Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC (деталі)
• RoomPHPlanning 1.6 Multiple Remote Vulnerabilities (деталі)
• Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit (деталі)
• Joomla Component Com_Agora 3.0.0 RC1 Remote File Upload Vulnerability (деталі)
• WebMember 1.0 (formID) Remote SQL Injection Vulnerability (деталі)
• ZeeCareers 2.0 (addadminmembercode.php) Add Admin Exploit (деталі)
• phpBugTracker 1.0.3 (Auth Bypass) SQL Injection Vulnerability (деталі)
• ShaadiClone 2.0 (addadminmembercode.php) Add Admin Exploit (деталі)
• Million Dollar Text Links 1.x Insecure Cookie Handling Vulnerability (деталі)
• Easy Px 41 CMS v09.00.00B1 (fiche) Local File Inclusion Vulnerability (деталі)
• Joomla Component AgoraGroup 0.3.5.3 Blind SQL Injection Vulnerability (деталі)
• Evernew Free Joke Script 1.2 (cat_id) Remote SQL Injection Vulnerability (деталі)
• SiteX <= 0.7.4.418 (THEME_FOLDER) Local File Inclusion Vulnerabilities (деталі)
• AdPeeps 8.5d1 XSS and HTML Injection Vulnerabilities (деталі)
• Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit (деталі)

В даній добірці експлоіти в веб додатках:

• ZaoCMS (user_id) Remote SQL Injection Vulnerability (деталі)
• phpWebFileManager 1.11 Multiple Remote Vulnerabilities (деталі)
• Mole Group Restaurant Directory Script 3.0 Change Admin Pass Vuln (деталі)
• Mole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit (деталі)
• ZaoCMS (PhpCommander) Arbitary Remote File Upload Vulnerability (деталі)
• ZaoCMS (user_updated.php) Remote Change Password Exploit (деталі)
• Dokuwiki 2009-02-14 Local File Inclusion Vulnerability (деталі)
• Joomla Boy Scout Advancement 0.3 (id) SQL Injection Exploit (деталі)
• MiniTwitter 0.3-Beta (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Flash Image Gallery 1.1 Arbitrary Config File Disclosure Vulnerability (деталі)
• MyForum 1.3 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Kensei Board <= 2.0.0b Multiple SQL Injection Vulnerabilities (деталі)
• Joomla Component com_rsgallery2 1.14.x/2.x Remote Backdoor Vuln (деталі)
• Flax Article Manager 1.1 (Cookie Bypass) SQL Injection Vulnerability (деталі)
• Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Mac OS X Java applet Remote Deserialization Remote PoC (updated) (деталі)
• Jorp 1.3.05.09 Remote Arbitrary Remove Projects/Tasks Vulnerabilities (деталі)
• bSpeak 1.10 (forumid) Remote Blind SQL Injection Vulnerability (деталі)
• PHP Article Publisher Arbitrary Auth Bypass Vulnerability (деталі)
• DMXReady Registration Manager 1.1 Arbitrary File Upload Vulnerability (деталі)
• Article Directory (Auth Bypass) SQL Injection Vulnerability (деталі)
• Job Script 2.0 Arbitrary Shell Upload Vulnerability (деталі)
• Flash Quiz Beta 2 Multiple Remote SQL Injection Vulnerabilities (деталі)
• ASP Inline Corporate Calendar (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• VICIDIAL 2.0.5-173 (Auth Bypass) SQL Injection Vulnerability (деталі)
• ZaoCMS (download.php) Remote File Disclosure Vulnerability (деталі)
• ZaoCMS Insecure Cookie Handling Vulnerability (деталі)
• Article Directory (page.php) Remote Blind SQL Injection Vulnerability (деталі)
• Tutorial Share <= 3.5.0 Insecure Cookie Handling Vulnerability (деталі)
• Exjune Guestbook v2 Remote Database Disclosure Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Namad (IMenAfzar) 2.0.0.0 Remote File Disclosure Vulnerability (деталі)
• KingSoft Web Shield <= 1.1.0.62 XSS/Code Execution Vulnerability (деталі)
• DM FileManager 3.9.2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Dog Pedigree Online Database 1.0.1b Blind SQL Injection Exploit (деталі)
• Dog Pedigree Online Database 1.0.1b Insecure Cookie Handling Vuln (деталі)
• Dog Pedigree Online Database 1.0.1b Multiple SQL Injection Vulns (деталі)
• VidShare Pro (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Coppermine Photo Gallery <= 1.4.22 Remote Exploit (деталі)
• Realty Web-Base 1.0 (list_list.php id) SQL Injection Vulnerability (деталі)
• NC LinkList 1.3.1 Remote Command Injection Exploit (деталі)
• NC GBook 1.0 Remote Command injection Exploit (деталі)
• Catviz 0.4.0b1 (LFI/XSS) Multiple Remote Vulnerabilities (деталі)
• exJune Officer Message System v1 Multiple Remote Vulnerabilities (деталі)
• Joomla Casino 0.3.1 Multiple SQL Injection Exploits (деталі)
• Family Connections <= 1.8.2 - Remote Shell Upload Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Dana Portal Remote Change Admin Password Exploit (деталі)
• DOURAN Portal <= 3.9.0.23 Multiple Remote Vulnerabilities (деталі)
• ClanWeb 1.4.2 Remote Change Password / Add Admin Exploit (деталі)
• httpdx <= 0.5b FTP Server (USER) Remote BOF Exploit (SEH) (деталі)
• httpdx <= 0.5b FTP Server (CWD) Remote BOF Exploit (SEH) (деталі)
• Joomla com_gsticketsystem (catid) Blind SQL Injection Exploit (деталі)
• VidShare Pro Arbitrary Shell Upload Vulnerability (деталі)
• PHP Article Publisher Remote Change Admin Password Exploit (деталі)
• DGNews 3.0 Beta (id) Remote SQL Injection Vulnerability (деталі)
• MaxCMS 2.0 (inc/ajax.asp) Remote SQL Injection Vulnerability (деталі)
• Jieqi CMS <= 1.5 Remote Code Execution Exploit (деталі)
• LightOpenCMS 0.1 (id) Remote SQL Injection Vulnerability (деталі)
• Mereo 1.8.0 (Get Request) Remote Denial of Service Exploit (деталі)
• PAD Site Scripts 3.6 Insecure Cookie Handling Vulnerability (деталі)
• glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit (деталі)

В даній добірці експлоіти в веб додатках:

• 2daybiz Custom T-shirt Design (SQL/XSS) Multiple Remote Vulns (деталі)
• Rama CMS <= 0.9.8 (download.php file) File Disclosure Vulnerability (деталі)
• my-Gesuad 0.9.14 (AB/SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• my-colex 1.4.2 (AB/XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• PHPenpals <= 1.1 (mail.php ID) Remote SQL Injection Exploit (деталі)
• DMXReady Registration Manager 1.1 Database Disclosure Vulnerability (деталі)
• Pluck 4.6.2 (langpref) Local File Inclusion Vulnerabilities (деталі)
• Flyspeck CMS 6.8 Remote LFI / Change Add Admin Exploit (деталі)
• Coppermine Photo Gallery <= 1.4.22 Multiple Remote Vulnerabilities (деталі)
• httpdx <= 0.5b Multiple Remote Denial of Service Vulnerabilities (деталі)
• Online Rental Property Script <= 5.0 (pid) SQL Injection Vulnerability (деталі)
• PHP Dir Submit (Auth Bypass) SQL Injection Vulnerability (деталі)
• Pc4Uploader 9.0 Remote Blind SQL Injection Vulnerability (деталі)
• OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS (деталі)
• Cisco IOS FTP server remote exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Java SE Runtime Environment - JRE 6 Update 13 Multiple Vulnerabilities (деталі)
• EasyPHP 3.0 Arbitrary Modify Configuration File Vulnerability (деталі)
• Family Connections CMS <= 1.9 (member) SQL Injection Exploit (деталі)
• Password Protector SD 1.3.1 Insecure Cookie Handling Vulnerability (деталі)
• TinyButStrong 3.4.0 (script) Local File Disclosure Vulnerability (деталі)
• MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit (деталі)
• Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability (деталі)
• My Game Script 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Ascad Networks 5 Products Insecure Cookie Handling Vulnerability (деталі)
• MRCGIGUY Top Sites 1.0.0 Insecure Cookie Handling Vuln (деталі)
• MRCGIGUY SimpLISTic SQL 2.0.0 Insecure Cookie Handling Vuln (деталі)
• Harland Scripts 11 Products Remote Command Execution Exploit (деталі)
• Joomla Component ArtForms 2.1 b7 Remote File Inclusion Vulnerabilities (деталі)
• D-Link Products Captcha Bypass Vulnerability (деталі)
• Family Connection <= 1.8.2 - Remote Command Execution (деталі)

В даній добірці експлоіти в веб додатках:

• TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit (деталі)
• RTWebalbum 1.0.462 (AlbumID) Blind SQL Injection Exploit (деталі)
• microTopic v1 (rating) Remote Blind SQL Injection Exploit (деталі)
• openWYSIWYG <= 1.4.7 Local Directory Transversal Vulnerability (деталі)
• Dacio’s Image Gallery 1.6 (DT/Bypass/SU) Remote Vulnerabilities (деталі)
• eggBlog <= 4.1.1 Local Directory Transversal Exploit (деталі)
• Mereo 1.8.0 Arbitrary File Disclosure Exploit (деталі)
• TYPSoft FTP Server 1.11 (ABORT) Remote DoS Exploit (деталі)
• EasyPHP 2.0 Arbitrary Modify Configuration File Vulnerability (деталі)
• Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit (деталі)
• Php Recommend <= 1.3 (AB/RFI/CI) Multiple Remote Vulnerabilities (деталі)
• BIGACE CMS 2.5 (username) Remote SQL Injection Exploit (деталі)
• microTopic v1 (rating) Remote Blind SQL Injection Exploit (деталі)
• Zervit Webserver 0.4 Directory Traversal / Memory Corruption PoC (деталі)
• Amaya 11.1 XHTML Parser Buffer Overflow POC (деталі)

В даній добірці експлоіти в веб додатках:

• TemaTres 1.0.3 (Auth Bypass/SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• 32bit FTP (09.04.24) (Banner) Remote Buffer Overflow Exploit (деталі)
• 32bit FTP (09.04.24) (CWD response) Remote Buffer Overflow Exploit (деталі)
• VIDEOSCRIPT.us (Auth Bypass) SQL Injection Vulnerability (деталі)
• T-Dreams Job Career Package 3.0 Insecure Cookie Handling Vulnerability (деталі)
• TCPDB 3.8 Arbitrary Add Admin Account Vulnerability (деталі)
• Job Script 2.0 Arbitrary Change Admin Password Exploit (деталі)
• Simple Customer 1.3 Arbitrary Change Admin Password Exploit (деталі)
• ST-Gallery 0.1a Multiple SQL Injection Vulnerabilities (деталі)
• Battle Blog 1.25 (uploadform.asp) Arbitrary File Upload Vulnerability (деталі)
• Mortbay Jetty <= 7.0.0-pre5 Dispatcher Servlet Denial of Service Exploit (деталі)
• Luxbum 0.5.5/stable (Auth Bypass) SQL Injection Vulnerability (деталі)
• Realty Web-Base 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• The Recipe Script 5 (Auth Bypass) SQL Injection / DB Backup Vulns (деталі)
• glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit (деталі)

В даній добірці експлоіти в веб додатках:

• AGTC MyShop 3.2 Insecure Cookie Handling Vulnerability (деталі)
• Winn ASP Guestbook 1.01b Remote Database Disclosure Exploit (деталі)
• Million Dollar Text Links 1.0 Arbitrary Auth Bypass Vulnerability (деталі)
• PHP Site Lock 2.0 Insecure Cookie Handling Vulnerability (деталі)
• eLitius 1.0 Remote Command Execution Exploit (деталі)
• Qt quickteam Multiple Remote File Inclusion Vulnerabilities (деталі)
• BluSky CMS (news_id) Remote SQL Injection Vulnerability (деталі)
• Ublog access version Arbitrary Database Disclosure Exploit (деталі)
• Uguestbook 1.0b (guestbook.mdb) Arbitrary Database Disclosure Exploit (деталі)
• ProjectCMS 1.1b Multiple Remote Vulnerabilities (деталі)
• 32bit FTP (09.04.24) Banner Remote Buffer Overflow PoC (деталі)
• 32bit FTP (09.04.24) (CWD Response) Universal Seh Overwrite Exploit (деталі)
• Joomla Almond Classifieds 5.6.2 Blind SQL Injection Vuln (деталі)
• Download LinkBase 2.0 Remote Cookie Grabber Vulnerability (деталі)
• TemaTres 1.0.3 Remote Blind SQL Injection Exploit (деталі)