Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• CF_Auction (forummessage) Blind SQL Injection Vulnerability (деталі)
• CF_Calendar (calendarevent.cfm) Remote SQL Injection Vulnerabilty (деталі)
• CF SHOPKART 5.2.2 (SQL/DD) Multiple Remote Vulnerabilities (деталі)
• Butterfly Organizer 2.0.1 (view.php id) SQL Injection Vulnerability (деталі)
• phpAddEdit 1.3 (editform) Local File Inclusion Vulnerability (деталі)
• eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit (admin req) (деталі)
• MyCal Personal Events Calendar (mycal.mdb) Database Disclosure Vuln (деталі)
• evCal Events Calendar Database Disclosure Vulnerability (деталі)
• PhpAddEdit 1.3 (Cookie) Login Bypass Vulnerability (деталі)
• Banner Exchange Java (Auth Bypass) SQL Injection Vulnerability (деталі)
• Ad Management Java (Auth Bypass) SQL Injection Vulnerability (деталі)
• Affiliate Software Java 4.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Feed Cms 1.07.03.19b (lang) Local File Inclusion Vulnerability (деталі)
• PHP Support Tickets 2.2 Remote File Upload Vulnerability (деталі)
• Exploits NULL pointer in Remotely Anywhere 8.0.668 (деталі)

Продовжуючи тему експлоітів для Apache, пропоную вам нову добірку експлоітів для цього веб сервера.

Дані експлоіти для уразливостей в Apache Tomcat та Apache mod_dav / svn. Адмінам варто слідкувати за оновленням своїх серверів.

• Apache Tomcat untime.getRuntime().exec() Privilege Escalation (win) (деталі)
• Apache mod_dav / svn Remote Denial of Service Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• PostEcards (SQL/DD) Multiple Remote Vulnerabilities (деталі)
• ProQuiz 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Netref 4.0 Multiple Remote SQL Injection Vulnerabilities (деталі)
• Peel Shopping 3.1 (index.php rubid) SQL Injection Vulnerability (деталі)
• PHPmyGallery 1.0beta2 (RFI/LFI) Multiple Remote Vulnerabilities (деталі)
• Poll Pro 2.0 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Professional Download Assistant 0.1 (Auth Bypass) SQL Injection Vuln (деталі)
• Pro Chat Rooms 3.0.2 (XSS/CSRF) Multiple Vulnerabilities (деталі)
• Living Local 1.1 (XSS-RFU) Multiple Remote Vulnerabilities (деталі)
• Webmaster Marketplace (member.php u) SQL Injection Vulnerability (деталі)
• eZ Publish < 3.9.5/3.10.1/4.0.1 Privilege Escalation Exploit (деталі)
• HTMPL 1.11 (htmpl_admin.cgi help) Command Execution Vulnerability (деталі)
• CF_Forum Blind SQL Injection Vulnerability (деталі)
• CFMBLOG (index.cfm categorynbr) Blind SQL Injection Vulnerability (деталі)
• Exploits Timbuktu Pro <= 8.6.5 [RC 229] vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• NatterChat 1.12 (natterchat112.mdb) Database Disclosure Vulnerability (деталі)
• w3blabor CMS 3.0.5 Arbitrary File Upload & LFI Exploit (деталі)
• SIU Guarani Multiple Remote Vulnerabilities (деталі)
• XOOPS 2.3.1 Multiple Local File Inclusion Vulnerabilities (деталі)
• MG2 0.5.1 (filename) Remote Code Execution Vulnerability (деталі)
• DD-WRT v24-sp1 (XSRF) Cross Site Reference Forgery Exploit (деталі)
• WebCAF <= 1.4 (LFI/RCE) Multiple Remote Vulnerabilities (деталі)
• Neostrada Livebox Router Remote Network Down PoC Exploit (деталі)
• phpBB 3 (Mod Tag Board <= 4) Remote Blind SQL Injection Exploit (деталі)
• Secure Downloads v2.0.0r for vBulletin SQL Injection Vulnerability (деталі)
• XAMPP 1.6.8 (XSRF) Change Administrative Password Exploit (деталі)
• Simple Directory Listing 2 Cross Site File Upload Vulnerability (деталі)
• phpMyAdmin 3.1.0 (XSRF) SQL Injection Vulnerability (деталі)
• PHP Multiple Newsletters 2.7 (LFI/XSS) Multiple Vulnerabilities (деталі)
• PHPmyGallery 1.5beta (common-tpl-vars.php) LFI/RFI Vulnerabilities (деталі)

В даній добірці експлоіти в веб додатках:

• ASP Ticker (news.mdb) Remote Database Disclosure Vulnerability (деталі)
• ASP PORTAL Multiple Remote SQL Injection Vulnerabilities (деталі)
• ASP AutoDealer (SQL/DD) Multiple Remote Vulnerabilities (деталі)
• phpPgAdmin <= 4.2.1 (_language) Local File Inclusion Vulnerability (деталі)
• ASP PORTAL (xportal.mdb) Remote Database Disclosure Vulnerability (деталі)
• ASP AutoDealer Remote Database Disclosure Vulnerability (деталі)
• ASP Talk (SQL/CSS) Multiple Remote Vulnerabilities (деталі)
• PHPmyGallery Gold 1.51 (index.php) Directory Traversal Vulnerability (деталі)
• QMail Mailing List Manager 1.2 Database Disclosure Vulnerability (деталі)
• Mini-CMS 1.0.1 (index.php) Multiple Local File Inclusion Vulnerabilities (деталі)
• Mini Blog 1.0.1 (index.php) Multiple Local File Inclusion Vulnerabilities (деталі)
• ASPManage Banners (RFU/DD) Multiple Remote Vulnerabilities (деталі)
• Ikon AdManager 2.1 Remote Database Disclosure Vulnerability (деталі)
• Professional Download Assistant 0.1 Database Disclosure Vulnerability (деталі)
• SMF <= 1.1.4 SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• My Simple Forum 3.0 (index.php action) Local File Inclusion Vulnerability (деталі)
• lcxbbportal 0.1 Alpha 2 Remote File Inclusion Vulnerability (деталі)
• Easy News Content Management (News.mdb) Database Disclosure Vuln (деталі)
• Template Creature (SQL/DD) Multiple Remote Vulnerabilities (деталі)
• NightFall Personal Diary 1.0 (XSS/DD) Multiple Remote Vulnerabilities (деталі)
• RankEm (auth bypass) Remote SQL Injection Vulnerability (деталі)
• RankEm (rankup.asp siteID) Remote SQL Injection Vulnerability (деталі)
• Merlix Educate Servert (Bypass/DD) Multiple Remote Vulnerabilities (деталі)
• Multiple Membership Script 2.5 (id) SQL Injection Vulnerability (деталі)
• BNCwi <= 1.04 Local File Inclusion Vulnerability (деталі)
• Gravity GTD <= 0.4.5 (rpc.php objectname) LFI/RCE Vulnerability (деталі)
• NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln (деталі)
• Tizag Countdown Creator .v.3 Insecure Upload Vulnerability (деталі)
• Cold BBS (cforum.mdb) Remote Database Disclosure Vulnerability (деталі)
• Merlix Teamworx Server (DD/Bypass) Multiple Remote Vulns (деталі)

В даній добірці експлоіти в веб додатках:

• SunByte e-Flower (id) Remote SQL Injection Vulnerability (деталі)
• CMS MAXSITE Component Guestbook Remote Command Execution Exploit (деталі)
• Ocean12 Mailing List Manager Gold (DD/SQL/XSS) Vulnerabilities (деталі)
• Calendar MX Professional 2.0.0 Blind SQL Injection Vulnerability (деталі)
• Gallery MX 2.0.0 (pics_pre.asp ID) Blind SQL Injection Vulnerability (деталі)
• Codefixer MailingListPro (MailingList.mdb) Database Disclosure Vuln (деталі)
• Check New 4.52 (findoffice.php search) Remote SQL Injection Exploit (деталі)
• Rae Media Contact MS (Auth Bypass) SQL Injection Vulnerability (деталі)
• ASP User Engine .NET Remote Database Disclosure Vulnerability (деталі)
• Joomla Component com_jmovies 1.1 (id) SQL Injection Exploit (деталі)
• Wbstreet v.1.0 (SQL/DD) Multiple Remote Vulnerabilities (деталі)
• ccTiddly 1.7.4 (cct_base) Multiple Remote File Inclusion Vulnerabilities (деталі)
• Multi SEO phpBB 1.1.0 (pfad) Remote File Inclusion Vulnerability (деталі)
• User Engine Lite ASP (users.mdb) Database Disclosure Vulnerability (деталі)
• Joomla Component mydyngallery 1.4.2 (directory) SQL Injection Vuln (деталі)

В даній добірці експлоіти в веб додатках:

• Quick Tree View .NET 3.1 (qtv.mdb) Database Disclosure Vulnerability (деталі)
• Active Business Directory v 2 Remote blind SQL Injection Vulnerability (деталі)
• Active Time Billing 3.2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Active Price Comparison v 4 (ProductID) Blind SQL Injection Vulnerability (деталі)
• Active Photo Gallery 6.2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Andy’s PHP Knowledgebase 0.92.9 Arbitrary File Upload Vulnerability (деталі)
• z1exchange 1.0 (edit.php site) Remote SQL Injection Vulnerability (деталі)
• Broadcast Machine 0.1 Multiple Remote File Inclusion Vulnerabilities (деталі)
• bcoos 1.0.13 (viewcat.php cid) Remote SQL Injection Exploit (деталі)
• ASPPortal 3.2.5 (ASPPortal.mdb) Database Disclosure Vulnreability (деталі)
• E.Z. Poll v.2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Maxum Rumpus 6.0 Multiple Remote Buffer Overflow Vulnerabilities (деталі)
• PacPoll 4.0 (poll.mdb/poll97.mdb) Database Disclosure Vulnerability (деталі)
• Rapid Classified 3.1 (cldb.mdb) Database Disclosure Vulnerability (деталі)
• Borland InterBase 2007 “ibserver.exe” Buffer Overflow Vulnerability POC (деталі)

В даній добірці експлоіти в веб додатках:

• Active Websurvey 9.1 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Test 2.1 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• ActiveVotes 2.2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Web Helpdesk v 2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• OpenForum 0.66 Beta Remote Reset Admin Password Exploit (деталі)
• Active Bids 3.5 (ItemID) Blind SQL Injection Vulnerability (деталі)
• Active Web Mail v 4 Blind SQL Injection Vulnerability (деталі)
• ActiveVotes 2.2 (AccountID) Blind SQL Injection Vulnerability (деталі)
• OraMon 2.0.1 Remote Config File Disclosure Vulnerability (деталі)
• CMS Made Simple 1.4.1 Local File Inclusion Vulnerability (деталі)
• cpCommerce 1.2.6 (URL Rewrite) Input variable overwrite / Auth bypass PoC (деталі)
• Minimal Ablog 0.4 (SQL/FU/Bypass) Multiple Remote Vulnerabilities (деталі)
• KTP Computer Customer Database CMS Blind SQL Injection Vulnerability (деталі)
• KTP Computer Customer Database CMS Local File Inclusion Vulnerability (деталі)
• Smeego CMS Local File Include Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Bluo CMS 1.2 (index.php id) Blind SQL Injection Vulnerability (деталі)
• SailPlanner 0.3a (Auth Bypass) SQL Injection Vulnerability (деталі)
• All Club CMS <= 0.0.2 Remote DB Config Retrieve Exploit (деталі)
• Web Calendar System <= 3.40 (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• Booking Centre 2.01 (Auth Bypass) SQL Injection Vulnerability (деталі)
• PHP TV Portal 2.0 (index.php mid) SQL Injection Vulnerability (деталі)
• Active Price Comparison 4 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Active Trade 2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Web Mail v 4 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Newsletter 4.3 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• eWebquiz v 8 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Membership v 2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit (деталі)
• ASPThai.NET Forum 8.5 Remote Database Disclosure Vulnerability (деталі)
• StanWeb.CMS (default.asp id) Remote SQL Injection Exploit (деталі)