Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability (деталі)
• e107 <= 0.7.8 (photograph) Arbitrary File Upload Vulnerability (деталі)
• DreamLog 0.5 (upload.php) Arbitrary File Upload Exploit (деталі)
• SiteDepth CMS 3.44 (ShowImage.php name) File Disclosure Vulnerability (деталі)
• 6ALBlog (newsid) Remote SQL Injection Vulnerability (деталі)
• eDocStore (doc.php doc_id) Remote SQL Injection Vulnerability (деталі)
• Pagetool 1.07 (news_id) Remote SQL Injection Vulnerability (деталі)
• elkagroup Image Gallery 1.0 Remote SQL Injection Vulnerability (деталі)
• EVA-Web 1.1<= 2.2 (index.php3) Remote File Inclusion Vulnerabilities (деталі)
• 0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version, when 'HTTP Referers' block is on (деталі)

В даній добірці експлоіти в веб додатках:

• Powl 0.94 (htmledit.php) Remote File Inclusion Vulnerability (деталі)
• Sun Board 1.00.00 alpha Remote File Inclusion Vulnerabilities (деталі)
• NetClassifieds (SQL/XSS/Full Path) Multiple Remote Vulnerabilities (деталі)
• Pharmacy System 2.0 (index.php ID) Remote SQL Injection Vulnerability (деталі)
• Simple Invoices 2007 05 25 (index.php submit) SQL Injection Exploit (деталі)
• DAGGER Web Engine <= 23jan2007 Remote File Inclusion Vulnerability (деталі)
• Pluxml 0.3.1 Remote Code Execution Exploit (деталі)
• BugMall Shopping Cart 2.5 (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• b1gbb 2.24.0 (footer.inc.php tfooter) Remote File Inclusion Vulnerability (деталі)
• 0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version for every base (PostgreSQL,mssql...) except MySQL base (деталі)

В даній добірці експлоіти в веб додатках:

• XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability (деталі)
• Musoo 0.21 Remote File Inclusion Vulnerabilities (деталі)
• XOOPS Module WiwiMod 0.4 Remote File Inclusion Vulnerability (деталі)
• W1L3D4 WEBmarket 0.1 Remote SQL Injection Vulnerability (деталі)
• LiveCMS <= 3.4 (categoria.php cid) Remote SQL Injection Exploit (деталі)
• LAN Management System (LMS) <= 1.9.6 Remote File Inclusion Exploit (деталі)
• SerWeb 0.9.4 (load_lang.php) Remote File Inclusion Exploit (деталі)
• HTTP SERVER (httpsv) 1.6.2 (GET 404) Remote Denial of Service Exploit (деталі)
• BitchX 1.1-final (EXEC) Remote Command Execution Exploit (деталі)
• 0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version for mysql >= 4.0.24, using ‘brute force’ (деталі)

В даній добірці експлоіти в веб додатках:

• XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability (деталі)
• XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability (деталі)
• PHP::HTML 0.6.4 (phphtml.php) Remote File Inclusion Vulnerability (деталі)
• phpMyInventory 2.8 (global.inc.php) Remote File Inclusion Vulnerability (деталі)
• MiniBB 2.0.5 (language) Local File Inclusion Exploit (деталі)
• YourFreeScreamer 1.0 (serverPath) Remote File Inclusion Vulnerability (деталі)
• Solar Empire <= 2.9.1.1 Blind SQL Injection / Hash Retrieve Exploit (деталі)
• MiniBill 1.2.5 (run_billing.php) Remote File Inclusion Vulnerability (деталі)
• Jasmine CMS 1.0 SQL Injection/Remote Code Execution Exploit (деталі)
• smbftpd 0.96 Proof of concept (деталі)

В даній добірці експлоіти в веб додатках:

• GeometriX Download Portal (down_indir.asp id) SQL Injection Vuln (деталі)
• PHP Real Estate Classifieds Remote File Inclusion Exploit (деталі)
• Ace-FTP Client 1.24a Remote Buffer Overflow PoC (деталі)
• Link Request Contact Form 3.4 Remote Code Execution Vulnerability (деталі)
• Safari 3 for Windows Beta Remote Command Execution PoC (деталі)
• XOOPS Module Horoscope 1.0 Remote File Inclusion Vulnerability (деталі)
• XOOPS Module TinyContent 1.5 Remote File Inclusion Vulnerability (деталі)
• Fuzzylime Forum 1.0 (low.php topic) Remote SQL Injection Exploit (деталі)
• Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability (деталі)
• NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Kravchuk letter script 1.0 (scdir) Remote File Inclusion Vulnerabilities (деталі)
• Comicsense 0.2 (index.php epi) Remote SQL Injection Exploit (деталі)
• PBLang <= 4.67.16.a Remote Code Execution Exploit (деталі)
• DRDoS - Distributed Reflection Denial of Service (деталі)
• Kartli Alisveris Sistemi 1.0 Remote SQL Injection Vulnerability (деталі)
• NewsSync for phpBB 1.5.0rc6 Remote File Inclusion Exploit (деталі)
• Joomla Component JEvents 1.4.1 Remote File Inclusion Vulnerability (деталі)
• MiniWeb Http Server 0.8.x Remote Denial of Service Exploit (деталі)
• e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit (деталі)
• NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Particle Gallery <= 1.0.1 Remote SQL Injection Exploit (деталі)
• Quick.Cart <= 2.2 RFI/LFI Remote Code Execution Exploit (деталі)
• PNphpBB2 <= 1.2 (index.php c) Remote SQL Injection Exploit (деталі)
• Madirish Webmail 2.0 (addressbook.php) Remote File Inclusion Vuln (деталі)
• EQdkp <= 1.3.2 (listmembers.php rank) Remote SQL Injection Exploit (деталі)
• Sendcard <= 3.4.1 (Local File Inclusion) Remote Code Execution Exploit (деталі)
• screen 4.0.3 Local Authentication Bypass Vulnerability (деталі)
• IBM Tivoli Provisioning Manager PRE AUTH Remote Exploit (деталі)
• Comicsense 0.2 (index.php epi) Remote SQL Injection Vulnerability (деталі)
• Exploits webSPELL v4.01.02 (showonly) Remote SQL Injection (деталі)

В даній добірці експлоіти в веб додатках:

• WAnewsletter <= 2.1.3 Remote File Inclusion Vulnerability (деталі)
• Vistered Little 1.6a (skin) Remote File Disclosure Vulnerability (деталі)
• Vizayn Urun Tanitim Sistemi 0.2 (tr) Remote SQL Injection Vulnerability (деталі)
• Pheap 2.0 Admin Bypass / Remote Code Execution Exploit (деталі)
• AdminBot 9.0.5 (live_status.lib.php ROOT) RFI Vulnerability (деталі)
• Inout Search Engine (all version) Remote Code Execution Exploit (деталі)
• Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit (деталі)
• XOOPS Module icontent 1.0 Remote File Inclusion Exploit (деталі)
• RevokeBB <= 1.0 RC4 Blind SQL Injection / Hash Retrieve Exploit (деталі)
• Xpression News File Disclosure Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• OpenBASE 0.6a (root_prefix) Remote File Inclusion Vulnerabilities (деталі)
• vBulletin vBGSiteMap 2.41 (root) Remote File Inclusion Vulnerabilities (деталі)
• My Little Forum <= 1.7 (user.php id) Remote SQL Injection Exploit (деталі)
• gCards <= 1.46 SQL Injection/Remote Code Execution Exploit (деталі)
• TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability (деталі)
• Mazens PHP Chat V3 (basepath) Remote File Inclusion Vulnerabilities (деталі)
• Frequency Clock 0.1b (securelib) Remote File Inclusion Vulnerabilities (деталі)
• Fundanemt <= 2.2.0 (spellcheck.php) Remote Code Execution Exploit (деталі)
• Joomla Component Phil-a-Form <= 1.2.0.0 SQL Injection Exploit (деталі)
• VS-Link-Partner <= 2.1 (script_pfad) Remote File Include Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• AlstraSoft Live Support v1.21 Admin Credential Retrieve Exploit (деталі)
• AlstraSoft E-Friends <= 4.21 Admin Session Retrieve Exploit (деталі)
• Ol Bookmarks Manager 0.7.4 Remote SQL Injection Vulnerability (деталі)
• Dokeos <= 1.8.0 (my_progress.php course) Remote SQL Injection Exploit (деталі)
• cpCommerce <= 1.1.0 (category.php id_category) SQL Injection Exploit (деталі)
• Dokeos <= 1.6.5 (courseLog.php scormcontopen) SQL Injection Exploit (деталі)
• FirmWorX 0.1.2 Multiple Remote File Inclusion Vulnerabilities (деталі)
• Webavis 0.1.1 (class.php root) Remote File Inclusion Vulnerability (деталі)
• FlaP 1.0b (pachtofile) Remote File Inclusion Vulnerabilities (деталі)
• VS-News-System <= V1.2.1 (newsordner) Remote File Include Exploit (деталі)