agentsteal

Array: http://www.hawkenterprises.org/dev/phpsearchpro/admin/index.php?search_text[] Cross Site Scripting: There is Cross Site Scripting on http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php if the fields contain code. Cross Site Scripting: There is Cross Site Scripting on http://www.hawkenterprises.org/dev/phpsearchpro/entryform.php if the fields contain code. Full Path Disclosure: http://www.hawkenterprises.org/dev/phpsearchpro/generatedata.php Full Path Disclosure: http://www.hawkenterprises.org/dev/phpsearchpro/index.php Full Path Disclosure: http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php Full Path Disclosure: http://www.hawkenterprises.org/dev/phpsearchpro/search.php Full Path Disclosure: http://www.hawkenterprises.org/dev/phpsearchpro/admin/search.php PHP Source Code Disclosure: http://www.hawkenterprises.org/dev/phpsearchpro/phpsearchpro.zip PHP Source Code Disclosure: http://www.hawkenterprises.org/dev/phpsearchpro/results_stub.tpl PHP Source Code Disclosure: http://www.hawkenterprises.org/dev/phpsearchpro/admin/results.tpl SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/database.sql SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/admin/search.php SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/phpsearchpro.zip SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/results.php?search_text SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/search.php SQL Dump: There is an SQL Dump on http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php if you submit the form. SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/index.php SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/dbcreds.php SQL Dump: http://www.hawkenterprises.org/dev/phpsearchpro/generatedata.php SQL Dump: There is an SQL Dump on http://www.hawkenterprises.org/dev/phpsearchpro/entryform.php if you submit the form. User Enumeration: http://www.hawkenterprises.org/~gerra0 User Enumeration: http://www.hawkenterprises.org/~nobody

Cross Site Scripting: There is Cross Site Scripting if the message contains </textarea>code.

Cross Site Scripting: http://www.bjjnews.org/TUF/pagetest.php?page=1<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.bjjnews.org/TUF/index.php?page=1<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.bjjnews.org/TUF/library/closedb.php Full Path Disclosure: http://www.bjjnews.org/TUF/library/opendb.php Full Path Disclosure: http://www.bjjnews.org/TUF/admin/index.php Full Path Disclosure: http://www.bjjnews.org/TUF/index.php?page[] Full Path Disclosure: http://www.bjjnews.org/TUF/pagetest.php?page[] Log: http://www.bjjnews.org/TUF/images/WS_FTP.LOG Log: http://www.bjjnews.org/TUF/images/thumbs/WS_FTP.LOG User Enumeration: http://www.bjjnews.org/~bjjnews User Enumeration: http://www.bjjnews.org/~nobody User Enumeration: http://www.bjjnews.org/~root

CAPTCHA: The solution for the CAPTCHA is on the page. SQL Error: http://76.98.141.11/game/index.php?act=profile&id=1' SQL Injection: http://76.98.141.11/game/index.php?act=profile&id=16 AND 1=1 http://76.98.141.11/game/index.php?act=profile&id=16 AND 1=2

Cross Site Scripting: http://www.rent-that-home.com/basicsearch.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.rent-that-home.com/search.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on http://www.rent-that-home.com/forgot.php if the username contains code. Drop Down Menu: If you edit the drop down menus on http://www.rent-that-home.com/ you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on http://www.rent-that-home.com/advanced.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on http://www.rent-that-home.com/basic.php you can submit arbitrary values. Full Path Disclosure: http://www.rent-that-home.com/search.php?p=' Full Path Disclosure: http://www.rent-that-home.com/test.php Full Path Disclosure: http://www.rent-that-home.com/includes.php SQL Error: http://www.rent-that-home.com/search.php?page User Enumeration: http://www.rent-that-home.com/~rentwil0 User Enumeration: http://www.rent-that-home.com/~root User Enumeration: http://www.rent-that-home.com/~nobody

Array: http://www.versatilebb.com/demo/index.php?target=viewforum&select[] Cross Site Scripting: http://www.versatilebb.com/demo/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if a post contains ">code. Cross Site Scripting: There is Cross Site Scripting in the profile if the fields contain ">code. Full Path Disclosure: http://www.versatilebb.com/demo/index.php?target[] Full Path Disclosure: http://www.versatilebb.com/demo/dereferrer.php?url[] URL Inclusion: http://www.versatilebb.com/demo/dereferrer.php?url=google.com User Enumeration: http://www.versatilebb.com/~root User Enumeration: http://www.versatilebb.com/~versatil

Cross Site Scripting: http://www.shopwisely.org/save.php?totalRows_newdeals=1<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.shopwisely.org/save.php?"><marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.shopwisely.org/save.php?pageNum_newdeals[] Full Path Disclosure: http://www.shopwisely.org/~awemptyn Full Path Disclosure: http://www.shopwisely.org/save.php?totalRows_newdeals[] SQL Error: http://www.shopwisely.org/save.php?pageNum_newdeals=-1 User Enumeration: http://www.shopwisely.org/~awemptyn User Enumeration: http://www.shopwisely.org/~root

Array: http://www.independentmillwall.com/prediction/userinfo.php?user[] Includes Directory: http://www.independentmillwall.com/prediction/include/ Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.independentmillwall.com/~nobody User Enumeration: http://www.independentmillwall.com/~root

Full Path Disclosure: http://www.valid.gr/worldcalendar/include/Copy_of_calendar_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/calendar_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/category_masterlist.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/category_masterprint.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/category_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/customer_masterlist.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/customer_masterprint.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/customer_statistics_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/customer_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/daily_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/dbcommon.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/edit_calendar_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/functions.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/globals_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/howto_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/monthly_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/task_statistics_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/users_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/weekly_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/yearly_variables.php Full Path Disclosure: http://www.valid.gr/worldcalendar/include/%c1%ed%f4%df%e3%f1%e1%f6%ef%20%e1%f0%fc%20dbcommon.php Includes Directory: http://www.valid.gr/worldcalendar/include/ Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. SQL Error: http://www.valid.gr/worldcalendar/include/errors.xml User Enumeration: http://www.valid.gr/~root User Enumeration: http://www.valid.gr/~validgr

Cross Site Scripting: There is Cross Site Scripting when you log in if your username contains '>code. Cross Site Scripting: There is Cross Site Scripting when you register if your username contains '>code. Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code.

Array: http://www.XXXXXXXX/faq.php?r[] Array: http://www.XXXXXXXX/register.php?r[] Array: http://www.XXXXXXXX/index.php?r[] Array: http://www.XXXXXXXX/profile.php?r[] Array: http://www.XXXXXXXX/credits.php?r[] Array: http://www.XXXXXXXX/login.php?r[] Array: http://www.XXXXXXXX/tos.php?r[] Array: http://www.XXXXXXXX/history.php?r[] Array: http://www.XXXXXXXX/advertise.php?r[] Array: http://www.XXXXXXXX/logout.php?r[] Array: http://www.XXXXXXXX/about.php?r[] Array: http://www.XXXXXXXX/contact.php?r[] Array: http://www.XXXXXXXX/surf.php?r[] Array: http://www.XXXXXXXX/privacy.php?r[] Array: http://www.XXXXXXXX/recoverpwd.php?r[] Array: http://www.XXXXXXXX/members.php?r[] Array: http://www.XXXXXXXX/messenger.php?r[] Array: http://www.XXXXXXXX/referals.php?r[] Array: http://www.XXXXXXXX/convert.php?r[] Array: http://www.XXXXXXXX/upgrade.php?r[] Array: http://www.XXXXXXXX/contest.php?r[] Array: http://www.XXXXXXXX/news.php?r[] Array: http://www.XXXXXXXX/banners.php?r[] Cross Site Scripting: http://www.XXXXXXXX/convert.php?convert=cash&poname=paypal<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Cross Site Scripting: There is Cross Site Scripting when you log in if the fields contain code. DOS: http://www.XXXXXXXX/logout.php/ DOS: http://www.XXXXXXXX/chkudtsess.php/ DOS: http://www.XXXXXXXX/chkudtsess_du.php/ DOS: http://www.XXXXXXXX/members.php/ DOS: http://www.XXXXXXXX/profile.php/ DOS: http://www.XXXXXXXX/history.php/ DOS: http://www.XXXXXXXX/messenger.php/ DOS: http://www.XXXXXXXX/referals.php/ DOS: http://www.XXXXXXXX/convert.php/ DOS: http://www.XXXXXXXX/upgrade.php/ DOS: http://www.XXXXXXXX/contest.php/ DOS: http://www.XXXXXXXX/news.php/ DOS: http://www.XXXXXXXX/banners.php/ DOS: http://www.XXXXXXXX/advertise.php/ DOS: http://www.XXXXXXXX/credits.php/ Full Path Disclosure: http://www.XXXXXXXX/viewp.php?ad=\ Full Path Disclosure: There is Full Path Disclosure on http://www.XXXXXXXX/upgrade.php if you submit the form. Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.XXXXXXXX/~buddypon User Enumeration: http://www.XXXXXXXX/~root

Cross Site Scripting: http://www.movetophp.com/test.php?<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.movetophp.com/test.php

Cross Site Scripting: The image upload is vulnerable to Cross Site Scripting. User Enumeration: http://pics.windsorfamilyfarm.com/~nobody User Enumeration: http://pics.windsorfamilyfarm.com/~root

Admin Access: Anyone can get your username and password with the PHP Source Code Disclosure. Directory Transversal: There is Directory Transversal if the url field contains ../ Full Path Disclosure: http://scripts.loado.com/pagegrabber/contentgrabber.php Full Path Disclosure: There is Full Path Disclosure if the url field contains an invalid value. PHP Source Code Disclosure: There is PHP Source Code Disclosure if the url field contains ../file.php. User Enumeration: http://scripts.loado.com/~admin User Enumeration: http://scripts.loado.com/~ld1 User Enumeration: http://scripts.loado.com/~nobody User Enumeration: http://scripts.loado.com/~root

Array: http://www.iupgbsa.info/profile.php?user[] Cross Site Scripting: http://www.iupgbsa.info/forgotpassword.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.iupgbsa.info/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.iupgbsa.info/profile.php?user="><marquee><h1>vulnerable</marquee> User Enumeration: http://www.iupgbsa.info/~admin User Enumeration: http://www.iupgbsa.info/~iupgbsa User Enumeration: http://www.iupgbsa.info/~root

Full Path Disclosure: http://clients.futuresolutions.com/fsi/content/page/ Full Path Disclosure: http://clients.futuresolutions.com/fsi/content/page/news/ Full Path Disclosure: http://clients.futuresolutions.com/fsi/content/page/news/view/ Full Path Disclosure: http://clients.futuresolutions.com/fsi/login/ Full Path Disclosure: There is Full Path Disclosure if you try to log in.

Array: http://www.allaboutexotics.co.uk/userinfo.php?user[] Full Path Disclosure: http://www.allaboutexotics.co.uk/admin/admin.php Full Path Disclosure: http://www.allaboutexotics.co.uk/include/database.php Full Path Disclosure: http://www.allaboutexotics.co.uk/include/session.php PHP Source Code Disclosure: http://www.allaboutexotics.co.uk/index.php?p=main User Enumeration: http://www.allaboutexotics.co.uk/~nobody User Enumeration: http://www.allaboutexotics.co.uk/~root

Array: http://vampirecity.cx-music.com/covensimwith.php?u[] Array: http://vampirecity.cx-music.com/friendswith.php?u[] Array: http://vampirecity.cx-music.com/friendsof.php?u[] Array: http://vampirecity.cx-music.com/contest.php?contest[] Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Full Path Disclosure: http://vampirecity.cx-music.com/includes/footer.php Full Path Disclosure: http://vampirecity.cx-music.com/forum/includes/footer.php Full Path Disclosure: http://vampirecity.cx-music.com/includes/commentsadd.php Full Path Disclosure: http://vampirecity.cx-music.com/includes/usersonline.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Includes Directory: http://vampirecity.cx-music.com/includes/ Includes Directory: http://vampirecity.cx-music.com/forum/includes/ Log File: http://vampirecity.cx-music.com/images/WS_FTP.LOG

Array: http://www.sims2news.com/premierhomes/index.php?filter[] Array: http://www.sims2news.com/premierhomes/mainframe/search.php?story[] Array: http://www.sims2news.com/premierhomes/mainframe/search.php?user[] Array: http://www.sims2news.com/premierhomes/mainframe/search.php?title[] Array: http://www.sims2news.com/private/premierhomes/index.php?filter[] Array: http://www.sims2news.com/private/premierhomes/mainframe/search.php?story[] Array: http://www.sims2news.com/private/premierhomes/mainframe/search.php?user[] Array: http://www.sims2news.com/private/premierhomes/mainframe/search.php?title[] CAPTCHA: The solution for the CAPTCHA is in the source code. Cross Site Scripting: http://www.sims2news.com/private/premierhomes/mainframe/search.php?title="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/private/premierhomes/mainframe/search.php?user="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/private/premierhomes/mainframe/search.php?story="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/mobile.php?"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/premierhomes/mainframe/search.php?title="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/premierhomes/mainframe/search.php?user="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/index.php?"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/news/show_news.php?"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/index.php?page=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sims2news.com/premierhomes/mainframe/search.php?story="><marquee><h1>vulnerable</marquee> Directory Transversal: http://www.sims2news.com/premierhomes/index.php?filter=../index Directory Transversal: http://www.sims2news.com/private/premierhomes/index.php?filter=../../index DOS: http://www.sims2news.com/premierhomes/index.php?filter=index DOS: http://www.sims2news.com/private/premierhomes/index.php?filter=index Full Path Disclosure: http://www.sims2news.com/private/premierhomes/mainframe/show_news.php?subaction=showcomments Full Path Disclosure: http://www.sims2news.com/private/premierhomes/index.php?filter=../../index Full Path Disclosure: http://www.sims2news.com/private/premierhomes/index.php?filter=a Full Path Disclosure: http://www.sims2news.com/premierhomes/mainframe/show_news.php?subaction=showcomments Full Path Disclosure: http://www.sims2news.com/mobile.php?id[] Full Path Disclosure: http://www.sims2news.com/mobile.php?subaction[] Full Path Disclosure: http://www.sims2news.com/mobile.php?archive[] Full Path Disclosure: http://www.sims2news.com/mobile.php?ucat[] Full Path Disclosure: http://www.sims2news.com/mobile.php?start_from[] Full Path Disclosure: http://www.sims2news.com/mobile.php?page[] Full Path Disclosure: http://www.sims2news.com/mobile.php?archive=a Full Path Disclosure: http://www.sims2news.com/premierhomes/index.php?filter=../index Full Path Disclosure: http://www.sims2news.com/index.php?id[] Full Path Disclosure: http://www.sims2news.com/phpinfo.php Full Path Disclosure: http://www.sims2news.com/index.php?subaction[] Full Path Disclosure: http://www.sims2news.com/index.php?archive[] Full Path Disclosure: http://www.sims2news.com/index.php?ucat[] Full Path Disclosure: http://www.sims2news.com/index.php?start_from[] Full Path Disclosure: http://www.sims2news.com/index.php?page[] Full Path Disclosure: http://www.sims2news.com/index.php?archive=a Full Path Disclosure: http://www.sims2news.com/premierhomes/index.php?filter=a Full Path Disclosure: http://www.sims2news.com/news/show_news.php?id[] Full Path Disclosure: http://www.sims2news.com/news/show_news.php?subaction[] Full Path Disclosure: http://www.sims2news.com/news/show_news.php?archive[] Full Path Disclosure: http://www.sims2news.com/news/show_news.php?ucat[] Full Path Disclosure: http://www.sims2news.com/news/show_news.php?start_from[] Full Path Disclosure: http://www.sims2news.com/news/show_news.php?page[] Full Path Disclosure: http://www.sims2news.com/news/show_news.php?archive=a Full Path Disclosure: http://www.sims2news.com/test.php?id[] Full Path Disclosure: http://www.sims2news.com/test.php?subaction[] Full Path Disclosure: http://www.sims2news.com/test.php?archive[] Full Path Disclosure: http://www.sims2news.com/test.php?ucat[] Full Path Disclosure: http://www.sims2news.com/test.php?start_from[] Full Path Disclosure: http://www.sims2news.com/test.php?page[] Full Path Disclosure: http://www.sims2news.com/test.php?archive=a PHP Source Code Disclosure: http://www.sims2news.com/forum/index.php~ User Enumeration: http://www.sims2news.com/~nobody User Enumeration: http://www.sims2news.com/~root User Enumeration: http://www.sims2news.com/~sims2new

Array: http://www.rovexchange.com/mc_company_listings.php?q[] Array: http://www.rovexchange.com/mc_eqpt_for_sale.php?equipment_categ=a&q[] Array: http://www.rovexchange.com/mc_company_listings.php?business_categ[] Array: http://www.rovexchange.com/mc_eqpt_for_sale.php?equipment_categ[] Array: http://www.rovexchange.com/mc_eqpt_for_sale.php?q[] Array: http://www.rovexchange.com/mc_company_listings.php?business_categ=a&q[] Cross Site Scripting: http://www.rovexchange.com/mc_company_listings.php?business_categ=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.rovexchange.com/mc_eqpt_for_sale.php?equipment_categ=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you log in if your password contains ">code. Cross Site Scripting: There is Cross Site Scripting when you log in if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting on https://www.rovexchange.com/signup_add_company.php if the fields contain ">code. Cross Site Scripting: http://www.rovexchange.com/mc_company_listings.php?q="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.rovexchange.com/mc_company_listings.php?business_categ=a&q=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.rovexchange.com/mc_eqpt_for_sale.php?equipment_categ=a&q=<marquee><h1>vulnerable</marquee> SQL Error: http://www.rovexchange.com/mc_company_listings.php?q=a&business_categ=' SQL Error: http://www.rovexchange.com/mc_eqpt_for_sale.php?q=a&equipment_categ='

Array: http://www.hitpoints.org/bpgenerator/blue.php?title[] Array: http://www.hitpoints.org/bpgenerator/blue.php?post[] User Enumeration: http://www.hitpoints.org/~root

Array: http://livedemo.clip-bucket.com/search_result.php?query[] Full Path Disclosure: http://livedemo.clip-bucket.com/includes/classes/TFile.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/playerconfig/config.xml.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/modules.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/defined_links.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/active.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/adodb.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/contrib/toxmlrpc.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/datadict/datadict-firebird.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/drivers/adodb-pdo_mssql.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/drivers/adodb-pdo_mysql.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/drivers/adodb-pdo_mysql.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/drivers/adodb-pdo_oci.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/drivers/adodb-pdo_pgsql.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/drivers/adodb-sybase_ase.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/pear/Auth/Container/ADOdb.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/session/adodb-compress-bzip2.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/session/adodb-encrypt-secret.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/session/old/adodb-cryptsession.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/session/old/adodb-session-clob.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/session/old/adodb-session.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/benchmark.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test-active-record.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test-active-recs2.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test-datadict.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test-php5.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test-xmlschema.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test2.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test3.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/test4.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/testcache.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/testdatabases.inc.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/testoci8.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/testoci8cursor.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/testpaging.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/adodb/tests/testpear.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/templatelib/Template_Compiler.class.php Full Path Disclosure: http://livedemo.clip-bucket.com/includes/templatelib/plugins/modifier.date_format.php Insecure Cookie: You shouldn't put the username in the cookie. SQL Dump: http://livedemo.clip-bucket.com/includes/adodb/session/adodb-sessions.mysql.sql SQL Dump: http://livedemo.clip-bucket.com/includes/adodb/session/adodb-sessions.oracle.clob.sql SQL Dump: http://livedemo.clip-bucket.com/includes/adodb/session/adodb-sessions.oracle.sql SQL Dump: http://livedemo.clip-bucket.com/includes/adodb/tests/test-datadict.php User Enumeration: http://livedemo.clip-bucket.com/~clipbuck User Enumeration: http://livedemo.clip-bucket.com/~nobody User Enumeration: http://livedemo.clip-bucket.com/~root

Array: http://www.osflv.com/search.php?search[] Array: http://www.osflv.com/register.php?user[] Array: http://www.osflv.com/wp-login.php?redirect_to[] Full Path Disclosure: http://www.osflv.com/topic.php?id[] Full Path Disclosure: http://www.osflv.com/bb-includes/akismet.php Full Path Disclosure: http://www.osflv.com/bb-includes/bozo.php Full Path Disclosure: http://www.osflv.com/bb-includes/db-mysqli.php Full Path Disclosure: http://www.osflv.com/bb-includes/db.php Full Path Disclosure: http://www.osflv.com/bb-includes/default-filters.php Full Path Disclosure: http://www.osflv.com/wp-settings.php Full Path Disclosure: http://www.osflv.com/wp-content/plugins/stats.php Full Path Disclosure: http://www.osflv.com/wp-content/plugins/akismet/akismet.php Full Path Disclosure: http://www.osflv.com/wp-content/plugins/buy-me-beer/buy-me-beer-admin.php Full Path Disclosure: http://www.osflv.com/wp-content/plugins/buy-me-beer/buy-me-beer.php Full Path Disclosure: http://www.osflv.com/wp-content/plugins/headmeta/headmeta.php Full Path Disclosure: http://www.osflv.com/wp-includes/bookmark.php Full Path Disclosure: http://www.osflv.com/wp-includes/canonical.php Full Path Disclosure: http://www.osflv.com/wp-includes/default-filters.php Full Path Disclosure: http://www.osflv.com/wp-includes/feed-atom-comments.php Full Path Disclosure: http://www.osflv.com/wp-includes/feed-atom.php Full Path Disclosure: http://www.osflv.com/wp-includes/feed-rdf.php Full Path Disclosure: http://www.osflv.com/wp-includes/feed-rss.php Full Path Disclosure: http://www.osflv.com/wp-includes/feed-rss2-comments.php Full Path Disclosure: http://www.osflv.com/wp-includes/feed-rss2.php Full Path Disclosure: http://www.osflv.com/wp-includes/general-template.php Full Path Disclosure: http://www.osflv.com/wp-includes/kses.php Full Path Disclosure: http://www.osflv.com/wp-includes/registration-functions.php Full Path Disclosure: http://www.osflv.com/wp-includes/rss-functions.php Full Path Disclosure: http://www.osflv.com/wp-includes/rss.php Full Path Disclosure: http://www.osflv.com/wp-includes/script-loader.php Full Path Disclosure: http://www.osflv.com/wp-includes/template-loader.php Full Path Disclosure: http://www.osflv.com/wp-includes/update.php Full Path Disclosure: http://www.osflv.com/wp-includes/vars.php Full Path Disclosure: http://www.osflv.com/wp-includes/widgets.php Full Path Disclosure: http://www.osflv.com/wp-admin/includes/admin.php Full Path Disclosure: http://www.osflv.com/wp-admin/includes/file.php Full Path Disclosure: http://www.osflv.com/wp-admin/includes/misc.php Full Path Disclosure: http://www.osflv.com/wp-admin/includes/schema.php Full Path Disclosure: http://www.osflv.com/wp-admin/includes/template.php Full Path Disclosure: http://www.osflv.com/wp-admin/includes/update.php Full Path Disclosure: http://www.osflv.com/wp-admin/includes/upgrade.php Full Path Disclosure: http://www.osflv.com/wp-admin/includes/upload.php Insecure Cookie: You shouldn't put the username in the cookie. PHP Source Code Disclosure: http://www.osflv.com/wp-content/plugins/buy-me-beer/readme.txt User Enumeration: http://www.osflv.com/~osflv User Enumeration: http://www.osflv.com/~root

Full Path Disclosure: There is Full Path Disclosure when you log in. Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/cal.php?mon[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/adminModual.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/callLog.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/holidayRota.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/nav.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/left.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/right.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/rota.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewRequestedShifts.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/shiftReportModual.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/shifts.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewServices.php?s[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewServices.php?s=-1 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/pages.php You can log in if you set the user cookie to a user id. SQL Error: http://www.eastlancsmedicalservices.co.uk/edit4weekRota.php

Admin Access: http://www.wiicharged.com/hubs/hubs(backup).html contains your username and password. Cross Site Scripting: There is Cross Site Scripting if the hub name contains ">code. Directory Transversal: There is Directory Transversal if the hub name contains ../ Full Path Disclosure: http://www.wiicharged.com/hubchat/hubex/shout.php Full Path Disclosure: http://www.wiicharged.com/hubchat/insert.php Full Path Disclosure: http://www.wiicharged.com/hubchat/shout.php Full Path Disclosure: http://www.wiicharged.com/hubchat/test.php Full Path Disclosure: http://www.wiicharged.com/hubs/table.php Full Path Disclosure: http://www.wiicharged.com/hubs/put.php Full Path Disclosure: http://www.wiicharged.com/hubs/insert.php Full Path Disclosure: http://www.wiicharged.com/hubs/database.php PHP Source Code Disclosure: http://www.wiicharged.com/hubs/hubs(backup).html PHP Source Code Disclosure: http://www.wiicharged.com/hubchat/shoutfile.txt User Enumeration: http://www.wiicharged.com/~root User Enumeration: http://www.wiicharged.com/~wiicharg You can create folders in http://www.wiicharged.com/hubchat/ if the hub name is set to the folder name. You can create folders in any directory if the hub name is set to ../foldername. You can create txt files in http://www.wiicharged.com/hub/ on http://www.wiicharged.com/hubs/1.php