Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• Online Password Manager 4.1 Insecure Cookie Handling Vulnerability (деталі)
• NetHoteles 2.0/3.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Geeklog <= 1.5.2 savepreferences()/*blocks[] SQL Injection Exploit (деталі)
• eLitius 1.0 (manage-admin.php) Add Admin/Change Password Exploit (деталі)
• Apache Geronimo <= 2.1.3 Multiple Directory Traversal Vulnerabilities (деталі)
• Zervit Webserver 0.02 Remote Directory Traversal Vulnerability (деталі)
• chCounter 3.1.3 (Login Bypass) SQL Injection Vulnerability (деталі)
• SMA-DB 0.3.13 Multiple Remote File Inclusion Vulnerabilities (деталі)
• Tiny Blogr 1.0.0 rc4 (Auth Bypass) SQL Injection Vulnerability (деталі)
• e-cart.biz Shopping Cart Arbitrary File Upload Vulnerability (деталі)
• ClanTiger <= 1.1.1 (slug) Blind SQL Injection Exploit (деталі)
• ClanTiger <= 1.1.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• ClanTiger < 1.1.1 Multiple Cookie Handling Vulnerabilities (деталі)
• Limbo CMS 1.0.4.2 CSRF Privilege Escalation PoC (деталі)
• Hot Project v7 (Auth Bypass) SQL Injection Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• MonGoose 2.4 Webserver Directory Traversal Vulnerability (win) (деталі)
• Zervit Webserver 0.02 Remote Buffer Overflow PoC (деталі)
• FreeWebshop.org 2.2.9 RC2 (lang_file) Local File Inclusion Vulnerability (деталі)
• Job2C 4.2 (adtype) Local File Inclusion Vulnerability (деталі)
• Job2C (conf.inc) Config File Disclosure Vulnerability (деталі)
• phpDatingClub (conf.inc) File Disclosure Vulnerability (деталі)
• phpAdBoardPro (config.inc) Config File Disclosure Vulnerability (деталі)
• W2B Restaurant 1.2 (conf.inc) Config File Disclosure Vulnerability (деталі)
• phpGreetCards (conf.inc) Config File Disclosure Vulnerability (деталі)
• NetHoteles 3.0 (ficha.php) SQL Injection Vulnerability (деталі)
• Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes (деталі)
• cpCommerce 1.2.8 (id_document) Blind SQL Injection Vulnerability (деталі)
• DNS Tools (PHP Digger) Remote Command Execution Vuln (деталі)
• webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability (деталі)
• phpslash <= 0.8.1.1 Remote Code Execution Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• e107 Plugin userjournals_menu (blog.id) SQL Injection Vulnerability (деталі)
• FreznoShop 1.3.0 (id) Remote SQL Injection Vulnerability (деталі)
• XEngineSoft PMS/MGS/NM/AMS 1.0 (Auth Bypass) SQL Injection Vulns (деталі)
• Yellow Duck Weblog 2.1.0 (lang) Local File Inclusion Vulnerability (деталі)
• X10Media Mp3 Search Engine 1.x Admin Access Vulnerability (деталі)
• ftpdmin 0.96 Arbitrary File Disclosure Exploit (деталі)
• ASP Product Catalog 1.0 (XSS/DD) Multiple Remote Exploits (деталі)
• Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [2] (деталі)
• Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [1] (деталі)
• W2B phpEmployment (conf.inc) File Disclosure Vulnerability (деталі)
• RQMS (Rash) <= 1.2.2 Multiple SQL Injection Vulnerabilities (деталі)
• Aqua CMS (username) SQL Injection Vulnerability (деталі)
• GuestCal 2.1 (index.php lang) Local File Inclusion Vulnerability (деталі)
• Steamcast 0.9.75b Remote Denial of Service Exploit (деталі)
• Exploits metabbs 0.11 Change admin password vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• WebFileExplorer 3.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• AdaptBB 1.0b Multiple Remote Vulnerabilities (деталі)
• net2ftp <= 0.97 Cross-Site Scripting/Request Forgery Vulnerabilities (деталі)
• My Dealer CMS 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Absolute Form Processor XE-V 1.5 (Auth Bypass) SQL Injection Vuln (деталі)
• Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities (деталі)
• FunkyASP AD System 1.1 Remote Shell Upload Vulnerability (деталі)
• w3bcms Gaestebuch 3.0.0 Blind SQL Injection Exploit (деталі)
• Redaxscript 0.2.0 (language) Local File Inclusion Vulnerability (деталі)
• moziloCMS 1.11 (LFI/PD/XSS) Multiple Remote Vulnerabilities (деталі)
• Chance-i DiViS DVR System Web-server Directory Traversal Vulnerability (деталі)
• Loggix Project 9.4.5 (refer_id) Blind SQL Injection Vulnerability (деталі)
• PHP-Agenda <= 2.2.5 Remote File Overwriting Vulnerabilities (деталі)
• Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit (деталі)
• ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit (xp sp3/case study) (деталі)

В даній добірці експлоіти в веб додатках:

• Lanius CMS <= 0.5.2 Remote Arbitrary File Upload Exploit (деталі)
• XBMC 8.10 (HEAD) Remote Buffer Overflow Exploit (SEH) (деталі)
• SASPCMS 0.9 Multiple Remote Vulnerabilities (деталі)
• Joomla Component Maian Music 1.2.1 (category) SQL Injection Vuln (деталі)
• Joomla Component MailTo (article) SQL Injection Vulnerability (деталі)
• Joomla Component Cmimarketplace (viewit) Directory Traversal Vuln (деталі)
• peterConnects Web Server Traversal Arbitrary File Access Vulnerability (деталі)
• Photo Graffix 3.4 Multiple Remote Vulnerabilities (деталі)
• Xplode CMS (wrap_script) Remote SQL Injection Vulnerability (деталі)
• WebFileExplorer 3.1 (DB.MDB) Database Disclosure Vulnerability (деталі)
• Geeklog <= 1.5.2 SEC_authenticate() SQL Injection Exploit (деталі)
• Exjune Guestbook v2 Remote Database Disclosure Exploit (деталі)
• BackendCMS 5.0 (main.asp id) SQL Injection Vulnerability (деталі)
• Simbas CMS 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• XBMC 8.10 (HEAD Request) Remote Buffer Overflow Exploit (SEH) (деталі)

В даній добірці експлоіти в веб додатках:

• IBM DB2 < 9.5 pack 3a Malicious Connect Denial of Service Exploit (деталі)
• IBM DB2 < 9.5 pack 3a Malicious Data Stream Denial of Service Exploit (деталі)
• ActiveKB Knowledgebase (loadpanel.php Panel) Local File Inclusion Vuln (деталі)
• glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit (деталі)
• form2list (page.php id) Remote SQL Injection Vulnerability (деталі)
• Family Connections <= 1.8.2 Remote Shell Upload Exploit (деталі)
• Gravity Board X 2.0b SQL Injection / Post Auth Code Execution (деталі)
• AdaptBB 1.0 (topic_id) SQL Injection / Credentials Disclosure Exploit (деталі)
• Amaya 11.1 XHTML Parser Remote Buffer Overflow PoC (деталі)
• Joomla Component com_bookjoomlas 0.1 SQL Injection Vulnerability (деталі)
• XBMC 8.10 GET Request Remote Buffer Overflow Exploit (SEH) (univ) (деталі)
• FlexCMS Calendar (ItemId) Blind SQL Injection Vulnerability (деталі)
• iDB 0.2.5pa SVN 243 (skin) Local File Inclusion Exploit (деталі)
• Family Connections CMS <= 1.8.2 Blind SQL Injection Vulnerability (деталі)
• Exploits Amaya (id) Remote Stack Overflow Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• VirtueMart <= 1.1.2 Multiple Remote Vulnerabilities (деталі)
• webEdition <= 6.0.0.4 (WE_LANGUAGE) Local File Inclusion Vulnerability (деталі)
• JobHut 1.2 Remote Password Change/Delete/Activate User Vulnerability (деталі)
• PHPRecipeBook 2.39 (course_id) Remote SQL Injection Vulnerability (деталі)
• vsp stats processor 0.45 (gamestat.php gameID) SQL Injection Vuln (деталі)
• Sun Calendar Express Web Server (DoS/XSS) Multiple Remote Vulns (деталі)
• Koschtit Image Gallery 1.82 Multiple Local File Inclusion Vulnerabilities (деталі)
• Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit (деталі)
• XBMC 8.10 (GET Requests) Multiple Remote Buffer Overflow PoC (деталі)
• XBMC 8.10 (Get Request) Remote Buffer Overflow Exploit (win) (деталі)
• XBMC 8.10 (takescreenshot) Remote Buffer Overflow Exploit (деталі)
• XBMC 8.10 (get tag from file name) Remote Buffer Overflow Exploit (деталі)
• MyioSoft Ajax Portal 3.0 (page) SQL Injection Vulnerability (деталі)
• TinyPHPForum 3.61 File Disclosure / Code Execution Vulnerabilities (деталі)
• Exploits Amaya (URL Bar) Remote Stack Overflow Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Diskos CMS Manager (SQL/DB/Auth Bypass) Multiple Vulnerabilities (деталі)
• BandSite CMS 1.1.4 (members.php memid) SQL Injection Vulnerability (деталі)
• Sami HTTP Server 2.x (HEAD) Remote Denial of Service Exploit (деталі)
• Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow (деталі)
• Amaya 11.1 W3C Editor/Browser (defer) Stack Overflow PoC (деталі)
• Gravy Media CMS 1.07 Multiple Remote Vulnerabilities (деталі)
• NOKIA Siemens FlexiISN 3.1 Multiple Auth Bypass Vulnerabilities (деталі)
• X-Forum 0.6.2 Remote Command Execution Exploit (деталі)
• JobHut <= 1.2 (pk) Remote SQL Injection Vulnerability (деталі)
• Family Connection 1.8.1 Multiple Remote Vulnerabilities (деталі)
• Amaya 11.1 W3C Editor/Browser (defer) Stack Overflow Exploit (деталі)
• Community CMS 0.5 Multiple SQL Injection Vulnerabilities (деталі)
• Podcast Generator <= 1.1 Remote Code Execution Exploit (деталі)
• VirtueMart <= 1.1.2 Remote SQL Injection Exploit (meta) (деталі)
• Comersus Shopping Cart <= v6 Remote User Pass Exploit (деталі)

05.09.2009

Нещодавно я писав про переповнення стека в Microsoft IIS 5.0 та 6.0. Після якої була виявлена нова уразливість в IIS.

Вчора була виявлена Denial of Service уразливість у вбудованому FTP сервері в Microsoft IIS. Для даної уразливості був розроблений експлоіт.

Уразливі версії: Microsoft IIS 5.0, IIS 6.0.

• Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service (деталі)

15.10.2009

Додаткова інформація.

• Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) (деталі)
• Microsoft Internet Information Server ftpd zeroday (деталі)

В даній добірці експлоіти в веб додатках:

• DirectAdmin <= 1.33.1 Symlink Permission Bypass Vuln (untested) (деталі)
• WeBid 0.7.3 RC9 (upldgallery.php) Remote File Upload Vulnerability (деталі)
• PHPizabi v0.848b C1 HFP1-3 Remote Arbitrary File Upload Exploit (деталі)
• blogplus 1.0 Multiple Local File Inclusion Vulnerabilities (деталі)
• PhotoStand 1.2.0 Remote Command Execution Exploit (деталі)
• Acute Control Panel 1.0.0 (SQL/RFI) Multiple Remote Vulnerabilities (деталі)
• XM Easy Personal FTP Server <= 5.7.0 (NLST) DoS Exploit (деталі)
• Free PHP Petition Signing Script (Auth Bypass) SQL Injection Vuln (деталі)
• Simply Classified 0.2 (category_id) SQL Injection Vulnerability (деталі)
• Arcadwy Arcade Script (username) Static XSS Vulnerability (деталі)
• Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 File Disclosure Vulnerability (деталі)
• My Simple Forum 7.1 (LFI) Remote Command Execution Exploit (деталі)
• glFusion <= 1.1.2 COM_applyFilter()/order SQL Injection Exploit (деталі)
• Arcadwy Arcade Script (Auth Bypass) Insecure Cookie Handling Vuln (деталі)
• iWare CMS 5.0.4 Multiple Remote SQL Injection Vulnerabilities (деталі)