiple Parameter Remote File Inclusion |
Checks for remote file include vulnerability in Loudblog's backend_settings.php |
| 20841 |
other |
MyBB Detection |
Checks for presence of MyBB |
| 20839 |
other |
Website Baker Admin Login SQL Injection |
Checks for admin login SQL injection vulnerability in Website Baker |
| 20838 |
other |
MyBB index.php referrer Parameter SQL Injection |
Checks for referrer parameter SQL injection vulnerability in MyBB |
| 20835 |
other |
Invision Power Board Dragoran Portal Module index.php site Parameter SQL Injection |
Checks for site parameter SQL injection vulnerability in Invision Power Board Dragoran Portal Plugin |
| 20825 |
other |
RCBlog index.php post Parameter Traversal Arbitrary File Access |
Checks for directory transversal in RCBlog index.php script |
| 20824 |
other |
Limbo CMS Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Limbo |
| 20806 |
other |
Lyris ListManager Subscription Form Administrative Command Injection |
Checks for administrative command injection vulnerability in ListManager |
| 20750 |
other |
ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS) |
Checks for multiple vulnerabilities in ELOG < 2.6.1 |
| 20736 |
other |
Geronimo Console Default Credentials |
Checks for default credentials in Geronimo console |
| 20402 |
other |
PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access |
Checks for filename parameter directory traversal vulnerability in PHP Upload Center |
| 20401 |
other |
Trend Micro ControlManager < 3.0 SP5 Multiple Vulnerabilities |
Checks for ControlManager version |
| 20385 |
other |
ADOdb server.php sql Variable SQL Injection |
Checks for sql parameter SQL injection vulnerability in ADOdb |
| 20384 |
other |
ADOdb tmssql.php do Variable Arbitrary PHP Function Execution |
Checks for do parameter command execution vulnerability in ADOdb |
| 20383 |
other |
AppServ appserv/main.php appserv_root Variable Remote File Inclusion |
Checks for appserv_root parameter remote file include vulnerability in AppServ |
| 20378 |
other |
PHP Support Tickets index.php Multiple Parameter SQL Injection |
Checks for SQL injection vulnerability in PHP Support Tickets |
| 20376 |
other |
PHPSurveyor Multiple SQL Injections |
Checks for PHPSurveyor sid SQL injection flaw |
| 20375 |
other |
Web Wiz check_user.asp txtUserName Parameter SQL Injection |
Checks for txtUserName Parameter SQL injection vulnerability in Web Wiz products |
| 20374 |
other |
phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion Vulnerability |
Check if phpDocumentor is vulnerable to remote file inclusion flaws |
| 20373 |
other |
MyBB < 1.01 SQL Injection |
Checks for SQL injection vulnerabilities in MyBB < 1.01 |
| 20372 |
other |
Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation |
Checks for module parameter directory traversal vulnerability in Xaraya |
| 20349 |
other |
eFiction < 2.0.2 Multiple Remote Vulnerabilities (SQLi, XSS, Disc) |
Checks for multiple vulnerabilities in eFiction < 2.0.2 |
| 20348 |
other |
Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS) |
Checks for multiple vulnerabilities in Cerberus Helpdesk GUI Agent < 2.7.1 |
| 20347 |
other |
Cerberus Support Center Multiple Remote Vulnerabilities (SQLi, XSS) |
Checks for multiple vulnerabilities in Cerberus Support Center |
| 20346 |
other |
VisNetic / Merak Mail Server Multiple Remote Vulnerabilities |
Checks for VisNetic Mail Server arbitrary script include |
| 20343 |
other |
Webmin miniserv.pl username Parameter Format String |
Checks for username parameter format string vulnerability in Webmin miniserv.pl |
| 20342 |
other |
MyBB < 1.0 Multiple SQL Injection Vulnerabilities |
Checks for multiple SQL injection vulnerabilities in MyBB < 1.0 |
| 20339 |
other |
PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion |
Checks for PGV_BASE_DIRECTORY parameter remote file include vulnerability in PhpGedView |
| 20338 |
other |
Plogger plog-admin-functions.php config Parameter Remote File Inclusion |
Checks for config parameter remote file include vulnerability in Plogger |
| 20337 |
other |
FTGate <= 4.4.002 Multiple Remote Vulnerabilities (OF, FS, XSS) |
Checks for multiple vulnerabilities in FTGate <= 4.4.002 |
| 20321 |
other |
ELOG Remote Buffer Overflow Vulnerabilities |
Checks for remote buffer overflow vulnerabilities in ELOG |
| 20317 |
other |
vTiger < 4.5a2 Multiple Vulnerabilities |
Checks for authentication bypass in vTiger |
| 20303 |
other |
SimpleBBS topics.php name Parameter Arbitrary Command Execution |
Checks for name parameter arbitrary command execution vulnerability in SimpleBBS |
| 20300 |
other |
phpCOIN < 1.2.2 2005-12-13 Fix-File Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpCOIN < 1.2.2 2005-12-13 fix-file |
| 20296 |
other |
The Includer includer.cgi Arbitrary Command Execution |
The Includer remote command execution detection |
| 20295 |
other |
ListManager Error Message Information Disclosure |
Checks for error message information disclosure vulnerability in ListManager |
| 20294 |
other |
ListManager < 8.9b Multiple Vulnerabilities |
Checks for multiple vulnerabilities in ListManager < 8.9b |
| 20293 |
other |
FlatNuke index.php id Variable Traversal Arbitrary File Access |
Checks for id parameter directory traversal vulnerability in FlatNuke |
| 20292 |
other |
Contenido contenido/classes/class.inuse.php Multiple Variable Remote File Inclusion |
Checks for cfg parameter remote file include vulnerability in Contenido |
| 20286 |
other |
SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion |
Check if SugarCRM is vulnerable to Directory Traversal and Remote File Inclusion |
| 20255 |
other |
MediaWiki Language Option eval() Function Arbitrary PHP Code Execution |
Attempts to execute phpinfo() remotely |
| 20254 |
other |
Zen Cart password_forgotten.php admin_email Parameter SQL Injection |
Checks for admin_email parameter SQL injection vulnerability in Zen Cart |
| 20253 |
other |
DUware Multiple Products type.asp iType Parameter SQL Injection |
Checks for iType parameter SQL injection vulnerability in DUware |
| 20252 |
other |
Trac Ticket Query Module group Parameter SQL Injection |
Checks for SQL injection flaw in Trac |
| 20251 |
other |
PHPX admin/index.php username Parameter SQL Injection |
Checks for username parameter SQL injection vulnerability in PHPX |
| 20250 |
other |
WebCalendar < 1.0.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in WebCalendar < 1.0.2 |
| 20248 |
other |
GuppY <= 4.5.9 Multiple Remote Vulnerabilities (Traversal, Code Exec) |
Checks for multiple vulnerabilities in GuppY <= 4.5.9 |
| 20246 |
other |
PHP Doc System index.php show Parameter Local File Inclusion |
Checks for show parameter local file include vulnerability in PHP Doc System |
| 20241 |
other |
Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID) |
Checks for proxystylesheet parameter multiple vulnerabilities in Google Search Appliance |
| 20227 |
other |
Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Winmail Server <= 4.2 Build 0824 |
| 20223 |
other |
Help Center Live module.php file Parameter Local File Inclusion |
Checks HCL local file include flaw |
| 20222 |
other |
Mambo Open Source / Joomla! GLOBALS Variable Remote File Inclusion |
Tries to read a file using Mambo Open Source / Joomla! |
| 20216 |
other |
phpwcms 1.2.5 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpwcms |
| 20215 |
other |
phpSysInfo < 2.4.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpSysInfo < 2.4.1 |
| 20214 |
other |
CodeGrrl Applications Remote File Inclusion Vulnerabilities |
Checks for remote file inclusion vulnerabilities in CodeGrrl applications |
| 20213 |
other |
XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl) |
Checks for xoopsConfig parameter local file inclusion vulnerabilities in XOOPS |
| 20211 |
other |
Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc) |
Checks for multiple vulnerabilities in Exponent CMS < 0.96.4 |
| 20210 |
other |
Moodle < 1.5.3 Multiple SQL Injection Vulnerabilities |
Checks for multiple SQL vulnerabilities in Moodle < 1.5.3 |
| 20185 |
other |
TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in TikiWiki < 1.8.6 / 1.9.1 |
| 20180 |
other |
phpAdsNew XML-RPC Library Remote Code Injection |
Checks for remote code injection vulnerability in phpAdsNew XML-RPC library |
| 20176 |
other |
MailWatch authenticate() Function SQL Injection |
Checks for authentication function SQL injection vulnerability in MailWatch |
| 20171 |
other |
Horde Admin Account Default Password |
Checks for default admin password vulnerability in Horde |
| 20170 |
other |
phpWebThings Multiple Scripts SQL Injection |
Check if phpWebThings is vulnerable to SQL Injection attacks |
| 20169 |
other |
PHPFM Arbitrary File Upload |
Checks for arbitrary file upload vulnerability in PHPFM |
| 20168 |
other |
toendaCMS < 0.6.2.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in toendaCMS < 0.6.2.1 |
| 20137 |
other |
CuteNews Multiple Script Traversal Privilege Escalation |
Checks for CuteNews dir traversal |
| 20133 |
other |
vCard define.inc.php match Parameter Remote File Inclusion |
Checks for match parameter remote file inclusion vulnerability in vCard |
| 20132 |
other |
phpBB <= 2.0.17 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpBB <= 2.0.17 |
| 20131 |
other |
Comersus BackOffice comersus_backoffice_menu.asp Multiple Variable SQL Injection |
Checks for administrator authentication bypass vulnerability in Comersus BackOffice |
| 20130 |
other |
Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure |
Checks for customer database vulnerability in Comersus Cart |
| 20129 |
other |
e107 Detection |
Checks for the presence of e107 |
| 20112 |
other |
Invision Gallery index.php st Parameter SQL Injection |
Checks for st parameter SQL injection vulnerability in Invision Gallery |
| 20111 |
other |
PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PHP < 4.4.1 / 5.0.6 |
| 20110 |
other |
GNUMP3d < 2.9.6 Multiple Remote Vulnerabilities (XSS, Traversal) |
Checks for multiple vulnerabilities in GNUMP3d < 2.9.6 |
| 20095 |
other |
ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe) |
Checks for remote arbitrary command in ATutor |
| 20093 |
other |
Mantis < 0.19.3 Multiple Vulnerabilities |
Checks for flaws in Mantis < 0.19.3 |
| 20091 |
other |
PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion |
Checks for remote file inclusion vulnerability in PHP iCalendar |
| 20088 |
other |
phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpMyAdmin < 2.6.4-pl3 |
| 20069 |
other |
e107 resetcore.php user Field SQL Injection |
e107 SQL Injection |
| 20068 |
other |
TWiki %INCLUDE Parameter Arbitrary Command Injection |
Checks for INCLUDE function command execution vulnerability in TWiki |
| 20061 |
other |
w-Agora <= 4.2.0 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in w-Agora <= 4.2.0 |
| 20015 |
other |
Gallery main.php g2_itemId Variable Traversal Arbitrary File Access |
Checks for g2_itemId parameter Directory Traversal vulnerability in Gallery |
| 20014 |
other |
WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution |
Checks for arbitrary remote command execution in WebGUI < 6.7.6 |
| 20013 |
other |
PunBB search.php old_searches Parameter SQL Injection |
Checks for old_searches parameter SQL injection vulnerability in PunBB |
| 20011 |
other |
phpWebSite index.php Search Module SQL Injection |
Detects search module SQL injection vulnerability in phpWebSite |
| 20009 |
other |
PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection |
Checks for SQL injection in PHP-Fusion's register.php |
| 19950 |
other |
phpMyAdmin grab_globals.lib.php subform Variable Traversal Local File Inclusion |
Checks for subform file inclusion vulnerability in phpMyAdmin |
| 19949 |
other |
MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 |
| 19947 |
other |
Mailgust Password Reminder email Field SQL Injection |
Check if MailGust is vulnerable to SQL Injection. |
| 19942 |
other |
GuppY < 4.5.6a Multiple Vulnerabilities |
Checks for pg parameter flaw in Guppy |
| 19941 |
other |
TWiki Detection |
Checks for presence of TWiki |
| 19939 |
other |
3Com Network Supervisor Traversal Arbitrary File Access |
Checks for directory traversal vulnerability in 3Com Network Supervisor |
| 19784 |
other |
IceWarp Web Mail Multiple Flaws (4) |
Check the version of IceWarp WebMail |
| 19780 |
other |
Alkalay.Net Multiple Scripts Arbitrary Command Execution |
Checks for arbitrary command execution vulnerabilities in multiple scripts from Alkalay.Net |
| 19779 |
other |
Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe) |
Checks for multiple vulnerabilities in Interchange < 5.0.2 / 5.2.1 |
| 19778 |
other |
phpMyFAQ < 1.5.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpMyFAQ < 1.5.2 |
| 19776 |
other |
Movable Type < 3.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Movable Type < 3.2 |
| 19775 |
other |
PunBB < 1.2.8 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PunBB < 1.2.8 |
| 19774 |
other |
Land Down Under HTTP Referer Header SQL Injection |
Checks for HTTP Referer SQL injection vulnerability in Land Down Under |
| 19770 |
other |
Digital Scribe login.php SQL Injection |
Checks for SQL injection flaw in Digital Scribe |
| 19768 |
other |
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PHP Advanced Transfer Manager <= 1.30 |
| 19765 |
other |
ATutor Password Reminder SQL Injection |
Checks for SQL injection in password_reminder.php |
| 19760 |
other |
vBulletin <= 3.0.9 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in vBulletin <= 3.0.9 |
| 19756 |
other |
CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection |
Checks for Client-IP header code injection vulnerability in CuteNews |
| 19755 |
other |
Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities |
Checks for information disclosure vulnerability in Hosting Controller <= 6.1 Hotfix 2.3 |
| 19753 |
other |
phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability |
Checks for PhpGroupWare version |
| 19751 |
other |
Discuz! <= 4.0.0 rc4 Arbitrary File Upload |
Checks Discuz! version |
| 19750 |
other |
DeluxeBB Multiple Scripts SQL Injection |
Checks DeluxeBB version |
| 19749 |
other |
Calendar Express Multiple Vulnerabilities (SQLi, XSS) |
Checks Calendar Express XSS and SQL flaws |
| 19748 |
other |
Sendcard sendcard.php id Parameter SQL Injection |
Checks for SQL injection in the id field in sendcard.php |
| 19716 |
other |
MyBB ratethread.php rating Parameter SQL Injection |
Checks for rating parameter SQL injection vulnerability in MyBB |
| 19715 |
other |
MyBB misc.php fid Parameter SQL Injection |
Checks for fid parameter SQL injection vulnerability in MyBB (2) |
| 19705 |
other |
PunBB < 1.2.7 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PunBB < 1.2.7 |
| 19704 |
other |
TWiki rev Parameter Arbitrary Command Execution |
Checks for rev parameter command execution vulnerability in TWiki |
| 19698 |
other |
Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution |
Checks for arbitrary file upload vulnerability in Mail-it Now! Upload2Server |
| 19680 |
other |
Ipswitch WhatsUp Gold <= 8.04 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in WhatsUp Gold <= 8.04 |
| 19678 |
other |
Land Down Under <= 800 Multiple Vulnerabilities |
Checks for SQL injection in LDU's index.php |
| 19604 |
other |
SaveWebPortal <= 3.4 Multiple Vulnerabilities |
Checks for SaveWebportal arbitrary file inclusion |
| 19603 |
other |
Land Down Under <= 801 Multiple Vulnerabilities |
Checks for SQL injection in LDU's list.php |
| 19602 |
other |
LDU Software/Version Detection |
LDU detection |
| 19599 |
other |
AMember Multiple Script config[root_dir] Parameter Remote File Inclusion |
Checks for config[root_dir] parameter file include vulnerability in AMember |
| 19598 |
other |
Brightmail Control Center Default Password (symantec) for 'admin' Account |
Checks for default account / password in Brightmail Control Center |
| 19596 |
other |
Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1) |
downloads the source of IIS scripts such as ASA,ASP |
| 19594 |
other |
PBLang 4.65 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PBLang |
| 19593 |
other |
PBLang < 4.66z Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PBLang < 4.66z |
| 19591 |
other |
man2web Multiple Scripts Arbitrary Command Execution |
Checks for command execution vulnerability in man2web |
| 19590 |
other |
WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities |
Checks for multiple command execution vulnerabilities in WebGUI < 6.7.3 |
| 19556 |
other |
Barracuda Spam Firewall < 3.1.18 Multiple Vulnerabilities (Cmd Exec, Traversal) |
Checks for multiple vulnerabilities in Barracuda Spam Firewall firmware < 3.1.18 |
| 19555 |
other |
HP OpenView Network Node Manager Multiple Scripts Remote Command Execution |
Checks for multiple remote command execution vulnerabilities in HP OpenView Network Node Manager |
| 19551 |
other |
CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion |
Checks for nls parameter file include vulnerability in CMS Made Simple |
| 19550 |
other |
Simple Machines Forum Avatar Information Disclosure Vulnerability |
Checks for avatar code execution vulnerability in Simple Machines Forum |
| 19549 |
other |
XEROX MicroServer Web Server Multiple Vulnerabilities (XRX05-008) |
Checks for multiple vulnerabilities in XEROX MicroServer web server |
| 19547 |
other |
phpLDAPadmin custom_welcome_page Parameter File Include Vulnerability |
Checks for custom_welcome_page parameter file include vulnerability in phpLDAPadmin |
| 19546 |
other |
phpLDAPadmin Anonymous Bind Security Bypass Vulnerability |
Checks for anonymous bind security bypass vulnerability in phpLDAPadmin |
| 19545 |
other |
PostNuke <= 0.760 RC4b Multiple Vulnerabilities |
Detects multiple vulnerabilities in PostNuke <= 0.760 RC4b |
| 19525 |
other |
MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities |
Checks for multiple SQL injection vulnerabilities in MyBB <= RC4 |
| 19524 |
other |
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection |
Checks for SQL injection vulnerabilities in Burning Board modcp.php script |
| 19523 |
other |
Looking Glass Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Looking Glass |
| 19522 |
other |
AutoLinks Pro alpath Parameter File Include Vulnerability |
Checks for alpath parameter file include vulnerability in AutoLinks Pro |
| 19521 |
other |
phpWebNotes t_path_core Parameter File Include Vulnerability |
Checks for t_path_core parameter file include vulnerability in phpWebNotes |
| 19520 |
other |
FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution |
Checks for avatar upload vulnerability in FUDforum < 2.7.1 |
| 19518 |
other |
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpAdsNew / phpPgAds < 2.0.6 |
| 19516 |
other |
Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Simple PHP Blog <= 0.4.0 |
| 19515 |
other |
YaPiG <= 0.9.5b Multiple Vulnerabilities |
Checks for multiple vulnerabilities in YaPiG <= 0.9.5b |
| 19505 |
other |
paFileDB auth.php pafiledbcookie Cookie SQL Injection |
Checks for pafiledbcookie SQL injection vulnerability in paFileDB |
| 19504 |
other |
RunCMS <= 1.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in RunCMS <= 1.2 |
| 19503 |
other |
Netquery <= 3.11 nquser.php host Variable Arbitrary Command Execution |
Checks for arbitrary command execution vulnerability in Netquery <= 3.11 |
| 19502 |
other |
WebCalendar send_reminders.php includedir Parameter Remote File Inclusion |
Checks for includedir parameter remote file include vulnerability in WebCalendar |
| 19497 |
other |
Ultimate PHP Board users.dat Multiple Vulnerabilities |
Tries to get the users.dat file and checks UPB version |
| 19496 |
other |
SugarCRM Detection |
Checks for presence of SugarCRM |
| 19495 |
other |
PHP TopSites setup.php Administration Authentication Bypass |
Tries to access setup.php without authentication |
| 19494 |
other |
PHP Surveyor Multiple Vulnerabilities |
Checks for SQL injection in admin.php |
| 19474 |
other |
w-Agora index.php site Parameter Traversal Arbitrary File Access |
Checks for directory traversal in w-Agora |
| 19473 |
other |
Mantis < 1.0.0rc2 Multiple Vulnerabilities |
Checks for the version of Mantis |
| 19426 |
other |
Xaraya Software/Version Detection |
Xaraya detection |
| 19419 |
other |
Gallery PostNuke Integration Access Validation Privilege Escalation |
Checks for PostNuke integration access validation vulnerability in Gallery |
| 19418 |
other |
ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI) |
Checks for multiple vulnerabilities in ezUpload <= 2.2 |
| 19417 |
other |
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities |
Checks for multiple script execution vulnerabilities in SysCP < 1.2.11 |
| 19415 |
other |
AWStats Referrer Arbitrary Command Execution Vulnerability |
Checks for referrer arbitrary command execution vulnerability in AWStats |
| 19414 |
other |
WordPress Cookie cache_lastpostdate Parameter PHP Code Injection |
Checks for cache_lastpostdate parameter PHP code injection vulnerability in WordPress |
| 19400 |
other |
Gravity Board X <= 1.1 Multiple Vulnerabilities (SQLi, XSS, PD, Cmd Exe) |
Checks for multiple vulnerabilities in Gravity Board X <= 1.1 |
| 19398 |
other |
SilverNews < 2.0.4 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in SilverNews < 2.0.4 |
| 19396 |
other |
FlatNuke < 2.5.6 Multiple Remote Vulnerabilities (XSS, Disc, Command Exe) |
Checks for multiple vulnerabilities in FlatNuke < 2.5.6 |
| 19395 |
other |
Jaws BlogModel.php path Parameter Remote File Inclusion |
Detect Jaws File Inclusion Vulnerability |
| 19393 |
other |
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal) |
Checks for multiple vulnerabilities in eCommerce |
| 19392 |
other |
Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc) |
Checks for XSS in results.php |
| 19391 |
other |
Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection |
Checks for an SQL injection in Cyberstrong eShop v4.2 |
| 19335 |
other |
Kayako LiveResponse Multiple Input Validation Vulnerabilities |
Checks for multiple input validation vulnerabilities in Kayako LiveResponse |
| 19334 |
other |
Simplicity oF Upload download.php language Parameter Local File Inclusion |
Checks for language parameter file include vulnerability in Simplicity oF Upload |
| 19313 |
other |
phpList Detection |
Checks for presence of phpList |
| 19311 |
other |
PHP-Fusion <= 6.00.106 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PHP-Fusion <= 6.00.106 |
| 19306 |
other |
WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection |
Checks for WPS wps_shop.cgi remote command execution flaw |
| 19305 |
other |
Community Link Pro login.cgi file Parameter Arbitrary Command Execution |
Checks for Community Link Pro webeditor login.cgi remote execution flaw |
| 19301 |
other |
Netquery <= 3.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Netquery <= 3.1 |
| 19300 |
other |
FtpLocate flsearch.pl fsite Parameter Remote File Inclusion |
Checks for fsite parameter command execution vulnerability in FtpLocate |
| 19299 |
other |
Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion |
Checks for apa_module_basedir variable file include vulnerability in Atomic Photo Album |
| 19298 |
other |
SAP Internet Graphics Server (IGS) Traversal Arbitrary File Access |
Attempts to read /etc/passwd |
| 19287 |
other |
PHPNews auth.php Multiple Parameter SQL Injection |
Checks for auth.php SQL injection vulnerability in PHPNews |
| 19256 |
other |
osCommerce update.php readme_file Parameter Arbitrary File Disclosure |
Tries to read a file with osCommerce |
| 19255 |
other |
Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Hosting Controller <= 6.1 Hotfix 2.2 |
| 19254 |
other |
Hosting Controller Software Detection |
Detects Hosting Controller |
| 19253 |
other |
osCommerce Unprotected Admin Directory |
Checks for unprotected admin directory in osCommerce |
| 19239 |
other |
PHPAuction Admin Authentication Bypass |
Attempts to bypass PHPAuction administrative authentication |
| 19238 |
other |
IBM Lotus Domino Server time/date Fields Remote Overflow |
Checks for date fields overflow vulnerability in Lotus Domino Server |
| 19233 |
other |
MediaWiki Detection |
Detects MediaWiki |
| 19232 |
other |
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PHP-Fusion <= 6.00.105 |
| 19229 |
other |
VP-ASP Multiple Script SQL Injection |
Performs a SQL injection against the remote shopping cart |
| 19227 |
other |
Phpauction <= 2.5 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Phpauction <= 2.5 |
| 19218 |
other |
Sybase EAServer WebConsole jaqadmin Default Password |
Checks for default administrator password in Sybase EAServer |
| 19194 |
other |
Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Hosting Controller < 6.1 hotfix 2.2 |
| 18691 |
other |
Moodle < 1.5.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Moodle < 1.5.1 |
| 18690 |
other |
Moodle Detection |
Detects Moodle |
| 18672 |
other |
PPA functions.inc.php ppa_root_path Variable File Inclusion |
Checks for ppa_root_path variable file include vulnerability in PPA |
| 18671 |
other |
SPiD lang.php lang_path Remote File Inclusion |
Checks for lang_path variable file include vulnerability in SPiD |
| 18659 |
other |
phpSecurePages cfgProgDir Variable File Include Vulnerabilities |
Checks for cfgProgDir variable file include vulnerabilities in phpSecurePages |
| 18658 |
other |
PunBB < 1.2.6 Multiple Vulnerabilities |
Detects multiple vulnerabilities in PunBB < 1.2.6 |
| 18654 |
other |
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities (ID, more) |
Checks for multiple vulnerabilities in Bugzilla <= 2.18.1 / 2.19.3 |
| 18653 |
other |
Jinzora Multiple Script include_path Parameter Remote File Inclusion (2) |
Checks for include_path variable file include vulnerabilities in Jinzora |
| 18650 |
other |
Sambar Server search.pl results.stm Overflow DoS |
Sambar Search Results Buffer Overflow DoS |
| 18643 |
other |
Comersus Cart Multiple Vulnerabilities (SQLi, XSS) |
Checks for multiple vulnerabilities in Comersus Cart |
| 18641 |
other |
Drupal Unspecified Privilege Escalation |
Checks version of Drupal |
| 18640 |
other |
Drupal XML-RPC for PHP Remote Code Injection |
Checks for XML-RPC for PHP remote code injection vulnerability in Drupal |
| 18639 |
other |
Drupal Public Comment/Posting Arbitrary PHP Code Execution |
Checks version of Drupal |
| 18638 |
other |
Drupal Software Detection |
Detects Drupal |
| 18637 |
other |
phpPgAdmin index.php formLanguage Parameter Local File Inclusion |
Checks for formLanguage parameter directory traversal vulnerability in phpPgAdmin |
| 18636 |
other |
phpWebSite <= 0.10.1 Multiple Vulnerabilities |
Detects multiple vulnerabilities in phpWebSite <= 0.10.1 |
| 18628 |
other |
YaPiG Password Protected Directory Bypass |
Checks for YaPiG version |
| 18626 |
other |
phpBB < 2.0.17 Nested BBCode URL Tags Cross-Site Scripting Vulnerability |
Checks for nested BBCode URL tags cross-site scripting vulnerability in phpBB <= 2.0.16 |
| 18622 |
other |
Geeklog User Comment Retrieval SQL Injection |
Checks for user comment retrieval SQL injection vulnerability in Geeklog |
| 18621 |
other |
PHPNews news.php prevnext Parameter SQL Injection |
Checks for prevnext parameter SQL injection vulnerability in PHPNews |
| 18619 |
other |
Cacti < 0.8.6f Multiple Vulnerabilities (Priv Esc, Cmd Exe) |
Checks for multiple vulnerabilities in Cacti < 0.8.6f |
| 18618 |
other |
Nabopoll survey.inc.php path Parameter Remote File Inclusion |
Checks for path parameter remote file include vulnerability in Nabopoll |
| 18617 |
other |
EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion |
Checks for serverPath remote file include vulnerabilities in EasyPHPCalendar |
| 18614 |
other |
XOOPS < 2.0.12 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in XOOPS < 2.0.12 |
| 18613 |
other |
XOOPS Detection |
Detects XOOPS |
| 18612 |
other |
osTicket <= 1.3.1 Multiple Vulnerabilities |
Checks version of osTicket |
| 18601 |
other |
WordPress < 1.5.1.3 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in WordPress < 1.5.1.2 |
| 18600 |
other |
Serendipity XML-RPC for PHP Remote Code Injection |
Checks for XML-RPC for PHP remote code injection vulnerability in Serendipity |
| 18589 |
other |
phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution |
Checks for remote code execution vulnerability in phpBB <= 2.0.15 |
| 18586 |
other |
webadmin.php show Parameter Arbitrary File Access |
Try to read /etc/passwd through webadmin.php |
| 18572 |
other |
WebCalendar Detection |
Checks for presence of WebCalendar |
| 18571 |
other |
WebCalendar assistant_edit.php Unauthorized Access |
Checks for assistant_edit.php unauthorized access vulnerability in WebCalendar |
| 18569 |
other |
DUportal Pro Multiple Scripts SQL Injection (2) |
Checks for multiple SQL injection vulnerabilities in DUportal Pro |
| 18568 |
other |
DUpaypal Pro Multiple Scripts SQL Injection |
Checks for multiple SQL injection vulnerabilities in DUpaypal Pro |
| 18567 |
other |
DUforum Multiple Scripts SQL Injection |
Checks for multiple SQL injection vulnerabilities in DUforum |
| 18566 |
other |
DUclassmate Multiple Scripts SQL Injection |
Checks for multiple SQL injection vulnerabilities in DUclassmate |
| 18565 |
other |
DUamazon Pro Multiple Scripts SQL Injection |
Checks for multiple SQL injection vulnerabilities in DUamazon Pro |
| 18563 |
other |
K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution |
Checks for K-COLLECT CSV-DB remote command execution flaw |
| 18553 |
other |
Simple Machines Forum msg Parameter SQL Injection Vulnerability |
Checks for msg parameter SQL injection vulnerability in Simple Machines Forum |
| 18552 |
other |
Ipswitch WhatsUp Professional Login.asp Multiple Field SQL Injection |
Checks for SQL injection vulnerability in Ipswitch WhatsUp Professional's Login.asp |
| 18546 |
other |
Cacti < 0.8.6e Multiple Vulnerabilities (SQLi, RFI) |
Checks for multiple vulnerabilities in Cacti < 0.8.6e |
| 18541 |
other |
MercuryBoard User-Agent SQL Injection |
Checks for User-Agent remote SQL injection vulnerability in MercuryBoard |
| 18539 |
other |
i-Gallery <= 3.3 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in i-Gallery <= 3.3 |
| 18535 |
other |
paFAQ 1.0 Beta 4 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in paFAQ |
| 18526 |
other |
JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID) |
Attempts to read security policy of a remote JBoss server |
| 18523 |
other |
YaPiG < 0.95b Multiple Vulnerabilities |
Checks for YaPiG version |
| 18507 |
other |
Sawmill < 7.1.6 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Sawmill < 7.1.6 |
| 18504 |
other |
SquirrelMail < 1.45 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in SquirrelMail < 1.45 |
| 18495 |
other |
Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Mambo Open Source < 4.5.2.3 |
| 18494 |
other |
ViRobot Linux Server addschup Multiple Overflows |
Checks for remote buffer overflow vulnerability in ViRobot Linux Server |
| 18479 |
other |
e107 eTrace Plugin dotrace.php Arbitrary Code Execution |
Checks for arbitrary code execution vulnerability in e107 eTrace plugin |
| 18478 |
other |
WebHints hints.pl Arbitrary Command Execution |
Checks for WebHints remote command execution flaw |
| 18477 |
other |
JamMail jammail.pl mail Parameter Arbitrary Command Execution |
Determines the presence of Jammail.pl remote command execution |
| 18461 |
other |
e107 ePing Plugin doping.php Arbitrary Code Execution |
Checks for arbitrary code execution vulnerability in e107 ePing plugin |
| 18460 |
other |
Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion |
Checks for LOCAL_PATH remote file include vulnerability in Siteframe |
| 18447 |
other |
Invision Gallery < 1.3.1 Multiple SQL Injections |
Checks for multiple input validation vulnerabilities in Invision Gallery |
| 18446 |
other |
Invision Community Blog Multiple Vulnerabilities (SQLi, XSS) |
Checks for multiple input validation vulnerabilities in Invision Community Blog |
| 18436 |
other |
ProductCart Multiple Scripts SQL Injection |
Checks for multiple SQL injection vulnerabilities (2) in ProductCart |
| 18429 |
other |
FlexCast Server Terminal Authentication Unspecified Remote Issue |
Checks for terminal authentication vulnerability in FlexCast Server |
| 18420 |
other |
WordPress template-functions-category.php cat_ID Parameter SQL Injection |
Checks for cat_ID SQL injection vulnerability in WordPress |
| 18419 |
other |
Qualiteam X-Cart Multiple Vulnerabilities |
Checks for multiple vulnerabilities in X-Cart |
| 18416 |
other |
Exhibit Engine list.php Multiple Parameter SQL Injection |
Checks for SQL injection vulnerability in Exhibit Engine's list.php |
| 18410 |
other |
Calendarix Multiple Vulnerabilities (SQLi, XSS) |
Checks for multiple vulnerabilities in Calendarix |
| 18401 |
other |
Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi |
Checks for privilege escalation vulnerability in Invision Power Board |
| 18400 |
other |
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Hosting Controller < 6.1 hotfix 2.1 |
| 18376 |
other |
Athena Web Registration athenareg.php pass Variable Command Execution |
Checks for Athena Web Registration remote command execution flaw |
| 18374 |
other |
Listserv < 14.3-2005a Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Listserv < 14.3-2005a |
| 18370 |
other |
MaxWebPortal memKey Parameter SQL Injection |
Checks for SQL injection vulnerability in MaxWebPortal's password.asp |
| 18363 |
other |
Hosting Controller addsubsite.asp Security Bypass |
Checks for addsubsite.asp security bypass in Hosting Controller |
| 18362 |
other |
Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS) |
Checks for unathenticated access to admin.asp |
| 18360 |
other |
PostNuke <= 0.760 RC4a Multiple Vulnerabilities |
Detects multiple vulnerabilities in PostNuke <= 0.760 RC4a |
| 18358 |
other |
Netref cat_for_gen.php Arbitrary PHP Command Injection |
Netref Cat_for_gen.PHP Remote PHP Script Injection Vulnerability |
| 18302 |
other |
Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection |
Checks for X-Forwarded-For code injection vulnerability in Fusion News |
| 18301 |
other |
WordPress < 1.5.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in WordPress < 1.5.1 |
| 18300 |
other |
PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities |
Checks for multiple unspecified vulnerabilities in AutoTheme PostNuke module |
| 18298 |
other |
Serendipity < 0.8.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Serendipity < 0.8.1 |
| 18297 |
other |
WordPress Detection |
Checks for presence of WordPress |
| 18296 |
other |
Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF) |
Checks for multiple vulnerabilities (2) in Help Center Live |
| 18294 |
other |
NETFile Default Credentials |
Checks for default admin user / password vulnerability in NETFile FTP/Web Server |
| 18293 |
other |
Woltlab Burning Board verify_email Function SQL Injection |
Checks for verify_email SQL injection vulnerability in Burning Board |
| 18292 |
other |
WebAPP apage.cgi f Parameter Arbitrary Command Execution |
Checks for apage.cgi remote command execution flaw |
| 18290 |
other |
MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities |
MetaCart E-Shop productsByCategory.ASP XSS and SQL injection Vulnerabilities |
| 18289 |
other |
JGS-Portal for WoltLab Burning Board Multiple Vulnerabilities (SQLi, XSS) |
JGS-Portal Multiple XSS and SQL injection Vulnerabilities |
| 18288 |
other |
web-app.org WebAPP Encoded Request .dat File Disclosure |
Checks for file disclosure vulnerability in WebAPP |
| 18287 |
other |
WebAPP Detection |
Checks for presence of WebAPP |
| 18260 |
other |
Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities |
Checks for UPB |
| 18259 |
other |
OpenBB < 1.0.9 Multiple Vulnerabilities |
Detects openBB version |
| 18255 |
other |
CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID) |
Checks for an SQL injection in CodeThatShoppingCart |
| 18254 |
other |
Dream4 Koobi CMS index.php area Parameter SQL Injection |
Checks for an SQL injection in the Koobi CMS |
| 18250 |
other |
Woltlab Burning Board Detection |
Checks for presence of Burning Board |
| 18248 |
other |
MaxWebPortal <= 1.35 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in MaxWebPortal <= 1.35 |
| 18247 |
other |
boastMachine users.inc.php File Extension Validation Arbitrary File Upload |
Checks for remote arbitrary file upload vulnerability in boastMachine |
| 18246 |
other |
Woppoware PostMaster <= 4.2.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Woppoware PostMaster <= 4.2.2 |
| 18245 |
other |
Bugzilla < 2.18.1 Multiple Information Disclosures |
Checks for information disclosure vulnerabilities in Bugzilla |
| 18223 |
other |
NETFile FTP/Web Server Directory Traversal Arbitrary File Access |
Checks for directory traversal vulnerabilities in NETFile FTP/Web Server |
| 18222 |
other |
e107 < 7.0 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in e107 <= 0.617 |
| 18221 |
other |
WowBB view_user.php Multiple Parameter SQL Injection |
Checks for SQL injection flaw in wowBB |
| 18218 |
other |
MyServer 0.8 Multiple Vulnerabilities |
Determine if MyServer is vulnerable to a XSS flaw |
| 18217 |
other |
Advanced Guestbook index.php entry Parameter SQL Injection |
Checks for a SQL injection attack in Advanced Guestbook |
| 18212 |
other |
4D WebSTAR Tomcat Plugin Remote Buffer Overflow |
Checks for 4D WebSTAR |
| 18207 |
other |
PHP Advanced Transfer Manager <= 1.21 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PHP Advanced Transfer Manager <= 1.21 |
| 18203 |
other |
Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS) |
Checks for multiple vulnerabilities in Invision Power Board < 2.0.4 |
| 18199 |
other |
Interspire ArticleLive Multiple Remote Vulnerabilities (XSS, Auth Bypass) |
Checks for multiple vulnerabilities in Interspire ArticleLive |
| 18193 |
other |
osTicket <= 1.2.7 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in osTicket <= 1.2.7 |
| 18190 |
other |
Open WebMail Shell Escape Arbitrary Command Execution |
Checks for arbitrary execution vulnerability in Open WebMail |
| 18188 |
other |
bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS) |
Checks for multiple vulnerabilities in bBlog <= 0.7.4 |
| 18178 |
other |
Trend Micro TMCM Console Management Detection |
Checks for Trend Micro TMCM console management |
| 18177 |
other |
Websense Reporting Console Detection |
Checks for Websense reporting console |
| 18166 |
other |
phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities |
Checks for multiple SQL injection vulnerabilities in phpCOIN <= 1.2.2 |
| 18165 |
other |
Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal) |
Checks for multiple input validation vulnerabilities in Claroline < 1.5.4 / 1.6.0 |
| 18156 |
other |
PHP-Calendar includes/search.php Multiple Parameter SQL Injection |
Checks for SQL injection vulnerability in PHP-Calendar search.php |
| 18150 |
other |
yappa-ng < 2.3.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in yappa-ng < 2.3.2 |
| 18140 |
other |
ArGoSoft Mail Server Pro <= 1.8.7.6 Multiple Vulnerabilities (XSS, Traversal, Priv Esc) |
Checks for multiple vulnerabilities in ArGoSoft Mail Server Pro <= 1.8.7.6 |
| 18137 |
other |
Horde Turba Detection |
Checks for presence of Turba |
| 18135 |
other |
Horde Nag Detection |
Checks for presence of Nag |
| 18133 |
other |
Horde Mnemo Detection |
Checks for presence of Mnemo |
| 18124 |
other |
phpBB <= 2.0.14 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpBB 2.0.14 and older |
| 18123 |
other |
MailEnable HTTPMail Service Authorization Header Remote Overflow |
Checks for Authorization Buffer Overflow Vulnerability in MailEnable HTTPMail Service |
| 18120 |
other |
DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1) |
Checks for SQL injection vulnerability in DUPortal |
| 18101 |
other |
Coppermine Photo Gallery < 1.3.2 Multiple SQL Injections |
Checks for version of Coppermine Photo Gallery |
| 18098 |
other |
UBB.threads < 6.5.2 beta Multiple Vulnerabilities |
Checks for multiple vulnerabilities in UBB.threads < 6.5.2 beta |
| 18084 |
other |
phpBB Knowledge Base Module kb.php cat Parameter SQL Injection |
Checks for SQL injection vulnerability in phpBB Knowledge Base module |
| 18059 |
other |
Monkey HTTP Daemon (monkeyd) < 0.9.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Monkey HTTP Daemon < 0.9.1 |
| 18055 |
other |
Serendipity exit.php Multiple Parameter SQL Injection |
Checks for SQL injection vulnerabilities in Serendipity exit.php |
| 18054 |
other |
Serendipity Detection |
Checks for presence of Serendipity |
| 18051 |
other |
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpBB Photo Album Module <= 2.0.53 |
| 18047 |
other |
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure |
Attempts to read the source of a jsp page |
| 18036 |
other |
XAMPP < 1.4.14 Multiple Vulnerabilities |
Checks for the version of XAMPP |
| 18035 |
other |
MediaWiki Multiple Remote Vulnerabilities |
Test for the version of MedaWiki |
| 18011 |
other |
Invision Power Board index.php Members Action st Parameter SQL Injection |
Checks for st parameter SQL injection vulnerability in Invision Power Board |
| 18008 |
other |
ModernBill <= 4.3.0 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in ModernBill 4.3.0 and older |
| 18007 |
other |
phpBB up.php Arbitrary File Upload |
Checks for file upload script vulnerability in phpBB |
| 18005 |
other |
PunBB profile.php id Parameter SQL Injection |
Checks for SQL injection vulnerability in PunBB's profile.php |
| 17999 |
other |
CubeCart <= 2.0.6 Multiple SQL Injections |
Checks for multiple SQL injection vulnerabilities in CubeCart 2.0.6 and earlier |
| 17998 |
other |
CubeCart Detection |
Checks for the presence of CubeCart |
| 17989 |
other |
Active Auction Multiple Vulnerabilities (SQLi, XSS) |
Checks for a SQL injection error in Active Auction House |
| 17987 |
other |
RunCMS Remote Arbitrary File Upload Vulnerability |
Checks for remote arbitrary file upload vulnerability in RunCMS |
| 17971 |
other |
ProductCart Multiple Input Validation Vulnerabilities |
Checks for multiple input validation vulnerabilities in ProductCart |
| 17970 |
other |
SiteEnable Multiple Input Validation Vulnerabilities |
Checks for XSS and SQL injection vulnerabilities in SiteEnable |
| 17688 |
other |
MaxWebPortal <= 1.33 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in MaxWebPortal <= 1.33 |
| 17687 |
other |
PHP Multiple Image Processing Functions File Handling DoS |
Checks for image file format denial of service vulnerabilities in PHP |
| 17672 |
other |
Mambo Detection |
Checks for presence of Mambo / Mambo Open Source / Mambo CMS |
| 17653 |
other |
ASP PortalApp Multiple SQL Injection |
SQL Injection |
| 17652 |
other |
Squirrelcart index.php Multiple Parameter SQL Injection |
SQL Injection in Squirrelcart |
| 17649 |
other |
PhotoPost < 5.1 Multiple Input Validation Vulnerabilities |
Checks for multiple input validation vulnerabilities in PhotoPost PHP |
| 17648 |
other |
PhotoPost PHP Detection |
Checks for presence of PhotoPost PHP |
| 17636 |
other |
Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration |
The remote host is running Microsoft Outlook Web Access 2003 and is vulnerable to URL Injection. |
| 17608 |
other |
XMB Forum < 1.9.2 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in XMB Forum < 1.9.2 |
| 17597 |
other |
CoolForum Multiple Vulnerabilities (SQLi, XSS) |
Checks for cross-site scripting and SQL injection vulnerabilities in CoolForum |
| 17596 |
other |
Phorum search.php location Parameter HTTP Response Splitting |
Checks for HTTP response splitting vulnerability in Phorum |
| 17595 |
other |
osCommerce file_manager.php filename Variable Traversal Arbitrary File Access |
Determine if osCommerce is vulnerable to dir traversal |
| 17592 |
other |
Icecast XSL Parser Multiple Vulnerabilities (OF, ID) |
Checks for XSL parser vulnerabilities in Icecast |
| 17583 |
other |
Aventail ASAP Platform Management Console Detection |
Aventail ASAP Management Console management |
| 17574 |
other |
paNews 2.0.4b Multiple Input Validation Vulnerabilities |
Detects input validation vulnerabilities in paNews |
| 17368 |
other |
WebShield Appliance Detection |
Checks for WebShield Appliance console management |
| 17367 |
other |
Fortinet Fortigate Web Console Management Detection |
Checks for Fortinet Fortigate management console |
| 17349 |
other |
Phorum Detection |
Checks for presence of Phorum |
| 17337 |
other |
IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure |
Checks for remote information disclosure vulnerability in IBM WebSphere Application Server |
| 17329 |
other |
paFileDB <= 3.1 Multiple Vulnerabilities (2) |
Checks for multiple vulnerabilities in paFileDB 3.1 and Older |
| 17328 |
other |
SimpGB guestbook.php quote Parameter SQL Injection |
Checks for SQL injection in SimpGB |
| 17327 |
other |
paFileDB Detection |
Checks for presence of paFileDB |
| 17320 |
other |
Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc) |
Checks for multiple remote vulnerabilities in Active WebCam webserver 5.5 and older |
| 17316 |
other |
UBB.threads editpost.php Number Parameter SQL Injection |
Checks for SQL injection vulnerability in UBB.threads editpost.php |
| 17315 |
other |
UBB.threads Detection |
Checks for presence of UBB.threads |
| 17314 |
other |
PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities |
Checks for multiple remote vulnerabilities in PhotoPost PHP 5.0 RC3 and older |
| 17312 |
other |
Zorum <= 3.5 Multiple Remote Vulnerabilities |
Checks for multiple remote vulnerabilities in Zorum <= 3.5 |
| 17309 |
other |
NewsScript newsscript.pl mode Parameter Privilege Escalation |
Checks for access validation vulnerability in NewsScript |
| 17308 |
other |
Hosting Controller HCDiskQuoteService.csv Direct Request Information Disclosure |
Downloads HCDiskQuoteService.csv |
| 17306 |
other |
CopperExport XP_Publish.PHP SQL Injection Vulnerability |
SQL Injection in CopperExport |
| 17301 |
other |
phpBB <= 2.0.13 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpBB 2.0.13 and older |
| 17298 |
other |
phpMyFAQ Forum Message username Field SQL Injection |
Checks for username SQL injection vulnerability in phpMyFAQ |
| 17297 |
other |
phpMyFAQ Detection |
Checks for presence of phpMyFAQ |
| 17285 |
other |
Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion |
Detects file include vulnerabilities in Stadtaus' PHP Scripts |
| 17282 |
other |
vBulletin Detection |
Checks for the presence of vBulletin |
| 17273 |
other |
CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities |
Detects directory traversal file access and DoS vulnerability in CProxy |
| 17272 |
other |
TYPO3 cmw_linklist Extension category_uid Parameter SQL Injection |
Detects SQL injection vulnerability in TYPO3 CMW Linklist extension |
| 17260 |
other |
CubeCart < 2.0.6 settings.inc.php Multiple Script XSS |
Checks version of CubeCart |
| 17259 |
other |
phpList <= 2.6.3 Multiple Vulnerabilities |
Checks version of phpList |
| 17257 |
other |
SquirrelMail S/MIME Plug-in Remote Command Execution |
Checks for remote command execution vulnerability in SquirrelMail S/MIME Plugin |
| 17255 |
other |
CuteNews Detection |
Checks for presence of CuteNews |
| 17253 |
other |
paNews Detection |
Checks for presence of paNews |
| 17247 |
other |
PHPNews auth.php path Parameter Remote File Inclusion |
Detects remote file include vulnerability in auth.php in PHPNews |
| 17246 |
other |
phpCOIN <= 1.2.1b Multiple Vulnerabilities |
Detects multiple vulnerabilities in phpCOIN 1.2.1b and older |
| 17244 |
other |
Trend Micro IMSS Console Management Detection |
Checks for Trend Micro IMSS web console management |
| 17240 |
other |
PostNuke <= 0.760 RC2 Multiple Vulnerabilities |
Detects multiple vulnerabilities in PostNuke 0.760 RC2 and older |
| 17239 |
other |
FCKeditor for PHP-Nuke Arbitrary File Upload |
Detects arbitrary file upload vulnerability in FCKeditor for PHP-Nuke |
| 17227 |
other |
CubeCart < 2.0.5 Multiple Vulnerabilities |
Checks Brooky CubeCart language XSS |
| 17225 |
other |
phpBB <= 2.0.12 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in phpBB version <= 2.0.12 |
| 17224 |
other |
PunBB < 1.2.2 Multiple Input Validation Vulnerabilities |
Detects input validation vulnerabilities in PunBB |
| 17223 |
other |
phpWebSite Image Announcement Upload Arbitrary Command Execution |
Detects arbitrary PHP file upload as image file vulnerability in phpWebSite |
| 17222 |
other |
phpWebSite Detection |
Checks for the presence of phpWebSite |
| 17221 |
other |
phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions |
Detect multiple local file include vulnerabilities in phpMyAdmin |
| 17219 |
other |
phpMyAdmin Detection |
Looks for phpMyAdmin's main.php |
| 17214 |
other |
OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in OpenConnect WebConnect < 6.5.1 |
| 17211 |
other |
vBulletin misc.php template Variable PHP Code Injection |
Executes phpinfo() on the remote host |
| 17210 |
other |
TWiki ImageGalleryPlugin Shell Command Injection |
Checks for the presence of TWiki |
| 17209 |
other |
PBLang BBS <= 4.65 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in PBLang BBS <= 4.65 |
| 17205 |
other |
phpBB <= 2.0.11 Multiple Vulnerabilities |
Multiple vulnerabilities in phpBB version 2.0.11 and older |
| 17203 |
other |
Invision Power Board Software Detection |
Checks for the presence of Invision Power Board |
| 17201 |
other |
paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection |
Checks for remote code execution in admin_setup.php in paNews |
| 17200 |
other |
Trend Micro IWSS Console Management Detection |
Checks for Trend Micro IWSS web console management |
| 17194 |
other |
Mambo Open Source Tar.php Remote File Inclusion |
Detect Tar.php Remote File Include Vulnerability in Mambo Open Source |
| 17193 |
other |
BizMail bizmail.cgi Arbitrary Mail Relay |
Checks the version of bizmail.cgi |
| 17160 |
other |
TrackerCam Multiple Remote Vulnerabilities |
Checks for flaws in TrackerCam |
| 17152 |
other |
pMachine mail_autocheck.php Arbitrary Code Execution |
Checks for the presence of mail_autocheck.php |
| 17151 |
other |
Blazix Trailing Character JSP Source Disclosure |
Attempts to read the source of a jsp page |
| 17142 |
other |
WebCalendar login.php webcalendar_session Cookie SQL Injection |
Sends a malformed cookie to the remote host |
| 16478 |
other |
DCP-Portal Multiple Scripts SQL Injection |
Determines the presence of DCP-Portal |
| 16477 |
other |
CitrusDB Static id_hash Admin Authentication Bypass |
Tries to authenticate to CitrusDB as admin |
| 16469 |
other |
ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal) |
Determines the presence of ELOG Web Logbook |
| 16456 |
other |
AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID) |
Determines the presence of debug output in AWStats |
| 16455 |
other |
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution |
Checks for vBulletin Forumdisplay.PHP Remote Command Execution Vulnerability |
| 16387 |
other |
Sympa src/queue.c queue Utility Local Overflow |
Checks sympa version |
| 16364 |
other |
ArGoSoft Mail Server Multiple Traversals |
Gets the version of the remote ArGoSoft server |
| 16339 |
other |
Mailman private.py true_path Function Traversal Arbitrary File Access |
Checks for Mailman private.py Directory Traversal Vulnerability |
| 16338 |
other |
Mailman Detection |
Checks for the presence of Mailman |
| 16336 |
other |
PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access |
Checks the version of the remote PHP-Fusion |
| 16335 |
other |
PHP-Fusion Detection |
Checks the location of the remote PHP-Fusion |
| 16323 |
other |
PerlDesk kb.cgi view Parameter SQL Injection |
Checks if PerlDesk is vulnerable to a SQL injection attack |
| 16320 |
other |
Chipmunk CMScore Multiple Script SQL Injection |
Checks if Chipmunk CMScore is vulnerable to a SQL injection attack |
| 16319 |
other |
Chipmunk Forum Multiple SQL Injections |
Checks if Chipmunk forum is vulnerable to a SQL injection attack |
| 16315 |
other |
Mambo Site Server Multiple Vulnerabilities |
Determine if Mambo Site Server is vulnerable to xss attack and remote flaw |
| 16312 |
other |
Mambo Global Variables Unauthorized Access |
Checks for index.php malformed request vulnerability |
| 16282 |
other |
Xoops Incontent Module Traversal Arbitrary PHP File Source Disclosure |
Checks for the presence of Xoops Incontent module |
| 16278 |
other |
Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD) |
Checks for the presence of Infinite Mobile Delivery |
| 16276 |
other |
phpPgAds dest Parameter HTTP Response Splitting |
Checks for the presence of phpPGAds/phpAdsNew |
| 16275 |
other |
CoolForum Multiple SQL Injections |
Checks for the presence of CoolForum |
| 16273 |
other |
IceWarp Web Mail Multiple Flaws (3) |
Check the version of IceWarp WebMail |
| 16271 |
other |
Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access) |
Checks for the version of Alt-N WebAdmin |
| 16250 |
other |
Exponent CMS Path Disclosure Vulnerability |
Checks for the version of Exponent |
| 16229 |
other |
TikiWiki File Upload temp Directory Arbitrary Script Execution |
Checks the version of TikiWiki |
| 16228 |
other |
SquirrelMail < 1.4.4 Multiple Vulnerabilities |
Checks for Three XSS Vulnerabilities in SquirrelMail < 1.4.4 |
| 16225 |
other |
GForge Multiple Script Traversal Arbitrary Directory Listing |
Checks for a flaw in GForge |
| 16216 |
other |
Siteman Page User Database Privilege Escalation |
Checks Siteman's version |
| 16210 |
other |
PHPLinks Multiple Input Validation Vulnerabilities |
Checks for the presence of PHPLinks |
| 16208 |
other |
phpMyWebHosting Authentication SQL Injection |
Checks for the presence of PHPMyWebhosting |
| 16203 |
other |
vBulletin includes/init.php Unspecified Vulnerability |
Checks the version of vBulletin |
| 16200 |
other |
phpBB < 2.0.11 Multiple Vulnerabilities |
Check for the version of phpBB |
| 16198 |
other |
JAWS Directory Traversal Vulnerability |
Checks for a file reading flaw in JAWS |
| 16197 |
other |
ITA Forum Multiple Scripts SQL Injection |
SQL Injection in ITA Forum |
| 16189 |
other |
AWStats awstats.pl configdir Parameter Arbitrary Command Execution |
Determines the presence of AWStats awstats.pl flaws |
| 16185 |
other |
Gallery < 1.4.4-pl5 Multiple Remote Vulnerabilities (XSS, Path Disc) |
Checks for the presence of login.php |
| 16183 |
other |
Novell GroupWise WebAccess Error Handler Authentication Bypass |
Checks GroupWise Auth Bypass |
| 16180 |
other |
SiteMinder smpwservicescgi.exe Arbitrary Site Redirect |
Checks for a flaw in SiteMinder |
| 16179 |
other |
Minis minis.php month Parameter Traversal Arbitrary File Access |
Checks for a file reading flaw in minis |
| 16178 |
other |
ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion |
Checks for Zeroboard flaws |
| 16175 |
other |
Novell GroupWise WebAccess WebAccessUninstall.ini Information Disclosure |
Checks GroupWare WebAccessUninstall.ini |
| 16173 |
other |
IBM Websphere Commerce Database Update Information Disclosure |
Detects Websphere default user information leak |
| 16172 |
other |
MPM Guestbook Pro top.php Traversal Arbitrary File Access |
Determines MPM Guestbook is installed |
| 16170 |
other |
Movable Type mt.cfg Information Disclosure |
Checks for the presence of mt.cfg |
| 16169 |
other |
Movable Type mt-load.cgi Privilege Escalation |
Checks for the existence of /mt/mt-load.cgi |
| 16161 |
other |
IlohaMail Configuration Scripts Remote Disclosure |
Checks for the presence of conf/conf.inc |
| 16154 |
other |
Invision Community Blog Module eid Parameter SQL Injection |
SQL Injection |
| 16153 |
other |
Macallan Mail Solution Web Interface Authentication Bypass |
Checks for Macallan Mail Solution version |
| 16143 |
other |
MyBB member.php uid Parameter SQL Injection |
Checks for SQL injection vulnerability in MyBB's member.php script |
| 16142 |
other |
IlohaMail Multiple Configuration Files Remote Information Disclosure |
Checks for Readable Configuration Files in IlohaMail |
| 16140 |
other |
VideoDB < 2.0.2 Multiple Vulnerabilities |
Checks for the version of VideoDB |
| 16137 |
other |
Simple PHP Blog comments.php Traversal Arbitrary File Access |
Simple PHP Blog dir traversal |
| 16136 |
other |
GNU Mailman Multiple Unspecified Remote Vulnerabilities |
GNU Mailman unspecified vulnerabilities |
| 16122 |
other |
PHPWind Board faq.php skin Parameter Remote File Inclusion |
Checks for the presence of PHPWind Board. |
| 16120 |
other |
Greymatter 1.3 Multiple Vulnerabilities |
Checks for the version of Greymatter |
| 16095 |
other |
FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution |
Determines if FlatNuke is installed |
| 16086 |
other |
IBProArcade index.php Arcade Module gameid Parameter SQL Injection |
Checks for the presence of an SQL injection in index.php |
| 16071 |
other |
PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion |
Determines if PHP-Calendar can include third-party files |
| 16070 |
other |
WHM AutoPilot < 2.5.20 Multiple Remote Vulnerabilities |
Determines if WHM AutoPilot can include third-party files |
| 16064 |
other |
SHOUTcast Server Filename Handling Format String |
SHOUTcast version check |
| 16063 |
other |
Owl < 0.74.0 Multiple Vulnerabilities |
Determines owl is installed |
| 16062 |
other |
ViewCVS < 1.0.0 Multiple Vulnerabilities |
viewcvs flaw |
| 16060 |
other |
Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS) |
Determines if Help Center Live can include third-party files |
| 16059 |
other |
ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities |
Checks for Zeroboard flaws |
| 16046 |
other |
2BGal disp_album.php id_album Parameter SQL Injection |
SQL Injection |
| 16045 |
other |
Namazu < 2.0.14 Multiple Vulnerabilities |
Checks for the version of Namazu |
| 16044 |
other |
e_Board index2.cgi message Parameter Traversal Arbitrary File Access |
Checks for e_Board |
| 16023 |
other |
WordPress < 1.5.1 Multiple Vulnerabilities |
Checks for the presence of WordPress |
| 15988 |
other |
WordPress < 1.2.2 Multiple Vulnerabilities |
Checks for multiple flaws in WordPress < 1.2.2 |
| 15987 |
other |
Singapore Gallery < 0.9.11 Multiple Vulnerabilities |
The presence of Singapore Gallery |
| 15986 |
other |
Ikonboard ikonboard.cgi Multiple Parameter SQL Injection |
Checks for Ikonboard.cgi |
| 15983 |
other |
phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities |
Checks the version of phpGroupWare |
| 15982 |
other |
phpGroupWare Detection |
Checks for PhpGroupWare |
| 15975 |
other |
SIR GNUBoard Remote File Inclusion |
Checks for the presence of index.php |
| 15974 |
other |
Ocean12 ASP Calendar Administrative Access |
auth bypass test |
| 15972 |
other |
iWebNegar Multiple Scripts SQL Injection |
SQL Injection |
| 15968 |
other |
ASP-Rider verify.asp username Parameter SQL Injection |
SQL Injection |
| 15950 |
other |
SugarSales Multiple Module Traversal Arbitrary File Access |
Checks for a file reading flaw in SugarSales |
| 15949 |
other |
PhpDig < 1.8.5 Unspecified Vulnerability |
Checks the version of phpMyAdmin |
| 15948 |
other |
phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities |
Checks the version of phpMyAdmin |
| 15938 |
other |
PunBB Search Dropdown Private Forum Disclosure |
Checks for PunBB version for information disclosure |
| 15936 |
other |
PunBB Detection |
Checks for presence of PunBB |
| 15935 |
other |
IlohaMail Unspecified Vulnerability |
Checks IlohaMail version |
| 15931 |
other |
F-Secure Policy Manager Path Disclosure |
Checks for /fsms/fsmsh.dll |
| 15928 |
other |
PHP Live! directory/conf File Include Unspecified Issue |
Checks for a flaw in PHP Live! < 2.8.2 |
| 15924 |
other |
Blog Torrent < 0.81 btdownload.php Multiple Vulnerabilities |
Looks for a XSS in Blog Torrent. |
| 15911 |
other |
paFileDB sessions Directory Admin Hashed Password Disclosure |
Determines the version of paFileDB |
| 15910 |
other |
Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities |
Determines the presence of w3who.dll |
| 15909 |
other |
PAFileDB Multiple Script Error Message Path Disclosure |
Checks for psFileDB path disclosure |
| 15905 |
other |
PHProjekt setup.php Authentication Bypass Arbitrary Code Execution |
Uses a form-POST method to enter the configuration page |
| 15904 |
other |
Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval |
Looks for a directory traversal vulnerability in Blog Torrent. |
| 15861 |
other |
PHPNews sendtofriend.php SQL Injection |
Makes a request to the remote host by supplying the mid paramter in the url |
| 15858 |
other |
PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access |
Determines if pnTresMailer is vulnerable to a Directory Traversal |
| 15849 |
other |
Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access |
Brio Unix Directory Traversal |
| 15829 |
other |
KorWeblog < 1.6.2 Multiple Vulnerabilities |
Checks the version of the remote KorWeblog |
| 15788 |
other |
Nucleus CMS < 3.15 Multiple Vulnerabilities |
Nucleus Version Check |
| 15787 |
other |
WebGUI user profile Unspecified Vulnerability |
Checks the version of WebGUI |
| 15784 |
other |
PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities |
Check for SQL Injection in PHPKIT |
| 15780 |
other |
phpBB viewtopic.php highlight Parameter SQL Injection |
SQL Injection |
| 15779 |
other |
phpBB Detection |
Check for phpBB version |
| 15778 |
other |
Invision Power Board sources/post.php qpid Parameter SQL Injection |
Detect Invision Power Board Post SQL Injection |
| 15775 |
other |
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection |
Detect Invision Power Board Arcade SQL Injection |
| 15772 |
other |
phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification |
Checks for the presence of a vulnerability in phpScheduleIt |
| 15763 |
other |
miniBB index.php user Variable SQL Injection |
Determine if MiniBB can be used to execute arbitrary SQL commands |
| 15762 |
other |
phpBB Cash_Mod admin_cash.php Arbitrary Command Execution |
Checks for the presence of admin_cash.php |
| 15760 |
other |
PowerPortal index.php index_page Parameter SQL Injection |
Checks the version of the remote PowerPortal Installation |
| 15750 |
other |
Webman I-Mall i-mall.cgi Arbitrary Command Execution |
Checks for the presence of i-mall.cgi |
| 15722 |
other |
CVSTrac Detection |
Detects the presence of CVSTrac |
| 15721 |
other |
PostNuke Detection |
Detects the presence of PostNuke |
| 15720 |
other |
EGroupware Software Detection |
Detects the presence of EGroupWare |
| 15719 |
other |
EGroupWare Multiple Vulnerabilities (SQLi, ID) |
Checks for the version of EGroupWare |
| 15718 |
other |
SquirrelMail decodeHeader HTML injection vulnerability |
Check Squirrelmail for HTML injection vulnerability |
| 15717 |
other |
Goollery < 0.04b Multiple Vulnerabilities |
Checks fot the presence of Goollery XSS flaw in viewpic.php |
| 15711 |
other |
phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion |
Checks for PhpGroupWare version |
| 15710 |
other |
Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS |
Checks for the presence of cgi.rb |
| 15708 |
other |
PHP < 3.0 mylog.html/mlog.html Arbitrary File Access |
Checks PHP mylog.html/mlog.html arbitrary file access |
| 15651 |
other |
Mantis < 0.19.1 Multiple Vulnerabilities |
Checks for the version of Mantis |
| 15643 |
other |
IceWarp Web Mail Multiple Flaws (2) |
Check the version of IceWarp WebMail |
| 15639 |
other |
Moodle < 1.4.3 Multiple Vulnerabilities |
Determines if Moodle is older than 1.4.3 |
| 15624 |
other |
Gallery Unspecified HTML Injection |
Checks for the version of Gallery |
| 15604 |
other |
Horde Software Detection |
Checks for the presence of Horde |
| 15565 |
other |
Bugzilla Multiple Remote Command Execution |
Checks for the version of bugzilla |
| 15564 |
other |
Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow |
Checks for the presence of /_maincfgret.cgi |
| 15562 |
other |
Bugzilla < 2.16.7 / 2.18.0rc3 Multiple Information Disclosures |
Checks for the presence of Bugzilla |
| 15561 |
other |
UBB.threads dosearch.php SQL injection |
SQL Injection in UBB.threads |
| 15557 |
other |
WowBB <= 1.61 Multiple Vulnerabilities |
Checks WowBB version |
| 15556 |
other |
DevoyBB Multiple Remote Vulnerabilities (SQLi, XSS) |
Checks DevoyBB version |
| 15543 |
other |
Serendipity Multiple Script HTTP Response Splitting |
Checks for the presence of Serendipity |
| 15542 |
other |
Netbilling nbmember.cgi cmd Parameter Information Disclosure |
Checks for nbmember.cgi |
| 15541 |
other |
IdealBB Multiple Vulnerabilities (XSS, SQLi, more) |
Checks IdealBB version |
| 15531 |
other |
Coppermine Photo Gallery Voting Restriction Bypass |
Does a version check |
| 15530 |
other |
Coppermine Photo Gallery Detection |
Checks for presence of Coppermine |
| 15529 |
other |
Open WebMail userstat.pl Arbitrary Command Execution |
Checks for Arbitrary Command Execution flaw in Open WebMail's userstat.pl |
| 15506 |
other |
CoolPHP 1.0 Multiple Vulnerabilities |
Checks for CoolPHP |
| 15478 |
other |
phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution |
Checks the version of phpMyAdmin |
| 15470 |
other |
BugPort Attached File Handling Unspecified Issue |
Checks for BugPort version |
| 15469 |
other |
IceWarp Web Mail Multiple Flaws (1) |
Check the version of IceWarp WebMail |
| 15468 |
other |
ocPortal index.php req_path Parameter Remote File Inclusion |
Determines if ocPortal can include third-party files |
| 15466 |
other |
bBlog rss.php p Parameter SQL Injection |
Check bBlog version |
| 15461 |
other |
CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi) |
Checks CactuShop flaws |
| 15453 |
other |
DUware Products Multiple Remote Vulnerabilities (SQLi, XSS) |
Determines if the remote ASP scripts are vulnerable to SQL injection |
| 15452 |
other |
Zanfi CMS Lite index.php inc Parameter Remote File Inclusion |
Determines if Zanfi CMS can include third-party files |
| 15451 |
other |
GoSmart Message Board Multiple Vulnerabilities (SQLi, XSS) |
Checks GoSmart message board flaws |
| 15450 |
other |
BlackBoard Internet Newsboard System checkdb.inc.php libpath Variable Remote File Inclusion |
Checks BlackBoard Internet Newsboard System version |
| 15443 |
other |
WordPress wp-login.php HTTP Response Splitting |
Checks for HTTP response splitting vulnerability in WordPress < 1.2.1 |
| 15442 |
other |
CubeCart index.php cat_id Parameter SQL Injection |
SQL Injection in CubeCart |
| 15437 |
other |
w-Agora Multiple Script Traversal Arbitrary File Access |
Checks for directory traversal in w-Agora |
| 15433 |
other |
PHP-Fusion 4.01 Multiple Vulnerabilities |
Checks the version of the remote PHP-Fusion |
| 15403 |
other |
Silent-Storm Portal Multiple Input Validation Vulnerabilities |
Checks for vulnerabilities in Silent-Storm Portal |
| 15402 |
other |
w-Agora 4.1.6a Multiple Input Validation Vulnerabilities |
Checks for vulnerabilities in w-Agora |
| 15401 |
other |
Icecast MP3 Client HTTP GET Request Remote Overflow |
Check icecast version |
| 15396 |
other |
Icecast Encoded Traversal Arbitrary File Access |
Check icecast version |
| 14847 |
other |
Vignette Application Portal Diagnostic Utility Information Disclosure |
Request /portal/diag |
| 14842 |
other |
Serendipity < 0.7.0beta3 Multiple Vulnerabilities |
Checks for SQL injection vulnerability in Serendipity |
| 14837 |
other |
PD9 MegaBBS Multiple Vulnerabilities |
Checks for the presence of MegaBBS |
| 14830 |
other |
@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion |
Checks for @lex guestbook |
| 14828 |
other |
BroadBoard Multiple Script SQL Injection |
SQL Injection |
| 14824 |
other |
Pinnacle ShowCenter Skin DoS |
Checks skin DoS in Pinnacle ShowCenter |
| 14817 |
other |
aspWebAlbum album.asp SQL Injection |
SQL Injection |
| 14816 |
other |
aspWebCalendar calendar.asp SQL Injection |
SQL Injection |
| 14806 |
other |
YaBB 1 Gold < 1.3.2 Multiple Input Validation Vulnerabilities |
Determines the version of YaBB 1 Gold |
| 14805 |
other |
Emulive Server4 Authentication Bypass |
Requests the admin page of the remote EmuLive Server4 |
| 14793 |
other |
TUTOS < 1.1.20040412 Multiple Input Validation Issues |
Checks the version of Tutos |
| 14787 |
other |
phpMyBackupPro < 1.0.0 Unspecified Input Validation Issues |
Fetches the version of phpMyBackupPro |
| 14786 |
other |
BBS E-Market Professional index.php filename Variable Traversal Arbitrary File Access |
Directory Traversal Attempt |
| 14785 |
other |
vBulletin authorize.php x_invoice_num Variable SQL Injection |
Checks the version of vBulletin |
| 14784 |
other |
TUTOS < 1.2 Multiple Input Validation Vulnerabilities |
Checks the version of Tutos |
| 14782 |
other |
YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities |
Checks YaBB.pl XSS |
| 14733 |
other |
PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access |
Determines if perldesk is vulnerable to a file inclusion |
| 14722 |
other |
WebLogic < 8.1 SP3 Multiple Vulnerabilities |
Checks the version of WebLogic |
| 14719 |
other |
Turbo Seek tseekdir.cgi location Parameter Arbitrary File Access |
Checks for the presence of tseekdir.cgi |
| 14715 |
other |
OpenCA crypto-utils.lib libCheckSignature Function Signature Validation Weakness |
Checks for the version of OpenCA |
| 14714 |
other |
OpenCA Multiple Signature Validation Bypass |
Checks for the version of OpenCA |
| 14713 |
other |
Simple Form Subject Tags Arbitrary Mail Relay |
Checks for Mail Relaying via Subject Tags Vulnerability in Simple Form |
| 14656 |
other |
MailEnable Professional HTTPMail GET Request Remote Overflow |
Checks for GET Overflow Vulnerability in MailEnable HTTPMail Service |
| 14655 |
other |
MailEnable HTTPMail Service Content-Length Header Overflow |
Checks for Content-Length Overflow Vulnerability in MailEnable HTTPMail Service |
| 14654 |
other |
MailEnable HTTPMail Service Authorization Header Handling Remote DoS |
Checks for authorization header DoS vulnerability in MailEnable HTTPMail service |
| 14636 |
other |
IlohaMail Unspecified Database Password Disclosure Weakness |
Checks for Password Disclosure vulnerability in IlohaMail |
| 14635 |
other |
IlohaMail Multiple External Programs Arbitrary Command Execution |
Checks for External Programs vulnerabilities in IlohaMail |
| 14633 |
other |
IlohaMail Forged GET/POST Arbitrary Contacts Deletion |
Checks for Contacts Deletion vulnerability in IlohaMail |
| 14632 |
other |
IlohaMail Attachment Arbitrary File Create/Overwrite |
Checks for Attachment Upload vulnerability in IlohaMail |
| 14631 |
other |
IlohaMail index.php session Parameter Arbitrary File Access |
Checks for Arbitrary File Access via Session Variable vulnerability in IlohaMail |
| 14630 |
other |
IlohaMail index.php init_lang Variable Arbitrary File Access |
Checks for Arbitrary File Access via Language Variable vulnerability in IlohaMail |
| 14629 |
other |
IlohaMail Software Detection |
Checks for the presence of IlohaMail |
| 14615 |
other |
TorrentTrader download.php id Parameter SQL Injection |
Checks for the presence of SQL injection in TorrentTrader |
| 14382 |
other |
WebMatic Unspecified Login Function Access Vulnerability |
Checks the version of WebMatic |
| 14379 |
other |
Merak Webmail / IceWarp Web Mail 5.2.8 Multiple Vulnerabilties |
Checks for Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail |
| 14370 |
other |
HastyMail HTML Attachment Script Execution |
Checks for version of HastyMail |
| 14365 |
other |
WebAPP Directory Traversal |
Checks for a directory traversal bug in WebAPP |
| 14364 |
other |
TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities |
Checks the version of TikiWiki |
| 14363 |
other |
INL ulog-php port.php proto Parameter SQL Injection |
Checks for the presence of a SQL injection vulnerability in ulog |
| 14359 |
other |
TikiWiki Unauthorized Page Access |
Checks the version of TikiWiki |
| 14356 |
other |
PHP-Fusion Database Backup Disclosure |
Checks the version of the remote PHP-Fusion |
| 14347 |
other |
AWStats rawlog.pm logfile Parameter Arbitrary Command Execution |
Determines the presence of AWstats awstats.pl |
| 14338 |
other |
Gallery save_photos.php Arbitrary Command Execution |
Checks for the version of Gallery |
| 14327 |
other |
MyDMS < 1.4.3 Multiple Vulnerabilities |
SQL injection against the remote MyDMS installation |
| 14325 |
other |
ZixForum ZixForum.mdb DIrect Request Database Disclosure |
Checks for ZixForum.mdb |
| 14324 |
other |
Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities |
Checks for the version of Mantis |
| 14312 |
other |
Trend Micro Scanmail for Domino nsf File Information Disclosure |
Checks for the presence ScanMail files |
| 14308 |
other |
BasiliX Application Installation Detection |
Checks for the presence of BasiliX |
| 14306 |
other |
Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure |
Checks for attachment disclosure vulnerability in BasiliX |
| 14305 |
other |
Basilix Webmail Attachment Crafted POST Arbitrary File Access |
Checks for arbitrary file disclosure vulnerability in BasiliX |
| 14304 |
other |
BasiliX login.php3 username Variable Arbitrary Command Execution |
Checks for arbitrary command execution vulnerability in BasiliX |
| 14300 |
other |
Sympa wwsympa.fcgi Unauthorised List Creation |
Checks sympa version |
| 14299 |
other |
Sympa wwsympa Invalid LDAP Password Remote DoS |
Checks sympa version |
| 14298 |
other |
Sympa wwsympa do_search_list Overflow DoS |
Checks sympa version |
| 14296 |
other |
phpGroupWare Multiple Module SQL Injection |
Checks for PhpGroupWare version |
| 14295 |
other |
phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution |
Checks for PhpGroupWare version |
| 14294 |
other |
phpGroupWare Unspecified Remote File Inclusion |
Checks for PhpGroupWare version |
| 14293 |
other |
phpGroupWare Admin/Setup Password Cleartext Cookie Storage |
Checks for PhpGroupWare version |
| 14292 |
other |
phpGroupWare index.php Addressbook XSS |
Checks for PhpGroupWare version |
| 14291 |
other |
CVSTrac timeline.c timeline_page Function Overflow |
Checks for CVSTrac version |
| 14290 |
other |
CVSTrac Ticket Title Arbitrary Command Execution |
Checks for CVSTrac version |
| 14289 |
other |
CVSTrac Malformed URI Infinite Loop DoS |
Checks for CVSTrac version |
| 14288 |
other |
CVSTrac chdir() chroot Jail Escape |
Checks for CVSTrac version |
| 14287 |
other |
CVSTrac Invalid Ticket DoS |
Checks for CVSTrac version |
| 14286 |
other |
CVSTrac history.c history_update Function Overflow |
Checks for CVSTrac version |
| 14285 |
other |
CVSTrac Database Plaintext Password Storage |
Checks for CVSTrac version |
| 14284 |
other |
CVSTrac cgi.c Multiple Overflows |
Checks for CVSTrac version |
| 14283 |
other |
CVSTrac CVSROOT/passwd Arbitrary Account Deletion |
Checks for CVSTrac version |
| 14269 |
other |
YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution |
Checks for YaPiG version |
| 14258 |
other |
phpMyFAQ index.php action Variable Local File Inclusion |
Check the version of phpMyFAQ |
| 14255 |
other |
Microsoft Outlook Web Access (OWA) Version Detection |
Outlook Web Access version check |
| 14237 |
other |
Goscript go.cgi Arbitrary Command Execution |
Goscript command execution detection |
| 14233 |
other |
ASPrunner 2.4 Multiple Vulnerabilities |
Check for multiple flaws in ASPrunner |
| 14232 |
other |
PSCS VPOP3 messagelist.html msglistlen Parameter DoS |
Attempt to DoS PSCS VPOP3 |
| 14227 |
other |
Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection |
Determine Snitz forums version |
| 14226 |
other |
phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection |
Check for phpBB Fetch All version |
| 14224 |
other |
Simple Form Multiple Parameter Arbitrary Mail Relaying |
Checks for Mail Relaying Vulnerability in Simple Form |
| 14222 |
other |
RiSearch show.pl Arbitrary File Access |
Determines the presence of RiSearch show.pl |
| 14221 |
other |
Open WebMail Detection |
Checks for the presence of Open WebMail |
| 14220 |
other |
CVSTrac filediff Arbitrary Remote Code Execution |
Checks for CVSTrac version |
| 14219 |
other |
Basilix Webmail id Variable SQL Injection |
Checks for SQL injection vulnerability in BasiliX |
| 14194 |
other |
Nucleus CMS action.php itemid Parameter SQL Injection |
Nucleus Version Check |
| 14193 |
other |
Polar HelpDesk Authentication Bypass |
Checks for Polar HelpDesk |
| 14191 |
other |
Tivoli Directory Server ldacgi.exe Template Variable Traversal Arbitrary File Access |
IBM Tivoli Directory Traversal |
| 14190 |
other |
PostNuke Install Script Admin Password Disclosure |
Determines if PostNuke's install.php is readable |
| 14188 |
other |
phpMyFAQ Image Upload Authentication Bypass |
Check the version of phpMyFAQ |
| 14187 |
other |
AntiBoard antiboard.php Multiple Parameter SQL Injection |
AntiBoard SQL Injection |
| 14183 |
other |
Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS) |
Checks for Comersus |
| 14182 |
other |
MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities |
Determine if math_sum.cgi is installed |
| 14180 |
other |
RiSearch show.pl Open Proxy Relay |
Determines the presence of RiSearch's search.pl |
| 13859 |
other |
osTicket open.php Support Address Crafted Mail Loop Remote DoS |
Checks for Support Address DoS osTicket |
| 13858 |
other |
osTicket Detection |
Checks for the presence of osTicket |
| 13849 |
other |
Horde Chora Software Detection |
Checks for the presence of Chora |
| 13847 |
other |
OpenDocMan Access Control Bypass |
Determines if OpenDocMan is present |
| 13845 |
other |
EasyWeb FileManager pathtext Traversal Arbitrary File/Directory Access |
Determines if EasyWeb FileManager is present |
| 13843 |
other |
Moodle < 1.3.3 Cross-Site Scripting Vulnerability |
Attempts a non-persistent XSS |
| 13842 |
other |
Mensajeitor Tag Board Admin Bypass |
Mensajeitor test |
| 13655 |
other |
phpBB < 2.0.9 Multiple Vulnerabilities |
SQL Injection |
| 13650 |
other |
PHP < 4.3.8 Multiple Vulnerabilities |
Checks for version of PHP |
| 13648 |
other |
osTicket Arbitrary Attachment Disclosure |
Checks for Attachment Viewing Vulnerability in osTicket |
| 13647 |
other |
osTicket setup.php Accessibility |
Checks Accessibility of osTicket's setup.php |
| 13646 |
other |
osTicket Form Field Modification File Upload Size Restriction Bypass |
Checks for Large Attachment Vulnerability in osTicket |
| 13645 |
other |
osTicket Attachment Handling File Upload Arbitrary Code Execution |
Checks for Attachment Code Execution Vulnerability in osTicket |
| 13635 |
other |
Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more) |
Checks for the presence of bugzilla |
| 12647 |
other |
SquirrelMail Detection |
Checks for SquirrelMail |
| 12643 |
other |
IMP Software Detection |
Checks for the presence of IMP |
| 12637 |
other |
Open WebMail vacation.pl Arbitrary Command Execution |
Checks for Arbitrary Command Execution flaw in Open WebMail's vacation.pl |
| 12300 |
other |
Inktomi Search MS-DOS Device Name Request Path Disclosure |
Checks for a Inktomi Search vulnerability |
| 12281 |
other |
Horde Chora CVS Viewer diff Utility Arbitrary Command Execution |
Checks for remote code execution vulnerability in Chora |
| 12278 |
other |
Gallery init.php Authentication Bypass |
Attempts to bypass authentication in Gallery |
| 12272 |
other |
US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure |
US Robotics Password Check |
| 12271 |
other |
MS04-017: Crystal Reports Web Viewer Could Allow Information Disclosure and DoS (842689) (uncredentialed check) |
Crystal Report virtual directory traversal |
| 12269 |
other |
EDIMAX EW-7205APL Wireless AP Default Password Check |
EDIMAX Hidden Password Check |
| 12268 |
other |
Invision Power Board ssi.php f Parameter SQL Injection |
Detect Invision Power Board ssi.php SQL Injection |
| 12258 |
other |
NETGEAR Wireless Access Point Hardcoded Default Password |
NETGEAR Hidden Password Check |
| 12256 |
other |
jPortal print.inc.php id Parameter SQL Injection |
SQL Injection |
| 12251 |
other |
RealServer /admin/Docs/default.cfg Information Disclosure |
RealServer default.cfg file search |
| 12245 |
other |
Java (.java / .class) Source Code Disclosure |
Java Source Code Disclosure check |
| 12234 |
other |
Terminal Services Web Detection |
Find instances of tsweb |
| 12227 |
other |
HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more) |
HP JetAdmin 7.0 or less vulnerability |
| 12202 |
other |
Nuked-Klan index.php user_langue Parameter Traversal Arbitrary File Access |
Determine if Nuked-klan is vulnerable to a file include attack |
| 12198 |
other |
Ultimate PHP Board add.php Direct Request Information Disclosure |
Checks for UPB |
| 12127 |
other |
Aborior Encore WebForum display.cgi file Variable Command Execution |
Detects display.cgi |
| 12123 |
other |
Apache Tomcat source.jsp Arbitrary Directory Listing |
Checks for the Tomcat source.jsp malformed request vulnerability |
| 12120 |
other |
HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access |
HP JetAdmin directory traversal attack |
| 12097 |
other |
cPanel <= 9.1.0 Multiple Vulnerabilities |
CGI abuses |
| 12096 |
other |
cfWebStore Multiple Vulnerabilities (SQLi, XSS) |
SQL Injection |
| 12095 |
other |
Emumail WebMail Multiple Remote Vulnerabilities (XSS, Disc) |
version test for Emumail |
| 12089 |
other |
HotOpentickets Privilege Escalation |
Checks for HotOpenTicket |
| 12088 |
other |
SpiderSales Shopping Cart SQL injection |
Checks for the presence of SpiderSales Shopping cart |
| 12077 |
other |
Netscape Enterprise Server Default Files Present |
Checks for Netscape Enterprise Server default files |
| 12074 |
other |
TalentSoft Web+ webplus.exe Path Disclosure |
Checks for Webplus install path disclosure |
| 12068 |
other |
X-News Password MD5 Hash Authentication Bypass |
Check if version of x-news 1.x is installed |
| 12064 |
other |
ShopCartCGI Multiple Script Traversal Arbitrary File Access |
Checks ShopCart |
| 12062 |
other |
Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities |
More.php MoSQL Injection |
| 12059 |
other |
SandSurfer < 1.7.0 User Authentication Bypass |
Checks for SandSurfer |
| 12043 |
other |
BEA WebLogic config.xml Operator/Admin Password Disclosure |
Checks the version of WebLogic |
| 12042 |
other |
ReviewPost PHP Pro Multiple Script SQL Injections |
SQL Injection |
| 12041 |
other |
phpMyAdmin export.php what Parameter Traversal Arbitrary File Access |
Checks phpMyAdmin |
| 12040 |
other |
Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution |
Checks Qualiteam X-Cart |
| 12038 |
other |
Photopost PHP Pro photo Parameter SQL Injection |
SQL Injection |
| 12035 |
other |
PJ CGI Neo PJreview_Neo.cgi p Parameter Traversal Arbitrary File Access |
Checks Aprox Portal |
| 12034 |
other |
phpGedView arbitrary file reading |
Checks Aprox Portal |
| 12033 |
other |
Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution |
Checks for command execution in LeifWright's blog.cgi |
| 12032 |
other |
JBrowser Admin Authentication Bypass Vulnerability |
Checks JBrowser |
| 12031 |
other |
Aprox PHP Portal index.php Arbitrary File View |
Checks Aprox Portal |
| 12030 |
other |
Gallery HTTP Global Variables File Inclusion |
Checks for the presence of init.php |
| 12026 |
other |
PHPix index.phtml Multiple Parameter Arbitrary Command Execution |
Detect phpix cmd execution |
| 12025 |
other |
Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion |
Detect mambo code injection vuln |
| 12020 |
other |
XTreme ASP Photo Gallery adminlogin.asp Multiple Variable SQL Injection |
SQL Injection in XTreme ASP Photo Gallery |
| 12008 |
other |
PhpDig config.php relative_script_path Parameter Remote File Inclusion |
Detect phpdig code injection vuln |
| 11981 |
other |
vBulletin calendar.php eventid Variable SQL Injection |
Detect vBulletin Calendar SQL Injection |
| 11979 |
other |
HotNews Multiple Script Remote File Inclusion |
Checks for the presence of HotNews |
| 11976 |
other |
EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion |
Checks for the presence of EasyDynamicPages |
| 11975 |
other |
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/quickstore.cgi |
| 11973 |
other |
BulletScript MailList bsml.pl Information Disclosure |
Check bml.pl for information disclosure |
| 11969 |
other |
PHPCatalog id Parameter SQL Injection |
SQL Injection |
| 11966 |
other |
PHP-Ping php-ping.php count Parameter Arbitrary Command Execution |
Detect PHP Ping Code Execution |
| 11954 |
other |
SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure |
sgdynamo.exe Path Disclosure |
| 11942 |
other |
VP-ASP shopsearch SQL injection (SQLi) |
Checks for the presence of VP-ASP |
| 11940 |
other |
CuteNews Debug Info Disclosure |
Checks for the presence of cutenews |
| 11939 |
other |
Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow |
Checks for the presence of foxweb.exe or foxweb.dll |
| 11938 |
other |
phpBB < 2.0.7 Multiple Script SQL Injection |
SQL Injection |
| 11931 |
other |
My_eGallery < 3.1.1g Remote File Inclusion |
Checks for the version of My_eGallery |
| 11917 |
other |
Bugzilla Multiple Vulnerabilities (SQLi, ID) |
Checks the Bugzilla version number |
| 11914 |
other |
TheServer server.ini Direct Request Cleartext Credentials Disclosure |
TheServer stores clear text passwords in server.ini |
| 11911 |
other |
Les Visiteurs Multiple Remote File Inclusion |
Les Visiteurs inc file upload |
| 11877 |
other |
myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion |
Checks for the presence of contacts.php |
| 11876 |
other |
Gallery index.php GALLERY_BASEDIR Variable Remote File Inclusion |
Checks for the presence of 'setup/index.php' |
| 11873 |
other |
PayPal Store Front index.php page Parameter Remote File Inclusion |
Checks for the presence of index.php |
| 11872 |
other |
Microsoft IIS ODBC Tool getdrvrs.exe DSN Creation |
Checks for the presence of ODBC tools |
| 11866 |
other |
WordPress blog.header.php Multiple Parameter SQL Injection |
Checks for the presence of cafe wordpress |
| 11836 |
other |
myPHPNuke My_eGallery gallery/displayCategory.php basepath Variable Remote File Inclusion |
Checks for the presence of displayCategory.php |
| 11833 |
other |
EZsite Forum Discloses Passwords to Remote Users |
Checks for EZsiteForum.mdb password database |
| 11824 |
other |
myPHPNuke phptonuke.php filnavn Parameter Traversal Arbitrary File Access |
Reads file through phptonuke.php |
| 11817 |
other |
Stellar Docs Malformed Query Path Disclosure |
SQL Injection and more. |
| 11816 |
other |
phpWebSite < 0.9.x Multiple Vulnerabilities |
SQL Injection and more. |
| 11806 |
other |
paFileDB <= 3.1 Multiple Vulnerabilities (1) |
Checks for multiple vulnerabilities in paFileDB 3.1 and Older |
| 11805 |
other |
e107 db.php User Database Disclosure |
e107 flaw |
| 11799 |
other |
ashNews 0.83 Multiple Vulnerabilities |
Checks for the presence of ashnews.php |
| 11796 |
other |
Forum51/Board51/News51 Users Disclosure |
Checks for the presence of user.idx |
| 11795 |
other |
AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc) |
Checks for the presence of remotehtmlview.php |
| 11794 |
other |
WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access |
Checks for file reading flaw in WebCalendar |
| 11786 |
other |
VP-ASP shopexd.asp catalogid Parameter SQL Injection |
Determine if ProductCart is vulnerable to a sql injection attack |
| 11785 |
other |
ProductCart Multiple Vulnerabilities |
Determine if ProductCart is vulnerable to a sql injection attack |
| 11782 |
other |
iXmail index.php password Parameter SQL injection |
Checks for iXMail |
| 11781 |
other |
iXmail Multiple Script Arbitrary File Manipulation |
Checks for iXMail |
| 11780 |
other |
Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities |
Checks directory traversal & version number of mailreader.com software |
| 11776 |
other |
Carello E-Commerce Carello.dll Command Execution |
Checks for the presence of carello.dll |
| 11775 |
other |
Sambar Server Multiple CGI Environment Variable Disclosure |
Some CGIs reveal the web server installation directory |
| 11771 |
other |
Alt-N WebAdmin Multiple Vulnerabilities |
Checks for the presence of webadmin.dll |
| 11767 |
other |
phpBB viewtopic.php topic_id Variable SQL Injection |
SQL Injection |
| 11766 |
other |
pMachine <= 2.2.1 Multiple Vulnerabilities |
Checks for the presence of search/index.php |
| 11763 |
other |
Kerio WebMail < 5.7.7 Multiple Vulnerabilities |
Checks for Kerio MailServer |
| 11761 |
other |
phpMyAdmin < 2.5.2 Multiple Vulnerabilities |
Checks for the presence of phpMyAdmin |
| 11758 |
other |
eLDAPo index.php Cleartext Password Disclosure |
Checks for eLDAPo |
| 11753 |
other |
SquirrelMail Multiple Remote Vulnerabilities |
Determine if squirrelmail reads arbitrary files |
| 11751 |
other |
Dune Web Server GET Request Remote Overflow |
Checks for Dune Overflow |
| 11750 |
other |
Psunami.CGI Command Execution |
Checks for Psunami.CGI |
| 11749 |
other |
Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution |
Checks the version of the remote Vignette StoryServer |
| 11748 |
other |
Multiple Dangerous CGI Script Detection |
Checks for dangerous cgi scripts |
| 11747 |
other |
Trend Micro Emanager Detection |
Check for certain Trend Micro dlls |
| 11746 |
other |
AspUpload Test11.asp Arbitrary File Upload |
Checks for the AspUpload software |
| 11745 |
other |
Hosting Controller Multiple Script Arbitrary Directory Browsing |
Checks for the vulnerable instances of Hosting Controller |
| 11744 |
other |
PostNuke Glossary Module page Parameter SQL Injection |
Determines if PostNuke is vulnerable to SQL injection |
| 11740 |
other |
Infinity CGI Exploit Scanner Multiple Vulnerabilities |
Checks for the presence of nph-exploitscanget.cgi |
| 11739 |
other |
pMachine lib.inc.php pm_path Parameter Remote File Inclusion |
Checks for the presence of lib.inc.php |
| 11735 |
other |
Mnogosearch search.cgi Multiple Parameter Remote Overflows |
Checks for search.cgi |
| 11732 |
other |
Netwin WebNews Webnews.exe Remote Overflow |
Checks for the Webnews.exe file |
| 11731 |
other |
Lucent VitalNet VsSetCookie.exe Unauthorized Access |
Checks for the VsSetCookie.exe file |
| 11730 |
other |
Netdynamics ndcgi.exe Previous User Session Replay |
Checks for the ndcgi.exe file |
| 11729 |
other |
ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval |
Checks for the ion-p.exe file |
| 11728 |
other |
Mobius DocumentDirect ddicgi.exe Long GET Request Overflow |
Checks for the ddicgi.exe file |
| 11727 |
other |
NetWin CWmail.exe Item Parameter Remote Overflow |
Checks for the cwmail.exe file |
| 11726 |
other |
CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval |
Checks for the csnews.cgi file |
| 11725 |
other |
Behold! Software counter.exe Malformed HTTP Request Counter Log DoS |
Checks for the counter.exe file |
| 11724 |
other |
BEA WebLogic FileServlet Source Code Disclosure |
Checks for WebLogic file disclosures |
| 11723 |
other |
PDGSoft Shopping Cart Multiple Vulnerabilities |
Checks for PDGSoft Shopping cart executables |
| 11722 |
other |
Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval |
Checks for the cgiWebupdate.exe file |
| 11721 |
other |
Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval |
Checks for the cgimail.exe file |
| 11719 |
other |
SHOUTcast Server admin.cgi Long Argument Overflow |
Overflows admin.cgi |
| 11708 |
other |
zenTrack index.php configFile Parameter Traversal Arbitrary Files Access |
Checks for the presence of zenTrack's index.php |
| 11706 |
other |
Spyke Multiple Remote Vulnerabilities |
Checks for the presence of info.dat |
| 11703 |
other |
WordPress < 0.72 RC1 Multiple Vulnerabilities |
Checks for the presence of WordPress |
| 11702 |
other |
zenTrack index.php Multiple Parameter Remote File Inclusion |
Checks for the presence of zenTrack's index.php |
| 11700 |
other |
ImageFolio Default Password |
Logs in as Admin/ImageFolio |
| 11698 |
other |
Xpressions Interactive Multiple Products login.asp SQL Injection |
Attempts SQL Injection |
| 11697 |
other |
IRCXPro Default Admin Password |
Logs into the remote administrative interface of ircxpro |
| 11694 |
other |
P-Synch Password Management Multiple Vulnerabilities |
P-Synch issues |
| 11692 |
other |
WebStores 2000 browse_item_details.asp SQL injection |
WebStores 2000 SQL injection |
| 11690 |
other |
JBoss %00 Request JSP Source Disclosure |
Attempts to read the source of a jsp page |
| 11688 |
other |
WF-Chat User Account Disclosure |
Checks for the presence of !pwds.txt |
| 11684 |
other |
rot13sj.cgi Arbitrary File Access |
Checks for rot13sj.cgi |
| 11682 |
other |
Philboard /database/philboard.mdb Direct Request Database Disclosure |
Downloads philboard.mdb |
| 11678 |
other |
Super-M Son hServer URI Traversal Arbitrary File Access |
Attempt to read an arbitrary file outside. |
| 11676 |
other |
PostNuke Rating System DoS |
Determine if a remote host is vulnerable to the PostNuke rating DoS vulnerability |
| 11675 |
other |
Philboard philboard_admin.ASP Authentication Bypass |
Try to bypass Philboard philboard_admin.ASP Authentication |
| 11671 |
other |
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution |
Checks for UPB |
| 11670 |
other |
Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc) |
sends a rotten cookie to the remote host |
| 11669 |
other |
P-News p-news.php Name Field Privilege Escalation |
Checks for the presence of p-news.php |
| 11668 |
other |
Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion |
Checks for the presence of shoutbox.php |
| 11667 |
other |
CafeLog B2 Multiple Script Remote File Inclusion |
Checks for the presence of 'gm020b2.php' |
| 11666 |
other |
PostNuke Sections Module Information Disclosure |
Determine if a remote host is vulnerable to the opendir.php vulnerability |
| 11663 |
other |
iisPROTECT Encoded URL Authentication Bypass |
Determines if iisprotect can be escaped |
| 11662 |
other |
iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection |
Determines if iisPROTECT is password-protected |
| 11661 |
other |
iisPROTECT Unpassworded Administrative Interface |
Determines if iisprotect is password-protected |
| 11660 |
other |
TextPortal Default Passwords |
Logs into the remote TextPortal interface |
| 11659 |
other |
ArGoSoft Mail Server Multiple Remote Vulnerabilities (XSS, DoS, Traversal) |
Gets the version of the remote ArGoSoft server |
| 11658 |
other |
Sun ONE Application Server Upper Case Request JSP Source Disclosure |
Attempts to read the source of a jsp page |
| 11657 |
other |
Synchrologic Email Accelerator aggregate.asp User Account Disclosure |
Determines if Synchrologic is installed |
| 11655 |
other |
D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS |
Checks the firmware version of the remote D-Link router |
| 11653 |
other |
Mantis < 0.17.5 Multiple Vulnerabilities |
Checks for the version of Mantis |
| 11652 |
other |
Mantis Detection |
Checks for the presence of Mantis |
| 11647 |
other |
BLNews objects.inc.php4 Server[path] Variable Remote File Inclusion |
Checks for the presence of objects.inc.php4 |
| 11646 |
other |
Horde Turba status.php Path Disclosure |
Checks for status.php |
| 11643 |
other |
OneOrZero Helpdesk tupdate.php sg Parameter SQL injection |
Determines OneOrZero is installed |
| 11639 |
other |
webERP Configuration File Remote Access |
Determines if webERP is installed |
| 11638 |
other |
Microsoft BizTalk Server Multiple Remote Vulnerabilities |
Determines if BizTalk is installed |
| 11636 |
other |
ttCMS 2.2 Multiple Vulnerabilities |
Attempts to include a file |
| 11630 |
other |
php-proxima autohtml.php Arbitrary File Retrieval |
Determines owl is installed |
| 11629 |
other |
Poster version.two index.php Account Manipulation Privilege Escalation |
Checks if Poster version.two is installed |
| 11627 |
other |
WebLogic Multiple Method Cleartext Password Disclosure |
Checks the version of WebLogic |
| 11626 |
other |
Owl browse.php Authentication Bypass |
Determines owl is installed |
| 11623 |
other |
miniPortail admin.php Cookie Manipulation Security Bypass |
Determine if miniPortail can abused |
| 11621 |
other |
Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection |
Determine if Snitz forums is vulnerable to a cmd exec flaw |
| 11617 |
other |
Horde test.php Direct Reqest Information Disclosure |
Checks if test.php is available in Horde et al |
| 11615 |
other |
ttforum Multiple Vulnerabilities |
Determines if ttforum is vulnerable to code injection |
| 11611 |
other |
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite |
Determine if counter.php is present |
| 11605 |
other |
Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution |
Checks for Ikonboard.cgi |
| 11604 |
other |
BEA WebLogic SSIServlet Invocation Source Code Disclosure |
BEA WebLogic may be tricked into revealing the source code of JSP scripts. |
| 11602 |
other |
HappyMall Multiple Script Arbitrary Command Execution |
Checks for HappyMall |
| 11601 |
other |
MailMaxWeb Cookie Application Path Disclosure |
Checks for MailMaxWeb |
| 11600 |
other |
NetCharts Server Default Password |
NetCharts Server Default Password |
| 11599 |
other |
Ocean12 ASP Guestbook Manager Database Download |
Checks for Ocean12 guestbook |
| 11597 |
other |
Snitz Forums 2000 3.4.03 Multiple Vulnerabilities |
Determine if Snitz forums is vulnerable to xss attack |
| 11596 |
other |
SLMail WebMail Multiple Remote Overflows |
Determines if the remote SLWebMail server is flawed |
| 11590 |
other |
MPC SoftWeb Guestbook Multiple Vulnerabilities |
Checks for mpcsoftware_guestdata.mdb |
| 11589 |
other |
PT News Unauthorized Administrative Access |
Determine if PTNews grants administrative access to everyone |
| 11588 |
other |
YaBB SE < 1.5.2 Multiple Vulnerabilities |
Determine if YaBB SE can be used to execute arbitrary commands |
| 11587 |
other |
XMB member.php Multiple Parameter SQL Injection |
Determine if XMB forums is vulnerable to a sql injection attack |
| 11582 |
other |
Truegalerie admin.php loggedin Parameter Admin Authentication Bypass |
logs into the remote TrueGalerie installation |
| 11581 |
other |
Mike Bobbitt's album.pl Alternative Configuration File Remote Command Execution |
Determines the version of album.pl |
| 11569 |
other |
StockMan Shopping Cart shop.plx page Parameter Arbitrary Command Execution |
Determines the version of shop.plx |
| 11568 |
other |
StockMan Shopping Cart shop.plx Path Disclosure |
determines the remote root path |
| 11567 |
other |
CommuniGate Pro Referer Field Session Token Disclosure |
Checks the version of the remote CommunigatePro web Server |
| 11564 |
other |
Coppermine Photo Gallery displayimage.php SQL injection |
Does a version check |
| 11558 |
other |
Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure |
Macromedia ColdFusion MX Path Disclosure Vulnerability |
| 11557 |
other |
IdeaBox include.php ideaDir Parameter Remote File Inclusion |
Injects a path |
| 11555 |
other |
AN HTTPd count.pl Traversal Arbitrary File Overwrite |
Creates a file on the remote server |
| 11553 |
other |
Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink) |
Checks for the presence of bugzilla |
| 11550 |
other |
OpenBB index.php CID Parameter SQL Injection |
Tests for SQL Injection |
| 11549 |
other |
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access |
checks for readfile.tcl |
| 11548 |
other |
bttlxeForum login.asp Multiple Field SQL Injection |
Uses a SQL query as a password |
| 11542 |
other |
Web Wiz Forums wwforum.mdb Direct Request Database Disclosure |
Checks for wwforum.mdb |
| 11538 |
other |
eZ Publish settings/site.ini Configuration Disclosure |
Determine if eZ Publish config file can be retrieved |
| 11536 |
other |
Super Guestbook superguestconfig Admin Password Disclosure |
Checks for superguestconfig |
| 11533 |
other |
Web Wiz Site News / Compulsive Media CNU5 news.mdb Direct Request Database Disclosure |
Checks for news.mdb |
| 11532 |
other |
Instaboard index.cfm Multiple Parameter SQL Injection |
Checks for SQL insertion in Instaboad |
| 11531 |
other |
phPay admin/phpinfo.php Information Disclosure |
Checks for the presence of phpinfo.php |
| 11526 |
other |
Vignette StoryServer TCL Server Crash Information Disclosure |
Checks the version of the remote Vignette StoryServer |
| 11524 |
other |
Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution |
Checks for the presence of db_input.php |
| 11520 |
other |
HP Instant TopTools hpnst.exe CGI DoS |
Checks for hpnst.exe |
| 11516 |
other |
AutomatedShops WebC.cgi Multiple Overflows |
Checks for the presence of webc.cgi |
| 11515 |
other |
AutomatedShops WebC.cgi Installation Detection |
Checks for the presence of webc.cgi |
| 11509 |
other |
GTcatalog password.inc Direct Request Password Disclosure |
Checks for the presence of password.inc |
| 11505 |
other |
Ecartis HTML Field Manipulation Arbitrary User Password Reset |
Checks for the presence of lsg2.cgi |
| 11501 |
other |
Justice Guestbook 1.3 Multiple Vulnerabilities |
Checks for the presence of cfooter.php3 |
| 11500 |
other |
Beanwebb's Guestbook 1.0 Multiple Vulnerabilities |
Checks for the presence of admin.php |
| 11498 |
other |
Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access |
Checks for the presence of patch/index.php and docman/new.php |
| 11497 |
other |
E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion |
Checks for the presence of aff_list_langue.php |
| 11489 |
other |
My Guest Book (myGuestBk) Multiple Vulnerabilities |
Checks for the presence of admin/index.asp |
| 11488 |
other |
Horde IMP mailbox.php3 Multiple Variable SQL Injection |
Checks IMP version |
| 11487 |
other |
Advanced Poll info.php Remote Information Disclosure |
Checks for the presence of info.php |
| 11486 |
other |
WebLogic Servlets Multiple Vulnerabilities |
Checks the version of WebLogic |
| 11482 |
other |
PostNuke Members_List Module Information Disclosure |
Determine if a remote host is vulnerable to the opendir.php vulnerability |
| 11478 |
other |
paFileDB pafiledb.php Multiple Parameter SQL Injection |
Determine if pafiledb is vulnerable to a SQL injection |
| 11477 |
other |
DCP-Portal Multiple Script Path Disclosure |
Determine if DCP-Portal displays its physical path |
| 11476 |
other |
DCP-Portal lib.php root Parameter Remote File Inclusion |
Determine if DCP-Portal is vulnerable to an injection attack |
| 11472 |
other |
Nukestyles.com viewpage.php Addon for PHP-Nuke File Variable Traversal Arbitrary File Access |
viewpage.php is vulnerable to an exploit which lets an attacker view any file that the cgi/httpd user has access to. |
| 11471 |
other |
VChat Multiple Remote Vulnerabilities |
Checks for the presence of vchat/msg.txt |
| 11469 |
other |
SimpleChat Information Disclosure |
Checks for the presence of data/usr |
| 11467 |
other |
J Walk Application Server Encoded Directory Traversal Vulnerability |
Reads a file outside the web root |
| 11465 |
other |
O'Reilly WebSite Pro args.bat Arbitrary Command Execution |
Checks for the presence of /cgi-dos/args.bat |
| 11464 |
other |
Leif Wright ad.cgi file Parameter Arbitrary Command Execution |
Checks for the presence of /cgi-bin/ad.cgi |
| 11463 |
other |
Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe) |
Checks the Bugzilla version number |
| 11462 |
other |
Bugzilla Software Detection |
Checks for the presence of Bugzilla |
| 11461 |
other |
Adcycle build.cgi Remote Password Disclosure |
Checks for the presence of /cgi-bin/build.cgi |
| 11453 |
other |
Kebi Academy Home Page Administration file Parameter Traversal Arbitrary File Access |
kebi academy is vulnerable to an exploit which lets an attacker view any file that the cgi/httpd user has access to. |
| 11451 |
other |
Matt Wright textcounter.pl Arbitrary Command Execution |
Checks for the presence of /cgi-bin/textcounter.pl |
| 11447 |
other |
Nuked-Klan index.php Multiple Module Vulnerabilities |
Determine if Nuked-klan is vulnerable to xss attack |
| 11444 |
other |
PHP Mail Function Header Spoofing |
Checks for version of PHP |
| 11440 |
other |
Mozilla Bonsai Mutiple Flaws (Auth Bypass, XSS, Cmd Exec, PD) |
Determine if bonsai is vulnerable to xss attack |
| 11439 |
other |
XOOPS 1.0 RC1 Multiple Vulnerabilities |
Checks for XOOPS |
| 11438 |
other |
Apache Tomcat Directory Listing and File disclosure |
Apache Tomcat Directory listing and File Disclosure Bugs |
| 11436 |
other |
Guestbook tr3.a Password Disclosure |
Checks for the presence of passwd.txt |
| 11419 |
other |
Web Server Office File Inventory |
Displays office files |
| 11416 |
other |
OpenWebMail < 1.90 Multiple Vulnerabilities |
Determines the version of openwebmail |
| 11411 |
other |
Backup Files Disclosure |
Attempts to download file backups |
| 11402 |
other |
Sun ONE (iPlanet) Application Server Detection |
Sun ONE Application Server detection |
| 11401 |
other |
Thunderstone Software Texis Nonexistent File Request Path Disclosure |
Checks for texis.exe |
| 11400 |
other |
Thunderstone Software Texis Crafted Request Information Disclosure |
Checks for texis.exe |
| 11397 |
other |
VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution |
Determines the version of vpopmail.php |
| 11393 |
other |
ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure |
Checks for a ColdFusion vulnerability |
| 11377 |
other |
smb2www Proxy Bypass |
smb2www Detection |
| 11375 |
other |
smb2www Unspecified Arbitrary Remote Command Execution |
smb2www Command Execution |
| 11370 |
other |
Microsoft IIS fpcount.exe CGI Remote Overflow |
Is fpcount.exe installed ? |
| 11368 |
other |
Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/source |
| 11361 |
other |
Mambo Site Server MD5 Hash Session ID Privilege Escalation |
Checks for the presence of Mambo's flaw |
| 11360 |
other |
Wordit Logbook logbook.pl file Parameter Arbitrary File Access |
Checks for the presence of logbook.pl |
| 11359 |
other |
Upload Lite upload.cgi Arbitrary File Upload |
Checks for the presence of upload.cgi |
| 11345 |
other |
SimpleBBS users disclosure |
Checks for the presence of users.php |
| 11334 |
other |
popper_mod PHP Administration Script Authentication Bypass |
Checks if popper_mod is vulnerable |
| 11333 |
other |
WebWho+ whois.pl time Parameter Arbitrary Command Execution |
Checks if webwho.pl is vulnerable |
| 11328 |
other |
Kietu index.php Remote File Inclusion |
Checks for the presence of hit.php |
| 11324 |
other |
PHP-Ping index.php pingto Parameter Arbitrary Code Execution |
Checks for the presence of phpping |
| 11319 |
other |
GTcatalog index.php custom Parameter Remote File Inclusion |
Checks for the presence of index.php |
| 11315 |
other |
WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion |
Checks for the presence of Webchat's defines.php |
| 11310 |
other |
myphpPageTool /doc/admin/index.php ptinclude Parameter Remote File Inclusion |
Checks for the presence of index.html |
| 11298 |
other |
Axis 2400 Network Camera Multiple Vulnerabilities |
Reads the remote /var/log/messages |
| 11284 |
other |
TYPO3 < 3.5.0 Multiple Vulnerabilities |
Reads /etc/passwd |
| 11282 |
other |
Nuked-Klan 1.2b Multiple Vulnerabilities |
Executes phpinfo() |
| 11281 |
other |
cPanel guestbook.cgi template Variable Arbitrary Command Execution |
Executes /bin/id |
| 11280 |
other |
Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing |
Spoofs a session ID |
| 11279 |
other |
Webmin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing |
Spoofs a session ID |
| 11278 |
other |
Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities |
Checks QuickTime/Darwin server for parse_xml.cgi |
| 11276 |
other |
CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution |
Checks for the presence of search.php |
| 11275 |
other |
GOsa Multiple Script plugin Parameter Remote File Inclusion |
Checks for the presence of remotehtmlview.php |
| 11274 |
other |
WihPhoto sendphoto.php Traversal Arbitrary File Access |
Checks for the presence of remotehtmlview.php |
| 11273 |
other |
Invision Power Board ipchat.php root_path Parameter Remote File Inclusion |
Checks for root_path include flaw in ipchat.php |
| 11271 |
other |
Ipswitch IMail Web Interface URI Referer Session Token Disclosure |
Checks for version of IMail web interface |
| 11236 |
other |
PHP-Nuke Detection |
Determines if PHP-Nuke is installed on the remote host |
| 11233 |
other |
N/X Web Content Management Multiple Script Remote File Inclusion |
Checks for the presence of menu.inc.php |
| 11230 |
other |
Stronghold swish Search Script Information Disclosure |
Checks for the presence of cgi-bin/search |
| 11229 |
other |
Web Server info.php / phpinfo.php Detection |
Checks for phpinfo() output |
| 11221 |
other |
Pages Pro filenote Parameter Traversal Arbitrary File Modification |
Pages Pro CD directory traversal |
| 11208 |
other |
Netscape Enterprise Default Administrative Password |
Netscape Enterprise Default Administrative Password |
| 11190 |
other |
Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution |
Checks for the presence of a CGI |
| 11182 |
other |
DB4Web Server db4web_c Filename Request Traversal Arbitrary File Access |
Read any file through DB4Web |
| 11180 |
other |
DB4Web Server Debug Mode TCP Port Scanning Proxy |
DB4Web debug page allow bounce scan |
| 11176 |
other |
Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure |
Tomcat 4.x JSP Source Exposure |
| 11173 |
other |
Savant Web Server cgitest.exe Overflow |
Savant cgitest.exe buffer overflow |
| 11165 |
other |
vpopmail-CGIApps vpasswd.cgi Remote Command Execution |
Checks for the presence of vpasswd.cgi |
| 11163 |
other |
MondoSearch MsmMask.exe Arbitrary Script Source Disclosure |
Checks for the presence of /cgi-bin/msmMask.exe |
| 11151 |
other |
Webserver 4D Cleartext Password Storage |
Checks for Webserver 4D |
| 11139 |
other |
CGI Generic SQL Injection Vulnerability |
Some common SQL injection techniques |
| 11131 |
other |
Sambar Server Multiple CGI Remote Overflow |
Crashes Sambar web server |
| 11117 |
other |
phpPgAdmin sql.php goto Parameter Traversal Arbitrary File Access |
Checks for the presence of sql.php |
| 11116 |
other |
phpMyAdmin sql.php Traversal Arbitrary File Access |
Checks for the presence of sql.php |
| 11115 |
other |
Bharat Mediratta Gallery includedir Parameter Remote File Inclusion |
Checks for the presence of includes/needinit.php |
| 11109 |
other |
Achievo class.atkdateattribute.js.php config_atkroot Variable Remote File Inclusion |
Checks for the presence of Achievo |
| 11107 |
other |
Viralator CGI Script Arbitrary Command Execution |
Checks for the presence of /cgi-bin/viralator.cgi |
| 11106 |
other |
PHP-Nuke Network Tools Add-On Arbitrary Command Execution |
Executed 'id' through index.php |
| 11104 |
other |
Directory Manager edit_image.php Arbitrary Command Execution |
Detects edit_image.php |
| 11102 |
other |
AWOL helperfunction.php includedir Parameter Remote File Inclusion |
Checks for the presence of includes/awol-condensed.inc.php |
| 11101 |
other |
phpAdsNew helperfunction.php Remote File Inclusion |
Checks for the presence of remotehtmlview.php |
| 11095 |
other |
Mountain Network Systems webcart.cgi Arbitrary Command Execution |
Detects webcart.cgi |
| 11083 |
other |
iBill ibillpm.pl Password Generation Weakness |
Checks for the presence of /cgi-bin/ibillpm.pl |
| 11082 |
other |
Boozt index.cgi Banner Creation Name Field Overflow |
Buffer overflow in Boozt AdBanner index.cgi |
| 11074 |
other |
Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure |
Checks for the presence of /officescan/hotdownload/ofscan.ini |
| 11073 |
other |
Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access |
Checks for the presence of Cobal Cube webmail |
| 11072 |
other |
Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access |
Checks for the presence of basilix.php3 |
| 11070 |
other |
PGPMail.pl detection |
Checks for the presence of PGPMail.pl |
| 11066 |
other |
Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution |
SunSolve CD CGI scripts are vulnerable to a few user input validation problems |
| 11050 |
other |
PHP < 4.2.x mail Function CRLF Injection |
Checks for version of PHP |
| 11046 |
other |
Apache Tomcat TroubleShooter Servlet Information Disclosure |
Tests whether the Apache Tomcat TroubleShooter Servlet is installed |
| 11044 |
other |
Icecast list_directory Function Traversal File/Directory Enumeration |
Determines if the error code is the same when requesting non-existing and existing dirs |
| 11037 |
other |
Multiple Server Crafted Request WEB-INF Directory Information Disclosure |
Tests for WEB-INF folder access |
| 11027 |
other |
AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation |
Checks if the AlienForm CGI script is vulnerable |
| 11020 |
other |
IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection |
Determine if the remote host is vulnerable to SQL injection |
| 11018 |
other |
Microsoft Site Server Multiple Script Information Disclosure |
Determine if the remote host is vulnerable to a disclosure vuln. |
| 11017 |
other |
Marcus Xenakis directory.php Execute Arbitrary Commands |
Checks for the presence of /directory.php |
| 11007 |
other |
ActivePerl findtar Sample Script Remote Command Execution |
Determines if ActivePerl is vulnerable |
| 11004 |
other |
Ipswitch WhatsUp Gold Default Admin Account |
WhatsUp Gold Default Admin Account |
| 11001 |
other |
MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access |
checks for mrtg.cgi |
| 10997 |
other |
JRun Web Server (JWS) GET Request Traversal Arbitrary File Access |
Attempts directory traversal attack |
| 10996 |
other |
JRun Multiple Sample Files Remote Information Disclosure |
Checks for the presence of JRun sample files |
| 10995 |
other |
Sun JavaServer Default Admin Password |
Sun JavaServer Default Admin Password |
| 10993 |
other |
Microsoft ASP.NET Application Tracing trace.axd Information Disclosure |
Checks for ASP.NET application tracing |
| 10991 |
other |
Microsoft IIS global.asa Remote Information Disclosure |
Tries to retrieve the global.asa file |
| 10968 |
other |
ping.asp CGI Arbitrary Command Execution |
Checks for the presence of ping.asp |
| 10960 |
other |
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure |
Tests for ServletExec 4.1 ISAPI Path Disclosure |
| 10959 |
other |
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access |
Tests for ServletExec File Reading |
| 10958 |
other |
ServletExec 4.1 / JRun ISAPI Multiple DoS |
Tests for ServletExec 4.1 ISAPI DoS |
| 10949 |
other |
BEA WebLogic Null Byte Request JSP Source Disclosure |
BEA WebLogic may be tricked into revealing the source code of JSP scripts. |
| 10936 |
other |
Microsoft IIS Multiple Vulnerabilities (MS02-018) |
Tests for IIS XSS via 404 errors |
| 10924 |
other |
csSearch csSearch.cgi setup Parameter Arbitrary Command Execution |
Checks for the presence of /cgi-bin/csSearch.cgi |
| 10922 |
other |
CVS (Web Based) Entries File Information Disclosure |
requests CVS/Entries |
| 10856 |
other |
PHP-Nuke sql_debug Information Disclosure |
Make a request like http://www.example.com/?sql_debug=1 |
| 10847 |
other |
SilverStream Database Structure Disclosure |
Checks if SilverStream database structure is visible |
| 10843 |
other |
Microsoft ASP.NET Malformed File Request Path Disclosure |
Tests for ASP.NET Path Disclosure Vulnerability |
| 10839 |
other |
Apache Win32 ScriptAlias php.exe Arbitrary File Access |
Tests for PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability |
| 10837 |
other |
FAQManager Arbitrary File Reading Vulnerability |
Tests for FAQManager Arbitrary File Reading Vulnerability |
| 10831 |
other |
PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access |
Looks for a directory traversal vulnerability in the PHP Rocket Add-in for FrontPage. |
| 10830 |
other |
zml.cgi Directory Traversal |
zml.cgi is vulnerable to an exploit which lets an attacker view any file that the cgi/httpd user has access to. |
| 10819 |
other |
Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access |
\..\..\file.txt |
| 10818 |
other |
Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution |
Determine if arbitrary commands can be executed by Alchemy Eye |
| 10817 |
other |
Interactive Story story.pl next Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/story.pl |
| 10814 |
other |
Allaire JRun Encoded JSP Request Arbitrary Directory Listing |
Allaire JRun directory browsing vulnerability |
| 10811 |
other |
ActivePerl perlIS.dll Buffer Overflow |
Determines if arbitrary commands can be executed thanks to ActivePerl's perlIS.dll |
| 10810 |
other |
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access |
Determine if a remote host is vulnerable to the gallery vulnerability |
| 10807 |
other |
Apache Tomcat Nonexistent File Error Message Path Disclosure |
Tests for Tomcat Path Disclosure Vulnerability |
| 10805 |
other |
Informix SQL Web DataBlade Module Traversal Arbitrary File Access |
/ifx/?LO=../../../file |
| 10803 |
other |
Redhat Stronghold status / info Request Information Disclosure |
Redhat Stronghold File System Disclosure |
| 10801 |
other |
Horde Imp Webmail status.php3 message Parameter XSS |
Checks IMP version |
| 10799 |
other |
IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure |
IBM-HTTP-Server View Code |
| 10797 |
other |
ColdFusion Debug Mode Information Disclosure |
Get ColdFusion Debug Information |
| 10784 |
other |
ht://Dig htsearch Multiple Vulnerabilities |
htsearch?-c/nonexistent |
| 10783 |
other |
PCCS-Mysql User/Password Exposure |
Checks for dbconnect.inc |
| 10781 |
other |
Microsoft Outlook Web Access (OWA) Anonymous Access |
Outlook Web anonymous access |
| 10778 |
other |
SiteScope Web Service Unpassworded Access |
Unprotected SiteScope Service |
| 10769 |
other |
Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution |
Checks for the listrec.pl CGI |
| 10767 |
other |
Nimda Worm Infected HTML File Detection |
Tests for Nimda Worm infected HTML files |
| 10757 |
other |
Webmin Detection |
Check for Webmin |
| 10750 |
other |
PhpMyExplorer index.php chemin Variable Encoded Traversal Arbitrary File Access |
phpMyExplorer dir traversal |
| 10743 |
other |
Tripwire for Webpages Installation Disclosure |
Checks for information disclosure vulnerability in Tripwire for Webpages |
| 10733 |
other |
InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation |
Check if the remote Interscan is vulnerable to remote reconfiguration. |
| 10725 |
other |
SIX-webboard generate.cgi content Variable Traveral Arbitrary File Access |
Checks for the presence of generate.cgi |
| 10721 |
other |
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution |
Checks for the presence of /cgi-bin/ncbook/book.cgi |
| 10720 |
other |
SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution |
Determines the presence of the sdbsearch.cgi |
| 10717 |
other |
SHOUTcast Server User-Agent / Host Header DoS |
Checks for User-Agent / Host header denial of service vulnerability in SHOUTcast Server |
| 10716 |
other |
OmniPro HTTPd 2.08 Encoded Space Request Script Source Disclosure |
Check the presence of OmniPro HTTPd 2.08 scripts source disclosure. |
| 10715 |
other |
BEA WebLogic Hex Encoded Request JSP Source Disclosure |
BEA WebLogic may be tricked into revealing the source code of JSP scripts. |
| 10712 |
other |
Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities |
Checks for the presence of /cgi-bin/quickstore.cgi |
| 10711 |
other |
Sambar Server pagecount CGI Traversal Arbitrary File Overwrite |
Make a request like http://www.example.com/session/pagecount |
| 10696 |
other |
Tarantella Enterprise ttawebtop.cgi pg Variable Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/ttawebtop.cgi |
| 10686 |
other |
BroadVision One-To-One Enterprise Nonexistent JSP Request Path Disclosure |
Tests for BroadVision Physical Path Disclosure Vulnerability |
| 10679 |
other |
Directory Pro Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/directorypro.cgi |
| 10670 |
other |
PHP3 Error Message Physical Path Disclosure |
Tests for PHP3 Physical Path Disclosure Vulnerability |
| 10669 |
other |
A1Stats Multiple Script Traversal Arbitrary File Access |
Checks if A1Stats reads any file |
| 10665 |
other |
Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation |
Checks for the presence of _ncl_*.shtml |
| 10664 |
other |
PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read |
Checks for the presence of /cgi-bin/cal_make.pl |
| 10655 |
other |
PHP-Nuke opendir.php Traversal Arbitrary File Read |
Determine if a remote host is vulnerable to the opendir.php vulnerability |
| 10650 |
other |
Trend Micro InterScan VirusWall catinfo CGI Overflow |
Overflow in catinfo |
| 10649 |
other |
processit CGI Environment Variable Remote Information Disclosure |
Checks for the presence of /cgi-bin/processit |
| 10645 |
other |
uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access |
Checks for the presence of ustorekeeper.pl |
| 10644 |
other |
Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access |
Checks for the presence of anacondaclip.pl |
| 10641 |
other |
MAILNEWS mailnews.cgi Arbitrary Command Execution |
Checks for the presence of mailnews.cgi |
| 10639 |
other |
Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/store.cgi |
| 10638 |
other |
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution |
Checks for the presence of /cgi-bin/auktion.cgi |
| 10627 |
other |
ROADS search.pl form Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/search.pl |
| 10616 |
other |
WebSPIRS webspirs.cgi Traversal Arbitrary File Access |
Checks for the presence of webspirs.cgi |
| 10614 |
other |
W3.org Anaya Web sendtemp.pl templ Variable Traveral Arbitrary File Access |
Checks for the presence of /cgi-bin/sendtemp.pl |
| 10612 |
other |
Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/commerce.cgi |
| 10611 |
other |
PALS Library System WebPALS pals-cgi Multiple Vulnerabilities |
Checks for the presence of /cgi-bin/pals-cgi |
| 10610 |
other |
Way-board way-board.cgi db Parameter Arbitrary File Access |
Checks for the presence of /cgi-bin/way-board |
| 10609 |
other |
Muscat Empower CGI Malformed DB Parameter Path Disclosure |
Attempts to find the location of the remote web root |
| 10606 |
other |
HSWeb HTTP Server /cgi Directory Request Path Disclosure |
Retrieve the real path using /cgi |
| 10604 |
other |
Allaire JRun Crafted Request WEB-INF Forced Directory Listing |
Make a request like http://www.example.com/./WEB-INF |
| 10602 |
other |
iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read |
Checks for the presence of /cgi-bin/hsx.cgi |
| 10601 |
other |
Basilix Webmail .class / .inc Direct Request Remote Information Disclosure |
Checks for the presence of include files |
| 10597 |
other |
wwwwais QUERY_STRING Parameter Remote Overflow |
Checks for the presence of /cgi-bin/wwwwais |
| 10593 |
other |
Phorum common.php ForumLang Parameter Traversal Arbitrary File Access |
Checks for the presence of Phorum's common.php |
| 10592 |
other |
Informix webdriver CGI Unauthenticated Database Access |
Checks for the presence of Webdriver |
| 10591 |
other |
Metertek pagelog.cgi Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/pagelog.cgi |
| 10590 |
other |
Samba Web Administration Tool (SWAT) Error Message Username Enumeration |
Detect SWAT server port |
| 10586 |
other |
News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/newsdesk.cgi |
| 10584 |
other |
Technote main.cgi filename Parameter Traversal Arbitrary File Access |
Checks for the presence of /technote/main.cgi |
| 10583 |
other |
DCForum dcboard.cgi Multiple Vulnerabilities |
Checks for the presence of /cgi-bin/dcforum |
| 10581 |
other |
Cold Fusion Administration Page Overflow DoS |
Checks for the presence of /cfide/administrator/index.cfm |
| 10574 |
other |
PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access |
PHPix directory traversal vulnerability |
| 10570 |
other |
Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload |
Unify eWave ServletExec 3.0C file upload |
| 10566 |
other |
MailMan Webmail mmstdod.cgi Arbitrary Command Execution |
Checks for the presence of /cgi-bin/mmstdod.cgi |
| 10564 |
other |
Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow |
Determines whether phonebook server is installed |
| 10562 |
other |
Master Index search.cgi Traversal Arbitrary File/Directory Access |
Attempts a directory traversal attack |
| 10552 |
other |
CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/cgiforum.pl |
| 10542 |
other |
Verity UltraSeek 3.1.x Malformed URL Remote DoS |
Hangs the remote UltraSeek server for some time |
| 10541 |
other |
KW Whois CGI whois Parameter Arbitrary Command Execution |
Checks for the presence of /cgi-bin/whois.cgi |
| 10536 |
other |
Anaconda Foundation Directory apexec.pl template Parameter Traversal Arbitrary File Retrieval |
Anaconda Foundation Directory remote file retrieval |
| 10535 |
other |
PHP Error Log Format String Command Injection |
Checks for version of PHP |
| 10533 |
other |
Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access |
Web Shopper remote file retrieval |
| 10532 |
other |
eXtropia Web Store web_store.cgi Traversal Arbitrary File Access |
eXtropia Web Store remote file retrieval |
| 10523 |
other |
thttpd ssi Servlet Encoded Traversal Arbitrary File Access |
Tries to read a local file |
| 10521 |
other |
Extent RBS Web Server Image Parameter Traversal Arbitrary File Access |
Checks for the presence of Extent RBS ISP 2.5 |
| 10518 |
other |
/doc/packages Directory Browsable |
Is /doc/packages browsable ? |
| 10516 |
other |
MultiHTML multihtml.pl Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/multihtml.pl |
| 10514 |
other |
Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing |
Checks the presence of search.dll |
| 10512 |
other |
YaBB YaBB.pl num Parameter Traversal Arbitrary File Access |
Checks for the presence of YaBB.pl |
| 10507 |
other |
Sun Java Web Server bboard Servlet Command Execution |
Checks for the presence of /servlet/sunexamples.BBoardServlet |
| 10506 |
other |
Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution |
Checks for the presence of /cgi-bin/calendar_admin.pl |
| 10495 |
other |
htgrep hdr Parameter Arbitrary File access |
Checks for the presence of /cgi-bin/htgrep |
| 10494 |
other |
Netwin Netauth netauth.cgi Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/netauth.cgi |
| 10493 |
other |
Simple Web Counter swc ctr Parameter Remote Overflow |
Checks for the presence of /cgi-bin/swc |
| 10491 |
other |
Microsoft IIS Translate f: ASP/ASA Source Disclosure |
downloads the source of IIS scripts such as ASA,ASP |
| 10478 |
other |
Apache Tomcat Snoop Servlet Remote Information Disclosure |
Checks for the presence of /examples/jsp/snp/anything.snp |
| 10476 |
other |
WebsitePro Remote Request Overflow |
Checks for WebSitePro |
| 10475 |
other |
WebSite Pro webfind.exe keywords Parameter Remote Overflow |
Buffer overflow attempt |
| 10473 |
other |
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution |
Checks for the presence of /cgi-bin/simple/view_page |
| 10470 |
other |
WebActive HTTP Server active.log Remote Information Disclosure |
Requests /active.log |
| 10467 |
other |
Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/ftp/ftp.pl |
| 10465 |
other |
CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution |
Checks if CVSweb is present and gets its version |
| 10460 |
other |
Big Brother bb-hostsvc.sh HOSTSVC Parameter Traversal Arbitrary File Access |
Read arbitrary files using the CGI bb-hostsvc.sh |
| 10459 |
other |
Poll It CGI data_dir Parameter Arbitrary File Access |
Checks for the presence of /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi |
| 10454 |
other |
Sawmill Weak Password Encryption Scheme Information Disclosure |
Obtains SawMill password |
| 10453 |
other |
sawmill allows the reading of the first line of any file |
Checks if sawmill reads any file |
| 10444 |
other |
JRun viewsource.jsp Directory Traversal Vulnerability |
Determines the presence of the jrun flaw |
| 10417 |
other |
Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay |
Checks for the presence of /cgi-bin/mailit |
| 10416 |
other |
Sambar Server /sysadmin Default Accounts |
Sambar webserver installed ? |
| 10415 |
other |
Sambar Server /session/sendmail Arbitrary Mail Relay |
Sambar /session/sendmail mailer installed ? |
| 10410 |
other |
ISS ICEcap Default Password |
logs into the remote ICEcap subsystem |
| 10402 |
other |
CVSweb Detection |
Determines whether cvsweb.cgi is installed on the remote host |
| 10393 |
other |
spin_client.cgi Remote Overflow |
Checks for the /cgi-bin/spin_client.cgi buffer overrun |
| 10383 |
other |
BizDB bizdb-search.cgi Arbitrary Command Execution |
Determines the presence of cgi-bin/bizdb1-search.cgi |
| 10381 |
other |
Piranha's RH6.2 default password |
logs into the remote piranha subsystem |
| 10376 |
other |
Microsoft FrontPage htimage.exe CGI Remote Overflow |
Is htimage.exe vulnerable to a buffer overflow ? |
| 10370 |
other |
Microsoft IIS Dangerous Sample Files Detection |
Determines whether IIS samples files are installed |
| 10367 |
other |
TalentSoft Web+ webplus CGI Traversal Arbitrary File Access |
Checks if webplus reads any file |
| 10365 |
other |
Windmail.exe Shell Metacharacter Arbitrary Command Execution |
Checks for the presence of windmail.exe |
| 10364 |
other |
Netscape PSCOErrPage.htm errPagePath Parameter Traversal Arbitrary File Access |
Checks if /PSUser/PSCOErrPage.htm reads any file |
| 10363 |
other |
Microsoft IIS/PWS %2e Request ASP Source Disclosure |
downloads the source of ASP scripts |
| 10362 |
other |
Microsoft IIS ASP::$DATA ASP Source Disclosure |
downloads the source of ASP scripts |
| 10361 |
other |
SalesLogix eViewer slxweb.dll Request Remote DoS |
Crashes Eviewer |
| 10360 |
other |
Microsoft IIS newdsn.exe Arbitrary File Creation |
Checks for the presence of /scripts/tools/newdsn.exe |
| 10359 |
other |
Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution |
Checks for the presence of /scripts/tools/ctss.idc |
| 10349 |
other |
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/sojourn.cgi |
| 10347 |
other |
ICQ Web Front Service guestbook.cgi DoS |
ICQ denial of service |
| 10346 |
other |
MERCUR WebView WebMail Server mail_user Parameter DoS |
Checks for a buffer overflow |
| 10340 |
other |
rpm_query CGI System Information Disclosure |
checks for rpm_query |
| 10321 |
other |
WWWBoard passwd.txt Authentication Credential Disclosure |
Checks for the presence of /wwwboard/passwd.txt |
| 10317 |
other |
IRIX wrap CGI Traversal Arbitrary Directory Listing |
Checks for the presence of /cgi-bin/wrap |
| 10306 |
other |
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution |
Checks if whois_raw.cgi is vulnerable |
| 10304 |
other |
WebSpeed Messenger Administration Utility Unauthenticed Access |
Checks if webspeed can be administered |
| 10303 |
other |
WebSite Pro Malformed URL Path Disclosure |
Attempts to find the location of the remote web root |
| 10301 |
other |
WebGais websendmail CGI Arbitrary Command Execution |
Checks for the presence of /cgi-bin/websendmail |
| 10300 |
other |
WebGais webgais CGI Arbitrary Command Execution |
Checks for the presence of /cgi-bin/webgais |
| 10299 |
other |
IRIX webdist.cgi Arbitrary Command Execution |
Checks for the presence of webdist.cgi |
| 10298 |
other |
Webcart Default Install Configuration Disclosure |
Checks for the webcart misconfiguration. |
| 10296 |
other |
Mini SQL CGI content-length Field Remote Overflow |
Overflow in w3-msql |
| 10295 |
other |
OmniHTTPd visadmin.exe Malformed URL DoS |
Checks for the visadmin.exe cgi |
| 10294 |
other |
Multiple Vendor view_source CGI Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/view_source |
| 10291 |
other |
O'Reilly WebSite uploader.exe Arbitrary File Upload |
Checks for the presence of /cgi-win/uploader.exe |
| 10282 |
other |
Multiple Vendor test-cgi Arbitrary File Access |
Tries to get a directory listing with test-cgi |
| 10277 |
other |
AnyForm CGI Arbitrary Command Execution |
Checks for the presence of AnyForm2 |
| 10273 |
other |
Samba Web Administration Tool (SWAT) Detection |
Detects a SWAT Server |
| 10253 |
other |
Cobalt siteUserMod.cgi Arbitrary Password Modification |
Checks for the presence of /.cobalt/siteUserMod/siteUserMod.cgi |
| 10252 |
other |
Web Server /cgi-bin Shell Access |
Checks for the presence of various shells in /cgi-bin |
| 10246 |
other |
Sambar Server Multiple Script Arbitrary Code Execution |
Checks for the presence of /cgi-bin/{hello,echo}.bat |
| 10207 |
other |
Roxen Web Server Counter Module Crafted Request Saturation DoS |
Roxen counter module installed ? |
| 10188 |
other |
Multiple Web Server printenv CGI Information Disclosure |
Checks for the presence of /cgi-bin/printenv |
| 10187 |
other |
Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities |
Checks for the ppdscgi.exe CGI |
| 10181 |
other |
PlusMail plusmail CGI Arbitrary Command Execution |
Checks for the presence of /cgi-bin/plusmail |
| 10177 |
other |
PHP/FI php.cgi Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/php.cgi |
| 10176 |
other |
Multiple Vendor phf CGI Arbitrary Command Execution |
Checks for the presence of /cgi-bin/phf |
| 10174 |
other |
IRIX pfdispaly Arbitrary File Access |
Checks for the presence of /cgi-bin/pfdispaly |
| 10173 |
other |
Web Server /cgi-bin Perl Interpreter Access |
checks for the presence of /cgi-bin/perl |
| 10165 |
other |
NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing |
Tries to get a directory listing with nph-test-cgi |
| 10164 |
other |
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write |
Checks for the presence of /cgi-bin/nph-publish.cgi |
| 10146 |
other |
Tektronix PhaserLink Printer Web Server Direct Request Administrator Access |
Checks for the presence of /ncl_*.html |
| 10143 |
other |
Mini SQL w3-msql Arbitrary Directory Access |
Overflows the remote CGI buffer |
| 10142 |
other |
Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access |
......../file.txt |
| 10131 |
other |
Multiple Vendor jj CGI Arbitrary Command Execution |
Checks for the presence of /cgi-bin/jj |
| 10128 |
other |
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution |
Checks for the presence of /cgi-bin/infosrch.cgi |
| 10127 |
other |
Multiple Vendor info2www CGI Arbitrary Command Execution |
Checks for the presence of /cgi-bin/info2www |
| 10122 |
other |
OmniHTTPd imagemap.exe CGI Remote Overflow |
Overflows /cgi-bin/imagemap.exe |
| 10115 |
other |
Microsoft IIS idq.dll Traversal Arbitrary File Access |
Attempts to read an arbitrary file |
| 10112 |
other |
icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access |
Determines the presence of the 'icat' cgi |
| 10106 |
other |
Miva htmlscript Traversal Arbitrary File Access |
Checks for the presence of /cgi-bin/htmlscript |
| 10105 |
other |
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities |
Checks if htdig is vulnerable |
| 10101 |
other |
Home Free search.cgi Traversal Arbitrary File Access |
Attempts GET /cgi-bin/search.cgi?\..\..\file.txt |
| 10100 |
other |
IRIX handler CGI Arbitrary Command Execution |
Checks for the presence of /cgi-bin/handler |
| 10099 |
other |
Matt Wright guestbook.pl Arbitrary Command Execution |
Checks for the presence of /cgi-bin/guestbook.pl |
| 10095 |
other |
Glimpse HTTP aglimpse Arbitrary Command Execution |
Checks for the presence of /cgi-bin/phf |
| 10076 |
other |
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay |
Checks for the presence of /cgi-bin/formmail.pl |
| 10075 |
other |
Matt Wright FormHandler.cgi Arbitrary File Access |
Attempts to read /etc/passwd |
| 10071 |
other |
Multiple Web Server finger CGI Information Disclosure |
Checks for the presence of /cgi-bin/finger |
| 10067 |
other |
HylaFAX faxsurvey Arbitrary Command Execution |
Checks if faxsurvey is vulnerable |
| 10065 |
other |
EZShopper Multiple Directory Traversal Vulnerabilities |
Tries a directory traversal attack |
| 10064 |
other |
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution |
Checks for the presence of /cgi-bin/ews |
| 10060 |
other |
Sambar Server dumpenv.pl Information Disclosure |
Checks for the presence of /cgi-bin/dumpenv |
| 10056 |
other |
/doc Directory Browsable |
Is /doc browsable ? |
| 10049 |
other |
wwwcount Count.cgi Remote Overflow |
Checks Count.cgi version |
| 10041 |
other |
Cobalt RaQ2 cgiwrap Multiple Vulnerabilities |
Checks for the presence of /cgi-bin/cgiwrap |
| 10040 |
other |
Sambar Server cgitest.exe Remote Overflow |
Checks for the /cgi-bin/cgitest.exe buffer overrun |
| 10039 |
other |
Directory Browsing Enabled? |
Is /cgi-bin browsable ? |
| 10035 |
other |
NCSA Campas cgi-bin Arbitrary Command Execution |
Checks for the presence of /cgi-bin/campas |
| 10034 |
other |
Squid cachemgr.cgi Proxied Port Scanning |
Checks whether the cachemgr.cgi is installed and accessible. |
| 10027 |
other |
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access |
Checks for the presence of /cgi-bin/bigconf.cgi |
| 10025 |
other |
Big Brother bb-hist.sh History Module Directory Traversal |
Read arbitrary files using the CGI bb-hist.sh |
| 10023 |
other |
Axis Storpoint CD Admin Authentication Bypass |
Requests /cd/../config/html/cnf_gi.htm |
| 10017 |
other |
Xylogics Annex Terminal Service ping CGI Program DoS |
Crashes an Annex terminal |
| 10016 |
other |
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution |
Checks for the presence of several CGIs |
| 10015 |
other |
AltaVista Intranet Search CGI query Traversal Arbitrary File Access |
Checks if query?mss=... reads arbitrary files |
| 10014 |
other |
Alibaba tst.bat Arbitrary Command Execution |
Checks for the presence of /cgi-bin/tst.bat |
| 10011 |
other |
Alibaba get32.exe Arbitrary Command Execution |
Checks for the presence of /cgi-bin/get32.exe |
| 10008 |
other |
O'Reilly WebSite win-c-sample Remote Overflow |
WebSite 1.0 CGI arbitrary code execution |
| 10007 |
other |
Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access |
Determines the presence of showcode.asp |
| 10004 |
other |
Microsoft IIS search.asp Direct Request DoS |
Determines the presence of an ExAir asp |
| 10003 |
other |
Microsoft IIS query.asp Direct Request DoS |
Determines the presence of an ExAir asp |
| 10002 |
other |
Microsoft IIS advsearch.asp Direct Request DoS |
Determines the presence of an ExAir ASP |
| 10001 |
other |
ColdFusion Multiple Vulnerabilities (File Upload/Manipulation) |
Checks for a ColdFusion vulnerability |