Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• 2daybiz Custom T-shirt Design (SQL/XSS) Multiple Remote Vulns (деталі)
• Rama CMS <= 0.9.8 (download.php file) File Disclosure Vulnerability (деталі)
• my-Gesuad 0.9.14 (AB/SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• my-colex 1.4.2 (AB/XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• PHPenpals <= 1.1 (mail.php ID) Remote SQL Injection Exploit (деталі)
• DMXReady Registration Manager 1.1 Database Disclosure Vulnerability (деталі)
• Pluck 4.6.2 (langpref) Local File Inclusion Vulnerabilities (деталі)
• Flyspeck CMS 6.8 Remote LFI / Change Add Admin Exploit (деталі)
• Coppermine Photo Gallery <= 1.4.22 Multiple Remote Vulnerabilities (деталі)
• httpdx <= 0.5b Multiple Remote Denial of Service Vulnerabilities (деталі)
• Online Rental Property Script <= 5.0 (pid) SQL Injection Vulnerability (деталі)
• PHP Dir Submit (Auth Bypass) SQL Injection Vulnerability (деталі)
• Pc4Uploader 9.0 Remote Blind SQL Injection Vulnerability (деталі)
• OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS (деталі)
• Cisco IOS FTP server remote exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Java SE Runtime Environment - JRE 6 Update 13 Multiple Vulnerabilities (деталі)
• EasyPHP 3.0 Arbitrary Modify Configuration File Vulnerability (деталі)
• Family Connections CMS <= 1.9 (member) SQL Injection Exploit (деталі)
• Password Protector SD 1.3.1 Insecure Cookie Handling Vulnerability (деталі)
• TinyButStrong 3.4.0 (script) Local File Disclosure Vulnerability (деталі)
• MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit (деталі)
• Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability (деталі)
• My Game Script 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Ascad Networks 5 Products Insecure Cookie Handling Vulnerability (деталі)
• MRCGIGUY Top Sites 1.0.0 Insecure Cookie Handling Vuln (деталі)
• MRCGIGUY SimpLISTic SQL 2.0.0 Insecure Cookie Handling Vuln (деталі)
• Harland Scripts 11 Products Remote Command Execution Exploit (деталі)
• Joomla Component ArtForms 2.1 b7 Remote File Inclusion Vulnerabilities (деталі)
• D-Link Products Captcha Bypass Vulnerability (деталі)
• Family Connection <= 1.8.2 - Remote Command Execution (деталі)

В даній добірці експлоіти в веб додатках:

• TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit (деталі)
• RTWebalbum 1.0.462 (AlbumID) Blind SQL Injection Exploit (деталі)
• microTopic v1 (rating) Remote Blind SQL Injection Exploit (деталі)
• openWYSIWYG <= 1.4.7 Local Directory Transversal Vulnerability (деталі)
• Dacio’s Image Gallery 1.6 (DT/Bypass/SU) Remote Vulnerabilities (деталі)
• eggBlog <= 4.1.1 Local Directory Transversal Exploit (деталі)
• Mereo 1.8.0 Arbitrary File Disclosure Exploit (деталі)
• TYPSoft FTP Server 1.11 (ABORT) Remote DoS Exploit (деталі)
• EasyPHP 2.0 Arbitrary Modify Configuration File Vulnerability (деталі)
• Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit (деталі)
• Php Recommend <= 1.3 (AB/RFI/CI) Multiple Remote Vulnerabilities (деталі)
• BIGACE CMS 2.5 (username) Remote SQL Injection Exploit (деталі)
• microTopic v1 (rating) Remote Blind SQL Injection Exploit (деталі)
• Zervit Webserver 0.4 Directory Traversal / Memory Corruption PoC (деталі)
• Amaya 11.1 XHTML Parser Buffer Overflow POC (деталі)

В даній добірці експлоіти в веб додатках:

• TemaTres 1.0.3 (Auth Bypass/SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• 32bit FTP (09.04.24) (Banner) Remote Buffer Overflow Exploit (деталі)
• 32bit FTP (09.04.24) (CWD response) Remote Buffer Overflow Exploit (деталі)
• VIDEOSCRIPT.us (Auth Bypass) SQL Injection Vulnerability (деталі)
• T-Dreams Job Career Package 3.0 Insecure Cookie Handling Vulnerability (деталі)
• TCPDB 3.8 Arbitrary Add Admin Account Vulnerability (деталі)
• Job Script 2.0 Arbitrary Change Admin Password Exploit (деталі)
• Simple Customer 1.3 Arbitrary Change Admin Password Exploit (деталі)
• ST-Gallery 0.1a Multiple SQL Injection Vulnerabilities (деталі)
• Battle Blog 1.25 (uploadform.asp) Arbitrary File Upload Vulnerability (деталі)
• Mortbay Jetty <= 7.0.0-pre5 Dispatcher Servlet Denial of Service Exploit (деталі)
• Luxbum 0.5.5/stable (Auth Bypass) SQL Injection Vulnerability (деталі)
• Realty Web-Base 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• The Recipe Script 5 (Auth Bypass) SQL Injection / DB Backup Vulns (деталі)
• glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit (деталі)

В даній добірці експлоіти в веб додатках:

• AGTC MyShop 3.2 Insecure Cookie Handling Vulnerability (деталі)
• Winn ASP Guestbook 1.01b Remote Database Disclosure Exploit (деталі)
• Million Dollar Text Links 1.0 Arbitrary Auth Bypass Vulnerability (деталі)
• PHP Site Lock 2.0 Insecure Cookie Handling Vulnerability (деталі)
• eLitius 1.0 Remote Command Execution Exploit (деталі)
• Qt quickteam Multiple Remote File Inclusion Vulnerabilities (деталі)
• BluSky CMS (news_id) Remote SQL Injection Vulnerability (деталі)
• Ublog access version Arbitrary Database Disclosure Exploit (деталі)
• Uguestbook 1.0b (guestbook.mdb) Arbitrary Database Disclosure Exploit (деталі)
• ProjectCMS 1.1b Multiple Remote Vulnerabilities (деталі)
• 32bit FTP (09.04.24) Banner Remote Buffer Overflow PoC (деталі)
• 32bit FTP (09.04.24) (CWD Response) Universal Seh Overwrite Exploit (деталі)
• Joomla Almond Classifieds 5.6.2 Blind SQL Injection Vuln (деталі)
• Download LinkBase 2.0 Remote Cookie Grabber Vulnerability (деталі)
• TemaTres 1.0.3 Remote Blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• VisionLMS 1.0 (changePW.php) Remote Password Change Exploit (деталі)
• Quick ‘n Easy Web Server 3.3.5 Arbitrary File Disclosure Exploit (деталі)
• Zubrag Smart File Download 1.3 Arbitrary File Download Vulnerability (деталі)
• S-Cms 1.1 Stable (page) Local File Inclusion Vulnerability (деталі)
• ProjectCMS 1.0b (index.php sn) Remote SQL Injection Vulnerability (деталі)
• Baby Web Server 2.7.2.0 Arbitrary File Disclosure Exploit (деталі)
• eLitius 1.0 (banner-details.php id) SQL Injection Vulnerability (деталі)
• Tiger DMS (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Leap CMS 0.1.4 (SQL/XSS/SU) Multiple Remote Vulnerabilities (деталі)
• Leap CMS 0.1.4 (searchterm) Blind SQL Injection Exploit (деталі)
• MiniTwitter 0.2b Remote User Options Changer Exploit (деталі)
• MiniTwitter 0.2b Multiple SQL Injection Vulnerabilities (деталі)
• Golabi CMS <= 1.0.1 Session Poisoning Vulnerability (деталі)
• Addonics NAS Adapter FTP Remote Denial of Service Exploit (деталі)
• pecio cms 1.1.5 (index.php language) Local File Inclusion Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Photo-Rigma.BiZ v30 (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities (деталі)
• Teraway LinkTracker 1.0 Remote Password Change Exploit (деталі)
• Teraway LiveHelp 2.0 Insecure Cookie Handling Vulnerability (деталі)
• Teraway FileStream 1.0 Insecure Cookie Handling Vulnerability (деталі)
• Teraway LinkTracker 1.0 Insecure Cookie Handling Vulnerability (деталі)
• Flatchat 3.0 (pmscript.php with) Local File Inclusion Vulnerability (деталі)
• ECShop 2.5.0 (order_sn) Remote SQL Injection Vulnerability (деталі)
• EZ-Blog Beta2 (category) Remote SQL Injection Vulnerability (деталі)
• Thickbox Gallery v2 (index.php ln) Local File Inclusion Vulnerability (деталі)
• DEW-NEWphpLinks 2.0 (LFI/XSS) Multiple Remote Vulnerabilities (деталі)
• ABC Advertise 1.0 Admin Password Disclosure Vulnerability (деталі)
• Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit (деталі)
• webSPELL <= 4.2.0d Local File Disclosure Exploit (.c linux) (деталі)
• MIM: InfiniX 1.2.003 Multiple SQL Injection Vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component rsmonials Remote Cross Site Scripting Exploit (деталі)
• WebPortal CMS 0.8b Multiple Remote/Local File Inclusion Vulnerabilities (деталі)
• 5 star Rating 1.2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• elkagroup Image Gallery 1.0 Arbitrary File Upload Vulnerability (деталі)
• Dokeos LMS <= 1.8.5 (include) Remote Code Execution Exploit (деталі)
• Xitami Web Server <= 5.0 Remote Denial of Service Exploit (деталі)
• Femitter FTP Server 1.03 Arbitrary File Disclosure Exploit (деталі)
• FOWLCMS 1.1 (AB/LFI/SU) Multiple Remote Vulnerabilities (деталі)
• Zervit HTTP Server <= 0.3 (sockets++ crash) Remote Denial of Service (деталі)
• Dream FTP Server 1.02 (users.dat) Arbitrary File Disclosure Exploit (деталі)
• Home Web Server <= r1.7.1 (build 147) Gui Thread-Memory Corruption (деталі)
• Absolute Form Processor XE-V 1.5 Remote Change Pasword Exploit (деталі)
• Absolute Form Processor XE-V 1.5 Insecure Cookie Handling Vuln (деталі)
• Absolute Form Processor XE-V 1.5 (auth Bypass) SQL Injection Vuln (деталі)
• Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• Creasito e-Commerce 1.3.16 (Auth Bypass) SQL Injection Vuln (деталі)
• TotalCalendar 2.4 Remote Password Change Exploit (деталі)
• e107 <= 0.7.15 (extended_user_fields) Blind SQL Injection Exploit (деталі)
• Zervit Webserver 0.3 Remote Denial Of Service Exploit (деталі)
• Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit (деталі)
• I-Rater Pro/Plantinum v4 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Oracle RDBMS 10.2.0.3/11.1.0.6 TNS Listener PoC (CVE-2009-0991) (деталі)
• VS PANEL 7.3.6 (Cat_ID) Remote SQL Injection Vulnerability (деталі)
• Quick.Cms.Lite 0.5 (id) Remote SQL Injection Vulnerability (деталі)
• NotFTP 1.3.1 (newlang) Local File Inclusion Vulnerability (деталі)
• TotalCalendar 2.4 (include) Local File Inclusion Vulnerability (деталі)
• PastelCMS 0.8.0 (LFI/SQL) Multiple Remote Vulnerabilities (деталі)
• CRE Loaded 6.2 (products_id) SQL Injection Vulnerability (деталі)
• MixedCMS 1.0b (LFI/SU/AB/FD) Multiple Remote Vulnerabilities (деталі)
• Studio Lounge Address Book 2.5 Authentication Bypass Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Online Email Manager Insecure Cookie Handling Vulnerability (деталі)
• Online Guestbook Pro (display) Blind SQL Injection Vulnerability (деталі)
• Flatnux 2009-03-27 (Upload/ID) Multiple Remote Vulnerabilities (деталі)
• Seditio CMS Events Plugin (c) Remote SQL Injection Vulnerability (деталі)
• Studio Lounge Address Book 2.5 (profile) Shell Upload Vulnerability (деталі)
• Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities (деталі)
• TotalCalendar 2.4 (inc_dir) Remote File Inclusion Vulnerability (деталі)
• FunGamez rc1 (AB/LFI) Multiple Remote Vulnerabilities (деталі)
• WB News 2.1.2 Insecure Cookie Handling Vulnerability (деталі)
• WysGui CMS 1.2b (Insecure Cookie Handling) Blind SQL Injection Exploit (деталі)
• Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) (деталі)
• Pligg 9.9.0 (editlink.php id) Blind SQL Injection Exploit (деталі)
• EZ Webitor (Auth Bypass) SQL Injection Vulnerability (деталі)
• webClassifieds 2005 (Auth Bypass) Insecure Cookie Handling Vuln (деталі)
• eLitius 1.0 Arbitrary Database Backup Exploit (деталі)