VUPEN Web Application Security - Unpatched Security Vulnerabilities Discovered by VUPEN in Web Applications

	About Us \| Contact Us

VUPEN Research

About VUPEN Research

Vuln. in Prominent Software

Vuln. in Web Applications

Contact Us

VUPEN Security Research - Discovered Vulnerabilities in Web Applications

Additionally to finding new and unpatched security vulnerabilities in prominent and widely deployed software, VUPEN also helps web developers and the Open Source community to eliminate security vulnerabilities in free web applications.

VUPEN follows a responsible disclosure policy and reports all discovered vulnerabilities to the affected developers and works with them to create a timetable pursuant to which the vulnerability information may be publicly disclosed.

Last Updated on : 2011-04-11 18:06:14

Web Application Vulnerabilities Discovered by VUPEN in 2010 (Total: 110 Advisories)

▪
VUPEN-SR-2010-225 - N/A

▪
VUPEN-SR-2010-224 - N/A

▪
VUPEN-SR-2010-223 - Cacti "drp_action" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-222 - Zabbix Multiple Parameter Handling Cross Site Scripting

▪
VUPEN-SR-2010-221 - Zoph Multiple Parameter Cross Site Scripting Vulnerabilities

▪
VUPEN-SR-2010-154 - eFront "remote_theme" Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-153 - eFront "math_server" Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-152 - eFront "password_length" Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-151 - eFront "system_email" Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-150 - eFront "name" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-149 - eFront "site_motto" and "site_name" Cross Site Scripting

▪
VUPEN-SR-2010-148 - Cacti "description" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-147 - Cacti "host_id" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-146 - Cacti "hostname" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-145 - PHP-Calendar "lastaction" Param. Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-144 - PHP-Calendar "description" Param. Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-143 - phpGroupWare "app" Parameter Local File Inclusion Vulnerability

▪
VUPEN-SR-2010-142 - phpGroupWare "class.auth_sql.inc.php" SQL Injection Vulnerability

▪
VUPEN-SR-2010-141 - phpGroupWare "class.translation_sql.inc.php" Remote SQL Injection

▪
VUPEN-SR-2010-140 - phpGroupWare "class.sessions_db.inc.php" Remote SQL Injection #2

▪
VUPEN-SR-2010-139 - phpGroupWare "class.sessions_db.inc.php" Remote SQL Injection #1

▪
VUPEN-SR-2010-138 - 1024 CMS SQL Injection and Multiple Cross Site Scripting Vulnerabilities

▪
VUPEN-SR-2010-137 - SoftBB Remote File Inclusion and Cross Site Scripting Vulnerabilities

▪
VUPEN-SR-2010-136 - Piwigo "mail_address" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-135 - Piwigo "login" Parameter Handling Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-134 - NovaBoard Multiple Parameter Cross Site Scripting Vulnerabilities

▪
VUPEN-SR-2010-133 - My Little Forum Multiple Parameter Cross Site Scripting Vulnerabilities

▪
VUPEN-SR-2010-132 - Docmint Local File Inclusion and Cross Site Scripting Vulnerabilities

▪
VUPEN-SR-2010-131 - PhpTroubleTicket "link" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-130 - PhpTroubleTicket "email" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-129 - PhpTroubleTicket "password" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-128 - PhpTroubleTicket "cognome" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-127 - PhpTroubleTicket "nome" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-126 - PhpTroubleTicket "id" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-125 - phpunity.newsmanager "link" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-124 - phpunity.newsmanager "link_name" Parameter Cross Site Scripting

▪
VUPEN-SR-2010-123 - phpunity.newsmanager "email" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-122 - phpunity.newsmanager "author" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-121 - phpunity.newsmanager "id" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-120 - phpunity.newsmanager "a" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-119 - phpBugTracker "projectid" Parameter SQL Injection Vulnerability

▪
VUPEN-SR-2010-118 - phpBugTracker "status[]" Parameter SQL Injection Vulnerability

▪
VUPEN-SR-2010-117 - phpBugTracker "form" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-116 - phpBugTracker "unassigned" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-115 - phpBugTracker "emailfield1[]" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-114 - phpBugTracker "url" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-113 - phpBugTracker "savedqueryname" Parameter Cross Site Scripting

▪
VUPEN-SR-2010-112 - phpBugTracker "savedqueryoverride" Parameter Cross Site Scripting

▪
VUPEN-SR-2010-111 - phpBugTracker "description" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-110 - phpBugTracker "title" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-109 - phpBugTracker "open" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-108 - phpBugTracker "projects" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-107 - PacerCMS "id" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-106 - PacerCMS "action" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-105 - PacerCMS "dest" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-104 - more.groupware "url" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-095 - more.groupware "mod" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-094 - more.groupware "op" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-093 - more.groupware "MGWSESSION" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-092 - more.groupware "groupsearch" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-091 - more.groupware "qsearch" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-090 - more.groupware "sort" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-089 - Karra "del_id" Parameter Remote SQL Injection Vulnerability

▪
VUPEN-SR-2010-088 - Karra "id" Parameter Remote SQL Injection Vulnerability

▪
VUPEN-SR-2010-087 - Karra "txtName" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-086 - FuturCMS "id" Parameter Remote SQL Injection Vulnerability

▪
VUPEN-SR-2010-085 - FuturCMS "wmeta" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-084 - FuturCMS "wkeys" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-083 - FuturCMS "wdesc" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-082 - FuturCMS "wtdesc" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-081 - FuturCMS "wtitle" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-080 - FuturCMS "wname" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-079 - FuturCMS "l" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-078 - Ebay Clone "txtPassword" SQL Injection and Cross Site Scripting

▪
VUPEN-SR-2010-077 - Ebay Clone "txtUsername" SQL Injection and Cross Site Scripting

▪
VUPEN-SR-2010-076 - Ebay Clone "txtName" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-075 - Ebay Clone "txtCname" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-074 - Ebay Clone "txtUsername" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-073 - Ebay Clone "view" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-072 - Ebay Clone "item_id" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-071 - Ebay Clone "cate_id" SQL Injection and Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-070 - AzDGDatingMedium "uname" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-069 - AzDGDatingMedium "goto" Parameter Cross Site Scripting Vulnerability

▪
VUPEN-SR-2010-068 - WebAsyst Shop-Script FREE "add2cart" Parameter SQL Injection

▪
VUPEN-SR-2010-067 - WebAsyst Shop-Script FREE "c_id" Parameter SQL Injection

▪
VUPEN-SR-2010-066 - WebAsyst Shop-Script FREE "categoryID" Parameter SQL Injection #2

▪
VUPEN-SR-2010-065 - WebAsyst Shop-Script FREE "categoryID" Parameter SQL Injection #1

▪
VUPEN-SR-2010-064 - WebAsyst Shop-Script FREE "currency_id_left" Cross Site Scripting

▪
VUPEN-SR-2010-063 - WebAsyst Shop-Script FREE "currency_id_right" Cross Site Scripting

▪
VUPEN-SR-2010-062 - WebAsyst Shop-Script FREE "darkcolor" Cross Site Scripting

▪
VUPEN-SR-2010-061 - WebAsyst Shop-Script FREE "delete" Parameter SQL Injection

▪
VUPEN-SR-2010-060 - WebAsyst Shop-Script FREE "dpt" Parameter Cross Site Scripting #2

▪
VUPEN-SR-2010-059 - WebAsyst Shop-Script FREE "dpt" Parameter Cross Site Scripting #1

▪
VUPEN-SR-2010-058 - WebAsyst Shop-Script FREE "lightcolor" Parameter Cross Site Scripting

▪
VUPEN-SR-2010-057 - WebAsyst Shop-Script FREE "list_price" Parameter SQL Injection

▪
VUPEN-SR-2010-056 - WebAsyst Shop-Script FREE "middlecolor" Cross Site Scripting

▪
VUPEN-SR-2010-055 - WebAsyst Shop-Script FREE "name" Parameter SQL Injection

▪
VUPEN-SR-2010-054 - WebAsyst Shop-Script FREE "new_offer" Parameter SQL Injection

▪
VUPEN-SR-2010-053 - WebAsyst Shop-Script FREE "price" Parameter SQL Injection

▪
VUPEN-SR-2010-052 - WebAsyst Shop-Script FREE "product_code" Parameter SQL Injection

▪
VUPEN-SR-2010-051 - WebAsyst Shop-Script FREE "productID" Parameter SQL Injection #3

▪
VUPEN-SR-2010-050 - WebAsyst Shop-Script FREE "productID" Parameter SQL Injection #2

▪
VUPEN-SR-2010-049 - WebAsyst Shop-Script FREE "productID" Parameter SQL Injection #1

▪
VUPEN-SR-2010-048 - WebAsyst Shop-Script FREE "rating" Parameter SQL Injection #2

▪
VUPEN-SR-2010-047 - WebAsyst Shop-Script FREE "rating" Parameter SQL Injection #1

▪
VUPEN-SR-2010-046 - WebAsyst Shop-Script FREE "save_product" SQL Injection #2

▪
VUPEN-SR-2010-045 - WebAsyst Shop-Script FREE "save_product" SQL Injection #1

▪
VUPEN-SR-2010-044 - WebAsyst Shop-Script FREE "sub" Parameter Directory Traversal

▪
VUPEN-SR-2010-043 - WebAsyst Shop-Script FREE "sub" Parameter Local File Inclusion

▪
VUPEN-SR-2010-042 - WebAsyst Shop-Script FREE "w" Parameter Cross Site Scripting

BA & Exploits News

Latest Binary Analysis
and Exploits Released
By VUPEN Security:

Apple Safari WebKit "iframe" HTML Tag Processing Remote Dangling Pointer (NO-CVE)

Apple Safari WebKit "table" HTML Tag Processing Remote Dangling Pointer (NO-CVE)

Apple Safari WebKit "applet" HTML Tag Processing Remote Dangling Pointer (NO-CVE)

Microsoft Windows Kernel-Mode Drivers Information Disclosure (MS11-054 / CVE-2011-1886)

VLC Media Player AVI Demuxer "AVI_ChunkRead_strf()" Heap Overflow (CVE-2011-2587)

© 2004-2011 VUPEN Security - Copyright - Privacy Policy