Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• Arab Portal <= 2.2 (mod.php module) Local File Inclusion Vulnerability (деталі)
• Multi Website 1.5 (index php action) SQL Injection Vulnerability (деталі)
• Elvin BTS 1.2.2 (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Questions Answered 1.3 (Auth Bypass) Remote SQL Injection Vuln (деталі)
• x10 Media Adult Script 1.7 Multiple Remote Vulnerabilities (деталі)
• Miniweb 2.0 Module Survey Pro (bSQL/XSS) Multiple Vulnerabilities (деталі)
• Miniweb 2.0 Module Publisher (bSQL-XSS) Multiple Vulnerabilities (деталі)
• MAXcms 3.11.20b RFI / File Disclosure Vulnerabilities (деталі)
• Discloser 0.0.4-rc2 (index.php more) SQL Injection Vulnerability (деталі)
• Netsurf 1.2 ‘hspace’ Remote Integer Overflow PoC Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component com_jfusion (Itemid) Blind SQL Injection Vuln (деталі)
• SimpleLoginSys 0.5 (Auth Bypass) SQL Injection Vulnerability (деталі)
• TT Web Site Manager 0.5 (Auth Bypass) SQL Injection Vulnerability (деталі)
• QuickDev 4 (download.php file) File Disclosure Vulnerability (деталі)
• Netpet CMS 1.9 (confirm.php language) Local File Inclusion Vulnerability (деталі)
• Ajax Short URL Script (Auth Bypass) SQL Injection Vulnerability (деталі)
• ProjectButler 1.5.0 (pda_projects.php offset) RFI Vulnerability (деталі)
• Amaya 11.2 W3C Editor/Browser (defer) Remote BOF Exploit (SEH) (деталі)
• AW BannerAd (Auth Bypass) SQL Injection Vulnerability (деталі)
• Netsurf 1.2 ‘width’ Remote Integer Overflow PoC Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Orbis CMS 1.0 (AFD/ADF/ASU/SQL) Multiple Remote Vulnerabilities (деталі)
• justVisual 1.2 (fs_jVroot) Remote File Inclusion Vulnerabilities (деталі)
• Ultrize TimeSheet 1.2.2 readfile() Local File Disclosure Vulnerability (деталі)
• SAP Business One 2005-A License Manager Remote BOF Exploit (деталі)
• Arab Portal v2.x (forum.php qc) Remote SQL Injection Exploit (деталі)
• MAXcms 3.11.20b Multiple Remote File Inclusion Vulnerabilities (деталі)
• Mobilelib Gold v3 (Auth Bypass/SQL) Multiple Remote Vulnerabilities (деталі)
• aa33code 0.0.1 (LFI/Auth Bypass/DCD) Multiple Remote Vulnerabilites (деталі)
• PortalXP - Teacher Edition 1.2 Multiple SQL Injection Vulnerabilities (деталі)
• Netsurf 1.2 Remote Memory Leak Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Ultrize TimeSheet 1.2.2 Remote File Inclusion Vulnerability (деталі)
• TinyBrowser (TinyMCE Editor File browser) 1.41.6 Multiple Vulnerabilities (деталі)
• linkSpheric 0.74b6 (listID) Remote SQL Injection Vulnerability (деталі)
• PunBB Reputation.php Mod <= 2.0.4 Local File Inclusion Exploit (деталі)
• MUJE CMS 1.0.4.34 Local File Inclusion Vulnerabilities (деталі)
• Really Simple CMS 0.3a (pagecontent.php PT) Local File Inclusion Vulnerability (деталі)
• d.net CMS (LFI/SQLI) Multiple Remote Vulnerabilities (деталі)
• CMSphp 0.21 (LFI/XSS) Multiple Remote Vulnerabilities (деталі)
• dit.cms 1.3 (path/sitemap/relPath) Local File Inclusion Vulnerabilities (деталі)
• GoodTech SSH Remote Buffer Overflow Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• NcFTPd <= 2.8.5 Remote Jail Breakout Vulnerability (деталі)
• PunBB Reputation.php Mod <= 2.0.4 Blind SQL Injection Exploit (деталі)
• phpArcadeScript 4.0 (linkout.php id) SQL Injection Vulnerability (деталі)
• PHP Paid 4 Mail Script (paidbanner.php ID) SQL Injection Vulnerability (деталі)
• Firebird SQL op_connect_request main listener shutdown Vulnerability (деталі)
• PaoLiber 1.1 (login_ok) Authentication Bypass Vulnerability (деталі)
• PaoBacheca Guestbook 2.1 (login_ok) Auth Bypass Vulnerability (деталі)
• PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability (деталі)
• In-Portal 4.3.1 Arbitrary Shell Upload Vulnerability (деталі)
• vBulletinR Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t (деталі)

В даній добірці експлоіти в веб додатках:

• Super Mod System v3 (s) SQL Injection Vulnerability (деталі)
• PHP Paid 4 Mail Script (home.php page) Remote File Inclusion Vuln (деталі)
• Cisco WLC 4402 Basic Auth Remote Denial of Service (meta) (деталі)
• SerWeb <= 2.1.0-dev1 2009-07-02 Multiple RFI Vulnerabilities (деталі)
• Magician Blog <= 1.0 (Auth Bypass) SQL injection Vulnerability (деталі)
• Magician Blog <= 1.0 (ids) Remote SQL Injection Vulnerability (деталі)
• Limny 1.01 (Auth Bypass) SQL Injection Vulnerability (деталі)
• PunBB Automatic Image Upload <= 1.3.5 Delete Arbitrary File Exploit (деталі)
• PunBB Automatic Image Upload <= 1.3.5 Remote SQL Injection Exploit (деталі)
• Exploits Multiple XSRF in DD-WRT (деталі)

В даній добірці експлоіти в веб додатках:

• XOOPS Celepar Module Qas (bSQL/XSS) Multiple Remote Vulnerabilities (деталі)
• SkaDate Dating (RFI/LFI/XSS) Multiple Remote Vulnerabilities (деталі)
• Almond Classifieds Ads (bSQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Joomla Almond Classifieds 7.5 (com_aclassf) Multiple Vulnerabilities (деталі)
• IXXO Cart! Standalone and Joomla Component SQL Injection Vulnerability (деталі)
• Allomani Movies & Clips 2.7.0 Remote Blind SQL Injection Exploit (деталі)
• Allomani Songs & Clips 2.7.0 Blind SQL Injection Exploit (деталі)
• Allomani Mobile 2.5 Remote Blind SQL Injection Exploit (деталі)
• Inout Adserver (id) Remote SQL injection Vulnerability (деталі)
• DNS BailiWicked Host Attack (деталі)

В даній добірці експлоіти в веб додатках:

• PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability (деталі)
• Scripteen Free Image Hosting Script 2.3 SQL Injection Exploit (деталі)
• Deonixscripts Templates Management 1.3 SQL Injection Vulnerability (деталі)
• Xoops Celepar Module Qas (codigo) SQL Injection Vulnerability (деталі)
• SaphpLesson v4.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• iWiccle 1.01 (LFI/SQL) Multiple Remote Vulnerabilities (деталі)
• stftp <= 1.10 (PWD Response) Remote Stack Overflow PoC (деталі)
• URA 3.0 (cat) remote SQL injection Vulnerability (деталі)
• GarageSalesJunkie (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• AlumniServer v-1.0.1 Blind SQLi Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component com_joomloads (packageId) SQL Injection Vuln (деталі)
• Basilic 1.5.13 (index.php idAuthor) SQL Injection Vulnerability (деталі)
• PHP Live! 3.2.1/2 (x) Remote Blind SQL Injection Exploit (деталі)
• Joomla Extension UIajaxIM 1.1 JavaScript Execution Vulnerability (деталі)
• Million-Dollar Pixel Ads Platinum (SQL/XSS) Multiple Vulnerabilities (деталі)
• WzdFTPD <= 8.0 Remote Denial of Service Exploit (деталі)
• Pixaria Gallery 2.3.5 (file) Remote File Disclosure Exploit (деталі)
• Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handling Vuln (деталі)
• Clip Bucket <= 1.7.1 Insecure Cookie Handling Vulnerability (деталі)
• FretsWeb 1.2 (name) Remote Blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• DD-WRT (httpd service) Remote Command Execution Vulnerability (деталі)
• Meta Search Engine Script (url) Local File Disclosure Vulnerability (деталі)
• phpDirectorySource (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• AnotherPHPBook (APB) v.1.3.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities (деталі)
• GLinks 2.1 (cat) Remote Blind SQL Injection Vulnerability (деталі)
• e107 Plugin my_gallery 2.4.1 readfile() Local File Disclosure Exploit (деталі)
• AWCM 2.1 Local File Inclusion / Auth Bypass Vulnerabilities (деталі)
• PHP Melody 1.5.3 Remote File Upload Injection Vulnerability (деталі)
• (GET var ‘name’) BLIND SQL INJECTION EXPLOIT FretsWeb 1.2 (деталі)