Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• New5starRating 1.0 (rating.php) SQL Injection Vulnerability (деталі)
• Netgear WNR2000 FW 1.2.0.8 Information Disclsoure Vulnerabilities (деталі)
• Cerberus FTP 3.0.1 (ALLO) Remote Overflow DoS Exploit (meta) (деталі)
• TCPDB 3.8 Remote Content Change Bypass Vulnerabilities (деталі)
• Turnkey Arcade Script (id) Remote SQL Injection Vulnerability (деталі)
• Joomla Component com_siirler 1.2 (sid) SQL Injection Vulnerability (деталі)
• ProFTP 2.9 (welcome message) Remote Buffer Overflow Exploit (meta) (деталі)
• EMO Breader Manager (video.php movie) SQL Injection Vulnerability (деталі)
• Moa Gallery <= 1.2.0 Multiple Remote File Inclusion Vulnerabilities (деталі)
• phpSANE 0.5.0 (save.php) Remote File Inclusion Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Moa Gallery 1.1.0 (gallery_id) Remote SQL Injection Vulnerability (деталі)
• Lanai Core 0.6 Remote File Disclosure / Info Disclosure Vulns (деталі)
• Cuteflow 2.10.3 edituser.php Security Bypass Vulnerability (деталі)
• PHP Dir Submit (aid) Remote SQL Injection Vulnerability (деталі)
• Arcade Trade Script 1.0b (Auth Bypass) Insecure Cookie Handling Vuln (деталі)
• Geeklog <= 1.6.0sr1 Remote Arbitrary File Upload Vulnerability (деталі)
• Joomla Component com_jtips 1.0.x (season) bSQL Injection Vuln (деталі)
• Huawei SmartAX MT880 Multiple XSRF Vulnerabilities (деталі)
• Joomla Component com_ninjamonial 1.x (testimID) SQL injection Vuln (деталі)
• NaviCopa Web Server 3.01 Remote Buffer Overflow Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• ZTE ZXDSL 831 II Modem Arbitrary Configuration Access Vulnerability (деталі)
• Best Dating Script Arbitrary Shell Upload Vulnerability (деталі)
• CBAuthority - ClickBank Affiliate Management SQL Injection Vulnerability (деталі)
• PHP Email Manager (remove.php ID) SQL Injection Vulnerability (деталі)
• Ultimate Fade-in slideshow 1.51 Shell Upload Vulnerability (деталі)
• ProSysInfo TFTP Server TFTPDWIN 0.4.2 Remote BOF Exploit (деталі)
• phpfreeBB 1.0 Remote BLIND SQL Injection Vulnerability (деталі)
• asaher pro 1.0.4 Remote Database Backup Vulnerability (деталі)
• Ed Charkow’s Supercharged Linking Blind SQL Injection Exploit (деталі)
• RunCms v.2M1 /modules/forum/post.php - ‘forum’ remote semi-blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Adobe JRun 4 (logfile) Directory Traversal Vulnerability (auth) (деталі)
• Joomla Component MisterEstate Blind SQL Injection Exploit (деталі)
• Infinity <= 2.x.x options[style_dir] Local File Disclosure Vulnerability (деталі)
• E Cms <= 1.0 (index.php s) Remote SQL Injection Vulnerability (деталі)
• Autonomous LAN party <= 0.98.3 Remote File Inclusion Vulnerability (деталі)
• 2WIRE Gateway (Auth Bypass & Password Reset) Vulnerabilities #2 (деталі)
• ZTE ZXDSL 831 II Modem Arbitrary Add Admin User Vulnerability (деталі)
• Safari 4.0.2 (WebKit Parsing of Floating Point Numbers) BOF PoC (деталі)
• Traidnt UP 2.0 Remote SQL Injection Exploit (деталі)
• KDE Konqueror 4.1.3 ‘iframe src’ Memory Leak Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Gazelle CMS 1.0 Remote Arbitrary Shell Upload Vulnerability (деталі)
• THOMSON ST585 (user.ini) Arbitrary Download Vulnerability (деталі)
• MyWeight 1.0 Remote Shell Upload Vulnerability (деталі)
• DS CMS 1.0 (nFileId) Remote SQL Injection Vulnerability (деталі)
• PHP Competition System <= 0.84 (competition) SQL Injection Vuln (деталі)
• Ignition 1.2 (comment) Remote Code Injection Vulnerability (деталі)
• AJ Auction Pro OOPD 2.x (store.php id) SQL Injection Exploit (деталі)
• BaBB 2.8 Remote Code Injection Exploit (деталі)
• PHP-Lance 1.52 Multiple Local File Inclusion Vulnerabilities (деталі)
• KDE Konqueror 4.1.3 ‘link href’ Memory Leak Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• OCS Inventory NG 1.2.1 (systemid) SQL Injection Vulnerability (деталі)
• Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln (деталі)
• 2WIRE Gateway Authentication Bypass & Password Reset Vulnerabilities (деталі)
• Gallarific 1.1 (gallery.php) Arbitrary Delete/Edit Category Vuln (деталі)
• Shorty 0.7.1b (Auth Bypass) Insecure Cookie Handling Vulnerability (деталі)
• Gazelle CMS 1.0 Multiple Vulnerabilities / RCE Exploit (деталі)
• Plume CMS 1.2.3 Multiple SQL Injection Vulnerabilities (деталі)
• JBLOG 1.5.1 Remote SQL Table Backup Exploit (деталі)
• EmbedThis Appweb v3.0B.2-4 Multiple Remote Buffer Overflow PoC (деталі)
• TGS CMS 0.x (XSS/SQL/FD) Multiple Remote Vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• Facil Helpdesk (RFI/LFI/XSS) Multiples Remote Vulnerabilities (деталі)
• PHPCityPortal (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Arab Portal 2.2 (Auth Bypass) Blind SQL Injection Exploit (деталі)
• SmilieScript <= 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Joomla Component Kunena Forums (com_kunena) bSQL Injection Exploit (деталі)
• CMS Made Simple <= 1.6.2 Local File Disclosure Vulnerability (деталі)
• Mini-CMS 1.0.1 (page.php id) SQL Injection Vulnerability (деталі)
• Papoo CMS 3.7.3 Authenticated Arbitrary Code Execution Vulnerability (деталі)
• Embedthis Appweb 3.0b.2-4 Remote Buffer Overflow PoC (деталі)
• Neostrada Livebox Remote Network Down Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Banner Exchange Script 1.0 (targetid) Blind SQL Injection Vuln (деталі)
• PHotoLa Gallery <= 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Alwasel 1.5 Multiple Remote SQL Injection Vulnerabilities (деталі)
• PhotoPost PHP 3.3.1 (XSS/bSQL) Multiple Remote Vulnerabilities (деталі)
• Spiceworks 3.6 Accept Parameter Overflow Crash Exploit (деталі)
• Logoshows BBS 2.0 (DD/ICH) Multiple Remote Vulnerabilities (деталі)
• Logoshows BBS 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Joomla Component com_pms 2.0.4 (Ignore-List) SQL Injection Exploit (деталі)
• IsolSoft Support Center 2.5 (RFI/LFI/XSS) Multiples Vulnerabilities (деталі)
• PoC exploit for the TLS renegotiation vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Tenrok 1.1.0 (UDD/RCE) Multiple Remote Vulnerabilities (деталі)
• Portel v2008 (decide.php patron) Blind SQL Injection Vulnerability (деталі)
• OpenNews 1.0 (SQLI/RCE) Multiple Remote Vulnerabilities (деталі)
• AccessoriesMe PHP Affiliate Script 1.4 (bSQL-XSS) Multiple Vulns (деталі)
• LM Starmail 2.0 (SQL Injection/File Inclusion) Multiple Vulnerabilities (деталі)
• TYPO3 CMS 4.0 (showUid) Remote SQL Injection Vulnerability (деталі)
• PHP Script Forum Hoster (Topic Delete/XSS) Multiple Vulnerabilities (деталі)
• Typing Pal <= 1.0 (idTableProduit) SQL Injection Vulnerability (деталі)
• Logoshows BBS 2.0 (forumid) Remote SQL Injection Vulnerability (деталі)
• Novell Netware 6.5 (ICEbrowser) Remote System Denial of Service Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Blink Blog System (Auth Bypass) SQL Injection Vulnerability (деталі)
• Payment Processor Script (shop.htm cid) SQL Injection Vulnerability (деталі)
• elgg <= 1.5 (/_css/js.php) Local File Inclusion Vulnerability (деталі)
• MOC Designs PHP News 1.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• In-Portal 4.3.1 (index.php env) Local File Inclusion Vulnerability (деталі)
• Perl$hop e-commerce Script Trust Boundary Input Parameter Injection (деталі)
• Shopmaker CMS 2.0 (bSQL/ LFI) Multiple Remote Vulnerabilities (деталі)
• MyBackup 1.4.0 (AFD/RFI) Multiple Remote Vulnerabilities (деталі)
• Irokez CMS 0.7.1 Remote SQL Injection Vulnerability (деталі)
• FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution vulnerability exploit (деталі)