Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• VisionLMS 1.0 (changePW.php) Remote Password Change Exploit (деталі)
• Quick ‘n Easy Web Server 3.3.5 Arbitrary File Disclosure Exploit (деталі)
• Zubrag Smart File Download 1.3 Arbitrary File Download Vulnerability (деталі)
• S-Cms 1.1 Stable (page) Local File Inclusion Vulnerability (деталі)
• ProjectCMS 1.0b (index.php sn) Remote SQL Injection Vulnerability (деталі)
• Baby Web Server 2.7.2.0 Arbitrary File Disclosure Exploit (деталі)
• eLitius 1.0 (banner-details.php id) SQL Injection Vulnerability (деталі)
• Tiger DMS (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Leap CMS 0.1.4 (SQL/XSS/SU) Multiple Remote Vulnerabilities (деталі)
• Leap CMS 0.1.4 (searchterm) Blind SQL Injection Exploit (деталі)
• MiniTwitter 0.2b Remote User Options Changer Exploit (деталі)
• MiniTwitter 0.2b Multiple SQL Injection Vulnerabilities (деталі)
• Golabi CMS <= 1.0.1 Session Poisoning Vulnerability (деталі)
• Addonics NAS Adapter FTP Remote Denial of Service Exploit (деталі)
• pecio cms 1.1.5 (index.php language) Local File Inclusion Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Photo-Rigma.BiZ v30 (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities (деталі)
• Teraway LinkTracker 1.0 Remote Password Change Exploit (деталі)
• Teraway LiveHelp 2.0 Insecure Cookie Handling Vulnerability (деталі)
• Teraway FileStream 1.0 Insecure Cookie Handling Vulnerability (деталі)
• Teraway LinkTracker 1.0 Insecure Cookie Handling Vulnerability (деталі)
• Flatchat 3.0 (pmscript.php with) Local File Inclusion Vulnerability (деталі)
• ECShop 2.5.0 (order_sn) Remote SQL Injection Vulnerability (деталі)
• EZ-Blog Beta2 (category) Remote SQL Injection Vulnerability (деталі)
• Thickbox Gallery v2 (index.php ln) Local File Inclusion Vulnerability (деталі)
• DEW-NEWphpLinks 2.0 (LFI/XSS) Multiple Remote Vulnerabilities (деталі)
• ABC Advertise 1.0 Admin Password Disclosure Vulnerability (деталі)
• Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit (деталі)
• webSPELL <= 4.2.0d Local File Disclosure Exploit (.c linux) (деталі)
• MIM: InfiniX 1.2.003 Multiple SQL Injection Vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component rsmonials Remote Cross Site Scripting Exploit (деталі)
• WebPortal CMS 0.8b Multiple Remote/Local File Inclusion Vulnerabilities (деталі)
• 5 star Rating 1.2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• elkagroup Image Gallery 1.0 Arbitrary File Upload Vulnerability (деталі)
• Dokeos LMS <= 1.8.5 (include) Remote Code Execution Exploit (деталі)
• Xitami Web Server <= 5.0 Remote Denial of Service Exploit (деталі)
• Femitter FTP Server 1.03 Arbitrary File Disclosure Exploit (деталі)
• FOWLCMS 1.1 (AB/LFI/SU) Multiple Remote Vulnerabilities (деталі)
• Zervit HTTP Server <= 0.3 (sockets++ crash) Remote Denial of Service (деталі)
• Dream FTP Server 1.02 (users.dat) Arbitrary File Disclosure Exploit (деталі)
• Home Web Server <= r1.7.1 (build 147) Gui Thread-Memory Corruption (деталі)
• Absolute Form Processor XE-V 1.5 Remote Change Pasword Exploit (деталі)
• Absolute Form Processor XE-V 1.5 Insecure Cookie Handling Vuln (деталі)
• Absolute Form Processor XE-V 1.5 (auth Bypass) SQL Injection Vuln (деталі)
• Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• Creasito e-Commerce 1.3.16 (Auth Bypass) SQL Injection Vuln (деталі)
• TotalCalendar 2.4 Remote Password Change Exploit (деталі)
• e107 <= 0.7.15 (extended_user_fields) Blind SQL Injection Exploit (деталі)
• Zervit Webserver 0.3 Remote Denial Of Service Exploit (деталі)
• Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit (деталі)
• I-Rater Pro/Plantinum v4 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Oracle RDBMS 10.2.0.3/11.1.0.6 TNS Listener PoC (CVE-2009-0991) (деталі)
• VS PANEL 7.3.6 (Cat_ID) Remote SQL Injection Vulnerability (деталі)
• Quick.Cms.Lite 0.5 (id) Remote SQL Injection Vulnerability (деталі)
• NotFTP 1.3.1 (newlang) Local File Inclusion Vulnerability (деталі)
• TotalCalendar 2.4 (include) Local File Inclusion Vulnerability (деталі)
• PastelCMS 0.8.0 (LFI/SQL) Multiple Remote Vulnerabilities (деталі)
• CRE Loaded 6.2 (products_id) SQL Injection Vulnerability (деталі)
• MixedCMS 1.0b (LFI/SU/AB/FD) Multiple Remote Vulnerabilities (деталі)
• Studio Lounge Address Book 2.5 Authentication Bypass Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Online Email Manager Insecure Cookie Handling Vulnerability (деталі)
• Online Guestbook Pro (display) Blind SQL Injection Vulnerability (деталі)
• Flatnux 2009-03-27 (Upload/ID) Multiple Remote Vulnerabilities (деталі)
• Seditio CMS Events Plugin (c) Remote SQL Injection Vulnerability (деталі)
• Studio Lounge Address Book 2.5 (profile) Shell Upload Vulnerability (деталі)
• Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities (деталі)
• TotalCalendar 2.4 (inc_dir) Remote File Inclusion Vulnerability (деталі)
• FunGamez rc1 (AB/LFI) Multiple Remote Vulnerabilities (деталі)
• WB News 2.1.2 Insecure Cookie Handling Vulnerability (деталі)
• WysGui CMS 1.2b (Insecure Cookie Handling) Blind SQL Injection Exploit (деталі)
• Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) (деталі)
• Pligg 9.9.0 (editlink.php id) Blind SQL Injection Exploit (деталі)
• EZ Webitor (Auth Bypass) SQL Injection Vulnerability (деталі)
• webClassifieds 2005 (Auth Bypass) Insecure Cookie Handling Vuln (деталі)
• eLitius 1.0 Arbitrary Database Backup Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Online Password Manager 4.1 Insecure Cookie Handling Vulnerability (деталі)
• NetHoteles 2.0/3.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Geeklog <= 1.5.2 savepreferences()/*blocks[] SQL Injection Exploit (деталі)
• eLitius 1.0 (manage-admin.php) Add Admin/Change Password Exploit (деталі)
• Apache Geronimo <= 2.1.3 Multiple Directory Traversal Vulnerabilities (деталі)
• Zervit Webserver 0.02 Remote Directory Traversal Vulnerability (деталі)
• chCounter 3.1.3 (Login Bypass) SQL Injection Vulnerability (деталі)
• SMA-DB 0.3.13 Multiple Remote File Inclusion Vulnerabilities (деталі)
• Tiny Blogr 1.0.0 rc4 (Auth Bypass) SQL Injection Vulnerability (деталі)
• e-cart.biz Shopping Cart Arbitrary File Upload Vulnerability (деталі)
• ClanTiger <= 1.1.1 (slug) Blind SQL Injection Exploit (деталі)
• ClanTiger <= 1.1.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• ClanTiger < 1.1.1 Multiple Cookie Handling Vulnerabilities (деталі)
• Limbo CMS 1.0.4.2 CSRF Privilege Escalation PoC (деталі)
• Hot Project v7 (Auth Bypass) SQL Injection Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• MonGoose 2.4 Webserver Directory Traversal Vulnerability (win) (деталі)
• Zervit Webserver 0.02 Remote Buffer Overflow PoC (деталі)
• FreeWebshop.org 2.2.9 RC2 (lang_file) Local File Inclusion Vulnerability (деталі)
• Job2C 4.2 (adtype) Local File Inclusion Vulnerability (деталі)
• Job2C (conf.inc) Config File Disclosure Vulnerability (деталі)
• phpDatingClub (conf.inc) File Disclosure Vulnerability (деталі)
• phpAdBoardPro (config.inc) Config File Disclosure Vulnerability (деталі)
• W2B Restaurant 1.2 (conf.inc) Config File Disclosure Vulnerability (деталі)
• phpGreetCards (conf.inc) Config File Disclosure Vulnerability (деталі)
• NetHoteles 3.0 (ficha.php) SQL Injection Vulnerability (деталі)
• Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes (деталі)
• cpCommerce 1.2.8 (id_document) Blind SQL Injection Vulnerability (деталі)
• DNS Tools (PHP Digger) Remote Command Execution Vuln (деталі)
• webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability (деталі)
• phpslash <= 0.8.1.1 Remote Code Execution Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• e107 Plugin userjournals_menu (blog.id) SQL Injection Vulnerability (деталі)
• FreznoShop 1.3.0 (id) Remote SQL Injection Vulnerability (деталі)
• XEngineSoft PMS/MGS/NM/AMS 1.0 (Auth Bypass) SQL Injection Vulns (деталі)
• Yellow Duck Weblog 2.1.0 (lang) Local File Inclusion Vulnerability (деталі)
• X10Media Mp3 Search Engine 1.x Admin Access Vulnerability (деталі)
• ftpdmin 0.96 Arbitrary File Disclosure Exploit (деталі)
• ASP Product Catalog 1.0 (XSS/DD) Multiple Remote Exploits (деталі)
• Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [2] (деталі)
• Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [1] (деталі)
• W2B phpEmployment (conf.inc) File Disclosure Vulnerability (деталі)
• RQMS (Rash) <= 1.2.2 Multiple SQL Injection Vulnerabilities (деталі)
• Aqua CMS (username) SQL Injection Vulnerability (деталі)
• GuestCal 2.1 (index.php lang) Local File Inclusion Vulnerability (деталі)
• Steamcast 0.9.75b Remote Denial of Service Exploit (деталі)
• Exploits metabbs 0.11 Change admin password vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• WebFileExplorer 3.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• AdaptBB 1.0b Multiple Remote Vulnerabilities (деталі)
• net2ftp <= 0.97 Cross-Site Scripting/Request Forgery Vulnerabilities (деталі)
• My Dealer CMS 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Absolute Form Processor XE-V 1.5 (Auth Bypass) SQL Injection Vuln (деталі)
• Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities (деталі)
• FunkyASP AD System 1.1 Remote Shell Upload Vulnerability (деталі)
• w3bcms Gaestebuch 3.0.0 Blind SQL Injection Exploit (деталі)
• Redaxscript 0.2.0 (language) Local File Inclusion Vulnerability (деталі)
• moziloCMS 1.11 (LFI/PD/XSS) Multiple Remote Vulnerabilities (деталі)
• Chance-i DiViS DVR System Web-server Directory Traversal Vulnerability (деталі)
• Loggix Project 9.4.5 (refer_id) Blind SQL Injection Vulnerability (деталі)
• PHP-Agenda <= 2.2.5 Remote File Overwriting Vulnerabilities (деталі)
• Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit (деталі)
• ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit (xp sp3/case study) (деталі)

В даній добірці експлоіти в веб додатках:

• Lanius CMS <= 0.5.2 Remote Arbitrary File Upload Exploit (деталі)
• XBMC 8.10 (HEAD) Remote Buffer Overflow Exploit (SEH) (деталі)
• SASPCMS 0.9 Multiple Remote Vulnerabilities (деталі)
• Joomla Component Maian Music 1.2.1 (category) SQL Injection Vuln (деталі)
• Joomla Component MailTo (article) SQL Injection Vulnerability (деталі)
• Joomla Component Cmimarketplace (viewit) Directory Traversal Vuln (деталі)
• peterConnects Web Server Traversal Arbitrary File Access Vulnerability (деталі)
• Photo Graffix 3.4 Multiple Remote Vulnerabilities (деталі)
• Xplode CMS (wrap_script) Remote SQL Injection Vulnerability (деталі)
• WebFileExplorer 3.1 (DB.MDB) Database Disclosure Vulnerability (деталі)
• Geeklog <= 1.5.2 SEC_authenticate() SQL Injection Exploit (деталі)
• Exjune Guestbook v2 Remote Database Disclosure Exploit (деталі)
• BackendCMS 5.0 (main.asp id) SQL Injection Vulnerability (деталі)
• Simbas CMS 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• XBMC 8.10 (HEAD Request) Remote Buffer Overflow Exploit (SEH) (деталі)