Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• Gigaset SE461 WiMAX router Remote Denial of Service Vulns (деталі)
• X-BLC 0.2.0 (get_read.php section) SQL Injection Vulnerability (деталі)
• Syzygy CMS 0.3 LFI/SQL Command Injection Exploit (деталі)
• Telnet-Ftp Service Server v1.x Multiple Vulnerabilities (post auth) (деталі)
• Codice CMS 2 Remote SQL Command Execution Exploit (деталі)
• Pluck CMS 4.6.1 (module_pages_site.php post) LFI Exploit (деталі)
• Rittal CMC-TC Processing Unit II Multiple Vulnerabilities (деталі)
• PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit (деталі)
• Free Arcade Script 1.0 Auth Bypass (SQL) / Upload Shell Vulnerabilities (деталі)
• IncrediMail 5.86 (XSS) Script Execution Exploit (деталі)
• Femitter FTP Server 1.x Multiple Vulnerabilities (post auth) (деталі)
• SurfMyTV Script 1.0 (view.php id) SQL Injection Vulnerability (деталі)
• PHPizabi v0.848b C1 HFP1 Remote Privilege Escalation Vulnerability (деталі)
• Jinzora Media Jukebox <= 2.8 (name) Local File Inclusion Vulnerability (деталі)
• Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• UBB.threads 5.5.1 (message) Remote SQL Injection Vulnerability (деталі)
• phpComasy 0.9.1 (entry_id) SQL Injection Vulnerability (деталі)
• GDL 4.x (node) Remote SQL Injection Vulnerability (деталі)
• PHPRunner 4.2 (SearchOption) Blind SQL Injection Vulnerability (деталі)
• Mega File Hosting Script 1.2 (cross.php url) RFI Vulnerability (деталі)
• DeluxeBB <= 1.3 (qorder) Remote SQL Injection Vulnerability (деталі)
• Pivot 1.40.6 Remote Arbitrary File Deletion Vulnerability (деталі)
• Advanced Image Hosting (AIH) 2.3 (gal) Blind SQL Injection Vuln (деталі)
• Facil-CMS 0.1RC2 Multiple Remote Vulnerabilities (деталі)
• Bloginator v1a SQL Command Injection via Cookie Bypass Exploit (деталі)
• Bloginator v1a (Cookie Bypass/SQL) Multiple Remote Vulnerabilities (деталі)
• Hannon Hill Cascade Server Command Execution Vulnerability (post auth) (деталі)
• SW-HTTPD Server 0.x Remote Denial of Service Exploit (деталі)
• Pixie CMS (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• Exploits joomla com_lowcosthotels sql injection (деталі)

В даній добірці експлоіти в веб додатках:

• CMS WEBjump! Multiple SQL Injection Vulnerabilities (деталі)
• PHP-Fusion Mod Book Panel (course_id) SQL Injection Vulnerability (деталі)
• RoomPHPlanning <= 1.6 (userform.php) Create Admin User Exploit (деталі)
• Joomla Djice Shoutbox 1.0 Permanent XSS Vulnerability (деталі)
• WeBid <= 0.7.3 RC9 Multiple Remote File Inclusion Vulnerabilities (деталі)
• GuildFTPd FTP Server 0.999.14 Remote Delete Files Exploit (деталі)
• Traidnt up 2.0 (Cookie) Add Extension By Pass Exploit (деталі)
• PhpMySport 1.4 (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• Kim Websites 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• YAP 1.1.1 (index.php page) Local File Inclusion Vulnerability (деталі)
• YAP 1.1.1 Blind SQL Injection/SQL Injection Vulnerabilities (деталі)
• Beerwin’s PHPLinkAdmin 1.0 RFI/SQL Injection Vulnerabilities (деталі)
• PPLive <= 1.9.21 (/LoadModule) URI Handlers Argument Injection Vuln (деталі)
• VLC 0.9.8a Web UI (input) Remote Denial of Service Exploit (деталі)
• Blind SQL Injection exploit for CMS NetCat v3.12 (деталі)

В даній добірці експлоіти в веб додатках:

• CelerBB 0.0.2 Multiple Remote Vulnerabilities (деталі)
• Joomla com_ijoomla_archive Blind SQL Injection Exploit (деталі)
• Wili-CMS 0.4.0 (RFI/LFI/AB) Multiple Remote Vulnerabilities (деталі)
• Blue Eye CMS <= 1.0.0 Remote Cookie SQL Injection Vulnerability (деталі)
• OneOrZero Helpdesk <= 1.6.5.7 Local File Inclusion Vulnerability (деталі)
• isiAJAX v1 (praises.php id) Remote SQL Injection Vulnerability (деталі)
• Addonics NAS Adapter Post-Auth Denial of Service Exploit (деталі)
• PHP-Fusion Mod Book Panel (bookid) SQL Injection Vulnerability (деталі)
• phpCommunity 2.1.8 (SQL/DT/XSS) Multiple Vulnerabilities (деталі)
• CS-Cart 2.0.0 Beta 3 (product_id) SQL Injection Vulnerability (деталі)
• Woltlab Burning Board 3.0.x Multiple Remote Vulnerabilities (деталі)
• PHPRecipeBook 2.24 (base_id) Remote SQL Injection Vulnerability (деталі)
• PHP Director <= 0.21 (sql into outfile) eval() Injection Exploit (деталі)
• NextApp Echo < 2.1.1 XML Injection Vulnerability (деталі)
• IBM Director <= 5.20.3su2 CIM Server Remote DoS Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Digital Interchange Calendar 5.7.13 Contents Change Vulnerability (деталі)
• Document Library 1.0.1 Arbitrary Change Admin Vulnerability (деталі)
• EFS Easy Chat Server Authentication Request BOF Exploit (SEH) (деталі)
• BlindBlog 1.3.1 (SQL/AB/LFI) Multiple Remote Vulnerabilities (деталі)
• Zabbix 1.6.2 Frontend Multiple Vulnerabilities (деталі)
• ghostscripter Amazon Shop (XSS/DT/RFI) Multiple Vulnerabilities (деталі)
• NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability (деталі)
• EFS Easy Chat Server (XSRF) Change Admin Pass Vulnerability (деталі)
• Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit (деталі)
• Jogjacamp JProfile Gold (id_news) Remote SQL Injection Vulnerability (деталі)
• Joomla com_reservation (Itemid) Remote SQL Injection Exploit (деталі)
• Easy File Sharing Web Server 4.8 File Disclosure Vulnerability (деталі)
• EFS Easy Chat Server Authentication Request Buffer Overflow Exploit (pl) (деталі)
• Joomla com_carman 2.x (Itemid) Remote SQL Injection Exploit (деталі)
• EZ publish exploit with admin account activization (деталі)

В даній добірці експлоіти в веб додатках:

• Coppermine Photo Gallery <= 1.4.20 (BBCode IMG) Privilege Escalation (деталі)
• DesignerfreeSolutions Newsletter Manager Pro Auth Bypass Vuln (деталі)
• Golabi CMS Remote File Inclusion Vulnerability (деталі)
• BannerManager 0.81 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Coppermine Photo Gallery <= 1.4.20 (IMG) Privilege Escalation Exploit (деталі)
• SkyPortal Downloads Manager v1.1 Remote Contents Change Vuln (деталі)
• Orbit <= 2.4 Long Hostname Remote Buffer Overflow Exploit (деталі)
• Demium CMS 0.2.1B Multiple Vulnerabilities and Exploit (деталі)
• Irokez BLog 0.7.3.2 (XSS/RFI/BSQL) Multiple Remote Vulnerabilities (деталі)
• RitsBlog 0.4.2 (AB/XSS) Multiple Remote Vulnerabilities (деталі)
• Joomla/Mambo Component eXtplorer Code Execution Vulnerability (деталі)
• Joomla com_digistore (pid) Blind SQL Injection Exploit (деталі)
• Graugon PHP Article Publisher 1.0 (SQL/CH) Multiple Remote Vulns (деталі)
• Access2asp imageLibrary Arbitrary ASP Shell Upload Vulnerability (деталі)
• eZ Publish privilege escalation exploit by s4avrd0w (деталі)

В даній добірці експлоіти в веб додатках:

• MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln (деталі)
• Optus/Huawei E960 HSDPA Router SMS XSS Attack (деталі)
• Pyrophobia 2.1.3.1 LFI Command Execution Exploit (деталі)
• Free Arcade Script 1.0 LFI Command Execution Exploit (деталі)
• pPIM 1.01 (notes.php id) Remote Command Execution Exploit (деталі)
• zFeeder 1.6 (admin.php) No Authentication Vulnerability (деталі)
• XGuestBook 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Qwerty CMS (id) Remote SQL Injection Vulnerability (деталі)
• PenPal 2.0 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Netgear WGR614v9 Wireless Router Get Request Denial of Service Vuln (деталі)
• pPIM 1.0 Multiple Remote Vulnerabilities (деталі)
• SkyPortal WebLinks 0.12 Contents Change Vulnerability (деталі)
• SkyPortal Picture Manager 0.11 Contents Change Vulnerability (деталі)
• SkyPortal Classifieds System 0.12 Contents Change Vulnerability (деталі)
• eZ Publish OS Commanding executing exploit by s4avrd0w (деталі)

В даній добірці експлоіти в веб додатках:

• pHNews Alpha 1 (header.php mod) SQL Injection Vulnerability (деталі)
• S-Cms 1.1 Stable Insecure Cookie Handling / Mass Page Delete Vulns (деталі)
• smNews 1.0 Auth Bypass/Column Truncation Vulnerabilities (деталі)
• Firepack (admin/ref.php) Remote Code Execution Exploit (деталі)
• Oracle 10g MDSYS.SDO_TOPO_DROP_FTBL SQL Injection Exploit (meta) (деталі)
• Osmodia Bulletin Board 1.x (admin.txt) File Disclosure Vulnerability (деталі)
• i-dreams GB Server (admin.dat) File Disclosure Vulnerability (деталі)
• i-dreams GB 5.4 Final (admin.dat) File Disclosure Vulnerability (деталі)
• i-dreams Mailer 1.2 Final (admin.dat) File Disclosure Vulnerability (деталі)
• Got All Media 7.0.0.3 (t00t) Remote Denial of Service Exploit (деталі)
• phpBB 3 (autopost bot mod <= 0.1.3) Remote File Include Vulnerability (деталі)
• Graugon Forum v1 (id) SQL Command Injection Exploit (деталі)
• MDPro Module My_eGallery (pid) Remote SQL Injection Exploit (деталі)
• taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability (деталі)
• Plaintext Recovery Attack Against SSH (деталі)

В даній добірці експлоіти в веб додатках:

• ea-gBook 0.1 Remote Command Execution with RFI (c99) Exploit (деталі)
• Falt4 CMS RC4 (fckeditor) Arbitrary File Upload Exploit (деталі)
• InselPhoto 1.1 Persistent XSS Vulnerability (деталі)
• ClipBucket 1.7 (dwnld.php file) Remote File Disclosure Vulnerability (деталі)
• YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability (деталі)
• SAS Hotel Management System (myhotel_info.asp) SQL Injection Vuln (деталі)
• MemHT Portal <= 4.0.1 (pvtmsg) Delete All Private Messages Exploit (деталі)
• NovaBoard 1.0.0 Multiple Remote Vulnerabilities (деталі)
• PowerMovieList 0.14b (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• simplePMS CMS 0.1.3a LFI / Remote Command Execution Exploit (деталі)
• RavenNuke 2.3.0 Multiple Remote Vulnerabilities (деталі)
• SAS Hotel Management System Remote Shell Upload Vulnerability (деталі)
• Grestul 1.x Auth Bypass by Cookie SQL Injection Vulnerability (деталі)
• pHNews Alpha 1 (genbackup.php) Database Disclosure Vulnerability (деталі)
• vBulletin 3.7.3 Visitor Messages worm (деталі)

В даній добірці експлоіти в веб додатках:

• TYPO3 < 4.0.12/4.1.10/4.2.6 (jumpUrl) Remote File Disclosure Exploit (деталі)
• Den Dating 9.01(searchmatch.php) SQL Injection Vulnerability (деталі)
• Bloggeruniverse v2Beta (editcomments.php id) SQL Injection Exploit (деталі)
• Dacio’s CMS 1.08 (XSS/SQL/DD) Multiple Remote Vulnerabilities (деталі)
• GeoVision Digital Video Surveillance System (geohttpserver) DT Vuln (деталі)
• Graugon Gallery 1.0 (XSS/SQL/Cookie Bypass) Remote Vulnerabilities (деталі)
• SkaDate Online 7 Remote Shell Upload Vulnerability (деталі)
• PHP Krazy Image Host Script 1.01 (viewer.php id) SQL Injection Vuln (деталі)
• InselPhoto 1.1 (query) Remote SQL Injection Exploit (деталі)
• Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns (деталі)
• Free Joke Script 1.0 Auth Bypass / SQL Injection Vulnerability (деталі)
• Vlinks 1.1.6 (id) Remote SQL Injection Vulnerability (деталі)
• IdeaCart 0.02 (LFI/SQL) Multiple Remote Vulnerabilities (деталі)
• CmsFaethon 2.2.0 (info.php item) SQL Command Injection Exploit (деталі)
• BlogWrite 0.91 Remote FD / SQL Injection Exploit (деталі)