Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• psipuss 1.0 (editusers.php) Remote Change Admin Password Exploit (деталі)
• The Merchant <= 2.2.0 (index.php show) Remote File Inclusion Exploit (деталі)
• Sendcard <= 3.4.1 (sendcard.php form) Local File Inclusion Vulnerability (деталі)
• mxBB Module FAQ & RULES 2.0.0 Remote File Inclusion Exploit (деталі)
• 1024 CMS 0.7 (download.php item) Remote File Disclosure Vulnerability (деталі)
• PStruh-CZ 1.3/1.5 (download.asp File) File Disclosure Vulnerability (деталі)
• PostNuke Module v4bJournal Remote SQL Injection Vulnerability (деталі)
• YaPIG 0.95b Remote Code Execution Exploit (деталі)
• Censura 1.15.04 (censura.php vendorid) SQL Injection Vulnerability (деталі)
• MyBulletinBoard <= 1.2.5 Remote SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• phpOracleView (include_all.inc.php page_dir) RFI Vulnerability (деталі)
• phpBandManager 0.8 (index.php pg) Remote File Inclusion Vulnerability (деталі)
• EsForum 3.0 (forum.php idsalon) Remote SQL Injection Vulnerability (деталі)
• Firefly 1.1.01 (doc_root) Remote File Inclusion Vulnerabilities (деталі)
• burnCMS <= 0.2 (root) Remote File Inclusion Vulnerabilities (деталі)
• PostNuke pnFlashGames Module 1.5 Remote SQL Injection Vulnerability (деталі)
• Fenice OMS server 1.10 Remote Buffer Overflow Exploit (exec-shield) (деталі)
• Imageview 5.3 (fileview.php album) Local File Inclusion Vulnerability (деталі)
• TCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit (деталі)
• Alessandro Lulli wavewoo Remote File Include Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• MyBulletinBoard (MyBB) <= 1.2.5 calendar.php Blind SQL Injection Exploit (деталі)
• Pagode 0.5.8 (navigator_ok.php asolute) Remote File Disclosure Vuln (деталі)
• GPB Bulletin Board Multiple Remote File Inclusion Vulnerabilities (деталі)
• Post Revolution <= 0.7.0 RC 2 (dir) Remote File Inclusion Vulnerability (деталі)
• Advanced Webhost Billing System (AWBS) cart2.php RFI Vulnerability (деталі)
• USP FOSS Distribution 1.01 (dnld) Remote File Disclosure Vulnerability (деталі)
• Ext 1.0 (feed-proxy.php feed) Remote File Disclosure Vulnerability (деталі)
• JulmaCMS 1.4 (file.php file) Remote File Disclosure Vulnerability (деталі)
• wavewoo 0.1.1 (loading.php path_include) Remote File Inclusion Exploit (деталі)
• TCExam <= 4.0.011 $_COOKIE["SessionUserLang"] shell injection exploit (деталі)

В даній добірці експлоіти в веб додатках:

• OpenSurveyPilot <= 1.2.1 Remote File Inclusion Vulnerability (деталі)
• CreaDirectory 1.2 (error.asp id) Remote SQL Injection Vulnerability (деталі)
• Mx Module Smartor Album FAP 2.0 RC 1 Remote File Inclusion Vuln (деталі)
• Supasite 1.23b Multiple Remote File Inclusion Vulnerabilities (деталі)
• Maran PHP Forum (forum_write.php) Remote Code Execution Vulnerability (деталі)
• PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability (деталі)
• JChit counter 1.0.0 (imgsrv.php ac) Remote File Disclosure Vulnerability (деталі)
• WEBInsta FM 0.1.4 login.php absolute_path Remote File Inclusion Exploit (деталі)
• Joomla 1.5.0 Beta (pcltar.php) Remote File Inclusion Vulnerability (деталі)
• Exploits FlatNuke Arbitrary Command Inclusion (деталі)

В даній добірці експлоіти в веб додатках:

• Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability (деталі)
• OllyDbg 1.10 Local Format String Exploit (деталі)
• ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit (деталі)
• Zomplog 3.8 (force_download.php file) Remote File Disclosure Vuln (деталі)
• Rezervi 0.9 (root) Remote File Inclusion Vulnerabilities (деталі)
• AimStats 3.2 (process.php update) Remote Code Execution Exploit (деталі)
• Mozzers SubSystem final (subs.php) Remote Code Execution Vulnerability (деталі)
• jGallery 1.3 (index.php) Remote File Inclusion Vulnerability (деталі)
• Joomla Template Be2004-2 (index.php) Remote File Include Exploit (деталі)
• Exploits XCMS Arbitrary Command Execution Vulnerability (деталі)

Нова добірка експлоітів для останніх помилок (уразливостей) в Internet Explorer. В ній представлені експлоіти для IE6 та IE7.

• MS Internet Explorer <= 7 Remote Arbitrary File Rewrite PoC (MS07-027) (деталі)
• MS Internet Explorer 6 DirectX Media Remote Overflow DoS Exploit (деталі)
• Apple Quicktime /w IE .qtf Version XAS Remote Exploit PoC (деталі)

Попередня добірка eксплоітів для Internet Explorer.

В даній добірці експлоіти в веб додатках:

• audioCMS arash 0.1.4 (arashlib_dir) Remote File Inclusion Vulnerabilities (деталі)
• Gallery 1.2.5 (GALLERY_BASEDIR) Multiple RFI Vulnerabilities (деталі)
• NMDeluxe 1.0.1 (footer.php template) Local File Inclusion Exploit (деталі)
• XOOPS Module tsdisplay4xoops 0.1 Remote File Inclusion Vulnerability (деталі)
• StoreFront for Gallery (GALLERY_BASEDIR) RFI Vulnerabilities (деталі)
• Cabron Connector 1.1.0-Full Remote File Inclusion Vulnerability (деталі)
• MiniGal b13 (image backdoor) Remote Code Execution Exploit (деталі)
• Joomla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) RFI (деталі)
• AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities (деталі)
• Advanced Poll 2.0.0 >= 2.0.5-dev textfile RCE (деталі)

В даній добірці експлоіти в веб додатках:

• Pixaria Gallery 1.x (class.Smarty.php) Remote File Include Vulnerability (деталі)
• Mambo/Joomla Component Article 1.1 Remote File Inclusion Vulnerability (деталі)
• LS simple guestbook (v1) Remote Code Execution Vulnerability (деталі)
• XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit (деталі)
• CNStats 2.9 (who_r.php bj) Remote File Inclusion Vulnerability (деталі)
• Papoo <= 3.02 (kontakt menuid) Remote SQL Injection Exploit (деталі)
• SunShop Shopping Cart 3.5/4.0 (abs_path) RFI Vulnerabilities (деталі)
• openMairie 1.10 (scr/soustab.php) Local File Inclusion Vulnerability (деталі)
• Web Slider 0.6 (path) Remote File Inclusion Vulnerabilities (деталі)
• AT Contenator <= v1.0 (Root_To_Script) Remote File Include Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Expow 0.8 (autoindex.php cfg_file) Remote File Inclusion Vulnerability (деталі)
• e107 0.7.8 (mailout.php) Access Escalation Exploit (admin needed) (деталі)
• Chatness <= 2.5.3 (options.php/save.php) Remote Code Execution Exploit (деталі)
• Frogss CMS <= 0.7 Remote SQL Injection Exploit (деталі)
• ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield) (деталі)
• QDBlog 0.4 (SQL Injection/LFI) Multiple Remote Vulnerabilities (деталі)
• VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit (деталі)
• Garennes 0.6.1 (repertoire_config) Remote File Inclusion Vulnerabilities (деталі)
• Joomla Module AutoStand 1.0 Remote File Inclusion Vulnerability (деталі)
• Xaran Cms <= V2.0 (xarancms_haupt.php) Remote SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component mosMedia <= 1.0.8 Remote File Inclusion Vulnerability (деталі)
• Mambo Module Calendar (Agenda) 1.5.5 RFI Vulnerability (деталі)
• Mambo Module Weather (absolute_path) RFI Vulnerability (деталі)
• MyBulletinBoard (MyBB) <= 1.2.2 (CLIENT-IP) SQL Injection Exploit (деталі)
• RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability (деталі)
• WebKalk2 1.9.0 (absolute_path) Remote File Inclusion Vulnerability (деталі)
• mxBB Module MX Shotcast 1.0 RC2 (getinfo1.php) RFI Exploit (деталі)
• Sami HTTP Server 2.0.1 POST Request Denial of Service Exploit (деталі)
• Request It 1.0b (index.php id) Remote File Inclusion Vulnerability (деталі)
• phpCC Beta <= 4.2 (nickpage.php npid) Remote SQL Injection Exploit (деталі)