Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit (деталі)
• MGB 0.5.4.5 (email.php id variable) Remote SQL Injection Exploit (деталі)
• Sami FTP Server 2.0.2 (USER/PASS) Remote Buffer Overflow Exploit (деталі)
• Uberghey 0.3.1 (frontpage.php) Remote File Include Vulnerability (деталі)
• PHPMyphorum 1.5a (mep/frame.php) Remote File Include Vulnerability (деталі)
• Oreon <= 1.2.3 RC4 (lang/index.php file) Remote Inclusion Vulnerability (деталі)
• phpBP <= RC3 (2.204) (sql/cmd) Remote Code Execution Exploit (деталі)
• JV2 Folder Gallery Remote Admin uName and Pass. Exploit (деталі)
• SAP ‘enserver.exe’ file downloader (деталі)
• DigiAffiliate <= V1.4 Remote Blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• WFTPD Pro Server <= 3.25 SITE ADMN Remote Denial of Service Exploit (деталі)
• JV2 Folder Gallery 3.0 (download.php) Remote File Disclosure Exploit (деталі)
• ThWboard <= 3.0b2.84-php5 SQL Injection / Code Execution Exploit (деталі)
• Okul Web Otomasyon Sistemi 4.0.1 Remote SQL Injection Vulnerability (деталі)
• KGB <= 1.9 (sesskglogadmin.php) Local File Include Exploit (деталі)
• TFTPDWIN 0.4.2 Remote Buffer Overflow Exploit (деталі)
• Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit 2 (деталі)
• sNews <= 1.5.30 unauthorized access / reset admin pass / cmd exec exploit (деталі)
• Micro CMS 3.5 (деталі)
• Exploits FdWeB Espace Membre <= 2.01(path) Remote File Include Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• sNews <= 1.5.30 Remote Reset Admin Pass / Command Exec Exploit (деталі)
• Mint Haber Sistemi 2.7 (duyuru.asp id) Remote SQL Injection Vulnerability (деталі)
• Poplar Gedcom Viewer <= 2.0 (common.php) Remote Inclusion Vuln (деталі)
• BolinTech DreamFTP (USER) Remote Buffer Overflow PoC (деталі)
• FdWeB Espace Membre <= 2.01 (path) Remote File Include Exploit (деталі)
• DigiAffiliate <= 1.4 (visu_user.asp id) Remote SQL Injection Exploit (деталі)
• Sami FTP Server 2.0.2 (USER/PASS) Remote Buffer Overflow PoC (деталі)
• Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit (деталі)
• Exploits Axiom 0.8.6 photo gallery (template.php)Remote File Include Vulnerability (деталі)
• ThWboard <=3.0 beta 2.84-php5 board[styleid] sql injection / cmd exec exploit (деталі)

В даній добірці експлоіти в веб додатках:

• uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability (деталі)
• Jshop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability (деталі)
• eIQnetworks Network Security Analyzer Null Pointer Dereference Exploit (деталі)
• VP-ASP Shopping Cart 6.09 (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Article System 0.1 (INCLUDE_DIR) Remote File Include Vulnerabilities (деталі)
• TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability (деталі)
• LunarPoll 1.0 (show.php PollDir) Remote File Include Vulnerability (деталі)
• Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit (деталі)
• PoC for Rumpus FTP-server (деталі)
• @lex Guestbook <= 4.0.2 Remote Command Execution Exploit (деталі)

Завершився Місяць ActiveX багів. І його засновник продовжив інформувати про діри в ActiveX компонентах.

Як повідомляється на офіційному сайті Month of ActiveX Bugs, за треті десять днів було упобліковано деталі про одинадцять уразливостей.

• MoAxB #21: LeadTools Raster Variant Object Library (LTRVR14e.dll v. 14.5.0.44) Remote Arbitrary File Overwrite (деталі)
• MoAxB #22: LeadTools ISIS Control (ltisi14E.ocx v. 14.5.0.44) Remote Buffer Overflow Exploit (деталі)
• MoAxB #22 Bonus: Dart ZipLite Compression for ActiveX (DartZipLite.dll v. 1.8.5.3) Local Buffer Overflow Exploit (деталі)
• MoAxB #23: Microsoft Office 2000 (OUACTRL.OCX v. 1.0.1.9) “HelpPopup” method Remote Buffer Overflow and winhlp32.exe Denial of Service (деталі)
• MoAxB #24: LeadTools Raster Dialog File Object (LTRDF14e.DLL v. 14.5.0.44) Remote Buffer Overflow Exploit (деталі)
• MoAxB #25: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL v. 14.5.0.44) Remote Buffer Overflow Exploit (деталі)
• MoAxB #26: LeadTools Raster OCR Document Object Library (ltrdc14e.dll v. 14.5.0.44) Remote Memory corruption Exploit (деталі)
• MoAxB #27: LeadTools Raster ISIS Object (LTRIS14e.DLL v. 14.5.0.44) Remote Buffer Overflow Exploit (деталі)
• MoAxb #28: EDraw Office Viewer Component (edrawofficeviewer.ocx v. 4.0.5.20) Unsafe Method Vulnerability (деталі)
• MoAxB #29: EDraw Office Viewer Component (edrawofficeviewer.ocx v. 4.0.5.20) Denial of Service Exploit (деталі)
• MoAxB #30: Zenturi ProgramChecker ActiveX (sasatl.dll) Arbitrary file download/overwrite Exploit (деталі)

Всього за весь час проведення Місяця ActiveX багів була опублікована інформація про 34 уразливості.

В даній добірці експлоіти в веб додатках:

• Magic Photo Storage Website _config[site_path] File Include Vuln (деталі)
• Berlios GPSD <= 2.7 Remote Format String Exploit (meta) (деталі)
• OmniWeb 5.5.1 Javascript alert() Remote Format String PoC (деталі)
• AllMyVisitors 0.4.0 (index.php) Remote File Inclusion Vulnerability (деталі)
• AllMyLinks <= 0.5.0 (index.php) Remote File Include Vulnerability (деталі)
• Axiom Photo/News Gallery 0.8.6 Remote File Include Exploit (деталі)
• FileCOPA FTP Server <= 1.01 (LIST) Remote BoF Exploit (meta) (деталі)
• iLife iPhoto Photocast (XML title) Remote Format String PoC (деталі)
• DigiRez <= V3.4 (book_id) Remote BLIND SQL Injection Exploit (деталі)
• L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• AllMyGuests <= 0.3.0 (AMG_serverpath) Remote Inclusion Vulnerabilities (деталі)
• NaviCOPA Web Server 2.01 (GET) Remote Buffer Overflow Exploit meta (деталі)
• L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit (деталі)
• MOTIONBORG Web Real Estate <= 2.1 SQL Injection Vulnerability (деталі)
• PPC Search Engine 1.61 (INC) Multiple Remote File Include Vulnerabilities (деталі)
• @lex Guestbook <= 4.0.2 Remote Command Execution Exploit (деталі)
• Application Enhancer (APE) 2.0.2 Local Privilege Escalation Exploit (деталі)
• WebText <= 0.4.5.2 Remote Code Execution Exploit (деталі)
• Exploits EIQ Networks Network Security Analyzer DoS (деталі)
• Simple Web Content Management System SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• iG Calendar 1.0 (user.php id variable) Remote SQL Injection Vulnerability (деталі)
• Coppermine Photo Gallery <= 1.4.10 Remote SQL Injection Exploit (деталі)
• QUOTE&ORDERING SYSTEM 1.0 (ordernum) Multiple Vulnerabilities (деталі)
• NUNE News Script 2.0pre2 Multiple Remote File Include Vulnerabilities (деталі)
• IMGallery <= 2.5 Create Uploader Script Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• LocazoList <= 2.01a beta5 (subcatID) Remote SQL Injection Vulnerability (деталі)
• Apple Quicktime (rtsp URL Handler) Stack Buffer Overflow Exploit (деталі)
• Apple Quicktime (rtsp URL Handler) Buffer Overflow Exploit (win2k) (деталі)
• iLife iPhoto Photocast (XML title) Remote Format String PoC (деталі)
• Aratix <= 0.2.2b11 (inc/init.inc.php) Remote File Include Vulnerability (деталі)
• iG Shop 1.0 (eval/sql injection) Multiple Remote Vulnerabilities (деталі)
• DigiRez <= 3.4 (book_id) Remote SQL Injection Exploit (деталі)
• Exploits OmniWeb Javascript alert() Format String Vulnerability (деталі)
• Cacti 0.8.6i “copy_cacti_user.php” sql injection create new admin exploit (деталі)
• Click N’ Print Coupons <= V2005.01 (key) Remote SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Simple Web Content Management System Remote SQL Injection Exploit (деталі)
• VerliAdmin <= 0.3 (language.php) Local File Inclusion Exploit (деталі)
• E-SMARTCART 1.0 (product_id) Remote SQL Injection Vulnerability (деталі)
• Acunetix WVS <= 4.0 20060717 HTTP Sniffer Component Remote DoS (деталі)
• Fishyshoop Proof of Concept (деталі)