Xt-News 0.1
---
Vendor site: http://dreaxteam.free.fr/forums/
Product: Xt-News 0.1
Vulnerability: SQL Injection Vulnerability XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 10/12/06
Public disclosure: 22/12/06
Description:
SQL Injection Vulnerability:
http://[victim
GenesisTrader v1.0
--
Vendor site: http://www.genesis-php.com/
Product: GenesisTrader v1.0
Vulnerability: Source Code Disclosure, Arbitrary File Upload XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 06/12/06
Public disclosure: 14/12/06
Description:
Source Code
KDPics 1.16 and prior
Vendor site: http://www.kdland.org/kdpics/
Product: KDPics = 1.16
Vulnerability: Remote File Inclusion Vulnerability XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 30.11.06
Public disclosure: 09.12.06
Description:
Remote File Inclusion
ProNews V1.5
Vendor site: http://www.scripthp.com/
Product: ProNews V1.5
Vulnerability: XSS SQL Injection Vulnerability
Credits: Mr_KaLiMaN
Reported to Vendor: 01.12.06
Public disclosure: 09.12.06
Description:
XSS permanent:
http://[victim]/[script_news_path
Messageriescripthp V2.0
---
Vendor site: http://www.scripthp.com/
Product: Messageriescripthp V2.0
Vulnerability: XSS SQL Injection Vulnerability
Credits: Mr_KaLiMaN
Reported to Vendor: 01/12/06
Public disclosure: 09/12/06
Description:
SQL Injection
AnnonceScriptHP V2.0
Vendor site: http://www.scripthp.com/
Product: AnnonceScriptHP V2.0
Vulnerability: XSS SQL Injection Vulnerability
Credits: Mr_KaLiMaN
Reported to Vendor: 02/12/06
Public disclosure: 09/12/06
Description:
Password disclosure (all members
@lex Guestbook 4.0.1
Vendor site: http://www.alexphpteam.com/
Product: @lex Guestbook 4.0.1
Vulnerability: Full Path Disclosure XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 24.11.06
Public disclosure: 30.11.06
Description:
Full Path Disclosure:
http://[victim