Author: laurent gaffi� & benjamin moss�

Country:

Reported research: 37

Advisories

Risk	Topic & Details
Med.	Portix-PHP [login bypass & xss (post)] (CVE assigned) Remote \| 2007-01-17
Med.	bitweaver <=1.3.1 [injection sql (post) & xss (post)] (CVE assigned) Remote \| 2007-01-15
Med.	Rialto 1.6[admin login bypass & multiples injections sql] (CVE assigned) Remote \| 2007-01-15
Med.	Rapid Classified v3.1 [multiple xss (get) & injection sql] (CVE assigned) Remote \| 2007-01-15
Med.	Property Site Manager [login bypass ,multiples injection sql & xss (get)] (CVE assigned) Remote \| 2006-12-29
Med.	The Classified Ad System [multiple xss & injection sql] (CVE assigned) Remote \| 2006-12-29
Med.	Infinitytechs Restaurants CM (CVE assigned) Remote \| 2006-12-07
Med.	klf-realty [injection sql] (CVE assigned) Remote \| 2006-12-07
Med.	The Classified Ad System [multiple xss & injection sql] (CVE assigned) Remote \| 2006-12-07
Med.	Vikingboard (0.1.2) [ multiples vulnerability ] (CVE assigned) Remote Local \| 2006-12-06
Med.	Aspmforum [ multiples injection sql (get&post)] (CVE assigned) Remote \| 2006-12-06
Med.	eClassifieds [injection sql] (CVE assigned) Remote \| 2006-12-01
Med.	ehomes [multiples injections sql] (CVE assigned) Remote \| 2006-12-01
Med.	Classified System [injection sql] (CVE assigned) Remote \| 2006-11-30
Med.	JiRos Links Manager[injection sql & xss permanent] (CVE assigned) Remote \| 2006-11-30
Med.	Link Exchange Lite [injection sql] (CVE assigned) Remote \| 2006-11-28
Med.	20/20 auto gallery [ multiples injection sql ] (CVE assigned) Remote \| 2006-11-27
Med.	BaalAsp forum [login bypass ,injections sql(post), xss(post)] (CVE assigned) Remote \| 2006-11-27
Med.	Active News Manager [ injection sql (post&get)] (CVE assigned) Remote \| 2006-11-27
Med.	creadirectory [injection sql & xss] (CVE assigned) Remote \| 2006-11-27
Med.	eShopping Cart [injection sql] (CVE assigned) Remote \| 2006-11-27
Med.	E-commerce Kit 1 PayPal Edition [ injection sql ] (CVE assigned) Remote \| 2006-11-25
Med.	ASP Cart [multiples injection sql (post & get)] (CVE assigned) Remote \| 2006-11-25
Med.	Dating Site [ login bypass & xss] (CVE assigned) Remote \| 2006-11-25
Med.	E-Calendar Pro 3.0 [ login bypass & injection sql (post)] (CVE assigned) Remote \| 2006-11-25
Med.	MultiCalendars [ multiples injection sql ] (CVE assigned) Remote \| 2006-11-21
Med.	Blogme v3 [admin login bypass & xss (post)] (CVE assigned) Remote \| 2006-11-21
Med.	infinicart [ multiples injection sql & xss (post) ] (CVE assigned) Remote \| 2006-11-19
Med.	A+ Store E-Commerce[ injection sql & xss (post) ] (CVE assigned) Remote \| 2006-11-19
Med.	hpecs shopping cart[login bypass & injection sql (post)] (CVE assigned) Remote \| 2006-11-19

Author: laurent gaffi� & benjamin moss�

Country:

Reported research: 37

Advisories

Med.

Portix-PHP [login bypass & xss (post)] (CVE assigned)

Remote | 2007-01-17

Med.

bitweaver <=1.3.1 [injection sql (post) & xss (post)] (CVE assigned)

Remote | 2007-01-15

Med.

Rialto 1.6[admin login bypass & multiples injections sql] (CVE assigned)

Remote | 2007-01-15

Med.

Rapid Classified v3.1 [multiple xss (get) & injection sql] (CVE assigned)

Remote | 2007-01-15

Med.

Property Site Manager [login bypass ,multiples injection sql & xss (get)] (CVE assigned)

Remote | 2006-12-29

Med.

The Classified Ad System [multiple xss & injection sql] (CVE assigned)

Remote | 2006-12-29

Med.

Infinitytechs Restaurants CM (CVE assigned)

Remote | 2006-12-07

Med.

klf-realty [injection sql] (CVE assigned)

Remote | 2006-12-07

Med.

The Classified Ad System [multiple xss & injection sql] (CVE assigned)

Remote | 2006-12-07

Med.

Vikingboard (0.1.2) [ multiples vulnerability ] (CVE assigned)

Remote Local | 2006-12-06

Med.

Aspmforum [ multiples injection sql (get&post)] (CVE assigned)

Remote | 2006-12-06

Med.

eClassifieds [injection sql] (CVE assigned)

Remote | 2006-12-01

Med.

ehomes [multiples injections sql] (CVE assigned)

Remote | 2006-12-01

Med.

Classified System [injection sql] (CVE assigned)

Remote | 2006-11-30

Med.

JiRos Links Manager[injection sql & xss permanent] (CVE assigned)

Remote | 2006-11-30

Med.

Link Exchange Lite [injection sql] (CVE assigned)

Remote | 2006-11-28

Med.

20/20 auto gallery [ multiples injection sql ] (CVE assigned)

Remote | 2006-11-27

Med.

BaalAsp forum [login bypass ,injections sql(post), xss(post)] (CVE assigned)

Remote | 2006-11-27

Med.

Active News Manager [ injection sql (post&get)] (CVE assigned)

Remote | 2006-11-27

Med.

creadirectory [injection sql & xss] (CVE assigned)

Remote | 2006-11-27

Med.

eShopping Cart [injection sql] (CVE assigned)

Remote | 2006-11-27

Med.

E-commerce Kit 1 PayPal Edition [ injection sql ] (CVE assigned)

Remote | 2006-11-25

Med.

ASP Cart [multiples injection sql (post & get)] (CVE assigned)

Remote | 2006-11-25

Med.

Dating Site [ login bypass & xss] (CVE assigned)

Remote | 2006-11-25

Med.

E-Calendar Pro 3.0 [ login bypass & injection sql (post)] (CVE assigned)

Remote | 2006-11-25

Med.

- Twitter Link
- Website Link
- Zone-H Link
- Description of profile
- email (let us know if you want show public)