Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• Syntax Desktop 2.7 (synTarget) Local File Inclusion Vulnerability (деталі)
• Jaws 0.8.8 Multiple Local File Inclusion Vulnerabilities (деталі)
• Team 1.x (DD/XSS) Multiple Remote Vulnerabilities (деталі)
• Power System Of Article Management (DD/XSS) Vulnerabilities (деталі)
• Novell GroupWise <= 8.0 Malformed RCPT command Off-by-one Exploit (деталі)
• YapBB <= 1.2 (forumID) Blind SQL Injection Exploit (деталі)
• Amaya Web Browser 11 (bdo tag) Remote Stack Overflow Exploit (vista) (деталі)
• Amaya Web Browser 11 (bdo tag) Remote Stack Overflow Exploit (winxp) (деталі)
• GR Blog 1.1.4 (Upload/Bypass) Multiple Remote Vulnerabilities (деталі)
• Kipper 2.01 (XSS/LFI/DD) Multiple Vulnerabilities (деталі)
• ClearBudget 0.6.1 Insecure Cookie Handling / LFI Vulnerabilities (деталі)
• GR Note 0.94 beta (Auth Bypass) Remote Database Backup Vulnerability (деталі)
• ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability (деталі)
• txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit (деталі)
• Mailist 3.0 Insecure Backup/Local File Inclusion Vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• TxtBlog 1.0 Alpha Remote Command Execution Exploit (деталі)
• NaviCopa webserver 3.0.1 (BOF/SD) Multiple Remote Vulnerabilities (деталі)
• Technote 7.2 Remote File Inclusion Vulnerability (деталі)
• 4Site CMS <= 2.6 Multiple Remote SQL Injection Vulnerabilities (деталі)
• MyDesing Sayac 2.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• WEBalbum 2.4b (photo.php id) Blind SQL Injection Exploit (деталі)
• AJA Modules Rapidshare 1.0.0 Remote Shell Upload Vulnerability (деталі)
• Simple Machines Forums (BBCode) Cookie Stealing Vulnerability (деталі)
• Openfiler 2.3 (Auth Bypass) Remote Password Change Exploit (деталі)
• DMXReady online notebookmanager 1.1 Auth Bypass Vulnerability (деталі)
• Flatnux 2009-01-27 Remote File Inclusion Vulnerability (деталі)
• PHPbbBook 1.3 (bbcode.php l) Local File Inclusion Exploit (деталі)
• GRBoard 1.8 Multiple Remote File Inclusion Vulnerabilities (деталі)
• rgboard v4 5p1 (07.07.27) Multiple Remote Vulnerabilities (деталі)
• TNS Listener (Oracle RDBMS) exploit (деталі)

В даній добірці експлоіти в веб додатках:

• OpenHelpDesk 1.0.100 eval() Code Execution Exploit (meta) (деталі)
• phpslash <= 0.8.1.1 Remote Code Execution Exploit (деталі)
• eVision CMS 2.0 Remote Code Execution Exploit (деталі)
• sourdough 0.3.5 Remote File Inclusion Vulnerability (деталі)
• CMS Mini <= 0.2.2 Remote Command Execution Exploit (деталі)
• phpBLASTER 1.0 RC1 (blaster_user) Blind SQL Injection Exploit (деталі)
• Online Grades 3.2.4 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Groone’s Guestbook 2.0 Remote File Inclusion Vulnerability (деталі)
• Groone GLinks 2.1 Remote File Inclusion Vulnerability (деталі)
• ClickCart 6.0 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• WholeHogSoftware Password Protect Insecure Cookie Handling Vuln (деталі)
• WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability (деталі)
• CMS from Scratch <= 1.9.1 (fckeditor) Remote File Upload Exploit (деталі)
• DreamPics Photo/Video Gallery Blind SQL Injection Exploit (деталі)
• Yerba SACphp <= 6.3 / Local File Inclusion Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• ManageEngine Firewall Analyzer 5 XSRF/XSS Vulnerability (деталі)
• GNUBoard 4.31.04 (09.01.30) Multiple Local/Remote Vulnerabilities (деталі)
• Amaya Web Editor 11 Remote SEH Overwrite Exploit (деталі)
• ReVou Twitter Clone (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• SkaLinks 1.5 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Orca 2.0.2 (Topic) Remote XSS Vulnerability (деталі)
• BPAutoSales 1.0.1 (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• eVision CMS <= 2.0 (field) SQL Injection Vulnerability (деталі)
• SMA-DB 0.3.12 (RFI/XSS) Multiple Remote Vulnerabilities (деталі)
• WholeHogSoftware Password Protect (Auth Bypass) SQL Injection Vuln (деталі)
• WholeHogSoftware Ware Support (Auth Bypass) SQL Injection Vuln (деталі)
• AJA Portal 1.2 Local File Inclusion Vulnerabilities (win) (деталі)
• Flatnux 2009-01-27 (Job fields) XSS/Iframe Injection PoC (деталі)
• Small HTTP Server <= 3.05.85 Directory Traversal Exploit (деталі)
• Exploits FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• GLPI v 0.71.3 Multiple Remote SQL Injection VUlnerabilities (деталі)
• Coppermine Photo Gallery 1.4.19 Remote PHP File Upload Vulnerability (деталі)
• Star Articles 6.0 (admin.manage) Remote Contents Change Vulnerability (деталі)
• Amaya Web Editor <= 11.0 Remote Buffer Overflow PoC (деталі)
• Personal Site Manager <= 0.3 Remote Command Execution Exploit (деталі)
• WFTPD Explorer Pro 1.0 Remote Heap Overflow Exploit (деталі)
• PLE CMS 1.0 beta 4.2 (login.php school) Blind SQL Injection Exploit (деталі)
• NetArtMedia Car Portal 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Motorola Wimax modem CPEi300 (FD/XSS) Multiple Vulnerabilities (деталі)
• SalesCart (Auth Bypass) SQL Injection Vulnerability (деталі)
• Pligg 9.9.5 XSRF Protection Bypass and Captcha Bypass (деталі)
• Zoom VoIP Phone Adapater ATA1+1 1.2.5 XSRF Exploit (деталі)
• D-Link VoIP Phone Adapter XSS/XSRF Remote Firmware Overwrite (деталі)
• Profense Web Application Firewall 2.6.2 XSRF/XSS Vulnerabilities (деталі)
• Website Directory - XSS Exploit (деталі)

Нещодавно була виявлена уразливість переповнення стека у вбудованому FTP сервері в Microsoft IIS. Для даної уразливості був розроблений експлоіт.

Уразливі версії: Microsoft IIS 5.0, IIS 6.0 (з включеним режимом stack cookie protection).

• Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k) (деталі)
• Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4) (деталі)

В даній добірці експлоіти в веб додатках:

• Flax Article Manager 1.1 Remote PHP Script Upload Vulnerability (деталі)
• Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability (деталі)
• Pixie CMS 1.0 Multiple Local File Inclusion Vulnerabilities (деталі)
• phplist 2.10.x (RCE by environ inclusion) Local File Inclusion Exploit (деталі)
• Lore 1.5.6 (article.php) Blind SQL Injection Exploit (деталі)
• Gazelle CMS (template) Local File Inclusion Vulnerability (деталі)
• Chipmunk Blog (Auth Bypass) Add Admin Exploit (деталі)
• GameScript 4.6 (XSS/SQL/LFI) Multiple Remote Vulnerabilities (деталі)
• Community CMS <= 0.4 (index.php id) Blind SQL Injection Exploit (деталі)
• MemHT Portal (mime issue) Remote PHP Shell Upload Vulnerability (деталі)
• Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass (деталі)
• Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability (деталі)
• SmartSiteCMS 1.0 (articles.php var) Blind SQL Injection Exploit (деталі)
• Social Engine (category_id) SQL Injection Vulnerability (деталі)
• Amaya Web Editor XML and HTML parser Vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• MemHT Portal <= 4.0.1 (avatar) Remote Code Execution Exploit (деталі)
• Siemens ADSL SL2-141 CSRF Exploit (деталі)
• ITLPoll 2.7 Stable2 (index.php id) Blind SQL Injection Exploit (деталі)
• E-ShopSystem Auth Bypass / SQL Injection Multiple Vulnerabilities (деталі)
• Script Toko Online 5.01 (shop_display_products.php) SQL Injection Vuln (деталі)
• SHOP-INET v4 (show_cat2.php grid) SQL Injection Vulnerability (деталі)
• WinFTP 2.3.0 (LIST) Remote Buffer Overflow Exploit (post-auth) (деталі)
• PHP-CMS 1 (username) Blind SQL Injection Exploit (деталі)
• Wazzum Dating Software (userid) SQL Injection Vulnerability (деталі)
• Groone’s GLink Organizer (index.php cat) SQL Injection Vulnerability (деталі)
• SiteXS <= 0.1.1 (type) Local File Inclusion Exploit (деталі)
• ClickAuction (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Joomla com_flashmagazinedeluxe (mag_id) SQL Injection Vulnerability (деталі)
• OpenX 2.6.3 (MAX_type) Local File Inclusion Vulnerability (деталі)
• GroupWise 7.0 mailto: scheme buffer overflow proof of concept (деталі)

В даній добірці експлоіти в веб додатках:

• Mambo Component SOBI2 RC 2.8.2 (bid) SQL Injection Vulnerability (деталі)
• Joomla Com BazaarBuilder Shopping Cart v.5.0 SQL Injection Exploit (деталі)
• Joomla Component beamospetition 1.0.12 SQL Injection / XSS (деталі)
• Joomla com_pcchess (game_id) Blind SQL Injection Exploit (деталі)
• AXIS 70U Network Document Server Privilege Escalation/XSS (деталі)
• asp-project 1.0 Insecure Cookie Method Vulnerability (деталі)
• OwnRS Blog 1.2 (autor.php) SQL Injection Vulnerability (деталі)
• FTPShell Server 4.3 (licence key) Remote Buffer Overflow PoC (деталі)
• Pardal CMS <= 0.2.0 Blind SQL Injection Exploit (деталі)
• Simple Machines Forum <= 1.1.7 XSRF/XSS/Package Upload Vuln (деталі)
• EPOLL SYSTEM 3.1 (password.dat) Disclosure Exploit (деталі)
• OpenGoo 1.1 (script_class) Local File Inclusion Vulnerability (деталі)
• Flax Article Manager 1.1 (cat_id) SQL Injection Vulnerability (деталі)
• Web-Calendar Lite 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Mambo com_sim v0.8 Blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component Gigcal 1.x (id) SQL Injection Vulnerability (деталі)
• Joomla Component com_news SQL Injection Vulnerability (деталі)
• Joomla com_pccookbook (recipe_id) Blind SQL Injection Exploit (деталі)
• Joomla com_waticketsystem Blind SQL Injection Exploit (деталі)
• PHPAds 2.0 Multiple Remote Vulnerabilities (деталі)
• Ninja Blog 4.8 Remote Information Disclosure Vulnerability (деталі)
• RCBlog v1.03 Authentication Bypass Vulnerability (деталі)
• Gallery Kys 1.0 Admin Password Disclosure / Permanent XSS Vulns (деталі)
• Ninja Blog 4.8 (CSRF/HTML Injection) Vulnerability (деталі)
• Dodo’s Quiz Script 1.1 (dodosquiz.php) Local File Inclusion Vulnerability (деталі)
• LinPHA Photo Gallery 2.0 Remote Command Execution Exploit (деталі)
• AJ Auction Pro OOPD 2.3 (id) SQL Injection Vulnerability (деталі)
• Max.Blog 1.0.6 Arbitrary Delete Post Exploit (деталі)
• Sad Raven’s Click Counter 1.0 passwd.dat Disclosure Exploit (деталі)
• Exploits HP OpenView Network Node Manager <= 7.53 memory corruption (деталі)